我中了磁碟机国际刑警病毒，在重装系统后，u盘里的东西无法复制，均显示参数错误，或冗余失败。照片几乎全被改成灰色的，不完整的！在用windows备份程序备份时，发现备份程序被搁置。瑞星杀了一个病毒后出现异常，显示扫描0个文件，升级窗口被自动关闭或闲置，以至于到现在都不能升级！闲置的窗口看似无法强行终止。用360磁碟机专杀杀到47个病毒，瑞星才终于可以升级了！系统诊断如下：（superkiller死机了N次后终于产生如下报告！！！）敢问各位高手u盘里的东西还有没有希望？？？

该诊断报告由360安全卫士提供 http://www.360.cn

诊断时间: 2008-05-10 22:42:05

诊断平台: Microsoft Windows XP Service Pack 2

IE版本: Internet Explorer V7.0.5730.13 Build:75730

计算机物理内存:767.36MB - 当前可用内存:284.47MB



100 - 未知 - Process: stormliv.exe [暴风影音媒体控制中心] - C:\Program Files\StormII\stormliv.exe

100 - 未知 - Process: GooglePinyinDaemon.exe [Google Pinyin Network Daemon] - C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe

100 - 未知 - Process: 360tray.exe [360安全卫士实时保护模块] - C:\P\360safe\safemon\360Tray.exe

100 - 未知 - Process: AntiArp.exe [360ARP防火墙] - C:\P\360safe\antiarp\antiarp.exe

100 - 未知 - Process: QQ.exe [] -

100 - 未知 - Process: TXPlatform.exe [TM2008] - C:\P\$qq 在 kenan2002 (192.168.1.110) 上\$qq 在 kenan2002 (192.168.1.110) 上\TXPlatform.exe

100 - 未知 - Process: QQBattleZone.exe [QQ对战平台客户端] - C:\P\QQBattleZone\QQBattleZone.exe

100 - 未知 - Process: killer_autorun.exe [] - C:\documents\360compkill\tools\killer_autorun.exe

100 - 未知 - Process: kill_autorun.exe [U盘病毒专杀工具] - C:\DOCUME~1\za\LOCALS~1\Temp\RarSFX0\kill_autorun.exe

R1 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\TERRIBLE\system32\blank.htm

O1 - 未知 - Host: 127.0.0.1 c0mo.com

O2 - 未知 - BHO: (ThunderAtOnce Class) - [迅雷浏览器高级特性支持模块] - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\P\Thunder\ComDlls\TDAtOnce_Now.dll

O4 - 未知 - HKLM\..\Run: [Google IME Autoupdater] [Google Pinyin Network Daemon] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"

O4 - 未知 - HKLM\..\Run: [powerword 2007] [Kingsoft PowerWord 2007] "C:\Program Files\Kingsoft\Powerword 2007\xdict.exe" -s -nosplash

O4 - 未知 - HKLM\..\Run: [akCheck] [] "C:\documents\360compkill\SuperKiller.exe" -anti

O4 - 未知 - HKLM\..\RunOnce: [killdummycom4] [] "C:\P\killer_cdj.exe" -check

O8 - 未知 - Extra context menu item: &使用快车(FlashGet)下载 - C:\Program Files\FlashGet\ComDlls\Bholink.htm

O8 - 未知 - Extra context menu item: &使用快车(FlashGet)下载全部链接 - C:\Program Files\FlashGet\ComDlls\Bhoall.htm

O8 - 未知 - Extra context menu item: 使用迅雷下载 - C:\P\Thunder\Program\geturl.htm

O8 - 未知 - Extra context menu item: 使用迅雷下载全部链接 - C:\P\Thunder\Program\getallurl.htm

O8 - 未知 - Extra context menu item: 添加到QQ表情 - C:\P\$qq 在 kenan2002 (192.168.1.110) 上\$qq 在 kenan2002 (192.168.1.110) 上\AddEmotion.htm

O10 - 未知 - Winsock LSP: [Microsoft Windows Sockets 2.0 Service Provider] [{3972523D-2AF1-11D1-B655-00805F3642CC}]C:\TERRIBLE\system32\mswsock.dll

O10 - 未知 - Winsock LSP: [Microsoft Windows Sockets 2.0 Service Provider] [{E70F1AA0-AB8B-11CF-8CA3-00805F48A192}]C:\TERRIBLE\system32\mswsock.dll

O10 - 未知 - Winsock LSP: [Microsoft Windows Sockets 2.0 Service Provider] [{E70F1AA0-AB8B-11CF-8CA3-00805F48A192}]C:\TERRIBLE\system32\mswsock.dll

O10 - 未知 - Winsock LSP: [Microsoft Windows Sockets 2.0 Service Provider] [{E70F1AA0-AB8B-11CF-8CA3-00805F48A192}]C:\TERRIBLE\system32\mswsock.dll

O10 - 未知 - Winsock LSP: [Microsoft Windows Rsvp 1.0 Service Provider] [{9D60A9E0-337A-11D0-BD88-0000C082E69A}]C:\TERRIBLE\system32\rsvpsp.dll

O10 - 未知 - Winsock LSP: [Microsoft Windows Rsvp 1.0 Service Provider] [{9D60A9E0-337A-11D0-BD88-0000C082E69A}]C:\TERRIBLE\system32\rsvpsp.dll

O10 - 未知 - Winsock LSP: [Microsoft Windows Sockets 2.0 Service Provider] [{8D5F1830-C273-11CF-95C8-00805F48A192}]C:\TERRIBLE\system32\mswsock.dll

O10 - 未知 - Winsock LSP: [Microsoft Windows Sockets 2.0 Service Provider] [{8D5F1830-C273-11CF-95C8-00805F48A192}]C:\TERRIBLE\system32\mswsock.dll

O10 - 未知 - Winsock LSP: [Microsoft Windows Sockets 2.0 Service Provider] [{8D5F1830-C273-11CF-95C8-00805F48A192}]C:\TERRIBLE\system32\mswsock.dll

O10 - 未知 - Winsock LSP: [Microsoft Windows Sockets 2.0 Service Provider] [{8D5F1830-C273-11CF-95C8-00805F48A192}]C:\TERRIBLE\system32\mswsock.dll

O10 - 未知 - Winsock LSP: [Microsoft Windows Sockets 2.0 Service Provider] [{8D5F1830-C273-11CF-95C8-00805F48A192}]C:\TERRIBLE\system32\mswsock.dll

O10 - 未知 - Winsock LSP: [Microsoft Windows Sockets 2.0 Service Provider] [{8D5F1830-C273-11CF-95C8-00805F48A192}]C:\TERRIBLE\system32\mswsock.dll

O10 - 未知 - Winsock LSP: [Microsoft Windows Sockets 2.0 Service Provider] [{8D5F1830-C273-11CF-95C8-00805F48A192}]C:\TERRIBLE\system32\mswsock.dll

O10 - 未知 - Winsock LSP: [Microsoft Windows Sockets 2.0 Service Provider] [{8D5F1830-C273-11CF-95C8-00805F48A192}]C:\TERRIBLE\system32\mswsock.dll

O10 - 未知 - Winsock LSP: [Microsoft Windows Sockets 2.0 Service Provider] [{8D5F1830-C273-11CF-95C8-00805F48A192}]C:\TERRIBLE\system32\mswsock.dll

O10 - 未知 - Winsock LSP: [Microsoft Windows Sockets 2.0 Service Provider] [{8D5F1830-C273-11CF-95C8-00805F48A192}]C:\TERRIBLE\system32\mswsock.dll

O16 - 未知 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - 未知 - Protocol: AP Class Install Handler filter - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\TERRIBLE\system32\urlmon.dll

O18 - 未知 - Protocol: AP encoding/decoding Filters - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\TERRIBLE\system32\urlmon.dll

O18 - 未知 - Protocol: AP encoding/decoding Filters - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\TERRIBLE\system32\urlmon.dll

O18 - 未知 - Protocol: AP encoding/decoding Filters - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\TERRIBLE\system32\urlmon.dll

O18 - 未知 - Protocol: WebView MIME Filter - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\TERRIBLE\system32\SHELL32.dll

O18 - 未知 - Protocol: Microsoft HTML About Pluggable Protocol - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\TERRIBLE\system32\mshtml.dll

O18 - 未知 - Protocol: CDL: Asychronous Pluggable Protocol Handler - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\TERRIBLE\system32\urlmon.dll

O18 - 未知 - Protocol: DVD: 可插入协议 - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\TERRIBLE\system32\msvidctl.dll

O18 - 未知 - Protocol: file:, local: Asychronous Pluggable Protocol Handler - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\TERRIBLE\system32\urlmon.dll

O18 - 未知 - Protocol: ftp: Asychronous Pluggable Protocol Handler - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\TERRIBLE\system32\urlmon.dll

O18 - 未知 - Protocol: gopher: Asychronous Pluggable Protocol Handler - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\TERRIBLE\system32\urlmon.dll

O18 - 未知 - Protocol: http: Asychronous Pluggable Protocol Handler - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\TERRIBLE\system32\urlmon.dll

O18 - 未知 - Protocol: https: Asychronous Pluggable Protocol Handler - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\TERRIBLE\system32\urlmon.dll

O18 - 未知 - Protocol: Microsoft InfoTech Protocols for IE 4.0 - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\TERRIBLE\System32\itss.dll

O18 - 未知 - Protocol: Microsoft HTML Javascript Pluggable Protocol - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\TERRIBLE\system32\mshtml.dll

O18 - 未知 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - 未知 - Protocol: file:, local: Asychronous Pluggable Protocol Handler - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\TERRIBLE\system32\urlmon.dll

O18 - 未知 - Protocol: Microsoft HTML Mailto Pluggable Protocol - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\TERRIBLE\system32\mshtml.dll

O18 - 未知 - Protocol: MHTML Asychronous Pluggable Protocol Handler - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\TERRIBLE\System32\inetcomm.dll

O18 - 未知 - Protocol: mk: Asychronous Pluggable Protocol Handler - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\TERRIBLE\system32\urlmon.dll

O18 - 未知 - Protocol: Microsoft InfoTech Protocols for IE 4.0 - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\TERRIBLE\System32\itss.dll

O18 - 未知 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - 未知 - Protocol: Microsoft HTML Resource Pluggable Protocol - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\TERRIBLE\system32\mshtml.dll

O18 - 未知 - Protocol: Microsoft HTML Resource Pluggable Protocol - {76E67A63-06E9-11D2-A840-006008059382} - C:\TERRIBLE\System32\mshtml.dll

O18 - 未知 - Protocol: TV: 可插入协议 - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\TERRIBLE\system32\msvidctl.dll

O18 - 未知 - Protocol: Microsoft HTML Javascript Pluggable Protocol - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\TERRIBLE\system32\mshtml.dll

O18 - 未知 - Protocol: WiaProtocol - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\TERRIBLE\System32\wiascr.dll

O21 - 未知 - Protocol Icons: HKCR\htmlfile\DefaultIcon - C:\Program Files\Internet Explorer\IEXPLORE.EXE,-17

O23 - 未知 - Service: ccosm [Contrl Center of Storm Media] - C:\Program Files\StormII\stormliv.exe /asservice - (running)

O23 - 未知 - Service: PsShutdownSvc [PsShutdown] - C:\TERRIBLE\System32\PSSDNSVC.EXE - (not running)

O23 - 未知 - Service: usnjsvc [Messenger 上安装的启用共享情况的服务] - "C:\Program Files\Windows Live\Messenger\usnsvc.exe" - (not running)

O23 - 未知 - Service: Visual Studio Analyzer RPC bridge [Visual Studio Analyzer RPC bridge] - C:\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe - (not running)

O30 - 未知 - HKLM\..\Winlogon: [Userinit] [Userinit Logon Application] C:\TERRIBLE\system32\userinit.exe

O30 - 未知 - HKLM\..\Winlogon: [Shell] [Windows Explorer] Explorer.exe

O30 - 未知 - HKLM\..\Winlogon: [UIHost] [Windows Logon UI] logonui.exe



=======================================



100 - 安全 - Process: smss.exe [进程为会话管理子系统用以初始化系统变量，ms-dos驱动名称类似lpt1以及com，调用win32壳子系统和运行在windows登陆过程。] - C:\TERRIBLE\System32\smss.exe

100 - 安全 - Process: csrss.exe [客户端服务子系统，用以控制windows图形相关子系统。] - C:\TERRIBLE\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=bas

100 - 安全 - Process: winlogon.exe [windows nt用户登陆程序。] - C:\TERRIBLE\system32\winlogon.exe

100 - 安全 - Process: services.exe [用于管理windows服务系统进程。] - C:\TERRIBLE\system32\services.exe

100 - 安全 - Process: lsass.exe [本地安全权限服务控制windows安全机制。] - C:\TERRIBLE\system32\lsass.exe

100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\TERRIBLE\system32\svchost -k DcomLaunch

100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\TERRIBLE\system32\svchost -k rpcss

100 - 安全 - Process: CCenter.exe [瑞星杀毒软件控制台相关程序。] - C:\Program Files\Rising\Rav\CCenter.exe

100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\TERRIBLE\System32\svchost.exe -k netsvcs

100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\TERRIBLE\System32\svchost.exe -k NetworkService

100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\TERRIBLE\System32\svchost.exe -k LocalService

100 - 安全 - Process: RavMonD.exe [瑞星杀毒软件的一部分。] - C:\PROGRAM FILES\RISING\RAV\ravmond.exe

100 - 安全 - Process: spoolsv.exe [windows打印任务控制程序，用以打印机就绪。] - C:\TERRIBLE\system32\spoolsv.exe

100 - 安全 - Process: RavStub.exe [瑞星出品的杀毒软件相关程序。] - C:\PROGRAM FILES\RISING\RAV\RavStub.exe

100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell，包括开始菜单、任务栏，桌面和文件管理。] - C:\TERRIBLE\Explorer.EXE

100 - 安全 - Process: ati2evxx.exe [ati显卡相关后台程序。] - C:\TERRIBLE\System32\Ati2evxx.exe

100 - 安全 - Process: RavMon.exe [瑞星杀毒软件防火墙。] - C:\PROGRAM FILES\RISING\RAV\RavMon.exe -SYSTEM

100 - 安全 - Process: vmware-authd.exe [vmware虚拟机软件的一部分。] - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

100 - 安全 - Process: vmnat.exe [vmware虚拟机软件nat service服务程序。] - C:\TERRIBLE\System32\vmnat.exe

100 - 安全 - Process: vmnetdhcp.exe [vmware虚拟机软件dhcp service服务程序。] - C:\TERRIBLE\System32\vmnetdhcp.exe

100 - 安全 - Process: alg.exe [这是一个应用层网关服务用于网络共享。] - C:\TERRIBLE\System32\alg.exe

100 - 安全 - Process: RavTask.exe [瑞星出品的杀毒软件相关程序。] - C:\Program Files\Rising\Rav\RavTask.exe

100 - 安全 - Process: ctfmon.exe [office xp输入法图标。] - C:\TERRIBLE\system32\ctfmon.exe

100 - 安全 - Process: RsAgent.exe [瑞星助手是瑞星杀毒软件的一部分。] - C:\PROGRAM FILES\RISING\RAV\RsAgent.exe

100 - 安全 - Process: conime.exe [console ime ime输入法控制台软件。] - C:\TERRIBLE\system32\conime.exe

100 - 安全 - Process: taskmgr.exe [windows自带的任务管理器程序，用于察看系统中的进程信息。] - C:\TERRIBLE\system32\taskmgr.exe

100 - 安全 - Process: SmartUp.exe [瑞星杀毒软件的一部分。] - C:\Program Files\Rising\Rav\Smartup.exe

100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\TERRIBLE\System32\svchost.exe -k imgsvc

100 - 安全 - Process: SuperKiller.exe [] - C:\documents\360compkill\SuperKiller.exe

O2 - 安全 - BHO: (浏览器辅助对象(BHO)) - [网际快车，支持下载后的文件管理] - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -

O2 - 安全 - BHO: (Thunder Browser Helper) - [迅雷附带下载监视器相关文件。] - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\P\Thunder\ComDlls\xunleiBHO_Now.dll

O4 - 安全 - HKLM\..\Run: [IMJPMIG8.1] [微软Microsoft输入法编辑器程序。] "C:\TERRIBLE\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - 安全 - HKLM\..\Run: [PHIME2002ASync] [输入法软件相关程序。] C:\TERRIBLE\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - 安全 - HKLM\..\Run: [PHIME2002A] [输入法软件相关程序。] C:\TERRIBLE\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - 安全 - HKLM\..\Run: [RavTask] [瑞星杀毒软件的任务计划程序。] "C:\Program Files\Rising\Rav\RavTask.exe" -system

O4 - 默认 - HKLM\..\Run: [ATIModeChange] [ati系统托盘图标] Ati2mdxx.exe

O4 - 安全 - HKLM\..\Run: [360Safetray] [360safe实时保护功能模块。] C:\P\360safe\safemon\360Tray.exe /start

O4 - 安全 - HKLM\..\Run: [CloneCDElbyCDFL] [clonecd刻录软件相关。] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - 安全 - HKLM\..\Run: [360Antiarp] [360安全卫士ARP防火墙相关程序。] C:\P\360safe\antiarp\antiarp.exe /start

O4 - 安全 - HKCU\..\Run: [ctfmon.exe] [office xp输入法图标。] C:\TERRIBLE\system32\ctfmon.exe

O23 - 安全 - Service: Ati HotKey Poller [ati显卡相关后台程序。] - C:\TERRIBLE\System32\Ati2evxx.exe - (running)

O23 - 安全 - Service: RsCCenter [是瑞星杀毒软件控制台相关程序。] - "C:\Program Files\Rising\Rav\CCenter.exe" - (running)

O23 - 安全 - Service: RsRavMon [是瑞星杀毒软件相关监控程序。] - "C:\PROGRAM FILES\RISING\RAV\Ravmond.exe" - (not running)



=======================================



O31 - 未知 - Folder Menu: {F9DB5320-233E-11D1-9F84-707F02C10627} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll - Adobe Systems, Inc. - PDF Shell Extension - 8.1.0.0 - 372736 - 2094bc9a0fc9c0e15eea5f4a9581dd14

O31 - 未知 - SEApproved: {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll - - - - 0 -

O31 - 未知 - SEApproved: 无效的CLSID：Shell extensions for file compression - - - - - 0 -

O31 - 未知 - SEApproved: 无效的CLSID：加密上下文菜单 - - - - - 0 -

O31 - 未知 - SEApproved: {0DF44EAA-FF21-4412-828E-260A8728E7F1} - - - - - 0 -

O31 - 未知 - SEApproved: 无效的CLSID：媒体区 - - - - - 0 -

O31 - 未知 - SEApproved: {7A9D77BD-5403-11d2-8785-2E0420524153} - - - - - 0 -

O31 - 未知 - SEApproved: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 119808 - fdb0af63852ecea4e4d0bc048fb3ec6d

O31 - 未知 - SEApproved: {0E6C58A9-F592-4862-B35F-CA45E24003B3} - C:\Program Files\Elaborate Bytes\CloneCD\ElbyVCDShell.dll - Elaborate Bytes - CloseTray - 4.1.0.1 - 77824 - 1988e361b62d54564e329b6c87f8eb14

O31 - 未知 - SEApproved: {5E44E225-A408-11CF-B581-008029601108} - C:\PROGRA~1\Roxio\EASYCD~1\DirectCD\Shellex.dll - Roxio - DirectCD Shell Extention DLL - 5.3.0.105 - 180224 - 59c6f2cae0147c411a622a5c8289bc40

O31 - 未知 - SEApproved: {6B19FEC2-A45B-11CF-9045-00A0C9039735} - C:\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL - Microsoft Corporation - Microsoft(R) Developer Studio Explorer Shell Extensions - 6.0.8168.0 - 65611 - 065c58a178b85abb95b7f7db27e8fec3

O31 - 未知 - SEApproved: {D545EBD1-BD92-11CF-8772-00A0C9039735} - C:\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL - Microsoft Corporation - Microsoft(R) Developer Studio Explorer Shell Extensions - 6.0.8168.0 - 65611 - 065c58a178b85abb95b7f7db27e8fec3

O31 - 未知 - Directory Menu: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 119808 - fdb0af63852ecea4e4d0bc048fb3ec6d

O31 - 未知 - BootExecute: bsmain - - - - 0 -

O31 - 未知 - LSA: Security Packages - sv1_0.dll - - - - 0 -

O31 - 未知 - LSA: Security Packages - channel.dll - - - - 0 -



=======================================



O40 - Explorer.EXE - - C:\P\Thunder\Components\ResWorker\DsBho_00.dll - DsBho - 519110c5c99943c160b765ed029717fe

O40 - Explorer.EXE - Thunder Networking Technologies,LTD - C:\P\Thunder\Components\ResWorker\DataProcessor_00.dll - DataProcessor - ba460dd8e04b8896d6ef6aa9e40b4aed

O40 - Explorer.EXE - Adobe Systems, Inc. - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll - PDF Shell Extension - 2094bc9a0fc9c0e15eea5f4a9581dd14

O40 - Explorer.EXE - - C:\P\QQBattleZone\QBHook.dll - - efad7b87a02f639ad07fe52f55985858

O40 - Explorer.EXE - VMware, Inc. - C:\TERRIBLE\System32\VMNETB~1.DLL - VMware bridge notify DLL (32-bit) - 2b7ceeeed05c32912a3df37c0147cdde



=======================================



O41 - ElbyCDFL - ElbyCDIO Filter Driver - C:\TERRIBLE\system32\drivers\ElbyCDFL.sys - (running) - ElbyCDIO Filter Driver - Elaborate Bytes AG - 59c9e1336a4508f059827d638e924c62

O41 - ElbyCDIO - ElbyCD Windows NT/2000/XP I/O driver - C:\TERRIBLE\system32\drivers\ElbyCDIO.sys - (running) - ElbyCD Windows NT/2000/XP I/O driver - Elaborate Bytes AG - 389823db299b350f2ee830d47376eeac

O41 - ElbyVCD - VirtualCloneCD Driver - C:\TERRIBLE\system32\drivers\ElbyVCD.sys - (running) - VirtualCloneCD Driver - Elaborate Bytes AG - c4143fc2f7d39a5a8b1cfe0bc4bd8a9e

O41 - hcmon - VMware USB monitor - C:\TERRIBLE\system32\drivers\hcmon.sys - (running) - VMware USB monitor - VMware, Inc. - 7ec972b420512aae9400771eff72fea7

O41 - st3wolf - SCSI miniport - C:\TERRIBLE\system32\drivers\st3wolf.sys - (running) - SCSI miniport - - 1e9a652d898cc96038e5e5554f79c49f

O41 - stwlfbus - PnP BIOS Extension - C:\TERRIBLE\system32\drivers\stwlfbus.sys - (running) - PnP BIOS Extension - - 24e09d134304fbc605626fced3e4cb50

O41 - QKeyService - KeyCrypt - C:\TERRIBLE\system32\KeyCrypt.sys - (running) - KeyCrypt - Tencent Technology (Shenzhen) Company Limited - ecaa6d40a70bee079f3817601bec1692

O41 - 04dbaddf - 04dbaddf - C:\TERRIBLE\system32\Drivers\04dbaddf.sys - (running) - - -

O41 - TesSafe - TesSafe NT Driver - C:\TERRIBLE\system32\TesSafe.sys - (not running) - TesSafe NT Driver - TENCENT - 14fe65e8752252acd5b177dddc4308ee



=======================================

AntiEng.dll=4.1.0.1004

[userinit.exe情况]

MD5: 7BD70EC53CB7398246C84D25BFF33AA8

文件大小: 23552

版本信息: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

是否签名: 是

未被感染



=======================================

[URL历史情况]


http://fpdownload.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_active_x.exe

http://download.rising.com.cn/zsgj/ravDiskGen.exe

http://dl.360safe.com/fixtool.exe

http://dl.360safe.com/killer_cdj.exe

http://dl.360safe.com/libspywa.dat/libspywa.dat.1.0.1.1379-1.0.1.1380.cab?t=37772443

http://dl.360safe.com/libspywa.dat/libspywa.dat.1.0.1.1380-1.0.1.1381.cab?t=37786864

http://dl.360safe.com/siterule.dat/siterule.dat.1.0.1.1184-1.0.1.1185.cab?t=37945012

http://updatem.360safe.com/safe/safeupm.cab?type=tray&m=0cdf739a9596e831d55460fd7140df78&t=79286588&ver=4.1.0.1008

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

http://dl.360safe.com/libspywa.dat/libspywa.dat.1.0.1.1382-1.0.1.1383.cab?t=37830367

http://dl.360safe.com/safeext.cab?t=37945793

http://dl.360safe.com/siterule.dat/siterule.dat.1.0.1.1181-1.0.1.1182.cab?t=37938212

http://dl.360safe.com/libspyerp.dat/libspyerp.dat.1.0.0.1141-1.0.0.1142.cab?t=37920256

http://dl.360safe.com/libleak.dat/libleak.dat.1.0.1.1075-1.0.1.1076.cab?t=37929880

http://dl.360safe.com/libspywa.dat/libspywa.dat.1.0.1.1383-1.0.1.1388.cab?t=37850846

http://updatem.360safe.com/safe/safeupm.cab?type=tray&m=0cdf739a9596e831d55460fd7140df78&t=77303176&ver=4.1.0.1008

http://dl.360safe.com/libspyerp.dat/libspyerp.dat.1.0.0.1139-1.0.0.1140.cab?t=37903342

http://update.360safe.com/safe/safeup.cab?m=0cdf739a9596e831d55460fd7140df78&t=37768848&ver=4.1.0.1008

http://dl.360safe.com/libleak2.cab?t=37952172

http://dl.360safe.com/libspyerp.dat/libspyerp.dat.1.0.0.1138-1.0.0.1139.cab?t=37894469

http://dl.360safe.com/libspyerp.dat/libspyerp.dat.1.0.0.1133-1.0.0.1138.cab?t=37884044

http://dl.360safe.com/libspyerp.dat/libspyerp.dat.1.0.0.1132-1.0.0.1133.cab?t=37875612

http://dl.360safe.com/libspyerp.dat/libspyerp.dat.1.0.0.1140-1.0.0.1141.cab?t=37911023

http://dl.360safe.com/siterule.dat/siterule.dat.1.0.1.1182-1.0.1.1183.cab?t=37939133

http://updatem.360safe.com/safe/safeupm.cab?type=tray&m=0cdf739a9596e831d55460fd7140df78&t=6056028&ver=4.1.0.1008

http://dl.360safe.com/esslibupdate.cab?t=37948236

http://dl.360safe.com/links.cab?t=6058411

http://dl.360safe.com/siterule.dat/siterule.dat.1.0.1.1180-1.0.1.1181.cab?t=37937210

http://dl.360safe.com/libspyerp.dat/libspyerp.dat.1.0.0.1131-1.0.0.1132.cab?t=37867540

http://updatem.360safe.com/safe/safeupm.cab?type=tray&m=0cdf739a9596e831d55460fd7140df78&t=37472082&ver=4.1.0.1008

http://dl.360safe.com/siterule.dat/siterule.dat.1.0.1.1183-1.0.1.1184.cab?t=37944200

http://dl.360safe.com/libspywa.dat/libspywa.dat.1.0.1.1381-1.0.1.1382.cab?t=37811610

http://dl.360safe.com/libdefa.cab?t=37931442

http://updatem.360safe.com/safe/safeupm.cab?type=tray&m=0cdf739a9596e831d55460fd7140df78&t=85898655&ver=4.1.0.1008

http://updatem.360safe.com/safe/safeupm.cab?type=tray&m=0cdf739a9596e831d55460fd7140df78&t=88542757&ver=4.1.0.1008

http://updatem.360safe.com/safe/safeupm.cab?type=tray&m=0cdf739a9596e831d55460fd7140df78&t=79947488&ver=4.1.0.1008

http://updatem.360safe.com/safe/safeupm.cab?type=tray&m=0cdf739a9596e831d55460fd7140df78&t=81930690&ver=4.1.0.1008

http://updatem.360safe.com/safe/safeupm.cab?type=tray&m=0cdf739a9596e831d55460fd7140df78&t=84577085&ver=4.1.0.1008

http://updatem.360safe.com/safe/safeupm.cab?type=tray&m=0cdf739a9596e831d55460fd7140df78&t=83254303&ver=4.1.0.1008

http://dl.360safe.com/softleak.cab?t=37953053

http://updatem.360safe.com/safe/safeupm.cab?type=tray&m=0cdf739a9596e831d55460fd7140df78&t=80608518&ver=4.1.0.1008

http://updatem.360safe.com/safe/safeupm.cab?type=tray&m=0cdf739a9596e831d55460fd7140df78&t=82591820&ver=4.1.0.1008

http://updatem.360safe.com/safe/safeupm.cab?type=tray&m=0cdf739a9596e831d55460fd7140df78&t=87220806&ver=4.1.0.1008

http://updatem.360safe.com/safe/safeupm.cab?type=tray&m=0cdf739a9596e831d55460fd7140df78&t=81269499&ver=4.1.0.1008

http://updatem.360safe.com/safe/safeupm.cab?type=tray&m=0cdf739a9596e831d55460fd7140df78&t=77967281&ver=4.1.0.1008

http://updatem.360safe.com/safe/safeupm.cab?type=tray&m=0cdf739a9596e831d55460fd7140df78&t=78626148&ver=4.1.0.1008

http://updatem.360safe.com/safe/safeupm.cab?type=tray&m=0cdf739a9596e831d55460fd7140df78&t=83916125&ver=4.1.0.1008

http://update.360safe.com/safe/safeup.cab?type=tray&m=0cdf739a9596e831d55460fd7140df78&t=87075377&ver=4.1.0.1008

http://update.360safe.com/safe/safeup.cab?m=0cdf739a9596e831d55460fd7140df78&t=79811873&ver=4.1.0.1008

http://updatem.360safe.com/safe/safeupm.cab?type=tray&m=0cdf739a9596e831d55460fd7140df78&t=86559736&ver=4.1.0.1008

http://updatem.360safe.com/safe/safeupm.cab?type=tray&m=0cdf739a9596e831d55460fd7140df78&t=87881647&ver=4.1.0.1008

http://zhidao.ikaka.com/fujian/200803310506309814.rar

http://zhidao.ikaka.com/fujian/200803310506309814.rar



=======================================


必当感激涕零！！！！！！！！！！！！！！！！！！！！！！！！！！！！！