刚开机就跳出来CMD的对话筐  不停的跳网页 大部分程序用行不了  任务管理器大不开  自动关机  一直跳对话筐 自动关闭对话筐 自动下载东西  进程里有数百个乱码的进程 

都不知道怎么办好  帮帮忙  太恐怖了


SREn不能 用

病毒还没启动时才能用你上面哪个程序  还好程序运行快




未知家族病毒分析
扫描结果:
无可疑文件


系统活动进程
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.DLL
C:\WINDOWS\SYSTEM32\WGALOGON.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\ATI2EDXX.DLL
C:\WINDOWS\SYSTEM32\ATIPDLXX.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\IMON.DLL
C:\PROGRAM FILES\ESET\PR_IMON.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\IMON.DLL
C:\PROGRAM FILES\ESET\PR_IMON.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\ATI2EDXX.DLL
C:\WINDOWS\SYSTEM32\ATIPDLXX.DLL
C:\WINDOWS\SYSTEM32\ATI2EVXX.DLL

C:\WINDOWS\SYSTEM32\USERINIT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\1234.EXE

普通自启动项

系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = C:\WINDOWS\notepad.exe %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> WordPad.Document.1 = "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

其它启动项
WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe
SCRNSAVE.EXE = C:\WINDOWS\system32\aurora.scr


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
AtiExtEvent = ATI2EVXX.DLL
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
WgaLogon = WGALOGON.DLL
wlballoon = WLNOTIFY.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE


IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{00000000-12C9-4305-82F9-43058F20E8D2} = C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll
{01443AEC-0FD1-40fd-9C87-E93D1494C233} = C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} = C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
{889D2FEB-5411-4565-8998-1DD2C5261283} = C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} = C:\Program Files\360safe\safemon\safemon.dll
{E5A1691B-D188-4419-AD02-90002030B8EE} = C:\PROGRA~1\FlashFXP\IEFlash.dll


Winsock SPI
NOD32 protected [MSAFD Tcpip [TCP/IP]] = C:\WINDOWS\SYSTEM32\IMON.DLL
NOD32 protected [MSAFD Tcpip [UDP/IP]] = C:\WINDOWS\SYSTEM32\IMON.DLL
NOD32 protected [MSAFD Tcpip [RAW/IP]] = C:\WINDOWS\SYSTEM32\IMON.DLL
NOD32 protected [RSVP UDP Service Provider] = C:\WINDOWS\SYSTEM32\IMON.DLL
NOD32 protected [RSVP TCP Service Provider] = C:\WINDOWS\SYSTEM32\IMON.DLL
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
NOD32 = C:\WINDOWS\SYSTEM32\IMON.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{AC69FF0E-D54C-467B-A05B-6D40F8BB1550}] SEQPACKET 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{AC69FF0E-D54C-467B-A05B-6D40F8BB1550}] DATAGRAM 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{66EF0B2E-BB24-4850-96B5-2A91776527A3}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{66EF0B2E-BB24-4850-96B5-2A91776527A3}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{062F929F-6F28-4E13-A4E8-B83021660110}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{062F929F-6F28-4E13-A4E8-B83021660110}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{241D4D37-C0F1-4584-B1BD-87EED6D0F1FC}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{241D4D37-C0F1-4584-B1BD-87EED6D0F1FC}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{99B4C189-4FB8-4511-8424-BA511927880C}] SEQPACKET 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{99B4C189-4FB8-4511-8424-BA511927880C}] DATAGRAM 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5BFB67D3-CD47-4B5B-8226-5F5E3246DC2D}] SEQPACKET 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5BFB67D3-CD47-4B5B-8226-5F5E3246DC2D}] DATAGRAM 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL

系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
03TV2 = C:\WINDOWS\03TV2.EXE -C4ESO47MY1F
07J94V0UONKH = C:\WINDOWS\07J94V0UONKH.EXE -PNFT41
0BQQR6J5OUI = C:\WINDOWS\0BQQR6J5OUI.EXE -4A2W4UMK2JA0
0OVWSWE = C:\WINDOWS\SYSTEM32\0OVWSWE.EXE -BVUM5D5SRS2P
1NIOK = C:\WINDOWS\1NIOK.EXE -VPXP8
1P8TR0ISQEWJ = C:\WINDOWS\SYSTEM32\1P8TR0ISQEWJ.EXE -5GZMLWD2
1YB767L3TYB = C:\WINDOWS\1YB767L3TYB.EXE -S15HZD0
2ALHNBPX = C:\WINDOWS\2ALHNBPX.EXE -W71LCUPU8TK2
3M123XPH19 = C:\WINDOWS\SYSTEM32\3M123XPH19.EXE -6Z744H24
409XEUZUBV9 = C:\WINDOWS\SYSTEM32\409XEUZUBV9.EXE -UUDEF
40B3W6 = C:\WINDOWS\40B3W6.EXE -I91B36GCZ8
48SH2RD = C:\WINDOWS\SYSTEM32\48SH2RD.EXE -AYKJ82
4ASLYQ = C:\WINDOWS\4ASLYQ.EXE -V0QBUF93KP2
4JMJ0HG15 = C:\WINDOWS\4JMJ0HG15.EXE -NZVEXA
4LQPGL0IRA89 = C:\WINDOWS\SYSTEM32\4LQPGL0IRA89.EXE -NVUAPHADL
50R72 = C:\WINDOWS\SYSTEM32\50R72.EXE -265XXDH8
56XJJYNH8P31 = C:\WINDOWS\SYSTEM32\56XJJYNH8P31.EXE -7ZHD9L4
5BKJ03 = C:\WINDOWS\5BKJ03.EXE -LP3QNEO3S
5HT8IQQB1JF = C:\WINDOWS\5HT8IQQB1JF.EXE -YRBDUAYN6
5WFCPU76H6Q2 = C:\WINDOWS\SYSTEM32\5WFCPU76H6Q2.EXE -IL9B7GH6B
6OOCECELAA5 = C:\WINDOWS\SYSTEM32\6OOCECELAA5.EXE -O4Z1DD2X0MBE
6QLXXK9CY1E = C:\WINDOWS\6QLXXK9CY1E.EXE -D7GKPZ5I9K
6YRDEZP1NTZ = C:\WINDOWS\6YRDEZP1NTZ.EXE -5HXXSY0LEE
76UEDINM = C:\WINDOWS\76UEDINM.EXE -QP73QP
7BTG94UHJP1W = C:\WINDOWS\7BTG94UHJP1W.EXE -SYX2VP0P
7K6NXM7HK1K = C:\WINDOWS\SYSTEM32\7K6NXM7HK1K.EXE -CR5U5
7M5J9X3UB = C:\WINDOWS\SYSTEM32\7M5J9X3UB.EXE -Y2WD2NPOEMVF
7TXJH28 = C:\WINDOWS\SYSTEM32\7TXJH28.EXE -91EGV
89NXI = C:\WINDOWS\SYSTEM32\89NXI.EXE -MEUKB7U6EORD
8G3390CGAKD9 = C:\WINDOWS\8G3390CGAKD9.EXE -8VFPHR8PF
8X0PSV1 = C:\WINDOWS\8X0PSV1.EXE -M98FFY
9TINC = C:\WINDOWS\9TINC.EXE -K633R5RN
Alerter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
ALG = C:\WINDOWS\SYSTEM32\ALG.EXE
AppMgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Ati HotKey Poller = C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
AudioSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
BCSG5DQ2 = C:\WINDOWS\SYSTEM32\BCSG5DQ2.EXE -RARFF
BITS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Browser = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
BUU6XBO7J9I = C:\WINDOWS\BUU6XBO7J9I.EXE -DZTA12
BYYDH7AJ41 = C:\WINDOWS\BYYDH7AJ41.EXE -5SJBRH
C32OFK8 = C:\WINDOWS\C32OFK8.EXE -18OMWUK9
ccosm = C:\PROGRAM FILES\STORMII\STORMLIV.EXE /ASSERVICE
CDK1R7IL = C:\WINDOWS\CDK1R7IL.EXE -YSWA8CEYWC
CiSvc = C:\WINDOWS\SYSTEM32\CISVC.EXE
CIZ4WMGDC2JA = C:\WINDOWS\SYSTEM32\CIZ4WMGDC2JA.EXE -3JT0ZQB9UYOS
ClipSrv = C:\WINDOWS\SYSTEM32\CLIPSRV.EXE
COMSysApp = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
CryptSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
D30C0L = C:\WINDOWS\SYSTEM32\D30C0L.EXE -K3LKII1J
D3WZXKT = C:\WINDOWS\D3WZXKT.EXE -9YJW0K3PU
DcomLaunch = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Dhcp = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
dmadmin = C:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM
dmserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dnscache = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE
E1PCLSF4G3YE = C:\WINDOWS\E1PCLSF4G3YE.EXE -K97V97A7
E1RK4K = C:\WINDOWS\E1RK4K.EXE -VGIDSA2
EHBMJ3E = C:\WINDOWS\EHBMJ3E.EXE -45SQNBEGU3
EJBIXQXTR0EK = C:\WINDOWS\EJBIXQXTR0EK.EXE -4CMC9YPZRU9
EM41HNVBJKAX = C:\WINDOWS\EM41HNVBJKAX.EXE -VD7GOQSFKSG7
ERSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Eventlog = C:\WINDOWS\SYSTEM32\SERVICES.EXE
EventSystem = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
F5SP82E20 = C:\WINDOWS\SYSTEM32\F5SP82E20.EXE -ZOTN6O
FastUserSwitchingCompatibility = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
FTIHOCQSS1 = C:\WINDOWS\FTIHOCQSS1.EXE -42VQ25DUPTNE
GJ2AV = C:\WINDOWS\GJ2AV.EXE -GOXV7PTTWUZC
H93PAN6HB = C:\WINDOWS\H93PAN6HB.EXE -OKNHO0E6087C
helpsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HidServ = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HTTPFilter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER
ImapiService = C:\WINDOWS\SYSTEM32\IMAPI.EXE
IPN7QWA0F = C:\WINDOWS\IPN7QWA0F.EXE -PVAONIA
IQMDP = C:\WINDOWS\IQMDP.EXE -ZQX2FIWXVIQN
JA0MA4T = C:\WINDOWS\JA0MA4T.EXE -3V8M0KSV0
JNMZUO = C:\WINDOWS\JNMZUO.EXE -UKTV5LSTTY2
JS7AA = C:\WINDOWS\JS7AA.EXE -SY6HHNP
K0B9X3JTMB = C:\WINDOWS\SYSTEM32\K0B9X3JTMB.EXE -JWXTTUE
L04C8 = C:\WINDOWS\SYSTEM32\L04C8.EXE -98Z9A
lanmanserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
lanmanworkstation = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
LEB2QNZF2 = C:\WINDOWS\SYSTEM32\LEB2QNZF2.EXE -AX2150
LIEOW = C:\WINDOWS\LIEOW.EXE -Q8CU8
LmHosts = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
LQ0UAE2CBDI = C:\WINDOWS\LQ0UAE2CBDI.EXE -MAVBZV7P
M4YY3L8P = C:\WINDOWS\SYSTEM32\M4YY3L8P.EXE -P78H6W6
Messenger = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
mnmsrvc = C:\WINDOWS\SYSTEM32\MNMSRVC.EXE
MSDTC = C:\WINDOWS\SYSTEM32\MSDTC.EXE
MSIServer = C:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V
NetDDE = C:\WINDOWS\SYSTEM32\NETDDE.EXE
NetDDEdsdm = C:\WINDOWS\SYSTEM32\NETDDE.EXE
Netlogon = C:\WINDOWS\SYSTEM32\LSASS.EXE
Netman = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Nla = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NOD32krn = "C:\PROGRAM FILES\ESET\NOD32KRN.EXE"
NOYIT2OLLNW4 = C:\WINDOWS\NOYIT2OLLNW4.EXE -E5FSUDCA80V
NtLmSsp = C:\WINDOWS\SYSTEM32\LSASS.EXE
NtmsSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
OOBS6EUG = C:\WINDOWS\SYSTEM32\OOBS6EUG.EXE -H4UAF3LGT3ED
OOQQAM = C:\WINDOWS\SYSTEM32\OOQQAM.EXE -S91898RPETN
P4P Service = C:\PROGRAM FILES\COMMON FILES\SOGOU PXP\P2PSVR.EXE
P9BIBNIBBEGP = C:\WINDOWS\P9BIBNIBBEGP.EXE -3XR6KX6M5
PBO7D19 = C:\WINDOWS\PBO7D19.EXE -GRWKHTG1
PlugPlay = C:\WINDOWS\SYSTEM32\SERVICES.EXE
PO1D8360RU2 = C:\WINDOWS\SYSTEM32\PO1D8360RU2.EXE -0Z883WL
PolicyAgent = C:\WINDOWS\SYSTEM32\LSASS.EXE
ProtectedStorage = C:\WINDOWS\SYSTEM32\LSASS.EXE
PWPXL2RS = C:\WINDOWS\PWPXL2RS.EXE -Y3KGA1QL95
QIBSDK11Q8Q = C:\WINDOWS\QIBSDK11Q8Q.EXE -00PNI
QXS5PP9BW284 = C:\WINDOWS\QXS5PP9BW284.EXE -PNB1J3Y73SAU
RasAuto = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RasMan = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RDSessMgr = C:\WINDOWS\SYSTEM32\SESSMGR.EXE
RemoteAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
RNN7H6YL96 = C:\WINDOWS\RNN7H6YL96.EXE -MYZENS4W6SKT
RpcLocator = C:\WINDOWS\SYSTEM32\LOCATOR.EXE
RpcSs = C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS
RSVP = C:\WINDOWS\SYSTEM32\RSVP.EXE
RYOK66HGX = C:\WINDOWS\SYSTEM32\RYOK66HGX.EXE -D6MVM5
SamSs = C:\WINDOWS\SYSTEM32\LSASS.EXE
SCardSvr = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
Schedule = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
seclogon = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SENS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SGCBPA44X = C:\WINDOWS\SGCBPA44X.EXE -47E6XL18HD
SharedAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ShellHWDetection = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Spooler = C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
srservice = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SSDPSRV = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
stisvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC
SwPrv = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{AE46E88E-DF39-40D6-8995-E4D74EC975B8}
SysmonLog = C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE
T4BU891 = C:\WINDOWS\T4BU891.EXE -4QUIL4D
TapiSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TermService = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Themes = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TIYLVX7UA = C:\WINDOWS\TIYLVX7UA.EXE -KIEHI5
TlntSvr = C:\WINDOWS\SYSTEM32\TLNTSVR.EXE
TrkWks = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
U3I80YV751 = C:\WINDOWS\U3I80YV751.EXE -WWPDPQIF
UMWdf = C:\WINDOWS\SYSTEM32\WDFMGR.EXE
UODCYJ = C:\WINDOWS\UODCYJ.EXE -7G6QD4AIJN
upnphost = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
UPS = C:\WINDOWS\SYSTEM32\UPS.EXE
VAK8W = C:\WINDOWS\VAK8W.EXE -AX76A2Z
VAMUWBCBS8 = C:\WINDOWS\SYSTEM32\VAMUWBCBS8.EXE -GK87ZF7TC
VNOF8MCFTPL = C:\WINDOWS\VNOF8MCFTPL.EXE -CFEDG
VO5TV = C:\WINDOWS\VO5TV.EXE -WMW14KLO44B
VSS = C:\WINDOWS\SYSTEM32\VSSVC.EXE
W32Time = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WebClient = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
winmgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmdmPmSN = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Wmi = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmiApSrv = C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
wscsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WT397ODPS5 = C:\WINDOWS\WT397ODPS5.EXE -X4XB0ZN16MS9
wuauserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WUFGGR1J447G = C:\WINDOWS\WUFGGR1J447G.EXE -8JZ41C16
WZCSVC = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
X7KUFEOR = C:\WINDOWS\X7KUFEOR.EXE -92OQ5YDB
XDH7R = C:\WINDOWS\XDH7R.EXE -RWF7AZWKPQ8Y
xmlprov = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
XQVHU = C:\WINDOWS\XQVHU.EXE -RFUGICCM
YDYN9B4I = C:\WINDOWS\YDYN9B4I.EXE -GMJ2IZBPGJA
YQ5CJDAKC = C:\WINDOWS\SYSTEM32\YQ5CJDAKC.EXE -D9EUO
Z41O5ZI2 = C:\WINDOWS\SYSTEM32\Z41O5ZI2.EXE -1FHJ30TIAI


文件驱动
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
FltMgr = C:\WINDOWS\SYSTEM32\DRIVERS\FLTMGR.SYS
MRxDAV = C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS
MRxSmb = C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS
NetBIOS = C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS
Rdbss = C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS
sr = C:\WINDOWS\SYSTEM32\DRIVERS\SR.SYS
Srv = C:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS


系统驱动项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
2X4S1 = C:\WINDOWS\5FICEKYQN9R.TXT
569C0DA25K = C:\WINDOWS\BJPR21FNSY.TXT
ACPI = C:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS
aec = C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS
AFD = C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS
ALCXWDM = C:\WINDOWS\SYSTEM32\DRIVERS\ALCXWDM.SYS
AMON = C:\WINDOWS\SYSTEM32\DRIVERS\AMON.SYS
AsyncMac = C:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS
atapi = C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS
ati2mtag = C:\WINDOWS\SYSTEM32\DRIVERS\ATI2MTAG.SYS
Atmarpc = C:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS
audstub = C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS
CCDECODE = C:\WINDOWS\SYSTEM32\DRIVERS\CCDECODE.SYS
Cdrom = C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS
Disk = C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS
dmboot = C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS
dmio = C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS
dmload = C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS
DMusic = C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS
drmkaud = C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS
Fdc = C:\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS
Flpydisk = C:\WINDOWS\SYSTEM32\DRIVERS\FLPYDISK.SYS
FsVga = C:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS
Ftdisk = C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS
Gpc = C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS
HTTP = C:\WINDOWS\SYSTEM32\DRIVERS\HTTP.SYS
i8042prt = C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS
Imapi = C:\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS
intelppm = C:\WINDOWS\SYSTEM32\DRIVERS\INTELPPM.SYS
Ip6Fw = C:\WINDOWS\SYSTEM32\DRIVERS\IP6FW.SYS
IpFilterDriver = C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS
IpInIp = C:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS
IpNat = C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS
IPSec = C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS
IRENUM = C:\WINDOWS\SYSTEM32\DRIVERS\IRENUM.SYS
isapnp = C:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS
J08EDAE8 = C:\WINDOWS\DR9C3XW.TXT
Kbdclass = C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS
kmixer = C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS
LXFWBLL6F = C:\WINDOWS\7C35UI.TXT
LZ7CGFV8 = C:\WINDOWS\LY66LS01A4A.TXT
Mouclass = C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS
MSKSSRV = C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.SYS
MSPCLOCK = C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.SYS
MSPQM = C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.SYS
mssmbios = C:\WINDOWS\SYSTEM32\DRIVERS\MSSMBIOS.SYS
MSTEE = C:\WINDOWS\SYSTEM32\DRIVERS\MSTEE.SYS
NABTSFEC = C:\WINDOWS\SYSTEM32\DRIVERS\NABTSFEC.SYS
NdisIP = C:\WINDOWS\SYSTEM32\DRIVERS\NDISIP.SYS
NdisTapi = C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS
Ndisuio = C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS
NdisWan = C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS
NESCU0FF4 = C:\WINDOWS\GKOVDOB4NPY.TXT
NetBT = C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS
nod32drv = C:\WINDOWS\SYSTEM32\DRIVERS\NOD32DRV.SYS
npkcrypt = C:\WINDOWS\SYSTEM32\NPKCRYPT.SYS
npkycryp = C:\WINDOWS\SYSTEM32\NPKYCRYP.SYS
NwlnkFlt = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS
NwlnkFwd = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS
O3XM4U8V9H9 = C:\WINDOWS\J3VNG26ANIEY.TXT
Parport = C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS
PCI = C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS
PCIIde = C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS
PptpMiniport = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS
PSched = C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS
Ptilink = C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
QT0P7I6OS9UW = C:\WINDOWS\KDN7V2VOBEH.TXT
RasAcd = C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS
Rasl2tp = C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS
RasPppoe = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS
Raspti = C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS
RDPCDD = C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS
rdpdr = C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS
redbook = C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS
rtl8139 = C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.SYS
Secdrv = C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS
serenum = C:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS
Serial = C:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS
SLIP = C:\WINDOWS\SYSTEM32\DRIVERS\SLIP.SYS
splitter = C:\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS
streamip = C:\WINDOWS\SYSTEM32\DRIVERS\STREAMIP.SYS
swenum = C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS
swmidi = C:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS
sysaudio = C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS
Tcpip = C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS
TermDD = C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS
TesSafe = C:\WINDOWS\SYSTEM32\TESSAFE.SYS
Update = C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS
usbehci = C:\WINDOWS\SYSTEM32\DRIVERS\USBEHCI.SYS
usbhub = C:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS
USBSTOR = C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS
usbuhci = C:\WINDOWS\SYSTEM32\DRIVERS\USBUHCI.SYS
V8ZDSBZH1 = C:\WINDOWS\O35KY.TXT
VgaSave = C:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS
Wanarp = C:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS
wdmaud = C:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS
WS2IFSL = C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS
WSTCODEC = C:\WINDOWS\SYSTEM32\DRIVERS\WSTCODEC.SYS
Z9Y07EG3 = C:\WINDOWS\DH4PBOMQPM.TXT
ZSMC0305 = C:\WINDOWS\SYSTEM32\DRIVERS\USBVM305.SYS

病毒启动了 啥也打不开 你看 系统服务项  除基本启动项外 其他都是

安全模式进不去  我运行诊断模式 也加载
感谢CCTV 我终于用SREngLOG扫描出来了 谢谢 大哥 大姐们

[CODE]

2008-07-18,18:02:07

System Repair Engineer 2..4
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\aurora.scr>  [Axialis Software]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <bgswitch><; C:\WINDOWS\system32\bgswitch.exe>  []
    <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <PPS Accelerator><; E:\PPStream\ppsap.exe>  [PPStream Inc]

==================================
启动文件夹
[0U4PQ]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\0U4PQ.BAT -->  [N/A]><N>
[0U4PQ]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\0U4PQ.lnk --> C:\WINDOWS\NQYT4O~1.EXE [Ms Company]><H>
[2FEEVXWD6NY]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\2FEEVXWD6NY.BAT -->  [N/A]><N>
[2FEEVXWD6NY]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\2FEEVXWD6NY.lnk --> C:\WINDOWS\XMMLUHI4.exe [Ms Company]><H>
[4OY5EO]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\4OY5EO.BAT -->  [N/A]><N>
[4OY5EO]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\4OY5EO.lnk --> C:\WINDOWS\9ICNZ2AF.exe [Ms Company]><H>
[4V3HPG5]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\4V3HPG5.lnk --> C:\WINDOWS\0BQQR6J5OUI.exe [N/A]><H>
[52WDGBM]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\52WDGBM.BAT -->  [N/A]><N>
[52WDGBM]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\52WDGBM.lnk --> C:\WINDOWS\L9SF8J.exe [Ms Company]><H>
[B0IMWW28R795]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\B0IMWW28R795.lnk --> C:\WINDOWS\4JMJ0HG15.exe [N/A]><H>
[BHZJ18L6Y]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\BHZJ18L6Y.lnk --> C:\WINDOWS\M6GRCH~1.EXE [Ms Company]><H>
[BIKW8FB]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\BIKW8FB.lnk --> C:\WINDOWS\40B3W6.exe [N/A]><H>
[BILWRI1N4F]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\BILWRI1N4F.lnk --> C:\WINDOWS\U3I80YV751.exe [N/A]><H>
[BP30A3D9]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\BP30A3D9.lnk --> C:\WINDOWS\IQMDP.exe [N/A]><H>
[C97Y63]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\C97Y63.BAT -->  [N/A]><N>
[C97Y63]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\C97Y63.lnk --> C:\WINDOWS\G209T.exe [Ms Company]><H>
[CU5ADZZIAE9]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\CU5ADZZIAE9.BAT -->  [N/A]><N>
[CU5ADZZIAE9]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\CU5ADZZIAE9.lnk --> C:\WINDOWS\UFEVYFS.exe [Ms Company]><H>
[DCXXHZUMW4U7]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\DCXXHZUMW4U7.lnk --> C:\WINDOWS\LQ0UAE2CBDI.exe [N/A]><H>
[DHSBV36XP]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\DHSBV36XP.lnk --> C:\WINDOWS\C32OFK8.exe [N/A]><H>
[DRFQ2DJKQH]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\DRFQ2DJKQH.BAT -->  [N/A]><N>
[DRFQ2DJKQH]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\DRFQ2DJKQH.lnk --> C:\WINDOWS\NSKVWM~1.EXE [Ms Company]><H>
[DT2CT]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\DT2CT.BAT -->  [N/A]><N>
[DT2CT]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\DT2CT.lnk --> C:\WINDOWS\HJAFMF~1.EXE [Ms Company]><H>
[E9AIT7F]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\E9AIT7F.lnk --> C:\WINDOWS\SGCBPA44X.exe [N/A]><H>
[FN383]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\FN383.lnk --> C:\WINDOWS\6QLXXK9CY1E.exe [N/A]><H>
[FS9RKH38ME]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\FS9RKH38ME.lnk --> C:\WINDOWS\H93PAN6HB.exe [N/A]><H>
[GYD1C]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\GYD1C.BAT -->  [N/A]><N>
[GYD1C]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\GYD1C.lnk --> C:\WINDOWS\W3XFIH~1.EXE [Ms Company]><H>
[HAKRIWJXCS4]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\HAKRIWJXCS4.lnk --> C:\WINDOWS\VAK8W.exe [N/A]><H>
[HGMGTXGNEFR]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\HGMGTXGNEFR.BAT -->  [N/A]><N>
[HGMGTXGNEFR]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\HGMGTXGNEFR.lnk --> C:\WINDOWS\PM3GOP.exe [Ms Company]><H>
[JGMJNVPTJJIU]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\JGMJNVPTJJIU.lnk --> C:\WINDOWS\E1RK4K.exe [N/A]><H>
[JP3CG]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\JP3CG.lnk --> C:\WINDOWS\P77W7.exe [Ms Company]><H>
[K9ZA2]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\K9ZA2.lnk --> C:\WINDOWS\JZQEIZ~1.EXE [Ms Company]><H>
[KJBYM]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\KJBYM.BAT -->  [N/A]><N>
[KJBYM]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\KJBYM.lnk --> C:\WINDOWS\RX29BR~1.EXE [Ms Company]><H>
[L5Z6ID]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\L5Z6ID.lnk --> C:\WINDOWS\T4BU891.exe [N/A]><H>
[L98Y2AP]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\L98Y2AP.lnk --> C:\WINDOWS\R5U0B96H.exe [Ms Company]><H>
[LOS5SNLGF]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\LOS5SNLGF.lnk --> C:\WINDOWS\E1PCLSF4G3YE.exe [N/A]><H>
[MXCKJBYMU]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\MXCKJBYMU.lnk --> C:\WINDOWS\X29BRJ.exe [N/A]><H>
[N1YBWGWXSP0]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\N1YBWGWXSP0.lnk --> C:\WINDOWS\WUFGGR1J447G.exe [N/A]><H>
[NK7FFA]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\NK7FFA.lnk --> C:\WINDOWS\1YB767L3TYB.exe [N/A]><H>
[O3JUI1UBH5Z]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\O3JUI1UBH5Z.lnk --> C:\WINDOWS\IPN7QWA0F.exe [N/A]><H>
[O67V9]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\O67V9.lnk --> C:\WINDOWS\2ALHNBPX.exe [N/A]><H>
[ON61HC39]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\ON61HC39.lnk --> C:\WINDOWS\4ASLYQ.exe [N/A]><H>
[OU41VN4DH2]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\OU41VN4DH2.lnk --> C:\WINDOWS\EM41HNVBJKAX.exe [N/A]><H>
[PM33CIZV5XZ]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\PM33CIZV5XZ.lnk --> C:\WINDOWS\5BKJ03.exe [N/A]><H>
[PQHC8]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\PQHC8.lnk --> C:\WINDOWS\LIEOW.exe [N/A]><H>
[QXF5VR]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\QXF5VR.lnk --> C:\WINDOWS\8X0PSV1.exe [N/A]><H>
[RD5ZXAFTAP6Y]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\RD5ZXAFTAP6Y.lnk --> C:\WINDOWS\JA0MA4T.exe [N/A]><H>
[RQ6EPEUOU10]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\RQ6EPEUOU10.BAT -->  [N/A]><N>
[RQ6EPEUOU10]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\RQ6EPEUOU10.lnk --> C:\WINDOWS\PL3H65~1.EXE [Ms Company]><H>
[S0XPSXNL8YEA]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\S0XPSXNL8YEA.lnk --> C:\WINDOWS\07J94V0UONKH.exe [N/A]><H>
[S1VY13L8ZLQ]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\S1VY13L8ZLQ.lnk --> C:\WINDOWS\5HT8IQQB1JF.exe [N/A]><H>
[SFQZS]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\SFQZS.lnk --> C:\WINDOWS\76UEDINM.exe [N/A]><H>
[SIK4HT5]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\SIK4HT5.lnk --> C:\WINDOWS\6YRDEZP1NTZ.exe [N/A]><H>
[T2KPIJM2SFHG]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\T2KPIJM2SFHG.BAT -->  [N/A]><N>
[T2KPIJM2SFHG]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\T2KPIJM2SFHG.lnk --> C:\WINDOWS\PRP796.exe [Ms Company]><H>
[TPEH1LKJR5CV]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\TPEH1LKJR5CV.lnk --> C:\WINDOWS\8G3390CGAKD9.exe [N/A]><H>
[UTCUZ7FY6]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\UTCUZ7FY6.lnk --> C:\WINDOWS\PBO7D19.exe [N/A]><H>
[UTZ70LM]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\UTZ70LM.BAT -->  [N/A]><N>
[UTZ70LM]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\UTZ70LM.lnk --> C:\WINDOWS\ONQHGNA4.exe [Ms Company]><H>
[UYCN3HPQOZ5]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\UYCN3HPQOZ5.lnk --> C:\WINDOWS\JS7AA.exe [N/A]><H>
[VNI0Q8QRTB]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\VNI0Q8QRTB.lnk --> C:\WINDOWS\CDK1R7IL.exe [N/A]><H>
[XKKYY4GWU548]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\XKKYY4GWU548.lnk --> C:\WINDOWS\RNN7H6YL96.exe [N/A]><H>
[XRZJ6ZRHX]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\XRZJ6ZRHX.lnk --> C:\WINDOWS\FTIHOCQSS1.exe [N/A]><H>
[XTICAS38QSEN]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\XTICAS38QSEN.lnk --> C:\WINDOWS\9TINC.exe [N/A]><H>
[Y4XUYU9S7OFV]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Y4XUYU9S7OFV.BAT -->  [N/A]><N>
[Y4XUYU9S7OFV]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Y4XUYU9S7OFV.lnk --> C:\WINDOWS\6UEX3.exe [Ms Company]><H>
[YSJ9AGZWF5]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\YSJ9AGZWF5.BAT -->  [N/A]><N>
[YSJ9AGZWF5]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\YSJ9AGZWF5.lnk --> C:\WINDOWS\ECH37A9O.exe [Ms Company]><H>
[Z8XMOW5F]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Z8XMOW5F.lnk --> C:\WINDOWS\TZ7G5P.exe [Ms Company]><H>
[ZRC1ULXG5]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\ZRC1ULXG5.lnk --> C:\WINDOWS\QXS5PP9BW284.exe [N/A]><H>
[ZS0UPUVGGPF]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\ZS0UPUVGGPF.lnk --> C:\WINDOWS\QIBSDK11Q8Q.exe [N/A]><H>

服务
[TNK7L1L4YDE / 03TV2][Stopped/Auto Start]
  <C:\WINDOWS\03TV2.exe -C4ESO47MY1F><N/A>
[OJTEE97MYM6 / 07J94V0UONKH][Stopped/Auto Start]
  <C:\WINDOWS\07J94V0UONKH.exe -PNFT41><N/A>
[YCAWLKASP / 0BQQR6J5OUI][Stopped/Auto Start]
  <C:\WINDOWS\0BQQR6J5OUI.exe -4A2W4UMK2JA0><N/A>
[IMJS9FG / 0OVWSWE][Stopped/Auto Start]
  <C:\WINDOWS\system32\0OVWSWE.exe -BVUM5D5SRS2P><N/A>
[GKVD6V2RK / 1NIOK][Stopped/Auto Start]
  <C:\WINDOWS\1NIOK.exe -VPXP8><N/A>
[QA0UU5J / 1P8TR0ISQEWJ][Stopped/Auto Start]
  <C:\WINDOWS\system32\1P8TR0ISQEWJ.exe -5GZMLWD2><N/A>
[2Y6HYWGEVZC / 1YB767L3TYB][Stopped/Auto Start]
  <C:\WINDOWS\1YB767L3TYB.exe -S15HZD0><N/A>
[LZLEQ / 2ALHNBPX][Stopped/Auto Start]
  <C:\WINDOWS\2ALHNBPX.exe -W71LCUPU8TK2><N/A>
[QD1EJIMB / 3M123XPH19][Stopped/Auto Start]
  <C:\WINDOWS\system32\3M123XPH19.exe -6Z744H24><N/A>
[E00DZCW72 / 409XEUZUBV9][Stopped/Auto Start]
  <C:\WINDOWS\system32\409XEUZUBV9.exe -UUDEF><N/A>
[F14SOQDRBV / 40B3W6][Stopped/Auto Start]
  <C:\WINDOWS\40B3W6.exe -I91B36GCZ8><N/A>
[1Z1TMLQ / 48SH2RD][Stopped/Auto Start]
  <C:\WINDOWS\system32\48SH2RD.exe -AYKJ82><N/A>
[E6CITSM4K / 4ASLYQ][Stopped/Auto Start]
  <C:\WINDOWS\4ASLYQ.exe -V0QBUF93KP2><N/A>
[E23JT6ZBF / 4JMJ0HG15][Stopped/Auto Start]
  <C:\WINDOWS\4JMJ0HG15.exe -NZVEXA><N/A>
[R1VWOA79 / 4LQPGL0IRA89][Stopped/Auto Start]
  <C:\WINDOWS\system32\4LQPGL0IRA89.exe -NVUAPHADL><N/A>
[7I0TRU1VCC6 / 50R72][Stopped/Auto Start]
  <C:\WINDOWS\system32\50R72.exe -265XXDH8><N/A>
[G8PJR8U / 56XJJYNH8P31][Stopped/Auto Start]
  <C:\WINDOWS\system32\56XJJYNH8P31.exe -7ZHD9L4><N/A>
[SIBKD77O9 / 5BKJ03][Stopped/Auto Start]
  <C:\WINDOWS\5BKJ03.exe -LP3QNEO3S><N/A>
[AI9GSE15 / 5HT8IQQB1JF][Stopped/Auto Start]
  <C:\WINDOWS\5HT8IQQB1JF.exe -YRBDUAYN6><N/A>
[LAS14QW1PPD7 / 5WFCPU76H6Q2][Stopped/Auto Start]
  <C:\WINDOWS\system32\5WFCPU76H6Q2.exe -IL9B7GH6B><N/A>
[RJQMK / 6OOCECELAA5][Stopped/Auto Start]
  <C:\WINDOWS\system32\6OOCECELAA5.exe -O4Z1DD2X0MBE><N/A>
[0K7WRC2T44SZ / 6QLXXK9CY1E][Stopped/Auto Start]
  <C:\WINDOWS\6QLXXK9CY1E.exe -D7GKPZ5I9K><N/A>
[DEW0X2U6 / 6UEX3][Running/Auto Start]
  <C:\WINDOWS\6UEX3.exe -A0HRI0><Ms Company>
[Z4O0Y1NYT6FW / 6YRDEZP1NTZ][Stopped/Auto Start]
  <C:\WINDOWS\6YRDEZP1NTZ.exe -5HXXSY0LEE><N/A>
[Y19KLNNBFNEO / 76UEDINM][Stopped/Auto Start]
  <C:\WINDOWS\76UEDINM.exe -QP73QP><N/A>
[VZYW4DRZT3 / 7BTG94UHJP1W][Stopped/Auto Start]
  <C:\WINDOWS\7BTG94UHJP1W.exe -SYX2VP0P><N/A>
[OMARV76K3 / 7K6NXM7HK1K][Stopped/Auto Start]
  <C:\WINDOWS\system32\7K6NXM7HK1K.exe -CR5U5><N/A>
[FQCI8O / 7M5J9X3UB][Stopped/Auto Start]
  <C:\WINDOWS\system32\7M5J9X3UB.exe -Y2WD2NPOEMVF><N/A>
[EWLYPJMQ9A / 7TXJH28][Stopped/Auto Start]
  <C:\WINDOWS\system32\7TXJH28.exe -91EGV><N/A>
[MH1RWA / 89NXI][Stopped/Auto Start]
  <C:\WINDOWS\system32\89NXI.exe -MEUKB7U6EORD><N/A>
[DT43ED6ITZC / 8G3390CGAKD9][Stopped/Auto Start]
  <C:\WINDOWS\8G3390CGAKD9.exe -8VFPHR8PF><N/A>
[XNQN9R / 8X0PSV1][Stopped/Auto Start]
  <C:\WINDOWS\8X0PSV1.exe -M98FFY><N/A>
[A458QL / 9ICNZ2AF][Running/Auto Start]
  <C:\WINDOWS\9ICNZ2AF.exe -MPAAYOUMNT><Ms Company>
[7C4L0IY / 9TINC][Stopped/Auto Start]
  <C:\WINDOWS\9TINC.exe -K633R5RN><N/A>
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[P0PMUTD / BCSG5DQ2][Stopped/Auto Start]
  <C:\WINDOWS\system32\BCSG5DQ2.exe -RARFF><N/A>
[AIX6JFE7M / BUU6XBO7J9I][Stopped/Auto Start]
  <C:\WINDOWS\BUU6XBO7J9I.exe -DZTA12><N/A>
[EE4J48X / BYYDH7AJ41][Running/Auto Start]
  <C:\WINDOWS\BYYDH7AJ41.exe -5SJBRH><Ms Company>
[OCLQL5OOQ / C32OFK8][Stopped/Auto Start]
  <C:\WINDOWS\C32OFK8.exe -18OMWUK9><N/A>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[8RT2M / CDK1R7IL][Stopped/Auto Start]
  <C:\WINDOWS\CDK1R7IL.exe -YSWA8CEYWC><N/A>
[JVCQCMC / CIZ4WMGDC2JA][Stopped/Auto Start]
  <C:\WINDOWS\system32\CIZ4WMGDC2JA.exe -3JT0ZQB9UYOS><N/A>
[2XFHZDXMZ / D30C0L][Stopped/Auto Start]
  <C:\WINDOWS\system32\D30C0L.exe -K3LKII1J><N/A>
[N1S4GHA56K7J / D3WZXKT][Stopped/Auto Start]
  <C:\WINDOWS\D3WZXKT.exe -9YJW0K3PU><N/A>
[BI9BDL / E1PCLSF4G3YE][Stopped/Auto Start]
  <C:\WINDOWS\E1PCLSF4G3YE.exe -K97V97A7><N/A>
[UTZFVIMM / E1RK4K][Stopped/Auto Start]
  <C:\WINDOWS\E1RK4K.exe -VGIDSA2><N/A>
[OYVSTWB7 / ECH37A9O][Running/Auto Start]
  <C:\WINDOWS\ECH37A9O.exe -DZ4S7ZNPE><Ms Company>
[H1OXHI / EHBMJ3E][Stopped/Auto Start]
  <C:\WINDOWS\EHBMJ3E.exe -45SQNBEGU3><N/A>
[4Q0C6W / EJBIXQXTR0EK][Stopped/Auto Start]
  <C:\WINDOWS\EJBIXQXTR0EK.exe -4CMC9YPZRU9><N/A>
[BUM3M642BY / EM41HNVBJKAX][Stopped/Auto Start]
  <C:\WINDOWS\EM41HNVBJKAX.exe -VD7GOQSFKSG7><N/A>
[VNPVC72BER / F5SP82E20][Stopped/Auto Start]
  <C:\WINDOWS\system32\F5SP82E20.exe -ZOTN6O><N/A>
[2OICFFQADT / FTIHOCQSS1][Stopped/Auto Start]
  <C:\WINDOWS\FTIHOCQSS1.exe -42VQ25DUPTNE><N/A>
[GULS0D4L7A / G209T][Running/Auto Start]
  <C:\WINDOWS\G209T.exe -SKLUD95TIRA><Ms Company>
[VSDWRB / GJ2AV][Stopped/Auto Start]
  <C:\WINDOWS\GJ2AV.exe -GOXV7PTTWUZC><N/A>
[QACWUP3JAR / H93PAN6HB][Stopped/Auto Start]
  <C:\WINDOWS\H93PAN6HB.exe -OKNHO0E6087C><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[H0MQLV / HJAFMF6JX][Running/Auto Start]
  <C:\WINDOWS\HJAFMF6JX.exe -ITMMX><Ms Company>
[A1KRARXZHA / IPN7QWA0F][Stopped/Auto Start]
  <C:\WINDOWS\IPN7QWA0F.exe -PVAONIA><N/A>
[UZWBQPOF / IQMDP][Stopped/Auto Start]
  <C:\WINDOWS\IQMDP.exe -ZQX2FIWXVIQN><N/A>
[QS1HRJR5CV / JA0MA4T][Stopped/Auto Start]
  <C:\WINDOWS\JA0MA4T.exe -3V8M0KSV0><N/A>
[M4TT40NXA / JNMZUO][Stopped/Auto Start]
  <C:\WINDOWS\JNMZUO.exe -UKTV5LSTTY2><N/A>
[V5X102T0 / JS7AA][Stopped/Auto Start]
  <C:\WINDOWS\JS7AA.exe -SY6HHNP><N/A>
[27HZYP8 / K0B9X3JTMB][Stopped/Auto Start]
  <C:\WINDOWS\system32\K0B9X3JTMB.exe -JWXTTUE><N/A>
[1OAOXBW / L04C8][Stopped/Auto Start]
  <C:\WINDOWS\system32\L04C8.exe -98Z9A><N/A>
[0OPTTZF / L9SF8J][Running/Auto Start]
  <C:\WINDOWS\L9SF8J.exe -OMTN8HMU3SC><Ms Company>
[9WH68W / LEB2QNZF2][Stopped/Auto Start]
  <C:\WINDOWS\system32\LEB2QNZF2.exe -AX2150><N/A>
[J1WX8ESYH8B4 / LIEOW][Stopped/Auto Start]
  <C:\WINDOWS\LIEOW.exe -Q8CU8><N/A>
[L07P79 / LQ0UAE2CBDI][Stopped/Auto Start]
  <C:\WINDOWS\LQ0UAE2CBDI.exe -MAVBZV7P><N/A>
[XQO31KO3AA / M4YY3L8P][Stopped/Auto Start]
  <C:\WINDOWS\system32\M4YY3L8P.exe -P78H6W6><N/A>
[2JXMOFH63PJA / NNDPF][Stopped/Auto Start]
  <C:\WINDOWS\system32\NNDPF.exe -7H70XHHTE><N/A>
[NOD32 Kernel Service / NOD32krn][Running/Auto Start]
  <"C:\Program Files\Eset\nod32krn.exe"><Eset>
[4VCXJ / NOYIT2OLLNW4][Stopped/Auto Start]
  <C:\WINDOWS\NOYIT2OLLNW4.exe -E5FSUDCA80V><N/A>
[WES7UNCI / NQYT4ON5D][Running/Auto Start]
  <C:\WINDOWS\NQYT4ON5D.exe -2RWC3PBSN2Q><Ms Company>
[FT412BBFGQN / NSKVWM5EVLO][Running/Auto Start]
  <C:\WINDOWS\NSKVWM5EVLO.exe -P13856XFDF><Ms Company>
[FN89QMSQO / ONQHGNA4][Running/Auto Start]
  <C:\WINDOWS\ONQHGNA4.exe -XV1HEZZC><Ms Company>
[CSJV7IVC9P / OOBS6EUG][Stopped/Auto Start]
  <C:\WINDOWS\system32\OOBS6EUG.exe -H4UAF3LGT3ED><N/A>
[SKUIV5Y1 / OOQQAM][Stopped/Auto Start]
  <C:\WINDOWS\system32\OOQQAM.exe -S91898RPETN><N/A>
[P4P Service / P4P Service][Running/Auto Start]
  <C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[TAM9R / P9BIBNIBBEGP][Stopped/Auto Start]
  <C:\WINDOWS\P9BIBNIBBEGP.exe -3XR6KX6M5><N/A>
[ZS894UZ / PBO7D19][Stopped/Auto Start]
  <C:\WINDOWS\PBO7D19.exe -GRWKHTG1><N/A>
[AFCBJK0 / PL3H65A3B7][Running/Auto Start]
  <C:\WINDOWS\PL3H65A3B7.exe -2JZ91><Ms Company>
[0J7BKNNCZ / PM3GOP][Running/Auto Start]
  <C:\WINDOWS\PM3GOP.exe -90L837><Ms Company>
[O3A77XYEOKX / PO1D8360RU2][Stopped/Auto Start]
  <C:\WINDOWS\system32\PO1D8360RU2.exe -0Z883WL><N/A>
[8W8H4UIEWEH / PRP796][Running/Auto Start]
  <C:\WINDOWS\PRP796.exe -QI2NYE4H4L><Ms Company>
[8MS6BIJXN / PWPXL2RS][Stopped/Auto Start]
  <C:\WINDOWS\PWPXL2RS.exe -Y3KGA1QL95><N/A>
[6CL5J03U / QIBSDK11Q8Q][Stopped/Auto Start]
  <C:\WINDOWS\QIBSDK11Q8Q.exe -00PNI><N/A>
[5XK7A8 / QXS5PP9BW284][Stopped/Auto Start]
  <C:\WINDOWS\QXS5PP9BW284.exe -PNB1J3Y73SAU><N/A>
[TFY6ENPQV7GG / R5U0B96H][Running/Auto Start]
  <C:\WINDOWS\R5U0B96H.exe -DTQ8RMIDGJ><Ms Company>
[6CHXN / REHWKDC4G5B][Running/Auto Start]
  <C:\WINDOWS\system32\REHWKDC4G5B.exe -8YY9D><Ms Company>
[N3YUXLWRX / RNN7H6YL96][Stopped/Auto Start]
  <C:\WINDOWS\RNN7H6YL96.exe -MYZENS4W6SKT><N/A>
[I25VYC / RYOK66HGX][Stopped/Auto Start]
  <C:\WINDOWS\system32\RYOK66HGX.exe -D6MVM5><N/A>
[IRSYHJ23TBXR / SGCBPA44X][Stopped/Auto Start]
  <C:\WINDOWS\SGCBPA44X.exe -47E6XL18HD><N/A>
[BPG1PD / T4BU891][Stopped/Auto Start]
  <C:\WINDOWS\T4BU891.exe -4QUIL4D><N/A>
[9CRGZ0LMBAZZ / TIYLVX7UA][Stopped/Auto Start]
  <C:\WINDOWS\TIYLVX7UA.exe -KIEHI5><N/A>
[WM5QFHNI1D / U3I80YV751][Stopped/Auto Start]
  <C:\WINDOWS\U3I80YV751.exe -WWPDPQIF><N/A>
[OJBFZT / UFEVYFS][Running/Auto Start]
  <C:\WINDOWS\UFEVYFS.exe -GB614HXVE><Ms Company>
[N7T3JQWIGXEW / UODCYJ][Stopped/Auto Start]
  <C:\WINDOWS\UODCYJ.exe -7G6QD4AIJN><N/A>
[A0PK92 / VAK8W][Stopped/Auto Start]
  <C:\WINDOWS\VAK8W.exe -AX76A2Z><N/A>
[765BAZQX6OMD / VAMUWBCBS8][Stopped/Auto Start]
  <C:\WINDOWS\system32\VAMUWBCBS8.exe -GK87ZF7TC><N/A>
[7866GEFHW / VNOF8MCFTPL][Stopped/Auto Start]
  <C:\WINDOWS\VNOF8MCFTPL.exe -CFEDG><N/A>
[G8J57I51 / VO5TV][Stopped/Auto Start]
  <C:\WINDOWS\VO5TV.exe -WMW14KLO44B><N/A>
[WYJ19GQ7IXP / W3XFIHIUIV2E][Running/Auto Start]
  <C:\WINDOWS\W3XFIHIUIV2E.exe -0KRUOZ><Ms Company>
[71LUQPGX4PE / WT397ODPS5][Stopped/Auto Start]
  <C:\WINDOWS\WT397ODPS5.exe -X4XB0ZN16MS9><N/A>
[NCT1XX3C0 / WUFGGR1J447G][Stopped/Auto Start]
  <C:\WINDOWS\WUFGGR1J447G.exe -8JZ41C16><N/A>
[SHOEZT / X29BRJ][Stopped/Auto Start]
  <C:\WINDOWS\X29BRJ.exe -4Q2GRF7P><N/A>
[SXV79H1 / X7KUFEOR][Stopped/Auto Start]
  <C:\WINDOWS\X7KUFEOR.exe -92OQ5YDB><N/A>
[81U722TWT / XDH7R][Stopped/Auto Start]
  <C:\WINDOWS\XDH7R.exe -RWF7AZWKPQ8Y><N/A>
[K2E75TPP / XMMLUHI4][Running/Auto Start]
  <C:\WINDOWS\XMMLUHI4.exe -NTM2YE6J><Ms Company>
[YDBRHHM2Z / XQVHU][Stopped/Auto Start]
  <C:\WINDOWS\XQVHU.exe -RFUGICCM><N/A>
[D0GFL6UGVR / YDYN9B4I][Stopped/Auto Start]
  <C:\WINDOWS\YDYN9B4I.exe -GMJ2IZBPGJA><N/A>
[W3NMHLJU7 / YQ5CJDAKC][Stopped/Auto Start]
  <C:\WINDOWS\system32\YQ5CJDAKC.exe -D9EUO><N/A>
[CBR6FHI5V3 / Z41O5ZI2][Stopped/Auto Start]
  <C:\WINDOWS\system32\Z41O5ZI2.exe -1FHJ30TIAI><N/A>
[S6IUN / JZQEIZJ6TJX][Stopped/Auto Start]
  <C:\WINDOWS\JZQEIZJ6TJX.exe -9AQMYI3Y><Ms Company>
[QEMZRQ64 / HAT3K][Stopped/Auto Start]
  <C:\WINDOWS\system32\HAT3K.exe -D7ENOS><Ms Company>

==================================

驱动程序
[000674a6 / 000674a6][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\000674a6.sys><N/A>
[RXTUJML2 / 2X4S1][Stopped/Manual Start]
  <\??\C:\WINDOWS\5FICEKYQN9R.txt><N/A>
[T8MY1 / 569C0DA25K][Stopped/Manual Start]
  <\??\C:\WINDOWS\BJPR21FNSY.txt><N/A>
[70IOZHP2L710 / 9F25RPV][Stopped/Manual Start]
  <\??\C:\WINDOWS\5MQZW8O3DT34.txt><N/A>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AMON / AMON][Running/Auto Start]
  <\SystemRoot\system32\drivers\amon.sys><Eset>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[8ZQMNSFOK0SU / J08EDAE8][Stopped/Manual Start]
  <\??\C:\WINDOWS\DR9C3XW.txt><N/A>
[RAN9GLR94A9D / LXFWBLL6F][Stopped/Manual Start]
  <\??\C:\WINDOWS\7C35UI.txt><N/A>
[0K968VNVG0 / LZ7CGFV8][Stopped/Manual Start]
  <\??\C:\WINDOWS\LY66LS01A4A.txt><N/A>
[L38PSX / NESCU0FF4][Stopped/Manual Start]
  <\??\C:\WINDOWS\GKOVDOB4NPY.txt><N/A>
[nod32drv / nod32drv][Running/System Start]
  <\SystemRoot\system32\drivers\nod32drv.sys><N/A>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
[2T1EO / O3XM4U8V9H9][Stopped/Manual Start]
  <\??\C:\WINDOWS\J3VNG26ANIEY.txt><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[AXEZVABNN / QT0P7I6OS9UW][Stopped/Manual Start]
  <\??\C:\WINDOWS\KDN7V2VOBEH.txt><N/A>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[TesSafe / TesSafe][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
[2L7WQHJ3 / V8ZDSBZH1][Stopped/Manual Start]
  <\??\C:\WINDOWS\O35KY.txt><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[I4PWY0T / Z0H1460KLYR][Stopped/Manual Start]
  <\??\C:\WINDOWS\LBAOI6MZGLL.txt><N/A>
[4E0VPI / Z9Y07EG3][Stopped/Manual Start]
  <\??\C:\WINDOWS\DH4PBOMQPM.txt><N/A>
[VIMICRO USB PC Camera V / ZSMC0305][Running/Manual Start]
  <System32\Drivers\usbVM305.sys><Vimicro Corporation>

==================================
浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, N/A>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[RealPlayer Download and Record Plugin for Internet Explorer]
  {3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, RealPlayer>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
[FlashFXP Helper for Internet Explorer]
  {E5A1691B-D188-4419-AD02-90002030B8EE} <C:\PROGRA~1\FlashFXP\IEFlash.dll, IniCom Networks, Inc.>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[PPLive]
  {95B3F550-91C4-4627-BCC4-521288C52977} <C:\Program Files\PPLive\PPLive.exe, N/A>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, N/A>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[GerneralPeerID Class]
  {0A47E819-F82E-4D5D-B806-6A9EA94D68CD} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\peerid.dll, >
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[PhotoDraw Class]
  {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <C:\Program Files\Tencent\QQ\Qzone\QQPhotoDraw.dll, N/A>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[RealPlayer RAM Download Handler]
  {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[RealPlayer Download and Record Plugin for Internet Explorer]
  {3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, RealPlayer>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[StormPlayer Object]
  {6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} <C:\Program Files\StormII\mps.dll, 北京暴风网际科技有限公司>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin16.dll, Thunder Networking Technologies,LTD>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[DapCtrl COM Module]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.1.6.5711.41.449.dll, ShenZhen Thunder Networking Technologies Ltd.>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[PlayerCtrl Class]
  {E05BC2A3-9A46-4A32-80C9-023A473F5B23} <C:\Program Files\Tencent\QQ\QzoneMusic.dll, N/A>
[FlashFXP Helper for Internet Explorer]
  {E5A1691B-D188-4419-AD02-90002030B8EE} <C:\PROGRA~1\FlashFXP\IEFlash.dll, IniCom Networks, Inc.>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.5712.71.449.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[&使用超级旋风下载]
  <C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
  <C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 440][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 496][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 524][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4155]
    [C:\WINDOWS\system32\WgaLogon.dll]  [Microsoft Corporation, 1.7.0018.7]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 568][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 748][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 812][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
[PID: 884][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 924][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1312][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1400][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1972][C:\Documents and Settings\Administrator\桌面\1234.exe]  [11111, 11111]
[PID: 1980][C:\Documents and Settings\Administrator\桌面\修改的2.4版SREng.EXE]  [1111, 2..4]
[PID: 360][C:\WINDOWS\6UEX3.exe]  [Ms Company, 2.0.0.1]
[PID: 372][C:\WINDOWS\9ICNZ2AF.exe]  [Ms Company, 2.0.0.1]
[PID: 396][C:\WINDOWS\BYYDH7AJ41.exe]  [Ms Company, 2.0.0.1]
[PID: 424][C:\Program Files\StormII\stormliv.exe]  [北京暴风网际科技有限公司, 3, 8, 6, 20]
    [C:\Program Files\StormII\MSVCP60.dll]  [Microsoft Corporation, 6.02.3104.0]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
[PID: 484][C:\WINDOWS\ECH37A9O.exe]  [Ms Company, 2.0.0.1]
[PID: 1000][C:\WINDOWS\G209T.exe]  [Ms Company, 2.0.0.1]
[PID: 1188][C:\WINDOWS\HJAFMF6JX.exe]  [Ms Company, 2.0.0.1]
[PID: 1284][C:\WINDOWS\L9SF8J.exe]  [Ms Company, 2.0.0.1]
[PID: 1108][C:\Program Files\Eset\nod32krn.exe]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\nod32krr.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\ps_amon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_amon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\ps_dmon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_dmon.dll]  [N/A, ]
    [C:\Program Files\Eset\ps_emon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_emon.dll]  [N/A, ]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
    [C:\Program Files\Eset\ps_nod32.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_nod32.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\ps_upd.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_upd.dll]  [N/A, ]

=================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
NOD32 protected [MSAFD Tcpip [TCP/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [UDP/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [RAW/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP UDP Service Provider]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP TCP Service Provider]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1 c0mo.com
127.0.0.1 gxgxy.net
127.0.0.1 444.gmwo07.com
127.0.0.1 333.gmwo07.com
127.0.0.1 222.gmwo07.com
127.0.0.1 111.gmwo07.com
127.0.0.1 haha.yaoyao09.com
127.0.0.1 www.noseqing.cn
127.0.0.1 fg.pvs360.com
127.0.0.1 cw.pvs360.com
127.0.0.1 ta.pvs360.com
127.0.0.1 dl.pvs360.com
127.0.0.1 ok.sl8cjs.cn
127.0.0.1 nc.mskess.com
127.0.0.1 idc.windowsupdeta.cn
127.0.0.1 pvs360.com
127.0.0.1 sl8cjs.cn
127.0.0.1 windowsupdeta.cn
127.0.0.1 up.22x44.com
127.0.0.1 my.531jx.cn
127.0.0.1 nx.51ylb.cn
127.0.0.1 llboss.com
127.0.0.1 down.malasc.cn
127.0.0.1 d2.llsging.com
127.0.0.1 171817.171817.com
127.0.0.1 wg.47255.com
127.0.0.1 www.tomwg.com
127.0.0.1 tp.shpzhan.cn
127.0.0.1 1.joppnqq.com
127.0.0.1 xx.exiao01.com
127.0.0.1 www.22aaa.com
127.0.0.1 ilove.com
127.0.0.1 xxx.mmma.biz
127.0.0.1 www.868wg.com
127.0.0.1 2.joppnqq.com
127.0.0.1 1.jopanqc.com
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopmmqq.com
127.0.0.1 cao.kv8.info
127.0.0.1 xtx.kv8.info
127.0.0.1 new.749571.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 1.jopenkk.com
127.0.0.1 d.93se.com
127.0.0.1 3.joppnqq.com
127.0.0.1 xxx.j41m.com
127.0.0.1 1.jopenqc.com
127.0.0.1 xxx.m111.biz
127.0.0.1 down.18dd.net
127.0.0.1 www.333292.com
127.0.0.1 qqq.hao1658.com
127.0.0.1 qqq.dzydhx.com
127.0.0.1 www.exiao01.com
127.0.0.1 www.cike007.cn

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

谢谢 大哥 大姐们了

没用 删了就又出来了 而且变本加利