这些毒怎么杀了又出现了啊~

[2.8.2.8.1115 - 2.8.31.8.1116]
2005-11-17 22:50
[Trojan]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\2AFDD.X
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\668A.X
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\EVCDE.TMP
C:\WINDOWS\SYSTEM32\3.TMP
[2.8.2.8.1115 - 2.8.31.8.1116]
2005-11-17 22:50
[Uncorrect AppInit_DLLs]
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\APPINIT_DLLS\REG_SZ00
[2.8.2.8.1115 - 2.8.31.8.1116]
2005-11-17 22:50
[Trojan.msosiocp.dosjisn]
C:\WINDOWS\SYSTEM32\6.TMP
C:\WINDOWS\SYSTEM32\HBDNF.DLL
C:\WINDOWS\SYSTEM32\HBJTLQ.DLL
C:\WINDOWS\SYSTEM32\HBTL.DLL
C:\WINDOWS\SYSTEM32\HBWD.DLL
C:\WINDOWS\SYSTEM32\HBWOW.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\HBSERVICE32
[2.8.2.8.1115 - 2.8.31.8.1116]
2005-11-17 22:50
[Trojan.bndmss.wmel32]
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\HBKERNEL32
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HBKERNEL32
[2.8.2.8.1115 - 2.8.31.8.1116]
2005-11-17 22:50
[Maybe Useless object]
C:\WINDOWS\SYSTEM32\DRIVERS\HBKERNEL32.SYS
[2.8.2.8.1115 - 2.8.31.8.1116]
2005-11-17 22:50
[Access deny Object]
C:\WINDOWS\SYSTEM32\SYSTEM.EXE

驱动级的...

进入安全模式进行清理~~

回复 #1 victory3344 的帖子

用助手扫描个报告上来！可能 rpcss.dll 被替换了！

安全模式清理掉后  在重起又有了    :L :L

系统诊断 扫描 保存报告发上来！

[CODE]

2005-11-17,23:17:06

SysLog Scanner 1.0 - build 20080726
Arswp ([url]http://www.arswp.com[/url])

Windows XP Professional Service Pack 2 (build 2600) - Administrators



========================================
注册项

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ASUS SmartDoctor><C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe  /start>  [ASUSTeK Inc., 5, 2, 0, 0, C:2008-06-30 15:22 M:2008-06-30 15:22]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <amd_dc_opt><C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe>  [AMD, 1, 1, 3, 0, C:2007-07-23 11:06 M:2007-07-23 11:06]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2004-08-17 20:00|(Verified)NVIDIA Corporation, 6.14.11.7519, C:2008-05-17 02:31 M:2008-05-17 02:31]
    <nwiz><nwiz.exe /install>  [N/A, C:2008-05-17 02:31 M:2008-05-17 02:31]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2004-08-17 20:00|(Verified)NVIDIA Corporation, 6.14.11.7519, C:2008-05-17 02:31 M:2008-05-17 02:31]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2004-08-17 20:00]

[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\bubbles.scr>  [Microsoft Corporation, 6.0.5308.17 (winmain_idx01.060217-2200), C:2006-03-01 04:53 M:2006-03-01 04:53]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs]
    <gdi32><gdi32.dll>  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300), C:2007-10-19 09:58 M:2007-08-15 15:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载]
    <><C:\Program Files\Thunder\Program\geturl.htm>  [N/A, C:2005-11-17 21:55 M:2007-12-10 14:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接]
    <><C:\Program Files\Thunder\Program\getallurl.htm>  [N/A, C:2005-11-17 21:55 M:2007-12-10 14:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加到QQ表情]
    <><D:\Program Files\Tencent\QQ2008\AddEmotion.htm>  [N/A, C:2008-11-08 14:21 M:2008-01-25 11:25]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2004-08-17 20:00|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:58 M:2004-08-17 20:00|(Verified)N/A, C:2007-10-19 09:59 M:2004-08-17 20:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2004-08-17 20:00|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:58 M:2004-08-17 20:00|(Verified)N/A, C:2007-10-19 09:59 M:2004-08-17 20:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6096E38F-5AC1-4391-8EC4-75DFA92FB32F}]
    <深度技术论坛><[url]http://bbs.deepin.org[/url]>  []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    <><>  []


========================================
启动项



========================================
计划任务



========================================
组件


Shell Extension
[Display Panning CPL Extension]
    {42071714-76d4-11d1-8b24-00a0c9068ff3}  <deskpan.dll>  []
[WinRAR shell extension]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2008-02-26 22:14 M:2007-09-21 16:56]
[Imagine Shell Extension]
    {57B47F62-4EE4-4BED-A897-2C63198B876F}  <C:\Program Files\Imagine\Imagine.DLL>  [nyam's Laboratory, 0.9.7.0, C:2005-11-17 21:55 M:2006-09-07 23:00]
[NvCpl DesktopContext Class]
    {A70C977A-BF00-412C-90B7-034C51DA2439}  <C:\WINDOWS\system32\nvcpl.dll>  [(Verified)NVIDIA Corporation, 6.14.11.7519, C:2008-05-17 02:31 M:2008-05-17 02:31]
[Play on my TV helper]
    {FFB699E0-306A-11d3-8BD1-00104B6F7516}  <C:\WINDOWS\system32\nvcpl.dll>  [(Verified)NVIDIA Corporation, 6.14.11.7519, C:2008-05-17 02:31 M:2008-05-17 02:31]
[Desktop Explorer]
    {1CDB2949-8F65-4355-8456-263E7C208A5D}  <C:\WINDOWS\system32\nvshell.dll>  [N/A, C:2008-05-17 02:31 M:2008-05-17 02:31]
[Desktop Explorer Menu]
    {1E9B04FB-F9E5-4718-997B-B8DA88302A47}  <C:\WINDOWS\system32\nvshell.dll>  [N/A, C:2008-05-17 02:31 M:2008-05-17 02:31]
[nView Desktop Context Menu]
    {1E9B04FB-F9E5-4718-997B-B8DA88302A48}  <C:\WINDOWS\system32\nvshell.dll>  [N/A, C:2008-05-17 02:31 M:2008-05-17 02:31]

BrowserHelperObject
[ThunderAtOnce Class]
    {01443AEC-0FD1-40fd-9C87-E93D1494C233}  <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.16, C:2005-11-17 21:55 M:2007-12-10 14:17]
[Thunder Browser Helper]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 55, C:2005-11-17 21:55 M:2007-12-17 20:44]

ActiveX Extension
[ThunderAtOnce Class]
    {01443AEC-0FD1-40FD-9C87-E93D1494C233}  <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.16, C:2005-11-17 21:55 M:2007-12-10 14:17]
[Thunder Browser Helper]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 55, C:2005-11-17 21:55 M:2007-12-17 20:44]
[Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000}  <C:\WINDOWS\system32\macromed\flash\Flash9d.ocx>  [(Verified)Adobe Systems, Inc., 9,0,47,0, C:2007-10-19 09:58 M:2007-07-11 14:24]

Context Menu
[Imagine]
    {57B47F62-4EE4-4BED-A897-2C63198B876F}  <C:\Program Files\Imagine\Imagine.DLL>  [nyam's Laboratory, 0.9.7.0, C:2005-11-17 21:55 M:2006-09-07 23:00]
[WinRAR]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2008-02-26 22:14 M:2007-09-21 16:56]


========================================
服务

[Human Interface Device Access / HidServ][Stopped/Disabled]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2004-08-17 20:00]
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
    <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe">  [Macrovision Corporation, 11.00.28844, C:2005-04-04 00:41 M:2005-04-04 00:41]

[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
    <%SystemRoot%\system32\nvsvc32.exe>  [(Verified)NVIDIA Corporation, 6.14.11.7519, C:2008-05-17 02:31 M:2008-05-17 02:31]


========================================
驱动

[Enhanced Display Driver Helper Service / asuskbnt][Running/System Start]
    <system32\drivers\atkkbnt.sys>  [ASUSTeK COMPUTER INC., 6.14.10.201, C:2005-11-17 22:06 M:2008-05-28 15:36]
[ASUSTeK Virtual Capture Device / ASUSVRC][Running/Manual Start]
    <system32\DRIVERS\AsusVRC.sys>  [ASUSTeK COMPUTER INC., 1.0.0.7, C:2007-01-29 17:12 M:2007-01-29 17:12]
[EIO_XP / EIO_XP][Running/System Start]
    <\??\C:\WINDOWS\system32\drivers\EIO_XP.sys>  [ASUSTeK Computer Inc., 1.93, C:2005-11-17 22:11 M:2006-06-14 13:44]
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
    <system32\DRIVERS\HDAudBus.sys>  [Windows (R) Server 2003 DDK provider, 5.10.01.5013 built by: WinDDK, C:2008-02-26 22:11 M:2005-01-07 17:07]
[JMicron Hot-Plug Driver / JGOGO][Stopped/Disabled]
    <\SystemRoot\system32\DRIVERS\JGOGO.sys>  [JMicron , 5.0.3790.1, C:2007-11-12 17:33 M:2006-02-08 01:52]
[ATK0110 ACPI UTILITY / MTsensor][Running/Manual Start]
    <system32\DRIVERS\ASACPI.sys>  [1043, 2, 15, 37, C:2005-11-17 21:52 M:2004-08-13 10:56]
[mv61xx / mv61xx][Stopped/Disabled]
    <\SystemRoot\system32\DRIVERS\mv61xx.sys>  [Marvell Semiconductor, Inc.,  1.1.0.38  built by: WinDDK, C:2007-11-12 17:33 M:2006-10-18 19:25]
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
    <system32\DRIVERS\NVENETFD.sys>  [NVIDIA Corporation, 1.00.02.06764, C:2005-11-17 21:52 M:2007-09-20 19:07]
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
    <system32\DRIVERS\nvnetbus.sys>  [NVIDIA Corporation, 1.00.01.06764, C:2005-11-17 21:52 M:2007-09-20 19:07]
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
    <system32\DRIVERS\nvrd32.sys>  [NVIDIA Corporation, 10.1.0.20 built by: WinDDK, C:2008-01-23 17:20 M:2007-09-11 15:18]
[Secdrv / Secdrv][Stopped/Manual Start]
    <system32\DRIVERS\secdrv.sys>  [Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2007-12-13 15:26 M:2007-11-13 18:25]
[SATALink driver accelerator / SiFilter][Stopped/Disabled]
    <\SystemRoot\system32\DRIVERS\SiWinAcc.sys>  [Silicon Image, Inc., 1.0.0.11, C:2008-01-23 17:20 M:2006-08-08 22:19]
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
    <system32\DRIVERS\tcpip.sys>  [Microsoft Corporation, 5.1.2600.3244 (xpsp_sp2_gdr.071030-1259), C:2007-10-19 09:59 M:2007-10-31 01:20]
[viamraid / viamraid][Stopped/Boot Start]
    <system32\DRIVERS\viamraid.sys>  [VIA Technologies inc,.ltd, 5.1.6000.562, C:2008-01-23 17:20 M:2007-07-17 13:35]
[ASUS Video3D Service / Video3D][Running/Manual Start]
    <System32\Drivers\Video3D32.sys>  [ASUSTeK COMPUTER INC., 6.14.10.200, C:2005-11-17 22:06 M:2008-05-28 15:36]

[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
    <system32\drivers\ac97intc.sys>  [(Verified)Intel Corporation, 5.10.3523 built by: WinDDK, C:2007-10-19 10:32 M:2001-08-17 12:20]
[AMD Processor Driver / AmdK8][Running/System Start]
    <System32\drivers\amdk8.sys>  [(Verified)Advanced Micro Devices, 1.3.2 (dnsrv(wmbla).060701-2226), C:2008-01-02 16:33 M:2006-07-01 22:43]
[AMD Low Level Device Driver / AmdLLD][Running/Manual Start]
    <system32\DRIVERS\AmdLLD.sys>  [(Verified)AMD, Inc., 1.0.1.0, C:2005-11-17 21:58 M:2007-06-29 14:47]
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
    <system32\DRIVERS\fetnd5.sys>  [(Verified)VIA Technologies, Inc.              , 2.66, C:2007-10-19 10:32 M:2001-08-17 12:13]
[VIA High Definition Audio Service / HdAudAddService][Running/Manual Start]
    <system32\drivers\viahduaa.sys>  [(Verified)VIA Technologies, Inc., 6,0,01,1300 built by: WinDDK, C:2005-11-17 21:53 M:2007-08-16 19:21]
[nv / nv][Running/Manual Start]
    <system32\DRIVERS\nv4_mini.sys>  [(Verified)NVIDIA Corporation, 6.14.11.7519, C:2007-10-19 10:32 M:2008-05-17 02:31]
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
    <system32\DRIVERS\ptilink.sys>  [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2007-10-19 09:59 M:2004-08-17 20:00]


========================================
进程

[PID: 556 / SYSTEM]   \SystemRoot\System32\smss.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2004-08-17 20:00]

[PID: 616 / SYSTEM]   \??\C:\WINDOWS\system32\csrss.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:58 M:2004-08-17 20:00]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300), C:2007-10-19 09:58 M:2007-08-15 15:02]
    C:\WINDOWS\system32\sxs.dll  [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414), C:2007-10-19 09:59 M:2007-08-15 15:03]

[PID: 640 / SYSTEM]   \??\C:\WINDOWS\system32\winlogon.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2004-08-17 20:00]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300), C:2007-10-19 09:58 M:2007-08-15 15:02]
    C:\WINDOWS\system32\sfc_os.dll  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2007-08-15 15:03]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2007-08-15 15:03]

[PID: 692 / SYSTEM]   C:\WINDOWS\system32\services.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2004-08-17 20:00]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300), C:2007-10-19 09:58 M:2007-08-15 15:02]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2007-08-15 15:03]

[PID: 704 / SYSTEM]   C:\WINDOWS\system32\lsass.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:58 M:2004-08-17 20:00]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300), C:2007-10-19 09:58 M:2007-08-15 15:02]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2007-08-15 15:03]

[PID: 856 / SYSTEM]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2004-08-17 20:00]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300), C:2007-10-19 09:58 M:2007-08-15 15:02]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2007-08-15 15:03]

[PID: 896 / SYSTEM]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2004-08-17 20:00]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300), C:2007-10-19 09:58 M:2007-08-15 15:02]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2007-08-15 15:03]

[PID: 992 / SYSTEM]   C:\WINDOWS\System32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2004-08-17 20:00]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300), C:2007-10-19 09:58 M:2007-08-15 15:02]
    C:\WINDOWS\System32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2007-08-15 15:03]
    C:\WINDOWS\System32\sfc_os.dll  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2007-08-15 15:03]
    C:\WINDOWS\System32\SXS.DLL  [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414), C:2007-10-19 09:59 M:2007-08-15 15:03]

[PID: 1092 / NETWORK SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2004-08-17 20:00]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300), C:2007-10-19 09:58 M:2007-08-15 15:02]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2007-08-15 15:03]

[PID: 1148 / LOCAL SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2004-08-17 20:00]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300), C:2007-10-19 09:58 M:2007-08-15 15:02]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2007-08-15 15:03]

[PID: 1400 / SYSTEM]   C:\WINDOWS\system32\spoolsv.exe   [(Verified)Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519), C:2007-10-19 09:59 M:2007-08-15 15:03]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300), C:2007-10-19 09:58 M:2007-08-15 15:02]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2007-08-15 15:03]
    C:\WINDOWS\system32\sfc_os.dll  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2007-08-15 15:03]

[PID: 1588 / Administrator]   C:\WINDOWS\system32\userinit.exe   [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2004-08-17 20:00]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300), C:2007-10-19 09:58 M:2007-08-15 15:02]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2007-08-15 15:03]

[PID: 1624 / Administrator]   C:\WINDOWS\explorer.exe   [(Verified)Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234), C:2007-10-19 09:58 M:2007-08-15 15:02]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300), C:2007-10-19 09:58 M:2007-08-15 15:02]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2007-08-15 15:03]
    C:\Program Files\FreeLaunchBar\flb.dll  [TrueSoft, 1.0.0.0, C:2005-11-17 21:55 M:2005-01-18 09:53]
    C:\WINDOWS\system32\nvcpl.dll  [(Verified)NVIDIA Corporation, 6.14.11.7519, C:2008-05-17 02:31 M:2008-05-17 02:31]
    C:\WINDOWS\system32\NVRSZHC.DLL  [NVIDIA Corporation, 6.14.11.7519, C:2008-05-17 02:31 M:2008-05-17 02:31]
    C:\WINDOWS\system32\nvapi.dll  [(Verified)NVIDIA Corporation, 6.14.11.7519, C:2008-05-17 02:31 M:2008-05-17 02:31]
    C:\WINDOWS\system32\nvshell.dll  [N/A, C:2008-05-17 02:31 M:2008-05-17 02:31]
    C:\Program Files\Thunder\Components\ResWorker\DsBho_00.dll  [Copyright ? 2007, 1, 0, 0, 12, C:2005-11-17 21:55 M:2007-09-27 22:21]
    C:\Program Files\Thunder\Components\ResWorker\DataProcessor_00.dll  [Thunder Networking Technologies,LTD, 1, 0, 0, 13, C:2005-11-17 21:55 M:2007-09-27 22:21]
    C:\WINDOWS\system32\SXS.DLL  [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414), C:2007-10-19 09:59 M:2007-08-15 15:03]

[PID: 1916 / SYSTEM]   C:\WINDOWS\system32\nvsvc32.exe   [(Verified)NVIDIA Corporation, 6.14.11.7519, C:2008-05-17 02:31 M:2008-05-17 02:31]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300), C:2007-10-19 09:58 M:2007-08-15 15:02]
    C:\WINDOWS\system32\nvapi.dll  [(Verified)NVIDIA Corporation, 6.14.11.7519, C:2008-05-17 02:31 M:2008-05-17 02:31]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2007-08-15 15:03]

[PID: 668 / LOCAL SERVICE]   C:\WINDOWS\System32\alg.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:58 M:2004-08-17 20:00]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300), C:2007-10-19 09:58 M:2007-08-15 15:02]
    C:\WINDOWS\System32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2007-08-15 15:03]

[PID: 1740 / SYSTEM]   C:\WINDOWS\system32\wuauclt.exe   [(Verified)Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740), C:2007-10-19 10:35 M:2007-09-02 17:35]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300), C:2007-10-19 09:58 M:2007-08-15 15:02]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2007-08-15 15:03]

[PID: 1168 / NETWORK SERVICE]   C:\WINDOWS\system32\wbem\wmiprvse.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 10:34 M:2004-08-17 20:00]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300), C:2007-10-19 09:58 M:2007-08-15 15:02]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2007-08-15 15:03]

[PID: 1640 / Administrator]   C:\WINDOWS\system32\RUNDLL32.EXE   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2004-08-17 20:00]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300), C:2007-10-19 09:58 M:2007-08-15 15:02]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2007-08-15 15:03]
    C:\WINDOWS\system32\NvMcTray.dll  [(Verified)NVIDIA Corporation, 6.14.11.7519, C:2008-05-17 02:31 M:2008-05-17 02:31]
    C:\WINDOWS\system32\nvapi.dll  [(Verified)NVIDIA Corporation, 6.14.11.7519, C:2008-05-17 02:31 M:2008-05-17 02:31]
    C:\WINDOWS\system32\NVRSZHC.DLL  [NVIDIA Corporation, 6.14.11.7519, C:2008-05-17 02:31 M:2008-05-17 02:31]

[PID: 1592 / Administrator]   C:\WINDOWS\system32\ctfmon.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:58 M:2004-08-17 20:00]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300), C:2007-10-19 09:58 M:2007-08-15 15:02]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2007-08-15 15:03]

[PID: 524 / Administrator]   F:\arswp\ArSwp.exe   [(Verified)ArSwp.com, 2, 8, 2, 1115, C:2008-11-15 11:58 M:2008-11-15 11:58]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300), C:2007-10-19 09:58 M:2007-08-15 15:02]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2007-08-15 15:03]
    F:\arswp\plugin\ArFix.dll  [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2007-11-28 15:19 M:2007-11-28 15:19]
    C:\WINDOWS\system32\SXS.DLL  [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414), C:2007-10-19 09:59 M:2007-08-15 15:03]
    C:\WINDOWS\system32\shdoclc.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2007-10-19 09:59 M:2004-08-17 20:00]
    C:\WINDOWS\system32\jscript.dll  [Microsoft Corporation, 5.6.0.8834, C:2007-12-13 15:26 M:2007-11-14 15:27]
    C:\WINDOWS\system32\macromed\flash\Flash9d.ocx  [(Verified)Adobe Systems, Inc., 9,0,47,0, C:2007-10-19 09:58 M:2007-07-11 14:24]
    C:\WINDOWS\system32\quartz.dll  [Microsoft Corporation, 6.05.2600.3243, C:2007-12-13 15:26 M:2007-10-30 06:42]
    C:\WINDOWS\system32\msdmo.dll  [(Verified)N/A, C:2007-10-19 09:59 M:2004-08-17 20:00]


========================================
文件关联



========================================
AutoRun.INF



========================================
Winsock提供者



========================================
HOSTS

    127.0.0.1 v.onondown.com.cn
    127.0.0.2 ymsdasdw1.cn
    127.0.0.3 h96b.info
    127.0.0.0 fuck.zttwp.cn
    127.0.0.0 [url]www.hackerbf.cn[/url]
    127.0.0.0 geekbyfeng.cn
    127.0.0.0 ppp.etimes888.com
    127.0.0.0 [url]www.bypk.com[/url]
    127.0.0.1 va9sdhun23.cn
    127.0.0.0 udp.hjob123.com
    127.0.0.2 bnasnd83nd.cn
    127.0.0.0 [url]www.gamehacker.com.cn[/url]
    127.0.0.0 gamehacker.com.cn
    127.0.0.3 adlaji.cn
    127.0.0.1 858656.com
    127.1.1.1 bnasnd83nd.cn
    127.0.0.1 my123.com
    127.0.0.0 user1.12-27.net
    127.0.0.1 8749.com
    127.0.0.0 fengent.cn
    127.0.0.1 4199.com
    127.0.0.1 user1.16-22.net
    127.0.0.1 7379.com
    127.0.0.1 2be37c5f.3f6e2cc5f0b.com
    127.0.0.1 7255.com
    127.0.0.1 user1.23-12.net
    127.0.0.1 3448.com
    127.0.0.1 [url]www.guccia.net[/url]
    127.0.0.1 7939.com
    127.0.0.1 a.o1o1o1.nEt
    127.0.0.1 8009.com
    127.0.0.1 user1.12-73.cn
    127.0.0.1 piaoxue.com
    127.0.0.1 3n8nlasd.cn
    127.0.0.1 kzdh.com
    127.0.0.0 [url]www.sony888.cn[/url]
    127.0.0.1 about.blank.la
    127.0.0.0 user1.asp-33.cn
    127.0.0.1 6781.com
    127.0.0.0 [url]www.netkwek.cn[/url]
    127.0.0.1 7322.com
    127.0.0.0 ymsdkad6.cn
    127.0.0.1 localhost
    127.0.0.0 [url]www.lkwueir.cn[/url]
    127.0.0.1 06.jacai.com
    127.0.1.1 user1.23-17.net
    127.0.0.1 1.jopenkk.com
    127.0.0.0 upa.luzhiai.net
    127.0.0.1 1.jopenqc.com
    127.0.0.0 [url]www.guccia.net[/url]
    127.0.0.1 1.joppnqq.com
    127.0.0.0 4m9mnlmi.cn
    127.0.0.1 1.xqhgm.com
    127.0.0.0 mm119mkssd.cn
    127.0.0.1 100.332233.com
    127.0.0.0 61.128.171.115:8080
    127.0.0.1 121.11.90.79
    127.0.0.0 [url]www.1119111.com[/url]
    127.0.0.1 121565.net
    127.0.0.0 win.nihao69.cn
    127.0.0.1 125.90.88.38
    127.0.0.1 16888.6to23.com
    127.0.0.1 2.joppnqq.com
    127.0.0.0 puc.lianxiac.net
    127.0.0.1 204.177.92.68
    127.0.0.0 pud.lianxiac.net
    127.0.0.1 210.74.145.236
    127.0.0.0 210.76.0.133
    127.0.0.1 219.129.239.220
    127.0.0.0 61.166.32.2
    127.0.0.1 219.153.40.221
    127.0.0.0 218.92.186.27
    127.0.0.1 219.153.46.27
    127.0.0.0 [url]www.fsfsfag.cn[/url]
    127.0.0.1 219.153.52.123
    127.0.0.0 ovo.ovovov.cn
    127.0.0.1 221.195.42.71
    127.0.0.0 dw.com.com
    127.0.0.1 222.73.218.115
    127.0.0.1 203.110.168.233:80
    127.0.0.1 3.joppnqq.com
    127.0.0.1 203.110.168.221:80
    127.0.0.1 363xx.com
    127.0.0.1 www1.ip10086.com.cm
    127.0.0.1 4199.com
    127.0.0.1 blog.ip10086.com.cn
    127.0.0.1 43242.com
    127.0.0.1 [url]www.ccji68.cn[/url]
    127.0.0.1 5.xqhgm.com
    127.0.0.0 t.myblank.cn
    127.0.0.1 520.mm5208.com
    127.0.0.0 x.myblank.cn
    127.0.0.1 59.34.131.54
    127.0.0.1 210.51.45.5
    127.0.0.1 59.34.198.228
    127.0.0.1 [url]www.ew1q.cn[/url]
    127.0.0.1 59.34.198.88
    127.0.0.1 59.34.198.97
    127.0.0.1 60.190.114.101
    127.0.0.1 60.190.218.34
    127.0.0.0 qq-xing.com.cn
    127.0.0.1 60.191.124.252
    127.0.0.1 61.145.117.212
    127.0.0.1 61.157.109.222
    127.0.0.1 75.126.3.216
    127.0.0.1 75.126.3.217
    127.0.0.1 75.126.3.218
    127.0.0.0 59.125.231.177:17777
    127.0.0.1 75.126.3.220
    127.0.0.1 75.126.3.221
    127.0.0.1 75.126.3.222
    127.0.0.1 772630.com
    127.0.0.1 832823.cn
    127.0.0.1 8749.com
    127.0.0.1 888.jopenqc.com
    127.0.0.1 89382.cn
    127.0.0.1 8v8.biz
    127.0.0.1 97725.com
    127.0.0.1 9gg.biz
    127.0.0.1 [url]www.9000music.com[/url]
    127.0.0.1 test.591jx.com
    127.0.0.1 a.topxxxx.cn
    127.0.0.1 picon.chinaren.com
    127.0.0.1 [url]www.5566.net[/url]
    127.0.0.1 p.qqkx.com
    127.0.0.1 news.netandtv.com
    127.0.0.1 z.neter888.cn
    127.0.0.1 b.myblank.cn
    127.0.0.1 wvw.wokutu.com
    127.0.0.1 unionch.qyule.com
    127.0.0.1 [url]www.qyule.com[/url]
    127.0.0.1 it.itjc.cn
    127.0.0.1 [url]www.linkwww.com[/url]
    127.0.0.1 vod.kaicn.com
    127.0.0.1 [url]www.tx8688.com[/url]
    127.0.0.1 b.neter888.cn
    127.0.0.1 promote.huanqiu.com
    127.0.0.1 [url]www.huanqiu.com[/url]
    127.0.0.1 [url]www.haokanla.com[/url]
    127.0.0.1 play.unionsky.cn
    127.0.0.1 [url]www.52v.com[/url]
    127.0.0.1 [url]www.gghka.cn[/url]
    127.0.0.1 icon.ajiang.net
    127.0.0.1 new.ete.cn
    127.0.0.1 [url]www.stiae.cn[/url]
    127.0.0.1 o.neter888.cn
    127.0.0.1 comm.jinti.com
    127.0.0.1 [url]www.google-analytics.com[/url]
    127.0.0.1 hz.mmstat.com
    127.0.0.1 [url]www.game175.cn[/url]
    127.0.0.1 x.neter888.cn
    127.0.0.1 z.neter888.cn
    127.0.0.1 p.etimes888.com
    127.0.0.1 hx.etimes888.com
    127.0.0.1 abc.qqkx.com
    127.0.0.1 dm.popdm.cn
    127.0.0.1 [url]www.yl9999.com[/url]
    127.0.0.1 [url]www.dajiadoushe.cn[/url]
    127.0.0.1 v.onondown.com.cn
    127.0.0.1 [url]www.interoo.net[/url]
    127.0.0.1 bally1.bally-bally.net
    127.0.0.1 [url]www.bao5605509.cn[/url]
    127.0.0.1 [url]www.rty456.cn[/url]
    127.0.0.1 [url]www.werqwer.cn[/url]
    127.0.0.1 1.360-1.cn
    127.0.0.1 user1.23-16.net
    127.0.0.1 [url]www.guccia.net[/url]
    127.0.0.1 [url]www.interoo.net[/url]
    127.0.0.1 upa.netsool.net
    127.0.0.1 js.users.51.la
    127.0.0.1 vip2.51.la
    127.0.0.1 web.51.la
    127.0.0.1 qq.gong2008.com
    127.0.0.1 2008tl.copyip.com
    127.0.0.1 tla.laozihuolaile.cn
    127.0.0.1 [url]www.tx6868.cn[/url]
    127.0.0.1 p001.tiloaiai.com
    127.0.0.1 s1.tl8tl.com
    127.0.0.1 s1.gong2008.com
    127.0.0.1 4b3ce56f9g.3f6e2cc5f0b.com
    127.0.0.1 2be37c5f.3f6e2cc5f0b.com


[/CODE]

C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\sfc_os.dll
C:\WINDOWS\system32\sxs.dll
这几个文件rar压缩下发上来！