发表于: 2011-02-28 10:18 | 显示全部 短消息 资料
字号: 1楼

死病毒你怎么又来了啊(日志为证)

启动项目注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <w><%SystemRoot%\WinRaR.exe>  [N/A]
    <wm><%SystemRoot%\winlogor.exe>  []
    <wl><%SystemRoot%\intent.exe>  [N/A]
    <mm><%SystemRoot%\sourro.exe>  [N/A]
    <zx><%SystemRoot%\winadr.exe>  [N/A]
    <rx><%SystemRoot%\winnt.exe>  [N/A]
    <aa><%SystemRoot%\SVchont.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <kav><"F:\卡巴\avp.exe">  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <RavRuneip><C:\WINDOWS\system32\RacvSvc.EXE wdkqbgmsye.dll,HHanMa>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systewww.gexing.commroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe><N/A>
[卡巴斯基反病毒6.0 / AVP][Running/Auto Start]
  <F:\卡巴\avp.exe -r><Kaspersky Lab>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>

==================================
驱动程序
[15867609 / 15867609][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\15867578.sys><N/A>
[2310_00 / 2310_00][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\2310_00.sys><HighPoint Technologies, Inc.>
[3WAREDRV / 3WAREDRV][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\3WAREDRV.SYS><N/A>
[3WAREGSM / 3WAREGSM][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\3waregsm.sys><N/A>
[3WDRV100 / 3WDRV100][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\3WDRV100.SYS><N/A>
[A320RAID / A320RAID][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\a320raid.sys><Adaptec, Inc.>
[AAC / AAC][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aac.sys><Adaptec, Inc.>
[AACSAS / AACSAS][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aacsas.sys><Adaptec, Inc.>
[AAR81XX / AAR81XX][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aar81xx.sys><Adaptec, Inc.>
[AARSI3X / AARSI3X][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aarsi3x.sys><Adaptec, Inc.>
[ADP94XX / ADP94XX][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\adp94xx.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\adpu160m.sys><Microsoft Corporation>
[ADPU320 / ADPU320][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\adpu320.sys><Adaptec, Inc.>
[aeaudio / aeaudio][Stopped/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[AEC6210 / AEC6210][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec6210.sys><ACARD Technology Corp.>
[AEC6260 / AEC6260][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec6260.sys><ACARD Technology Corp.>
[AEC6280 / AEC6280][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec6280.sys><ACARD Technology Corp.>
[AEC67160 / AEC67160][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec67160.sys><ACARD Technology Corp.>
[AEC67162 / AEC67162][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec67162.sys><ACARD Technology Corp.>
[AEC671X / AEC671X][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\AEC671X.sys><ACARD Technology Corp.>
[AEC6880 / AEC6880][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\AEC6880.sys><ACARD Technology Corp.>
[AEC6897 / AEC6897][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec6897.sys><ACARD Technology Corp.>
[AEC68X5 / AEC68X5][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec68x5.sys><ACARD Technology Corp.>
[aic78u2 / aic78u2][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aic78xx.sys><Microsoft Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter / AN983][Running/Manual Start]
  <system32\DRIVERS\AN983.sys><ADMtek Incorporated.>
[ARCM_X86 / ARCM_X86][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\arcm_x86.sys><ARECA  Technology Corporation>
[asc / asc][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\asc.sys><Advanced System Products, Inc.>
[BCHTSW32 / BCHTSW32][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\bchtsw32.sys><Broadcom Corporation>
[buslogic / buslogic][Stopped/Boot Start]
  <\SystemRoot\System32\bird\buslogic.sys><Microsoft Corporation>
[CDA1000 / CDA1000][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\cda1000.sys><Adaptec, Inc.>
[CmdIde / CmdIde][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\cmdide.sys><CMD Technology, Inc.>
[CPQARRY2 / CPQARRY2][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\cpqarry2.sys><Compaq Computer Corporation>
[CPQCISSM / CPQCISSM][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\cpqcissm.sys><Hewlett-Packard Company>
[CSB6IDE / CSB6IDE][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\csb6ide.sys><ServerWorks Corporation>
[d347bus / d347bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[dac2w2k / dac2w2k][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\dac2w2k.sys><Mylex Corporation>
[DMX3191 / DMX3191][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\DMX3191.sys><Microsoft Corporation>
[DMX3194 / DMX3194][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\dmx3194.sys><Microsoft Corporation>
[dpti2o / dpti2o][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\dpti2o.sys><Microsoft Corporation>
[DPTSCSI / DPTSCSI][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\dptscsi.sys><Distributed Processing Technology Corp.>
[dtscsi / dtscsi][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\dtscsi.sys><DT Soft Ltd.>
[FASTSX / FASTSX][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\fastsx.sys><Promise Technology, Inc.>
[FASTTRAK / FASTTRAK][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\fasttrak.sys><Promise Technology, Inc.>
[FASTTX2K / FASTTX2K][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\fasttx2k.sys><Promise Technology, Inc.>
[fd16_700 / fd16_700][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\fd16_700.sys><Microsoft Corporation>
[fireport / fireport][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\fireport.sys><Microsoft Corporation>
[flashpnt / flashpnt][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\flashpnt.sys><Mylex,Corp.>
[FT8300 / FT8300][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ft8300.sys><Promise Technology, Inc.>
[FTSATA2 / FTSATA2][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ftsata2.sys><N/A>
[GD31244 / GD31244][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\gd31244.sys><Intel Corporation>
[HPCISSS2 / HPCISSS2][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\hpcisss2.sys><Hewlett-Packard Company>
[HPT371 / HPT371][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\HPT371.sys><HighPoint Technologies, Inc.>
[HPT374 / HPT374][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\hpt374.sys><HighPoint Technologies, Inc.>
[HPT3XX / HPT3XX][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\hpt3xx.sys><HighPoint Technologies, Inc.>


用户系统信息:Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20