用最新的极品火车时刻表的时候出的病毒！

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)

用你的SRENG判断删除：
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<pdfFactory Pro Dispatcher v2><"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /runonce>  [FinePrint Software, LLC]
    <FinePrint Dispatcher v5><"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /runonce>  [FinePrint Software, LLC]
<Kontiki><"C:\Program Files\Kontiki\khost.exe" -i -p ey-ey>  [Kontiki Inc.]
<Protect Tray><"C:\Program Files\Pointsec\P95tray.exe">  [Pointsec Mobile Technologies AB]
<BigDogPath><C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera>  [File is missing]
<OdTray.exe><>  [N/A]
<BLOG><rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog>  []
<AAPAcqService><C:\Program Files\AAP\ACQ\EY.AAP.Acquisition.exe>  [ ]
威胁：
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <cmss><C:\WINDOWS\TEMP\cmss.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\AuditingTools]
    <N/A><C:\WINDOWS\System32\msiexec.exe /i C:\WINDOWS\EYINST\AudTools256\AuditingToolbar.msi /qb>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\BrandingZone]
    <N/A><C:\WINDOWS\EYINST\The_Branding_Zone\Branding_Zone_USER.EXE /S>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\EY_Leads_Branding]
    <N/A><C:\WINDOWS\EYINST\ACS_Offline_Course_Manager\EY_Leads.EXE /S>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\EY_Templates_and_Fonts]
    <N/A><msiexec /I C:\WINDOWS\EYINST\EY_GCL_VI_Fonts_and_Templates\EY_Templates_and_Fonts.msi /QN>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\GFISDC]
    <N/A><C:\WINDOWS\EYINST\GFIS_Digital_Certificate\GFISDC_AS.EXE>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Odyssey_Update]
    <N/A><C:\WINDOWS\EYINST\Odyssey_Update\AS_OdysseyUpdate.EXE /S>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\SamplingAssistant]
    <N/A><C:\WINDOWS\system32\msiexec.exe /i C:\WINDOWS\EYINST\SaAssist22\SaAssist22.msi /qb>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Surge]
    <N/A><C:\WINDOWS\System32\msiexec.exe /i C:\WINDOWS\EYINST\SURGE307\Surge.msi /qb>  [File is missing]


服务：
风险：
[ThinkPad PM Service / IBMPMSVC][Running/Auto Start]
  <C:\WINDOWS\System32\ibmpmsvc.exe><>.
威胁：
[Pointsec / Pointsec][Running/Auto Start]
  <C:\WINDOWS\system32\PROT_SRV.EXE><N/A>
[Pointsec update agent / Pointsec_agent][Running/Auto Start]
  <C:\WINDOWS\system32\pagents.exe><N/A>
[Pointsec service start / Pointsec_start][Running/Auto Start]
  <C:\WINDOWS\system32\PSTARTSR.EXE><N/A>
[IBM PSA Access Driver Control / PsaSrv][Stopped/Manual Start]
  <C:\WINDOWS\system32\PsaSrv.exe><N/A>
[d346bus / d346bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d346bus.sys><>
[d346prt / d346prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d346prt.sys><>
下列威胁正在运行

[PID: 508 / SYSTEM][C:\WINDOWS\system32\PROT_SRV.EXE]  [N/A, ]
[PID: 616 / SYSTEM][C:\WINDOWS\system32\pagents.exe]  [N/A, ]
[PID: 728 / SYSTEM][C:\WINDOWS\system32\PSTARTSR.EXE]  [N/A, ]
[PID: 2440 / SYSTEM][C:\PROGRA~1\CYBERA~1\pcs.exe]  [InfoExpress, 2.2b]
    [C:\WINDOWS\system32\Vsctool.dll]  [N/A, ]
    [C:\WINDOWS\system32\cahooknt.dll]  [InfoExpress, 2.2b]
    [C:\WINDOWS\system32\cahookd.dll]  [InfoExpress, 2.2b]
[C:\WINDOWS\system32\odyEvent.dll]  [Funk Software, Inc., 3.111.0.2843]
    [C:\WINDOWS\system32\tphklock.dll]  [N/A, ]
[C:\WINDOWS\system32\notifyf2.dll]  [N/A, ]
建议用流氓软件清除工具
如我签名的WINDOWS清理助手