ComboFix 08-12-31.01 - Computer 2009-01-01 18:01:20.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.1014.574 [GMT -8:00] 执行位置: c:\documents and settings\Computer\Desktop\ComboFix.exe [COLOR=RED][B]注意 - 这台电脑没有安装恢复控制台 !![/B][/COLOR] . ((((((((((((((((((((((((((((((((((((((( 被删除的档案 ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\documents and settings\Computer\Application Data\gadcom c:\documents and settings\Computer\Application Data\gadcom\gadcom.exe c:\documents and settings\Computer\Application Data\SpeedRunner c:\documents and settings\Computer\Application Data\SpeedRunner\config.cfg c:\documents and settings\Computer\Application Data\twain\Twain.exe c:\documents and settings\Computer\Start Menu\Programs\Startup\userinit.exe c:\documents and settings\Computer\svchost.exe c:\documents and settings\LocalService\svchost.exe c:\program files\GetModule c:\program files\GetModule\GetModule32.exe c:\program files\iCheck c:\program files\iCheck\Uninstall.exe c:\program files\Mjcore c:\program files\Mozilla Firefox\components\iamfamous.dll C:\resycled c:\resycled\boot.com C:\test.txt C:\u.exe C:\userinit.exe c:\windows\setup.exe c:\windows\system32\~.exe c:\windows\system32\bldjbrsm.dll c:\windows\system32\brastk.exe c:\windows\system32\braviax.exe c:\windows\system32\cbdmykei.dll c:\windows\system32\dlds1.exe c:\windows\system32\dlds2.exe c:\windows\system32\dlds5.exe c:\windows\system32\dlds6.exe c:\windows\system32\dlds7.exe c:\windows\system32\dlds8.exe c:\windows\system32\dLlUxyxx.ini c:\windows\system32\dLlUxyxx.ini2 c:\windows\system32\drivers\msqpdxesmcofjg.sys c:\windows\system32\drivers\services.exe c:\windows\system32\ghdugork.dll c:\windows\system32\hzvoga.dll c:\windows\system32\msqpdxqfvbyxus.dll c:\windows\system32\nkgmbsty.dll c:\windows\system32\pmnmnlKA.dll c:\windows\system32\qoMgfCuS.dll c:\windows\system32\update32.exe c:\windows\system32\vx.tll c:\windows\system32\wpv411229907513.cpx c:\windows\system32\wpv911229907513.cpx c:\windows\system32\wvtibjvk.dll c:\windows\system32\xwfmkj.dll c:\windows\system32\xxyxUlLd.dll c:\windows\system32\zurfpk.dll . ((((((((((((((((((((((((((((((((((((((( 驱动/服务 ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_MSQPDXSERV.SYS -------\Service_MSQPDXSERV.SYS ((((((((((((((((((((((((( 2008-12-02 至 2009-01-02 的新的档案 ))))))))))))))))))))))))))))))) . 2009-01-01 16:39 . 2009-01-01 16:39 1,307,356 --ahs---- c:\windows\system32\kvjbitvw.ini 2009-01-01 16:12 . 2009-01-01 16:13 d-------- C:\rsit 2008-12-31 16:41 . 2008-12-31 16:43 1,307,356 --ahs---- c:\windows\system32\miilsiys.ini 2008-12-31 10:18 . 2008-12-31 10:18 d-------- c:\documents and settings\Computer\Application Data\AOL 2008-12-31 10:17 . 2008-12-31 10:17 d-------- c:\program files\Common Files\Nullsoft 2008-12-31 10:17 . 2008-12-31 10:17 d-------- c:\documents and settings\Computer\Application Data\You've Got Pictures Screensaver 2008-12-31 10:17 . 2005-07-12 01:17 173,184 --a------ c:\windows\system32\ygpss.scr 2008-12-31 10:16 . 2008-12-31 10:16 d-------- c:\program files\Viewpoint 2008-12-31 10:16 . 2008-12-31 10:16 d-------- c:\documents and settings\All Users\Application Data\Viewpoint 2008-12-31 10:16 . 2000-05-22 00:00 115,920 --a------ c:\windows\system32\MSInet.ocx 2008-12-31 10:16 . 2001-11-21 10:15 102,400 --a------ c:\windows\system32\SimpleRegistry.dll 2008-12-31 10:16 . 1999-04-17 02:06 10,752 --a------ c:\windows\system32\aamd532.dll 2008-12-31 10:15 . 2008-12-31 10:15 d-------- c:\program files\Common Files\AolCoach 2008-12-31 10:15 . 2003-01-10 12:13 33,588 -ra------ c:\windows\system32\drivers\wanatw4.sys 2008-12-31 10:14 . 2008-12-31 10:17 d-------- c:\program files\Common Files\aolshare 2008-12-31 10:14 . 2008-12-31 16:33 d-------- c:\program files\America Online 9.0 2008-12-31 10:13 . 2008-12-31 10:13 335 --a------ c:\windows\nsreg.dat 2008-12-28 22:28 . 2008-12-29 23:29 200 --a------ c:\windows\cdplayer.ini 2008-12-26 23:47 . 2008-12-26 23:47 d-------- c:\program files\Midway Home Entertainment 2008-12-25 18:00 . 2008-12-25 18:00 1,661,209 --ahs---- c:\windows\system32\ytsbmgkn.ini 2008-12-25 17:56 . 2009-01-01 18:02 d-------- c:\documents and settings\Computer\Application Data\Twain 2008-12-25 17:51 . 2008-12-25 17:51 d-------- c:\program files\Webtools 2008-12-25 17:45 . 2008-12-25 17:46 45,056 --a------ c:\windows\system32\khfEUnKd.dll 2008-12-24 17:15 . 2008-12-25 15:20 d-------- c:\documents and settings\Computer\Application Data\dvdcss 2008-12-20 18:09 . 2008-12-20 18:09 d-------- c:\program files\LittleFighter2 2008-12-17 16:51 . 2008-12-17 16:51 d-------- c:\program files\Hamachi 2008-12-16 20:04 . 2009-01-01 18:10 d-------- c:\documents and settings\Computer\Application Data\Hamachi 2008-12-16 20:04 . 2008-12-17 16:51 25,280 --a------ c:\windows\system32\drivers\hamachi.sys 2008-12-06 13:48 . 2008-12-06 13:48 d-------- c:\program files\Transparent 2008-12-06 13:48 . 2008-12-06 13:52 d-------- c:\documents and settings\All Users\Application Data\Transparent 2008-12-04 17:35 . 2008-12-04 17:38 d-------- c:\program files\ManicTime . (((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-31 18:18 --------- d-----w c:\program files\Common Files\AOL 2008-12-31 18:18 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2008-12-27 07:47 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-26 06:18 --------- d-----w c:\program files\Trillian 2008-12-25 23:49 --------- d-----w c:\documents and settings\Computer\Application Data\mjusbsp 2008-12-25 23:38 --------- d-----w c:\documents and settings\All Users\Application Data\Digital Interactive Systems Corporation 2008-12-04 00:01 --------- d-----w c:\program files\MSECache 2008-11-26 22:05 --------- d--h--w c:\documents and settings\Computer\Application Data\ijjigame 2008-11-23 05:56 --------- d-----w c:\program files\Java 2008-11-09 03:15 --------- d-----w c:\program files\EA Sports 2008-11-02 23:59 --------- d-----w c:\program files\DriftCity 2008-11-02 17:23 --------- d-----w c:\documents and settings\Computer\Application Data\NPLUTO Corporation 2008-11-02 14:55 --------- d-----w c:\program files\Common Files\INCA Shared 2008-11-02 04:59 --------- d-----w c:\documents and settings\All Users\Application Data\IJJIGame 2008-10-05 22:23 402 ----a-w c:\documents and settings\Computer\Application Data\wklnhst.dat 2008-10-05 04:52 146 ----a-w c:\documents and settings\Computer\delself.bat 2008-07-18 14:41 229,376 ----a-w c:\documents and settings\Computer\cwshredder.dll . ((((((((((((((((((((((((((((((((((((( 重要登入点 )))))))))))))))))))))))))))))))))))))))))))))))))) . . *注意* 空白与合法缺省登录将不会被显示 REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AWMON"="c:\progra~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" [2005-05-25 517632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 36975] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 217088] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768] "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-08 7561216] "Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128] "DISCover"="c:\program files\DISC\DISCover.exe" [2006-06-01 1077248] "VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632] "PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672] "igfxtray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "igfxpers"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] "VAIOSecurity"="c:\program files\Sony\VAIO Security Center\VSC.exe" [2006-03-20 679936] "NapsterShell"="c:\program files\Napster\napster.exe" [2006-06-29 319488] "VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2005-06-13 258048] "Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 c:\windows\system32\ico.exe] c:\documents and settings\Computer\Start Menu\Programs\Startup\ hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-12-17 625952] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] Trend Micro Anti-Spyware.lnk - c:\program files\Trend Micro\Tmas\Tmas.exe [2008-07-08 1310720] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= "c:\program files\Trend Micro\Tmas\sshook.dll" [2008-07-08 77824] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2006-03-09 13:51 73728 c:\windows\system32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll xwfmkj.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Program Files\\Java\\jre1.5.0_07\\bin\\javaw.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Trillian\\trillian.exe"= "c:\\ijji\\ENGLISH\\u_gunz.exe"= "c:\\ijji\\ENGLISH\\u_skid.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Documents and Settings\\Computer\\Application Data\\mjusbsp\\magicJack.exe"= "c:\\Program Files\\Midway Home Entertainment\\Rise and Fall\\RiseAndFall.exe"= "c:\\Documents and Settings\\Computer\\Desktop\\yuk\\Empire Earth.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\1230747293\\EE\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\Program Files\\Hamachi\\hamachi.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-18 97928] R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-08-19 8944] R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-08-19 55024] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-18 875288] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-18 231704] R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-08-18 76040] R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [] R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592] R2 WUSB300NSvc;WUSB300NSvc;"c:\program files\Linksys\WUSB300N\WLService.exe" "WUSB300N.exe" [2008-07-08 53307] R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2006-07-24 30080] R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-07-24 226304] S2 OpenCASE Media Agent;OpenCASE Media Agent;"c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe" [2008-01-16 814728] S3 pelmouse;Mouse Suite Driver;c:\windows\system32\DRIVERS\pelmouse.sys [2006-07-24 17251] S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\DRIVERS\pelusblf.sys [2006-07-24 7520] S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-08-19 7408] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ea63322-97d4-11dd-8403-001d7e03a4d8}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f: \Shell\Open\command - resycled\boot.com f: . ‘计划任务’ 文件夹 里的内容 2009-01-02 c:\windows\Tasks\dxcqwped.job - c:\windows\system32\rundll32.exe [2006-03-15 04:00] 2009-01-02 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2008-09-29 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [] 2008-08-20 c:\windows\Tasks\Uniblue SpeedUpMyPC.job - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [] . - - - - ORPHANS REMOVED - - - - BHO-{182B5210-7872-45AE-899D-A3988999B341} - c:\windows\system32\xxyxUlLd.dll BHO-{29f41393-4f92-4df8-accd-d6e834774ce5} - c:\windows\system32\xwfmkj.dll BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\qoMgfCuS.dll HKCU-Run-MSMSGS - c:\program files\Messenger\msmsgs.exe HKLM-Run-IS CfgWiz - c:\program files\Norton Internet Security\cfgwiz.exe HKLM-Run-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe HKLM-Run-URLLSTCK.exe - c:\program files\Norton Internet Security\UrlLstCk.exe HKLM-Run-SSC_UserPrompt - c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe HKLM-Run-HostManager - c:\program files\Common Files\AOL\1215549714\ee\AOLSoftware.exe HKU-Default-Run-[system] - c:\windows\system32\drivers\services.exe HKU-Default-Run-winlogon - c:\documents and settings\LocalService\svchost.exe ShellExecuteHooks-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\qoMgfCuS.dll MSConfigStartUp-IS CfgWiz - c:\program files\Norton Internet Security\cfgwiz.exe . ------- 而外的扫描 ------- . uStart Page = hxxp://www.sony.com/vaiopeople mDefault_Page_URL = hxxp://www.sony.com/vaiopeople uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 Trusted Zone: *.trymedia.com FF - ProfilePath - c:\documents and settings\Computer\Application Data\Mozilla\Firefox\Profiles\dmdupivv.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-01 18:10:35 Windows 5.1.2600 Service Pack 2 NTFS 扫描被隐藏的进程。。。 ... 扫描被隐藏的启动组。。。 扫描被隐藏的文件。。。 扫描完成 被隐藏的档案: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msqpdxserv.sys] "imagepath"="\systemroot\system32\drivers\msqpdxpivwfikl.sys" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*] @Owner=S-1-5-21-2784834930-3844290383-925687775-1005 "*"=dword:00000004 [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*] @Security="Inherited" "*"=dword:00000004 [HKEY_USERS\S-1-5-21-2784834930-3844290383-925687775-1005\Software\Local AppWizard-Generated Applications\RecoveryFix for Windows\splt\init_h*NULL*理W*NULL*X*NULL*T*NULL*P*NULL*N*NULL*o*NULL*t*NULL*i*NULL*f*NULL*i*NULL*c*NULL*a*NULL*t*NULL*i*NULL*o*NULL*n*NULL*S*NULL*i*NULL*n*NULL*k*NULL*M*NULL*T*NULL*O*NULL*n*NULL*E*NULL*v*NULL*e*NULL*n*NULL*t*NULL*1*NULL*8*NULL*1*NULL*] @Security="Inherited" [HKEY_USERS\S-1-5-21-2784834930-3844290383-925687775-1005\Software\Local AppWizard-Generated Applications\RecoveryFix for Windows\splt\init_v*NULL*H*NULL*o*NULL*r*NULL*i*NULL*z*NULL*S*NULL*p*NULL*l*NULL*i*NULL*t*NULL*P*NULL*o*NULL*s*NULL*1*NULL*5*NULL*7*NULL*] @Security="Inherited" [HKEY_USERS\S-1-5-21-2784834930-3844290383-925687775-1005\Software\Local AppWizard-Generated Applications\RecoveryFix for Windows\splt\init_v*NULL*H*NULL*o*NULL*r*NULL*i*NULL*z*NULL*S*NULL*p*NULL*l*NULL*i*NULL*t*NULL*P*NULL*o*NULL*s*NULL*1*NULL*6*NULL*4*NULL*] @Security="Inherited" [HKEY_USERS\S-1-5-21-2784834930-3844290383-925687775-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2784834930-3844290383-925687775-1005 @Allowed: (Full) (S-1-5-21-2784834930-3844290383-925687775-1005) @Allowed: (Full) (S-1-5-21-2784834930-3844290383-925687775-1005) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) "*"=dword:00000004 [HKEY_USERS\S-1-5-21-2784834930-3844290383-925687775-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*] @Security="Inherited" "*"=dword:00000004 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2784834930-3844290383-925687775-1005 @Allowed: (Full) (S-1-2-0) "*"=dword:00000004 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*] @Security="Inherited" "*"=dword:00000004 [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msqpdxserv.sys] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=Administrators @DACL=(02 0000) "start"=dword:00000001 "type"=dword:00000001 "group"="file system" "imagepath"=expand:"\\systemroot\\system32\\drivers\\msqpdxpivwfikl.sys" . --------------------- 运行进程下的动态链接库 --------------------- - - - - - - - > 'winlogon.exe'(952) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\VESWinlogon.dll . ------------------------ 其他运行进程 ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\windows\system32\conime.exe c:\program files\Common Files\AOL\ACS\AOLacsd.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\program files\Sony\VAIO Event Service\VESMgr.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\program files\Linksys\WUSB300N\WUSB300N.exe c:\windows\system32\igfxext.exe c:\windows\system32\igfxsrvc.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe c:\program files\Apoint\ApntEx.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\dllhost.exe c:\windows\ehome\ehmsas.exe c:\windows\ehome\ehRec.exe c:\program files\DISC\DiscStreamHub.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\AVG\AVG8\avgrsx.exe . ************************************************************************** . 完成时间: 2009-01-01 18:16:26 - 电脑已重新启动 ComboFix-quarantined-files.txt 2009-01-02 02:16:20 Pre-Run: 79,765,843,968 bytes free Post-Run: 79,659,810,816 bytes free 363 --- E O F --- 2008-12-22 20:28:05