症状：分辨率被改为640*480，灰色状况，无法更改
开机弹出QQ中奖系统消息（没有开QQ，没有打开看）
日志：
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
    <FlashGet 3><; "D:\Program Files\FlashGet\flashget3.exe" -minimize>  [File is missing]
    <WangWang><; "D:\Program Files\WangWang\WangWang.exe">  [(Verified)"Alibaba Software(Shanghai)Co,. Ltd"]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <msconfig><; C:\WINDOWS\system32\lXumm.exe>  [Microsoft Corporation]
    <stup.exe><; Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R>  [File is missing]
    <wdcertm_ccb><; C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDCertM_CCB.exe>  [ Beijing WatchData System Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\UserInit.exe,>  [(Infected) Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf,,msinet32.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{827E2FB4-1047-43DE-848D-E12BB0C97AAB}><C:\WINDOWS\Tasks\SbrmpxjdCrgRAFhz4gHh.inf>  []
    <{0DCB6565-A9F9-41CA-97E1-65F4A6345F3E}><C:\WINDOWS\Tasks\2VeFNvQbcyFhKUaXTVE9.inf>  []
    <{CD478099-014D-4B3A-A4BB-B518F1019BC7}><C:\WINDOWS\system32\SCEVFJRCmaB7.dll>  []
    <{526EB425-7F56-4773-8D70-B8E45AA8E2B6}><C:\WINDOWS\Downloaded Program Files\WUstNjhyfQfpv8PQbC.cur>  []
    <{2EF0D734-21FD-4225-A1A2-BCD296182AAF}><C:\WINDOWS\system32\2EF0D734.dll>  []
    <{A2BCFCEE-C939-433F-A32A-7353A6E720DB}><C:\WINDOWS\Tasks\JJX5r8wnsqUnNxGwpwn.inf>  []
    <{136F4843-F6B1-459F-83B5-7B0F982FDDA5}><C:\WINDOWS\Tasks\FkTQEF2gVvZ9fR7v5HE.inf>  []
    <{4F5EEDE5-1687-49D2-8A17-FF0B454FB37B}><C:\WINDOWS\system32\qzp3jTZCSfSh.dll>  []
    <{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}><C:\WINDOWS\system32\122B901E.dll>  []
    <{6049BC02-7EDA-4C41-B4AB-D5398607C39E}><C:\WINDOWS\Tasks\yGfdVUegEQm9fhY5rnN.inf>  []
    <{C20C5A13-4DD7-40D9-90B4-700BAB0BBBE9}><C:\WINDOWS\system32\S5kSrtwDf35EW9f2kBDF.inf>  []
    <{87DE8A1A-96C5-4420-B222-EF998F697CE7}><C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.inf>  []
    <{93DA1E7D-7C46-4F90-8674-EC90511FCA72}><C:\WINDOWS\system32\CDuAUVkGy9.dll>  []
    <{704C3595-DB85-40F6-A601-8D6F346907BD}><C:\WINDOWS\system32\704C3595.dll>  []
    <{9C20D654-5AF8-4DB7-A125-1A17D7065C73}><C:\WINDOWS\system32\uV4kFmSjPK7eKfenjpv9Ct.inf>  []
    <{11FDB6D4-166A-47BF-A0F8-A09DABA75FC1}><C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf>  []
    <{84639C2D-CD75-4081-B515-329AFCECBF19}><C:\WINDOWS\Downloaded Program Files\SjRjQgREDp3P8B4rEEg.cur>  []
    <{51716C09-6B08-4CCF-B526-718E912C0573}><C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll>  []
    <{1719B301-B494-4185-9379-242461F9CF02}><C:\WINDOWS\system32\BtmBAnd89jc9PsPq5EKNj.inf>  []
    <{76CBCF38-0583-44C7-A1AE-D463DFE625EC}><C:\WINDOWS\system32\skcfujQ5EDN.dll>  []
    <{8708994F-1758-4C2C-9A3F-FA22D6CCCB41}><C:\WINDOWS\fonts\A97CRaCB.fon>  []
    <{74DA2FEC-F68F-4DC7-9A45-9174AC044427}><C:\WINDOWS\system32\z6FVkEF47huPzgaXee.inf>  []
    <{B9D0F4D7-C809-4C27-9CB4-63201DFB3D05}><C:\WINDOWS\Tasks\c2nH4numz9knY5zqnC.inf>  []
    <{B7D21764-31A1-4B15-B975-8AAA398CE07F}><C:\WINDOWS\system32\FXNEE8UE86dAU4wwQSW.inf>  []
    <{E16EA4C8-040B-4A12-A0F5-783963AD665D}><C:\WINDOWS\system32\P6VyQtQJUYa3rFan7J.inf>  []
    <{C1B34818-3883-4A0A-9665-189A8A39EAB0}><C:\WINDOWS\system32\B4yNKrEEhEerKFeeA4.inf>  [File is missing]
    <{23DA65D2-C696-4EE4-BEE8-B4841DEC3E30}><C:\WINDOWS\system32\ndxq9awMc.dll>  []
    <{36AC68E6-0C26-4D39-B98E-54B49DAB6BAA}><C:\WINDOWS\system32\dhDhwS7fFW.dll>  []
    <{C2EE4B05-6467-40E1-8638-C8B895AE335A}><C:\WINDOWS\fonts\CtZ8uc499k.fon>  []
    <{7938BD2F-0143-4C46-991C-71069712D9D9}><C:\WINDOWS\system32\DMvJFcDsGe5Kccsmc6gZFjB.inf>  []
    <{FE23FF53-3B2C-4DBE-92F8-90CF9F4C1480}><C:\Program Files\Internet Explorer\Top.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
    <UPnPMonitor><C:\WINDOWS\system32\upnpui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
    <IFEO[360rpt.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe]
    <IFEO[360Safe.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
    <IFEO[360tray.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrRtp.exe]
    <IFEO[DrRtp.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe]
    <IFEO[QQDoctor.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RStray.exe]
    <IFEO[RStray.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
==================================
启动文件夹
N/A
==================================
服务
[HID Input Service / HidServ][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[OracleClientCache80 / OracleClientCache80][Stopped/Manual Start]
  <C:\orant\BIN\ONRSD80.EXE><N/A>
[WatchData ccb V3.2 / WDMonitorCCB][Running/Auto Start]
  <C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe><Beijing WatchData System Co., Ltd.>
==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[AmdK8 Compatible Device / AmdK8][Stopped/Manual Start]
  <System32\drivers\amdk8.sys><Advanced Micro Devices>
[AtpKrnl / AtpKrnl][Stopped/Manual Start]
  <System32\Drivers\AtpKrnl.sys><www.arswp.com>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[Dritek Keyboard Filter Driver / DKbFltr][Running/Manual Start]
  <system32\DRIVERS\DKbFltr.sys><Dritek System Inc.>
[Microsoft Kernel DRM Audio Descrambler / drmkaud][Running/Manual Start]
  <\??\c:\windows\AntiVirus.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[ialm / ialm][Stopped/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[vb / vb][Stopped/Manual Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~3668921.ex><Microsoft Corporation>
==================================
浏览器加载项
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, (Signed) >
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[XML DOM Document 4.0]
  {88D969C0-F192-11D4-A65F-0040963251E5} <%SystemRoot%\system32\msxml4.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx, (Signed) Adobe Systems, Inc.>
[]
  {E2883E8F-472F-4FB0-9522-AC9BF37916A7} <, >
[]
  {EF0D1A14-1033-41A2-A589-240C01EDC078} <, >
[]
  {00000000-12C9-4305-82F9-43058F20E8D2} <, >
[BDA 调节型号 MPEG2 微调请求]
  {0955AC62-BF2E-4CBA-A2B9-A63F772D46CF} <C:\WINDOWS\system32\msvidctl.dll, (Signed) Microsoft Corporation>
[]
  {116BA71C-8187-4F15-9A1F-C9D6289155D1} <, >
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, (Signed) >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, (Signed) N/A>
[]
  {2974c985-8151-4de5-b23c-b875f0a8522f} <, >
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[CellWeb5 Control]
  {3F166327-8030-4881-8BD2-EA25350E574A} <C:\WINDOWS\system32\cellweb5.ocx, Cell Software, Inc.>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, (Signed) Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[WangWangX Class]
  {5D09DD40-CDC4-4C56-B615-0D1E3B357C2B} <D:\Program Files\WangWang\AliIMX.dll, (Signed) Alibaba software (Shanghai) Corporation.>
[Microsoft 外壳 UI 帮助程序]
  {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\Program Files\WangWang\WangWangX6.dll, (Signed) 阿里巴巴软件(上海)有限公司>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A>
[]
  {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} <, >
[]
  {80B7C135-4C0B-48DE-BA77-0E353012C169} <, >
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[XML DOM Document 4.0]
  {88D969C0-F192-11D4-A65F-0040963251E5} <%SystemRoot%\system32\msxml4.dll, N/A>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[]
  {B070D3E3-FEC0-47D9-8E8A-99D4EEB3D3B0} <, >
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
[AUDIO__MID Moniker Class]
  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__WAV Moniker Class]
  {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[WDCCBCtrl Class]
  {CE0460F5-48BD-4DC1-A046-0BDCB5A06CEB} <C:\WINDOWS\system32\wdccb.dll, (Signed) >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx, (Signed) Adobe Systems, Inc.>
[PlayerCtrl Class]
  {E05BC2A3-9A46-4A32-80C9-023A473F5B23} <D:\Program Files\Tencent\QQMusic\QzoneMusic.dll, 深圳腾讯科技>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[]
  {EF0D1A14-1033-41A2-A589-240C01EDC078} <, >
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; http://bsalsa.com) )

正在运行的进程
[PID: 384 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 640 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 700 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf]  [N/A, ]
    [C:\WINDOWS\system32\msinet32.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
[PID: 748 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf]  [N/A, ]
    [C:\WINDOWS\system32\msinet32.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 760 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf]  [N/A, ]
    [C:\WINDOWS\system32\msinet32.dll]  [N/A, ]
[PID: 916 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf]  [N/A, ]
    [C:\WINDOWS\system32\msinet32.dll]  [N/A, ]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
[PID: 1000 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf]  [N/A, ]
    [C:\WINDOWS\system32\msinet32.dll]  [N/A, ]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
[PID: 1088 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf]  [N/A, ]
    [C:\WINDOWS\System32\msinet32.dll]  [N/A, ]
    [C:\WINDOWS\System32\COMRes.dll]  [N/A, ]
    [C:\orant\bin\oci.dll]  [Oracle Corporation, 8.0.5.0.1]
    [C:\orant\bin\ORA805.dll]  [Oracle Corporation, 8.0.5.0.0]
    [C:\orant\bin\CORE40.dll]  [Oracle Corporation, 4.0.5.0.0]
    [C:\orant\bin\NLSRTL33.dll]  [Oracle Corporation, 3.3.2.0.0]
    [C:\orant\bin\NL80.dll]  [Oracle Corporation, 8.0.4.0.0 Production]
    [C:\orant\bin\OTRACE80.dll]  [Oracle Corporation, 8.0.4.0.0]
    [C:\orant\bin\NS80.dll]  [Oracle Corporation, 8.0.4.0.2 Production]
    [C:\orant\bin\nasns80.dll]  [Oracle Corporation, 8.0.4.0.0 Production]
    [C:\orant\bin\nz80.dll]  [Oracle Corporation, 8.0.4.0.0 Production]
    [C:\orant\bin\NNFG80.dll]  [Oracle Corporation, 8.0.4.0.1 Production]
    [C:\orant\bin\NNCI80.dll]  [Oracle Corporation, 8.0.4.0.0 Production]
    [C:\orant\bin\NNG80.dll]  [Oracle Corporation, 8.0.4.0.2 Production]
    [C:\orant\bin\NMP80.dll]  [Oracle Corporation, 8.0.4.0.0 Production]
    [C:\orant\bin\NPL80.dll]  [Oracle Corporation, 8.0.4.0.0 Production]
    [C:\orant\bin\NR80.dll]  [Oracle Corporation, 8.0.4.0.0 Production]
    [C:\orant\bin\NT80.dll]  [Oracle Corporation, 8.0.4.0.1 Production]
    [C:\orant\bin\NCR80.dll]  [Oracle Corporation, 8.0.4.0.0 Production]
    [C:\orant\bin\NMS80.dll]  [Oracle Corporation, 8.0.4.0.0 Production]
    [C:\orant\bin\NNFD80.dll]  [Oracle Corporation, 8.0.4.0.0 Production]
    [C:\orant\bin\NNFN80.dll]  [Oracle Corporation, 8.0.4.0.0 Production]
    [C:\orant\bin\NI80.dll]  [Oracle Corporation, 8.0.4.0.0 Production]
    [C:\orant\bin\PLS805.dll]  [Oracle Corporation, 8.0.5.0.0]
    [C:\orant\bin\NDWSI80.DLL]  [N/A, ]
    [C:\orant\bin\SQLLib80.dll]  [Oracle Corporation, 8.0.5.0.0]
    [C:\orant\bin\xa80.dll]  [Oracle Corporation, 8.0.5.0.0]
[PID: 1224 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf]  [N/A, ]
    [C:\WINDOWS\system32\msinet32.dll]  [N/A, ]
[PID: 1352 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf]  [N/A, ]
    [C:\WINDOWS\system32\msinet32.dll]  [N/A, ]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
[PID: 1424 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf]  [N/A, ]
    [C:\WINDOWS\system32\msinet32.dll]  [N/A, ]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
[PID: 232 / Administrator][C:\WINDOWS\system32\UserInit.exe]  [(Infected) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf]  [N/A, ]
    [C:\WINDOWS\system32\msinet32.dll]  [N/A, ]
    [C:\WINDOWS\Tasks\c2nH4numz9knY5zqnC.inf]  [N/A, ]
    [C:\WINDOWS\fonts\A97CRaCB.fon]  [N/A, ]
    [C:\WINDOWS\system32\skcfujQ5EDN.dll]  [N/A, ]
    [C:\WINDOWS\system32\BtmBAnd89jc9PsPq5EKNj.inf]  [N/A, ]
    [C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll]  [N/A, ]
    [C:\WINDOWS\Downloaded Program Files\SjRjQgREDp3P8B4rEEg.cur]  [N/A, ]
    [C:\WINDOWS\system32\uV4kFmSjPK7eKfenjpv9Ct.inf]  [N/A, ]
    [C:\WINDOWS\system32\704C3595.dll]  [N/A, ]
    [C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.inf]  [N/A, ]
    [C:\WINDOWS\system32\S5kSrtwDf35EW9f2kBDF.inf]  [N/A, ]
    [C:\WINDOWS\Tasks\yGfdVUegEQm9fhY5rnN.inf]  [N/A, ]
    [C:\WINDOWS\system32\qzp3jTZCSfSh.dll]  [N/A, ]
    [C:\WINDOWS\Tasks\FkTQEF2gVvZ9fR7v5HE.inf]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\WINDOWS\Downloaded Program Files\WUstNjhyfQfpv8PQbC.cur]  [N/A, ]
[PID: 408 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf]  [N/A, ]
    [C:\WINDOWS\system32\msinet32.dll]  [N/A, ]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
[PID: 476 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
    [C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf]  [N/A, ]
    [C:\WINDOWS\system32\msinet32.dll]  [N/A, ]
[PID: 500 / Administrator][C:\WINDOWS\Explorer.exe]  [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf]  [N/A, ]
    [C:\WINDOWS\system32\msinet32.dll]  [N/A, ]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
    [C:\WINDOWS\Tasks\SbrmpxjdCrgRAFhz4gHh.inf]  [N/A, ]
    [C:\WINDOWS\Tasks\2VeFNvQbcyFhKUaXTVE9.inf]  [N/A, ]
    [C:\WINDOWS\system32\SCEVFJRCmaB7.dll]  [N/A, ]
    [C:\WINDOWS\Downloaded Program Files\WUstNjhyfQfpv8PQbC.cur]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\WINDOWS\Tasks\JJX5r8wnsqUnNxGwpwn.inf]  [N/A, ]
    [C:\WINDOWS\Tasks\FkTQEF2gVvZ9fR7v5HE.inf]  [N/A, ]
    [C:\WINDOWS\system32\qzp3jTZCSfSh.dll]  [N/A, ]
    [C:\WINDOWS\system32\122B901E.dll]  [N/A, ]
    [C:\WINDOWS\Tasks\yGfdVUegEQm9fhY5rnN.inf]  [N/A, ]
    [C:\WINDOWS\system32\S5kSrtwDf35EW9f2kBDF.inf]  [N/A, ]
    [C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.inf]  [N/A, ]
    [C:\WINDOWS\system32\CDuAUVkGy9.dll]  [N/A, ]
    [C:\WINDOWS\system32\704C3595.dll]  [N/A, ]
    [C:\WINDOWS\system32\uV4kFmSjPK7eKfenjpv9Ct.inf]  [N/A, ]
    [C:\WINDOWS\Downloaded Program Files\SjRjQgREDp3P8B4rEEg.cur]  [N/A, ]
    [C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll]  [N/A, ]
    [C:\WINDOWS\system32\BtmBAnd89jc9PsPq5EKNj.inf]  [N/A, ]
    [C:\WINDOWS\system32\skcfujQ5EDN.dll]  [N/A, ]
    [C:\WINDOWS\fonts\A97CRaCB.fon]  [N/A, ]
    [C:\WINDOWS\system32\z6FVkEF47huPzgaXee.inf]  [N/A, ]
    [C:\WINDOWS\Tasks\c2nH4numz9knY5zqnC.inf]  [N/A, ]
    [C:\WINDOWS\system32\FXNEE8UE86dAU4wwQSW.inf]  [N/A, ]
    [C:\WINDOWS\system32\P6VyQtQJUYa3rFan7J.inf]  [N/A, ]
    [C:\WINDOWS\system32\ndxq9awMc.dll]  [N/A, ]
    [C:\WINDOWS\system32\dhDhwS7fFW.dll]  [N/A, ]
    [C:\WINDOWS\fonts\CtZ8uc499k.fon]  [N/A, ]
    [C:\WINDOWS\system32\DMvJFcDsGe5Kccsmc6gZFjB.inf]  [N/A, ]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\browselc.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 536 / SYSTEM][C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe]  [ Beijing WatchData System Co., Ltd., 3, 2, 0, 0]
    [C:\WINDOWS\system32\msinet32.dll]  [N/A, ]
    [C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\TokenMgr.dll]  [ Beijing WatchData System Co., Ltd., 3, 6, 3, 2]
    [C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDAlg.DLL]  [ Beijing WatchData System C0., Ltd., 3, 5, 12, 20]
    [C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\wdkmgr.dll]  [Watchdata, 1, 0, 0, 39]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 336 / Administrator][C:\WINDOWS\system32\conime.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf]  [N/A, ]
    [C:\WINDOWS\system32\msinet32.dll]  [N/A, ]
    [C:\WINDOWS\Tasks\c2nH4numz9knY5zqnC.inf]  [N/A, ]
    [C:\WINDOWS\fonts\A97CRaCB.fon]  [N/A, ]
    [C:\WINDOWS\system32\skcfujQ5EDN.dll]  [N/A, ]
    [C:\WINDOWS\system32\BtmBAnd89jc9PsPq5EKNj.inf]  [N/A, ]
    [C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll]  [N/A, ]
    [C:\WINDOWS\Downloaded Program Files\SjRjQgREDp3P8B4rEEg.cur]  [N/A, ]
    [C:\WINDOWS\system32\uV4kFmSjPK7eKfenjpv9Ct.inf]  [N/A, ]
    [C:\WINDOWS\system32\704C3595.dll]  [N/A, ]
    [C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.inf]  [N/A, ]
    [C:\WINDOWS\system32\S5kSrtwDf35EW9f2kBDF.inf]  [N/A, ]
    [C:\WINDOWS\Tasks\yGfdVUegEQm9fhY5rnN.inf]  [N/A, ]
    [C:\WINDOWS\system32\qzp3jTZCSfSh.dll]  [N/A, ]
    [C:\WINDOWS\Tasks\FkTQEF2gVvZ9fR7v5HE.inf]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\WINDOWS\Downloaded Program Files\WUstNjhyfQfpv8PQbC.cur]  [N/A, ]
[PID: 2008 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf]  [N/A, ]
    [C:\WINDOWS\System32\msinet32.dll]  [N/A, ]
    [C:\WINDOWS\System32\COMRes.dll]  [N/A, ]
[PID: 3812 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [(Verified) Microsoft Corporation, 5.4.3790.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf]  [N/A, ]
    [C:\WINDOWS\system32\msinet32.dll]  [N/A, ]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
[PID: 524 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf]  [N/A, ]
    [C:\WINDOWS\system32\msinet32.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\browselc.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\Tasks\c2nH4numz9knY5zqnC.inf]  [N/A, ]
    [C:\WINDOWS\fonts\A97CRaCB.fon]  [N/A, ]
    [C:\WINDOWS\system32\skcfujQ5EDN.dll]  [N/A, ]
    [C:\WINDOWS\system32\BtmBAnd89jc9PsPq5EKNj.inf]  [N/A, ]
    [C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll]  [N/A, ]
    [C:\WINDOWS\Downloaded Program Files\SjRjQgREDp3P8B4rEEg.cur]  [N/A, ]
    [C:\WINDOWS\system32\uV4kFmSjPK7eKfenjpv9Ct.inf]  [N/A, ]
    [C:\WINDOWS\system32\704C3595.dll]  [N/A, ]
    [C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.inf]  [N/A, ]
    [C:\WINDOWS\system32\S5kSrtwDf35EW9f2kBDF.inf]  [N/A, ]
    [C:\WINDOWS\Tasks\yGfdVUegEQm9fhY5rnN.inf]  [N/A, ]
    [C:\WINDOWS\system32\qzp3jTZCSfSh.dll]  [N/A, ]
    [C:\WINDOWS\Tasks\FkTQEF2gVvZ9fR7v5HE.inf]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\WINDOWS\Downloaded Program Files\WUstNjhyfQfpv8PQbC.cur]  [N/A, ]
    [C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx]  [Adobe Systems, Inc., 10,0,12,36]
[PID: 3124 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX04.687\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.1.1279]
[PID: 3140 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX04.687\SRE5adef2a7.EXE]  [Smallfrogs Studio, 2.8.1.1279]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\Tasks\c2nH4numz9knY5zqnC.inf]  [N/A, ]
    [C:\WINDOWS\fonts\A97CRaCB.fon]  [N/A, ]
    [C:\WINDOWS\system32\skcfujQ5EDN.dll]  [N/A, ]
    [C:\WINDOWS\system32\BtmBAnd89jc9PsPq5EKNj.inf]  [N/A, ]
    [C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll]  [N/A, ]
    [C:\WINDOWS\Downloaded Program Files\SjRjQgREDp3P8B4rEEg.cur]  [N/A, ]
    [C:\WINDOWS\system32\uV4kFmSjPK7eKfenjpv9Ct.inf]  [N/A, ]
    [C:\WINDOWS\system32\704C3595.dll]  [N/A, ]
    [C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.inf]  [N/A, ]
    [C:\WINDOWS\system32\S5kSrtwDf35EW9f2kBDF.inf]  [N/A, ]
    [C:\WINDOWS\Tasks\yGfdVUegEQm9fhY5rnN.inf]  [N/A, ]
    [C:\WINDOWS\system32\qzp3jTZCSfSh.dll]  [N/A, ]
    [C:\WINDOWS\Tasks\FkTQEF2gVvZ9fR7v5HE.inf]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\WINDOWS\Downloaded Program Files\WUstNjhyfQfpv8PQbC.cur]  [N/A, ]
    [C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX04.687\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      b.nmbrx.com
127.0.1.1      zsmdo.cn
127.1.1.1      www.114baines.com
127.1.1.1      bmw8x.cn
127.1.1.1      demo.jikesoft.cn
127.1.1.1      ya.com.9d1u.cn
127.1.1.1      126.123fga.cn

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 700, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 536, C:\WINDOWS\SYSTEM32\WATCHDATA\WATCHDATA CCB CSP V3.2\WDKEYMONITORCCB.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3604, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3604, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3124, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX04.687\SRENGLDR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3124, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX04.687\SRENGLDR.EXE]

==================================
计划任务
N/A

==================================
Windows 安全更新检查
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

你下载大蜘蛛杀毒软件试试吧，我是菜鸟。不知道具体怎么杀，但是大蜘蛛应该能杀

谢谢楼上的朋友，有没有人能帮我啊

楼主  咱把日志上传全 行吗      用附件的形式上传，  把这个扫描出来的那个文本文件上传

http://labs.duba.net/jjx.shtml
重启前备份好C盘的你重要的文件，如你的照片
备份到E盘
很可能重启后进不去系统

1、关闭系统还原(Windows 2000系统可忽略该步)
替换文件 Comres.dll
安全模式下用复制粘贴的方法替换 c:\windows\system32\ComRes.dll
ComRes.dll来自另外一台没有问题的机子的系统文件。

1.建议使用XDelBox删除以下文件：(XDelBox1.6下载)
使用说明：删除时复制所有要删除文件的路径，在待删除文件列表里点击右键选择从剪贴板导入，导入后在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质（包括U盘，MP3，手机存储卡等）。

c:\windows\system32\msinet32.dll
c:\windows\tasks\cgbyr44s5jcmgad6ar.inf
c:\windows\downloaded program files\sjrjqgredp3p8b4reeg.cur
c:\windows\downloaded program files\wustnjhyfqfpv8pqbc.cur
c:\windows\fonts\a97cracb.fon
c:\windows\system32\2ef0d734.dll
c:\windows\system32\2exjw3dsatgwrf5uapadmhn.inf
c:\windows\system32\704c3595.dll
c:\windows\system32\btmband89jc9pspq5eknj.inf
c:\windows\system32\perrgx5dkqsbqdwaucrqh.dll
c:\windows\system32\qzp3jtzcsfsh.dll
c:\windows\system32\s5ksrtwdf35ew9f2kbdf.inf
c:\windows\system32\skcfujq5edn.dll
c:\windows\system32\uv4kfmsjpk7ekfenjpv9ct.inf
c:\windows\tasks\c2nh4numz9kny5zqnc.inf
c:\windows\tasks\fktqef2gvvz9fr7v5he.inf
c:\windows\tasks\ygfdvuegeqm9fhy5rnn.inf
c:\windows\fonts\ctz8uc499k.fon
c:\windows\system32\122b901e.dll
c:\windows\system32\cduauvkgy9.dll
c:\windows\system32\dhdhws7ffw.dll
c:\windows\system32\dmvjfcdsge5kccsmc6gzfjb.inf
c:\windows\system32\fxnee8ue86dau4wwqsw.inf
c:\windows\system32\ndxq9awmc.dll
c:\windows\system32\p6vyqtqjuya3rfan7j.inf
c:\windows\system32\scevfjrcmab7.dll
c:\windows\system32\z6fvkef47hupzgaxee.inf
c:\windows\tasks\2vefnvqbcyfhkuaxtve9.inf
c:\windows\tasks\jjx5r8wnsqunnxgwpwn.inf
c:\windows\tasks\sbrmpxjdcrgrafhz4ghh.inf
c:\windows\tasks\cgbyr44s5jcmgad6ar.inf,,msinet32.dll
c:\windows\system32\b4ynkreeheerkfeea4.inf
c:\windows\system32\npkycryp.sys
c:\windows\system32\npkcrypt.sys

2.删除重启后使用SREng修复下面各项：

    启动项目 －－ 注册表之如下项删除：
[{7938BD2F-0143-4C46-991C-71069712D9D9}]    <C:\WINDOWS\system32\DMvJFcDsGe5Kccsmc6gZFjB.inf>
[{C2EE4B05-6467-40E1-8638-C8B895AE335A}]    <C:\WINDOWS\fonts\CtZ8uc499k.fon>
[{36AC68E6-0C26-4D39-B98E-54B49DAB6BAA}]    <C:\WINDOWS\system32\dhDhwS7fFW.dll>
[{23DA65D2-C696-4EE4-BEE8-B4841DEC3E30}]    <C:\WINDOWS\system32\ndxq9awMc.dll>
[{E16EA4C8-040B-4A12-A0F5-783963AD665D}]    <C:\WINDOWS\system32\P6VyQtQJUYa3rFan7J.inf>
[{B7D21764-31A1-4B15-B975-8AAA398CE07F}]    <C:\WINDOWS\system32\FXNEE8UE86dAU4wwQSW.inf>
[{B9D0F4D7-C809-4C27-9CB4-63201DFB3D05}]    <C:\WINDOWS\Tasks\c2nH4numz9knY5zqnC.inf>
[{74DA2FEC-F68F-4DC7-9A45-9174AC044427}]    <C:\WINDOWS\system32\z6FVkEF47huPzgaXee.inf>
[{8708994F-1758-4C2C-9A3F-FA22D6CCCB41}]    <C:\WINDOWS\fonts\A97CRaCB.fon>
[{76CBCF38-0583-44C7-A1AE-D463DFE625EC}]    <C:\WINDOWS\system32\skcfujQ5EDN.dll>
[{1719B301-B494-4185-9379-242461F9CF02}]    <C:\WINDOWS\system32\BtmBAnd89jc9PsPq5EKNj.inf>
[{51716C09-6B08-4CCF-B526-718E912C0573}]    <C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll>
[{84639C2D-CD75-4081-B515-329AFCECBF19}]    <C:\WINDOWS\Downloaded Program Files\SjRjQgREDp3P8B4rEEg.cur>
[{11FDB6D4-166A-47BF-A0F8-A09DABA75FC1}]    <C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf>
[{9C20D654-5AF8-4DB7-A125-1A17D7065C73}]    <C:\WINDOWS\system32\uV4kFmSjPK7eKfenjpv9Ct.inf>
[{704C3595-DB85-40F6-A601-8D6F346907BD}]    <C:\WINDOWS\system32\704C3595.dll>
[{93DA1E7D-7C46-4F90-8674-EC90511FCA72}]    <C:\WINDOWS\system32\CDuAUVkGy9.dll>
[{87DE8A1A-96C5-4420-B222-EF998F697CE7}]    <C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.inf>
[{C20C5A13-4DD7-40D9-90B4-700BAB0BBBE9}]    <C:\WINDOWS\system32\S5kSrtwDf35EW9f2kBDF.inf>
[{6049BC02-7EDA-4C41-B4AB-D5398607C39E}]    <C:\WINDOWS\Tasks\yGfdVUegEQm9fhY5rnN.inf>
[{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}]    <C:\WINDOWS\system32\122B901E.dll>
[{4F5EEDE5-1687-49D2-8A17-FF0B454FB37B}]    <C:\WINDOWS\system32\qzp3jTZCSfSh.dll>
[{136F4843-F6B1-459F-83B5-7B0F982FDDA5}]    <C:\WINDOWS\Tasks\FkTQEF2gVvZ9fR7v5HE.inf>
[{A2BCFCEE-C939-433F-A32A-7353A6E720DB}]    <C:\WINDOWS\Tasks\JJX5r8wnsqUnNxGwpwn.inf>
[{2EF0D734-21FD-4225-A1A2-BCD296182AAF}]    <C:\WINDOWS\system32\2EF0D734.dll>
[{526EB425-7F56-4773-8D70-B8E45AA8E2B6}]    <C:\WINDOWS\Downloaded Program Files\WUstNjhyfQfpv8PQbC.cur>
[{CD478099-014D-4B3A-A4BB-B518F1019BC7}]    <C:\WINDOWS\system32\SCEVFJRCmaB7.dll>
[{0DCB6565-A9F9-41CA-97E1-65F4A6345F3E}]    <C:\WINDOWS\Tasks\2VeFNvQbcyFhKUaXTVE9.inf>
[{827E2FB4-1047-43DE-848D-E12BB0C97AAB}]    <C:\WINDOWS\Tasks\SbrmpxjdCrgRAFhz4gHh.inf>
注意该项[AppInit_DLLs]修改：把<C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf,,msinet32.dll>修改为<>即清空
[{C1B34818-3883-4A0A-9665-189A8A39EAB0}]    <C:\WINDOWS\system32\B4yNKrEEhEerKFeeA4.inf>

    启动项目 －－ 服务－－ 驱动程序之如下项禁用：
[npkycryp / npkycryp]    <\??\C:\WINDOWS\system32\npkycryp.sys>
[npkcrypt / npkcrypt]    <\??\C:\WINDOWS\system32\npkcrypt.sys>

**************以上分析报告由SREngLog分析助手提供******************

还有下载修复映像劫持工具。

非常感谢楼上的朋友，昨天下载了一个卡巴斯基，QQ系统消息等解决了，但杀毒软件还是报有毒，反复杀不掉，再次上传日志，请帮忙看看

((本附件程序仅适合这位求助者使用，因为涉及系统重要文件的替换，所以任何其他求助者绝对不能随意使用这个附件程序。))
下载附件，解压至桌面，启动里面的程序后，点击“开始处理”，程序提示重启电脑时，暂时不重启。

关闭程序后，将会自动启动“dll免疫重定向工具”程序出来，点击界面上的“设置”并重启电脑即可。

附件: 新助手.rar (2009-9-29 9:45:08, 251.67 K)
该附件被下载次数 246

记住不要让任何安全软件影响本程序的运行。 （右键选择“目标另存为”下载）本链接不支持迅雷等下载工具下载

进系统后下载W i n d o w s 清理助手 ，升级清理你那系统。
W i n d o w s 清理助手 下载：http://www.arswp.com/

杀毒软件升级至最新版本全盘杀。反复查杀无毒后即可。

记得打全系统漏洞补丁