ComboFix 09-01-01.02 - Computer 2009-01-02 20:10:43.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.1014.581 [GMT -8:00] 执行位置: c:\documents and settings\Computer\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Computer\Desktop\CFScript.txt * 成功创造新还原点 * Resident AV is active FILE :: c:\documents and settings\Computer\delself.bat c:\windows\system32\khfEUnKd.dll c:\windows\system32\miilsiys.ini c:\windows\system32\ytsbmgkn.ini . ((((((((((((((((((((((((((((((((((((((( 被删除的档案 ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Viewpoint c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MTSDownloadSites.txt c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\407034558.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\UpdateVersionList_v2.mtx c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9\FLFBootStrap.mtx c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus\FLFBootStrap.mtx c:\documents and settings\Computer\Application Data\Twain c:\documents and settings\Computer\delself.bat c:\program files\Viewpoint c:\program files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll c:\program files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentMgr.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll c:\program files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini c:\program files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt c:\program files\Webtools c:\program files\Webtools\webtools.dll C:\test.txt c:\windows\system32\khfEUnKd.dll c:\windows\system32\miilsiys.ini c:\windows\system32\ytsbmgkn.ini . ((((((((((((((((((((((((( 2008-12-03 至 2009-01-03 的新的档案 ))))))))))))))))))))))))))))))) . 2009-01-01 16:39 . 2009-01-01 16:39 1,307,356 --ahs---- c:\windows\system32\kvjbitvw.ini 2009-01-01 16:12 . 2009-01-01 16:13 d-------- C:\rsit 2008-12-31 10:18 . 2008-12-31 10:18 d-------- c:\documents and settings\Computer\Application Data\AOL 2008-12-31 10:17 . 2008-12-31 10:17 d-------- c:\program files\Common Files\Nullsoft 2008-12-31 10:17 . 2008-12-31 10:17 d-------- c:\documents and settings\Computer\Application Data\You've Got Pictures Screensaver 2008-12-31 10:17 . 2005-07-12 01:17 173,184 --a------ c:\windows\system32\ygpss.scr 2008-12-31 10:16 . 2000-05-22 00:00 115,920 --a------ c:\windows\system32\MSInet.ocx 2008-12-31 10:16 . 2001-11-21 10:15 102,400 --a------ c:\windows\system32\SimpleRegistry.dll 2008-12-31 10:16 . 1999-04-17 02:06 10,752 --a------ c:\windows\system32\aamd532.dll 2008-12-31 10:15 . 2008-12-31 10:15 d-------- c:\program files\Common Files\AolCoach 2008-12-31 10:15 . 2003-01-10 12:13 33,588 -ra------ c:\windows\system32\drivers\wanatw4.sys 2008-12-31 10:14 . 2008-12-31 10:17 d-------- c:\program files\Common Files\aolshare 2008-12-31 10:14 . 2009-01-01 22:45 d-------- c:\program files\America Online 9.0 2008-12-31 10:13 . 2008-12-31 10:13 335 --a------ c:\windows\nsreg.dat 2008-12-28 22:28 . 2008-12-29 23:29 200 --a------ c:\windows\cdplayer.ini 2008-12-26 23:47 . 2008-12-26 23:47 d-------- c:\program files\Midway Home Entertainment 2008-12-24 17:15 . 2008-12-25 15:20 d-------- c:\documents and settings\Computer\Application Data\dvdcss 2008-12-20 18:09 . 2008-12-20 18:09 d-------- c:\program files\LittleFighter2 2008-12-17 16:51 . 2008-12-17 16:51 d-------- c:\program files\Hamachi 2008-12-16 20:04 . 2009-01-02 20:18 d-------- c:\documents and settings\Computer\Application Data\Hamachi 2008-12-16 20:04 . 2008-12-17 16:51 25,280 --a------ c:\windows\system32\drivers\hamachi.sys 2008-12-06 13:48 . 2008-12-06 13:48 d-------- c:\program files\Transparent 2008-12-06 13:48 . 2008-12-06 13:52 d-------- c:\documents and settings\All Users\Application Data\Transparent 2008-12-04 17:35 . 2008-12-04 17:38 d-------- c:\program files\ManicTime . (((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-31 18:18 --------- d-----w c:\program files\Common Files\AOL 2008-12-31 18:18 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2008-12-27 07:47 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-26 06:18 --------- d-----w c:\program files\Trillian 2008-12-25 23:49 --------- d-----w c:\documents and settings\Computer\Application Data\mjusbsp 2008-12-25 23:38 --------- d-----w c:\documents and settings\All Users\Application Data\Digital Interactive Systems Corporation 2008-12-04 00:01 --------- d-----w c:\program files\MSECache 2008-11-26 22:05 --------- d--h--w c:\documents and settings\Computer\Application Data\ijjigame 2008-11-23 05:56 --------- d-----w c:\program files\Java 2008-11-09 03:15 --------- d-----w c:\program files\EA Sports 2008-10-05 22:23 402 ----a-w c:\documents and settings\Computer\Application Data\wklnhst.dat 2008-07-18 14:41 229,376 ----a-w c:\documents and settings\Computer\cwshredder.dll . ((((((((((((((((((((((((((((( snapshot@2009-01-01_18.14.43.84 ))))))))))))))))))))))))))))))))))))))))) . + 2009-01-03 04:15:17 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_498.dat . ((((((((((((((((((((((((((((((((((((( 重要登入点 )))))))))))))))))))))))))))))))))))))))))))))))))) . . *注意* 空白与合法缺省登录将不会被显示 REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AWMON"="c:\progra~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" [2005-05-25 517632] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [BU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 36975] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 217088] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768] "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-08 7561216] "Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128] "DISCover"="c:\program files\DISC\DISCover.exe" [2006-06-01 1077248] "VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632] "PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672] "igfxtray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "igfxpers"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] "VAIOSecurity"="c:\program files\Sony\VAIO Security Center\VSC.exe" [2006-03-20 679936] "NapsterShell"="c:\program files\Napster\napster.exe" [2006-06-29 319488] "VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2005-06-13 258048] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [BU] "IS CfgWiz"="c:\program files\Norton Internet Security\cfgwiz.exe" [BU] "URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [BU] "SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [BU] "HostManager"="c:\program files\Common Files\AOL\1215549714\ee\AOLSoftware.exe" [BU] "Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 c:\windows\system32\ico.exe] c:\documents and settings\Computer\Start Menu\Programs\Startup\ hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-12-17 625952] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] Trend Micro Anti-Spyware.lnk - c:\program files\Trend Micro\Tmas\Tmas.exe [2008-07-08 1310720] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= "c:\program files\Trend Micro\Tmas\sshook.dll" [2008-07-08 77824] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2006-03-09 13:51 73728 c:\windows\system32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Program Files\\Java\\jre1.5.0_07\\bin\\javaw.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Trillian\\trillian.exe"= "c:\\ijji\\ENGLISH\\u_gunz.exe"= "c:\\ijji\\ENGLISH\\u_skid.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Documents and Settings\\Computer\\Application Data\\mjusbsp\\magicJack.exe"= "c:\\Program Files\\Midway Home Entertainment\\Rise and Fall\\RiseAndFall.exe"= "c:\\Documents and Settings\\Computer\\Desktop\\yuk\\Empire Earth.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\1230747293\\EE\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\Program Files\\Hamachi\\hamachi.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-18 97928] R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-08-19 8944] R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-08-19 55024] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-18 875288] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-18 231704] R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-08-18 76040] R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [] R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592] R2 WUSB300NSvc;WUSB300NSvc;"c:\program files\Linksys\WUSB300N\WLService.exe" "WUSB300N.exe" [2008-07-08 53307] R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2006-07-24 30080] R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-07-24 226304] S2 OpenCASE Media Agent;OpenCASE Media Agent;"c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe" [2008-01-16 814728] S3 pelmouse;Mouse Suite Driver;c:\windows\system32\DRIVERS\pelmouse.sys [2006-07-24 17251] S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\DRIVERS\pelusblf.sys [2006-07-24 7520] S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-08-19 7408] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [] . ‘计划任务’ 文件夹 里的内容 2009-01-03 c:\windows\Tasks\dxcqwped.job - c:\windows\system32\rundll32.exe [2006-03-15 04:00] 2009-01-03 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2008-09-29 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [] 2008-08-20 c:\windows\Tasks\Uniblue SpeedUpMyPC.job - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [] . . ------- 而外的扫描 ------- . uStart Page = hxxp://www.sony.com/vaiopeople uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 Trusted Zone: *.trymedia.com FF - ProfilePath - c:\documents and settings\Computer\Application Data\Mozilla\Firefox\Profiles\dmdupivv.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-02 20:16:57 Windows 5.1.2600 Service Pack 2 NTFS 扫描被隐藏的进程。。。 ... 扫描被隐藏的启动组。。。 扫描被隐藏的文件。。。 扫描完成 被隐藏的档案: 0 ************************************************************************** . --------------------- 运行进程下的动态链接库 --------------------- - - - - - - - > 'winlogon.exe'(1116) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\VESWinlogon.dll . ------------------------ 其他运行进程 ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\windows\system32\conime.exe c:\program files\Common Files\AOL\ACS\AOLacsd.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe c:\program files\Apoint\ApntEx.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\igfxsrvc.exe c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\program files\Sony\VAIO Event Service\VESMgr.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\windows\system32\igfxext.exe c:\windows\system32\igfxsrvc.exe c:\program files\Linksys\WUSB300N\WUSB300N.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe c:\windows\system32\dllhost.exe c:\windows\ehome\ehmsas.exe c:\program files\DISC\DiscStreamHub.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . 完成时间: 2009-01-02 20:22:36 - 电脑已重新启动 ComboFix-quarantined-files.txt 2009-01-03 04:22:30 ComboFix2.txt 2009-01-02 02:16:29 Pre-Run: 79,576,817,664 bytes free Post-Run: 79,558,074,368 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-CHS.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect 304 --- E O F --- 2008-12-22 20:28:05