附件:

启动项目
注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Infected) Microsoft Corporation]


启动文件夹
[MIS]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\MIS.exe -->  [File is missing]><N>
[dflljy]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\dflljy.exe -->  [File is missing]><N>

服务
[Windows Time / W32Time][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->c:\windows\system32\wins\ozoxbhrey.dll><Microsoft LTD.>


正在运行的进程

[PID: 920 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [c:\windows\system32\wins\ozoxbhrey.dll]  [Microsoft LTD., 3.1.2.539]

[PID: 2616 / Administrator][C:\program files\internet explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system\llbjyn32bb.dll]  [N/A, ]


进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 2312, C:\WINDOWS\SYSTEM32\CTFMON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2312, C:\WINDOWS\SYSTEM32\CTFMON.EXE]