sichost.exe,winxphelp.exe,360up.exe,RavNT.exe,Counter.exe,login.jpg.exe等1
2024-07-07 09:34:58
sichost.exe,winxphelp.exe,360up.exe,RavNT.exe,Counter.exe,login.jpg.exe等1
endurer 原创 2008-07-09 第1版
一位朋友说他的电脑开机后系统很慢,卡巴斯基、卡卡安全助手未能自启动,系统日期变为2001年,定期自动打开hxxp://s**m.bizm*d.cn/ad/ADShow.aspx?ADID=56等广告网页,可能是中标了。请偶帮忙检修。
把pe_xscan,FileInfo, bat_do,HijackThis等程序拷到U盘,来到朋友家。把网线取下来,然后开机,果然超慢,而且弹出提示框:
然后定期弹出对话框,提示脱机工作,是否连接。
运行U盘上的 pe_xscan 扫描并分析,发现如下可疑项(进程模块中相同的部分有省略,有6个隐藏的IE进程,下面的log中只留了1个):
pe_xscan 08-07-02 by Purple Endurer
2008-7-9 11:14:27
Windows XP Service Pack 2(5.1.2600)
MSIE:7.0.5730.13
管理员用户组
正常模式
C:/WINDOWS/System32/csrss.exe* 776 | 2002-10-7 4:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Client Server Runtime Process | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | CSRSS.Exe | CSRSS.Exe
C:/WINDOWS/system32/31BA777E.DLL | 2000-7-8 6:1:50| ?| ?| ?| ?| ?| ?| ?| ?| ?
C:/WINDOWS/System32/winlogon.exe* 800 | 2002-10-7 4:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Windows NT Logon Application | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | winlogon | WINLOGON.EXE
C:/WINDOWS/system32/NTNSDKWOW.dll | 2000-7-7 3:4:44 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP MSPLAY API DLL | (C) Microsoft Corporation. All rights resad. | 5.1.2600.3099 | Microsoft Corporation | Microsoft | msplay32 | msplay32
C:/WINDOWS/system32/yzztnmsn.dll | 2004-8-8 6:0:25
C:/WINDOWS/system32/nhmxejkl.dll | 2004-8-8 6:0:38
C:/WINDOWS/system32/31BA777E.DLL | 2000-7-8 6:1:50| ?| ?| ?| ?| ?| ?| ?| ?| ?
C:/WINDOWS/system32/winlib .dll
C:/WINDOWS/System32/services.exe* 852 | 2002-10-7 4:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Services and Controller app | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | services.exe | services.exe
C:/WINDOWS/system32/NTNSDKWOW.dll | 2000-7-7 3:4:44 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP MSPLAY API DLL | (C) Microsoft Corporation. All rights resad. | 5.1.2600.3099 | Microsoft Corporation | Microsoft | msplay32 | msplay32
C:/WINDOWS/system32/yzztnmsn.dll | 2004-8-8 6:0:25
C:/WINDOWS/system32/nhmxejkl.dll | 2004-8-8 6:0:38
C:/WINDOWS/system32/31BA777E.DLL | 2000-7-8 6:1:50| ?| ?| ?| ?| ?| ?| ?| ?| ?
C:/WINDOWS/System32/lsass.exe* 864 | 2002-10-7 4:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | LSA Shell (Export Version) | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | lsass.exe | lsass.exe
C:/WINDOWS/system32/NTNSDKWOW.dll | 2000-7-7 3:4:44 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP MSPLAY API DLL | (C) Microsoft Corporation. All rights resad. | 5.1.2600.3099 | Microsoft Corporation | Microsoft | msplay32 | msplay32
C:/WINDOWS/system32/31BA777E.DLL | 2000-7-8 6:1:50| ?| ?| ?| ?| ?| ?| ?| ?| ?
C:/WINDOWS/System32/svchost.exe* 1168
C:/WINDOWS/System32/NTNSDKWOW.dll | 2000-7-7 3:4:44 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP MSPLAY API DLL | (C) Microsoft Corporation. All rights resad. | 5.1.2600.3099 | Microsoft Corporation | Microsoft | msplay32 | msplay32
C:/WINDOWS/System32/yzztnmsn.dll | 2004-8-8 6:0:25
C:/WINDOWS/System32/nhmxejkl.dll | 2004-8-8 6:0:38
C:/WINDOWS/system32/31BA777E.DLL | 2000-7-8 6:1:50| ?| ?| ?| ?| ?| ?| ?| ?| ?
c:/windows/system32/bitsex.dll | 2004-8-17 12:0:0 | svchost | 5.1.2600.2180 | Microsoft SNMP Manager API (uses WinSNMP) | Copyright @ 2004 | 5.1.2600.2180 | @ Microsoft Corporation. All rights reserved. | | svchost | svchost.dll
c:/windows/system32/irmon64.dll | 2008-6-30 3:29:36 | Microsoft(R) Windows(R) Operating System | 1, 0, 0, 1 | Microsoft RIP for Internet Protocol | (C) Microsoft Corporation. All rights reserved. | 1, 0, 0, 1 | Microsoft Corporation | | 6to4.dll | 6to4.dll
c:/windows/icpb.dll | 2008-7-7 7:38:32
C:/WINDOWS/system32/mmchost.dll | 2004-3-19 0:12:2
c:/windows/iasxin.dll | 2008-7-7 7:43:6 | Microsoft(R) Windows(R) Operating System | 1, 0, 0, 2 | Microsoft RIP for Internet Protocol | (C) Microsoft Corporation. All rights reserved. | 1, 0, 0, 2 | Microsoft Corporation | | 6to4.dll | 6to4.dll
c:/windows/avtapit.dll | 2008-6-18 3:27:12 | Microsoft(R) Windows(R) Operating System | 1, 0, 0, 1 | Advanced Windows 32 Base API | (C) Microsoft Corporation. All rights reserved. | 1, 0, 0, 1 | Microsoft Corporation | | advapi32.dll | advapi32.dll
c:/windows/system32/oobe/tvkoywtebi.dll | 1982-7-8 15:28:43 | Time32 | 3.2 | Windows Times | | 3.1.2.422 | Microsoft LTD. | | 3.0.22 |
C:/WINDOWS/System32/KERNEL32.exe * 1760 | 2002-10-7 4:0:0
c:/windows/system32/NTNSDKWOW.dll | 2000-7-7 3:4:44 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP MSPLAY API DLL | (C) Microsoft Corporation. All rights resad. | 5.1.2600.3099 | Microsoft Corporation | Microsoft | msplay32 | msplay32
c:/windows/system32/yzztnmsn.dll | 2004-8-8 6:0:25
c:/windows/system32/nhmxejkl.dll | 2004-8-8 6:0:38
C:/WINDOWS/Explorer.exe* 1816 | 2002-10-7 4:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2900.3156 | Windows Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Microsoft Corporation| ? | explorer | EXPLORER.EXE
C:/WINDOWS/system32/NTNSDKWOW.dll | 2000-7-7 3:4:44 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP MSPLAY API DLL | (C) Microsoft Corporation. All rights resad. | 5.1.2600.3099 | Microsoft Corporation | Microsoft | msplay32 | msplay32
C:/WINDOWS/system32/yzztnmsn.dll | 2004-8-8 6:0:25
C:/WINDOWS/system32/nhmxejkl.dll | 2004-8-8 6:0:38
C:/WINDOWS/system32/31BA777E.DLL | 2000-7-8 6:1:50| ?| ?| ?| ?| ?| ?| ?| ?| ?
C:/WINDOWS/system32/syswindrv.dll | 2008-7-8 14:29:11| ? | 3, 3, 3, 0| ?| ? | 3, 3, 3, 0| ?| ?| ?| ?
C:/WINDOWS/system32/wwinsystem.dll | 2008-7-8 14:26:28
C:/WINDOWS/system32/shlhook.dll | 2007-7-11 16:46:47 | 瑞星卡卡上网安全助手4.0 | 4.00 | shlhook Module | Rising Corp. All rights reserved. | 4.0.0.9 | Beijing Rising Technology Co., Ltd. | | Beijing Rising Technology Co., Ltd. | shlhook.DLL
C:/WINDOWS/system32/rasdlgcq.dll | 2001-7-7 3:4:38
C:/WINDOWS/system32/cliconfgzx.dll | 2001-7-7 3:4:42
C:/WINDOWS/system32/dpvvoxmh.dll | 2001-7-7 3:4:50
C:/WINDOWS/system32/jfrwdh.dll | 2000-7-7 3:4:53
C:/WINDOWS/system32/sgdewg.dll | 2000-7-7 3:5:28
C:/WINDOWS/system32/ddserh.dll | 2000-7-7 3:5:32
C:/WINDOWS/system32/zycdex.dll | 2008-7-8 15:30:14
C:/WINDOWS/system32/hhrdxd.dll | 2000-7-7 3:5:41
C:/WINDOWS/system32/kbdswjr.dll | 2001-7-7 3:5:55
C:/WINDOWS/system32/cedafb.dll | 2000-7-7 3:5:57
C:/WINDOWS/system32/bootvidgj.dll | 2001-7-7 3:6:27
C:/WINDOWS/system32/catsrvwl.dll | 2001-7-7 3:6:30
C:/WINDOWS/system32/adsntzt.dll | 2001-7-7 3:6:32
C:/WINDOWS/system32/ksuserfy.dll | 2001-7-7 3:6:36
C:/WINDOWS/system32/imgutilhx2.dll | 2001-7-7 3:6:39
C:/WINDOWS/system32/jfdses.dll | 2000-7-7 3:6:41
C:/WINDOWS/system32/jdsaex.dll | 2000-7-7 3:6:44
C:/WINDOWS/system32/ydggsx.dll | 2000-7-7 3:6:50
C:/WINDOWS/system32/tdfhex.dll | 2000-7-7 3:6:52
C:/WINDOWS/system32/tdffdl.dll | 2000-7-7 3:6:56
C:/WINDOWS/system32/mtewdh.dll | 2000-7-8 5:57:35
C:/WINDOWS/system32/mfdesy.dll | 2000-7-8 5:57:43
C:/WINDOWS/system32/wklsdd.dll | 2000-7-8 5:57:49
C:/WINDOWS/system32/rfdswc.dll | 2000-7-8 5:58:16
C:/WINDOWS/system32/jhfrxz.dll | 2000-7-8 5:58:45
C:/WINDOWS/system32/jggtsr.dll | 2000-7-8 5:58:52
C:/WINDOWS/system32/fmcvxy.dll | 2000-7-8 5:58:58
C:/WINDOWS/system32/fsrgeb.dll | 2000-7-8 5:59:4
C:/WINDOWS/system32/pedadt.dll | 2000-7-8 5:59:9
C:/WINDOWS/system32/tdggrz.dll | 2000-7-8 5:59:15
C:/WINDOWS/system32/mndshsrv.dll | 2004-8-8 6:0:32
C:/WINDOWS/system32/mndhgdwd.dll | 2004-8-8 6:0:45
C:/WINDOWS/system32/ypcqghlp.dll | 2004-8-8 6:0:52
C:/Program Files/Internet Explorer/PLUGINS/UnixSys08.Sys | 2000-7-8 6:0:56
C:/WINDOWS/system32/dndsaf.dll | 2008-7-8 13:16:4
C:/WINDOWS/system32/ShowAD.dll | 2008-7-8 15:31:24
C:/WINDOWS/system32/GameGuard02.dll | 2008-7-8 15:33:23
C:/WINDOWS/system32/91t4q.dll
C:/WINDOWS/Downlo~1/c77b.dll | 2008-7-8 15:37:10 | Microsoft(R) Windows(R) Operating System | 5, 3, 2600, 2180 | Microsoft DirectMusic Interactive Engine | 版权所有 (C) 2007 | 5, 3, 2600, 2180 | Microsoft Corporation | | Microsoft DirectMusic Interactive Engine | miniDll.DLL
c:/windows/system32/config/sam6.log | 2008-7-8 15:29:39 | Microsoft(R) Windows(R) Operating System | 5.1.2600.0 | Microsoft DCOM Client | (C) Microsoft Corporation. All rights reserved. | 5.1.2601.1 | Microsoft Corporation | | |
C:/WINDOWS/system/zydld32080708jt.dll | 2008-7-8 14:25:42
C:/WINDOWS/system32/oobe/tvkoywtebi.dll | 1982-7-8 15:28:43 | Time32 | 3.2 | Windows Times | | 3.1.2.422 | Microsoft LTD. | | 3.0.22 |
C:/WINDOWS/system32/229a.dll | 2008-7-8 16:25:46 | DLL Module | 1, 1, 0, 2 | DLL Module | Copyright 2007 | 1, 1, 0, 2 | | | DLL | DLL
C:/WINDOWS/system32/xml42.dll | 2008-7-8 16:28:28
C:/WINDOWS/system32/mmchost.dll | 2004-3-19 0:12:2
E:/Program Files/Tencent/QQ/qdshm.dll | 2006-8-31 12:8:52 | QQDiskShellMenu Module | 1, 0, 101, 20 | QQDiskShellMenu Module | Copyright 2004 | 1, 0, 101, 20 | | | QQDiskShellMenu | QQDiskShellMenu.DLL
C:/WINDOWS/mfc42.exe * 1844 | 2002-10-7 4:0:0
C:/WINDOWS/system32/NTNSDKWOW.dll | 2000-7-7 3:4:44 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP MSPLAY API DLL | (C) Microsoft Corporation. All rights resad. | 5.1.2600.3099 | Microsoft Corporation | Microsoft | msplay32 | msplay32
C:/WINDOWS/system32/yzztnmsn.dll | 2004-8-8 6:0:25
C:/WINDOWS/system32/nhmxejkl.dll | 2004-8-8 6:0:38
C:/WINDOWS/system32/mmchost.dll | 2004-3-19 0:12:2
C:/WINDOWS/System32/360up.exe * 1932 | 2008-7-7 8:57:38 | msword | 1, 0, 0, 3 | Windows Updater | 版权所有 (C) 2008 | 1, 0, 0, 3 | Microsoft | | msword | msword.exe
C:/WINDOWS/System32/NTNSDKWOW.dll | 2000-7-7 3:4:44 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP MSPLAY API DLL | (C) Microsoft Corporation. All rights resad. | 5.1.2600.3099 | Microsoft Corporation | Microsoft | msplay32 | msplay32
C:/WINDOWS/RavNT.exe * 1984 | 2008-7-7 7:40:36 | Rising AntiVirus 2008 | 1, 0, 0, 1 | RavNT Application | 版权所有 (C) 2008 | 1, 0, 0, 1 | 瑞星 | | RavNT | RavNT.exe
C:/WINDOWS/system32/NTNSDKWOW.dll | 2000-7-7 3:4:44 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP MSPLAY API DLL | (C) Microsoft Corporation. All rights resad. | 5.1.2600.3099 | Microsoft Corporation | Microsoft | msplay32 | msplay32
C:/WINDOWS/System32/2973a.exe * 260 | 2008-7-8 4:46:37 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Windows Progman Group Converter | Copyright Zhongsou(C) 2005 | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | GrpConv| ?
C:/WINDOWS/system32/2973a.exe | 2008-7-8 4:46:37 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Windows Progman Group Converter | Copyright Zhongsou(C) 2005 | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | GrpConv| ?
C:/WINDOWS/system32/NTNSDKWOW.dll | 2000-7-7 3:4:44 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP MSPLAY API DLL | (C) Microsoft Corporation. All rights resad. | 5.1.2600.3099 | Microsoft Corporation | Microsoft | msplay32 | msplay32
C:/WINDOWS/system32/yzztnmsn.dll | 2004-8-8 6:0:25
C:/WINDOWS/system32/nhmxejkl.dll | 2004-8-8 6:0:38
C:/WINDOWS/qqshel.exe * 1224 | 2008-7-7 8:17:4 | msword | 1, 0, 0, 1 | Windows Updater | 版权所有 (C) 2008 | 1, 0, 0, 1 | Microsoft | | msword | msword.exe
C:/WINDOWS/system32/NTNSDKWOW.dll | 2000-7-7 3:4:44 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP MSPLAY API DLL | (C) Microsoft Corporation. All rights resad. | 5.1.2600.3099 | Microsoft Corporation | Microsoft | msplay32 | msplay32
C:/WINDOWS/System32/Rundll32.exe* 2232 | 2002-10-7 4:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Run a DLL as an App | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | rundll | RUNDLL.EXE
C:/WINDOWS/system32/NTNSDKWOW.dll | 2000-7-7 3:4:44 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP MSPLAY API DLL | (C) Microsoft Corporation. All rights resad. | 5.1.2600.3099 | Microsoft Corporation | Microsoft | msplay32 | msplay32
C:/WINDOWS/system32/NMGameX.dll | 2006-7-10 3:20:44 | NMGame.XEngine | 1, 0, 1, 3 | SinaLive | Copyright 2004 | 1, 0, 1, 3 | NMGameX | | NMGameX | NMGameX.dll
C:/WINDOWS/system32/imgutilhx2.dll | 2001-7-7 3:6:39
C:/WINDOWS/system32/ksuserfy.dll | 2001-7-7 3:6:36
C:/WINDOWS/system32/adsntzt.dll | 2001-7-7 3:6:32
C:/WINDOWS/system32/catsrvwl.dll | 2001-7-7 3:6:30
C:/WINDOWS/system32/bootvidgj.dll | 2001-7-7 3:6:27
C:/WINDOWS/system32/kbdswjr.dll | 2001-7-7 3:5:55
C:/WINDOWS/system32/dpvvoxmh.dll | 2001-7-7 3:4:50
C:/WINDOWS/system32/cliconfgzx.dll | 2001-7-7 3:4:42
C:/WINDOWS/system32/rasdlgcq.dll | 2001-7-7 3:4:38
C:/WINDOWS/system32/jfdses.dll | 2000-7-7 3:6:41
C:/WINDOWS/system32/rfdswc.dll | 2000-7-8 5:58:16
C:/WINDOWS/system32/jdsaex.dll | 2000-7-7 3:6:44
C:/WINDOWS/system32/jfrwdh.dll | 2000-7-7 3:4:53
C:/WINDOWS/system32/tdfhex.dll | 2000-7-7 3:6:52
C:/WINDOWS/system32/ydggsx.dll | 2000-7-7 3:6:50
C:/WINDOWS/system32/tdffdl.dll | 2000-7-7 3:6:56
C:/WINDOWS/system32/tdggrz.dll | 2000-7-8 5:59:15
C:/WINDOWS/system32/pedadt.dll | 2000-7-8 5:59:9
C:/WINDOWS/system32/fsrgeb.dll | 2000-7-8 5:59:4
C:/WINDOWS/system32/fmcvxy.dll | 2000-7-8 5:58:58
C:/WINDOWS/system32/jggtsr.dll | 2000-7-8 5:58:52
C:/WINDOWS/system32/jhfrxz.dll | 2000-7-8 5:58:45
C:/WINDOWS/system32/wklsdd.dll | 2000-7-8 5:57:49
C:/WINDOWS/system32/mfdesy.dll | 2000-7-8 5:57:43
C:/WINDOWS/system32/mtewdh.dll | 2000-7-8 5:57:35
C:/WINDOWS/system32/cedafb.dll | 2000-7-7 3:5:57
C:/WINDOWS/system32/hhrdxd.dll | 2000-7-7 3:5:41
C:/WINDOWS/system32/zycdex.dll | 2008-7-8 15:30:14
C:/WINDOWS/system32/ddserh.dll | 2000-7-7 3:5:32
C:/WINDOWS/system32/sgdewg.dll | 2000-7-7 3:5:28
C:/WINDOWS/System32/login.jpg.exe * 2288 | 2008-7-8 14:24:44 | svchost | 5.01.2180 | Generic Host Process for Win32 Services | Microsoft Corporation | 5.01.2180 | Microsoft Corporation | Microsoft Corporation | svchost | svchost.exe
C:/WINDOWS/system32/NTNSDKWOW.dll | 2000-7-7 3:4:44 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP MSPLAY API DLL | (C) Microsoft Corporation. All rights resad. | 5.1.2600.3099 | Microsoft Corporation | Microsoft | msplay32 | msplay32
C:/WINDOWS/system32/imgutilhx2.dll | 2001-7-7 3:6:39
C:/WINDOWS/system32/ksuserfy.dll | 2001-7-7 3:6:36
C:/WINDOWS/system32/adsntzt.dll | 2001-7-7 3:6:32
C:/WINDOWS/system32/catsrvwl.dll | 2001-7-7 3:6:30
C:/WINDOWS/system32/bootvidgj.dll | 2001-7-7 3:6:27
C:/WINDOWS/system32/kbdswjr.dll | 2001-7-7 3:5:55
C:/WINDOWS/system32/dpvvoxmh.dll | 2001-7-7 3:4:50
C:/WINDOWS/system32/cliconfgzx.dll | 2001-7-7 3:4:42
C:/WINDOWS/system32/rasdlgcq.dll | 2001-7-7 3:4:38
C:/WINDOWS/system32/tdfhex.dll | 2000-7-7 3:6:52
C:/WINDOWS/system32/ydggsx.dll | 2000-7-7 3:6:50
C:/WINDOWS/system32/jdsaex.dll | 2000-7-7 3:6:44
C:/WINDOWS/system32/jfdses.dll | 2000-7-7 3:6:41
C:/WINDOWS/system32/cedafb.dll | 2000-7-7 3:5:57
C:/WINDOWS/system32/hhrdxd.dll | 2000-7-7 3:5:41
C:/WINDOWS/system32/zycdex.dll | 2008-7-8 15:30:14
C:/WINDOWS/system32/tdggrz.dll | 2000-7-8 5:59:15
C:/WINDOWS/system32/pedadt.dll | 2000-7-8 5:59:9
C:/WINDOWS/system32/tdffdl.dll | 2000-7-7 3:6:56
C:/WINDOWS/system32/mtewdh.dll | 2000-7-8 5:57:35
C:/WINDOWS/system32/mfdesy.dll | 2000-7-8 5:57:43
C:/WINDOWS/system32/wklsdd.dll | 2000-7-8 5:57:49
C:/WINDOWS/system32/rfdswc.dll | 2000-7-8 5:58:16
C:/WINDOWS/system32/jfrwdh.dll | 2000-7-7 3:4:53
C:/WINDOWS/system32/jhfrxz.dll | 2000-7-8 5:58:45
C:/WINDOWS/system32/sgdewg.dll | 2000-7-7 3:5:28
C:/WINDOWS/system32/jggtsr.dll | 2000-7-8 5:58:52
C:/WINDOWS/system32/fmcvxy.dll | 2000-7-8 5:58:58
C:/WINDOWS/system32/ddserh.dll | 2000-7-7 3:5:32
C:/WINDOWS/system32/fsrgeb.dll | 2000-7-8 5:59:4
C:/Program Files/Counter/Counter.exe * 2336 | 2008-6-19 7:37:20
C:/WINDOWS/system32/NTNSDKWOW.dll | 2000-7-7 3:4:44 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP MSPLAY API DLL | (C) Microsoft Corporation. All rights resad. | 5.1.2600.3099 | Microsoft Corporation | Microsoft | msplay32 | msplay32
C:/WINDOWS/system32/yzztnmsn.dll | 2004-8-8 6:0:25
C:/WINDOWS/system32/nhmxejkl.dll | 2004-8-8 6:0:38
C:/Program Files/Counter/htmlpeek.dll | 2008-6-19 6:48:44
C:/WINDOWS/system32/imgutilhx2.dll | 2001-7-7 3:6:39
C:/WINDOWS/system32/ksuserfy.dll | 2001-7-7 3:6:36
C:/WINDOWS/system32/adsntzt.dll | 2001-7-7 3:6:32
C:/WINDOWS/system32/catsrvwl.dll | 2001-7-7 3:6:30
C:/WINDOWS/system32/bootvidgj.dll | 2001-7-7 3:6:27
C:/WINDOWS/system32/kbdswjr.dll | 2001-7-7 3:5:55
C:/WINDOWS/system32/dpvvoxmh.dll | 2001-7-7 3:4:50
C:/WINDOWS/system32/cliconfgzx.dll | 2001-7-7 3:4:42
C:/WINDOWS/system32/rasdlgcq.dll | 2001-7-7 3:4:38
C:/WINDOWS/system32/tdfhex.dll | 2000-7-7 3:6:52
C:/WINDOWS/system32/ydggsx.dll | 2000-7-7 3:6:50
C:/WINDOWS/system32/jdsaex.dll | 2000-7-7 3:6:44
C:/WINDOWS/system32/jfdses.dll | 2000-7-7 3:6:41
C:/WINDOWS/system32/cedafb.dll | 2000-7-7 3:5:57
C:/WINDOWS/system32/hhrdxd.dll | 2000-7-7 3:5:41
C:/WINDOWS/system32/zycdex.dll | 2008-7-8 15:30:14
C:/WINDOWS/system32/tdggrz.dll | 2000-7-8 5:59:15
C:/WINDOWS/system32/pedadt.dll | 2000-7-8 5:59:9
C:/WINDOWS/system32/tdffdl.dll | 2000-7-7 3:6:56
C:/WINDOWS/system32/mtewdh.dll | 2000-7-8 5:57:35
C:/WINDOWS/system32/mfdesy.dll | 2000-7-8 5:57:43
C:/WINDOWS/system32/fsrgeb.dll | 2000-7-8 5:59:4
C:/WINDOWS/system32/fmcvxy.dll | 2000-7-8 5:58:58
C:/WINDOWS/system32/jggtsr.dll | 2000-7-8 5:58:52
C:/WINDOWS/system32/jhfrxz.dll | 2000-7-8 5:58:45
C:/WINDOWS/system32/rfdswc.dll | 2000-7-8 5:58:16
C:/WINDOWS/system32/wklsdd.dll | 2000-7-8 5:57:49
C:/WINDOWS/system32/ddserh.dll | 2000-7-7 3:5:32
C:/WINDOWS/system32/sgdewg.dll | 2000-7-7 3:5:28
C:/WINDOWS/system32/jfrwdh.dll | 2000-7-7 3:4:53
C:/WINDOWS/system32/Com/1.1.6/WndHook.dll | 2008-7-8 15:31:21
C:/WINDOWS/System32/usmsvc.exe * 2476 | 2008-6-30 4:18:50 | usmsvc 应用程序 | 1, 0, 0, 7 | usmsvc Microsoft 基础类应用程序 | 版权所有 (C) 2008 | 1, 0, 0, 7 | | | usmsvc | usmsvc.EXE
C:/WINDOWS/system32/TElem32.dll | 2008-6-30 4:18:8 | TElem32 Dynamic Link Library | 1, 0, 0, 7 | TElem32 DLL | 版权所有 (C) 2008 | 1, 0, 0, 7 | | | TElem32 | TElem32.DLL
C:/WINDOWS/system32/NTNSDKWOW.dll | 2000-7-7 3:4:44 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP MSPLAY API DLL | (C) Microsoft Corporation. All rights resad. | 5.1.2600.3099 | Microsoft Corporation | Microsoft | msplay32 | msplay32
C:/WINDOWS/system32/yzztnmsn.dll | 2004-8-8 6:0:25
C:/WINDOWS/system32/nhmxejkl.dll | 2004-8-8 6:0:38
C:/WINDOWS/system32/imgutilhx2.dll | 2001-7-7 3:6:39
C:/WINDOWS/system32/ksuserfy.dll | 2001-7-7 3:6:36
C:/WINDOWS/system32/adsntzt.dll | 2001-7-7 3:6:32
C:/WINDOWS/system32/catsrvwl.dll | 2001-7-7 3:6:30
C:/WINDOWS/system32/bootvidgj.dll | 2001-7-7 3:6:27
C:/WINDOWS/system32/kbdswjr.dll | 2001-7-7 3:5:55
C:/WINDOWS/system32/dpvvoxmh.dll | 2001-7-7 3:4:50
C:/WINDOWS/system32/cliconfgzx.dll | 2001-7-7 3:4:42
C:/WINDOWS/system32/rasdlgcq.dll | 2001-7-7 3:4:38
C:/WINDOWS/system32/jhfrxz.dll | 2000-7-8 5:58:45
C:/WINDOWS/system32/mtewdh.dll | 2000-7-8 5:57:35
C:/WINDOWS/system32/jggtsr.dll | 2000-7-8 5:58:52
C:/WINDOWS/system32/wklsdd.dll | 2000-7-8 5:57:49
C:/WINDOWS/system32/sgdewg.dll | 2000-7-7 3:5:28
C:/WINDOWS/system32/tdfhex.dll | 2000-7-7 3:6:52
C:/WINDOWS/system32/zycdex.dll | 2008-7-8 15:30:14
C:/WINDOWS/system32/tdggrz.dll | 2000-7-8 5:59:15
C:/WINDOWS/system32/fmcvxy.dll | 2000-7-8 5:58:58
C:/WINDOWS/system32/ddserh.dll | 2000-7-7 3:5:32
C:/WINDOWS/system32/fsrgeb.dll | 2000-7-8 5:59:4
C:/WINDOWS/system32/mfdesy.dll | 2000-7-8 5:57:43
C:/WINDOWS/system32/jdsaex.dll | 2000-7-7 3:6:44
C:/WINDOWS/system32/jfrwdh.dll | 2000-7-7 3:4:53
C:/WINDOWS/system32/jfdses.dll | 2000-7-7 3:6:41
C:/WINDOWS/system32/rfdswc.dll | 2000-7-8 5:58:16
C:/WINDOWS/system32/ydggsx.dll | 2000-7-7 3:6:50
C:/WINDOWS/system32/tdffdl.dll | 2000-7-7 3:6:56
C:/WINDOWS/system32/cedafb.dll | 2000-7-7 3:5:57
C:/WINDOWS/system32/hhrdxd.dll | 2000-7-7 3:5:41
C:/WINDOWS/system32/pedadt.dll | 2000-7-8 5:59:9
C:/WINDOWS/System32/ctfmon.exe* 2560 | 2002-10-7 4:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | CTF Loader | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | CTFMON | CTFMON.EXE
C:/WINDOWS/system32/NTNSDKWOW.dll | 2000-7-7 3:4:44 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP MSPLAY API DLL | (C) Microsoft Corporation. All rights resad. | 5.1.2600.3099 | Microsoft Corporation | Microsoft | msplay32 | msplay32
C:/WINDOWS/system32/yzztnmsn.dll | 2004-8-8 6:0:25
C:/WINDOWS/system32/nhmxejkl.dll | 2004-8-8 6:0:38
C:/WINDOWS/system32/imgutilhx2.dll | 2001-7-7 3:6:39
C:/WINDOWS/system32/ksuserfy.dll | 2001-7-7 3:6:36
C:/WINDOWS/system32/adsntzt.dll | 2001-7-7 3:6:32
C:/WINDOWS/system32/catsrvwl.dll | 2001-7-7 3:6:30
C:/WINDOWS/system32/bootvidgj.dll | 2001-7-7 3:6:27
C:/WINDOWS/system32/kbdswjr.dll | 2001-7-7 3:5:55
C:/WINDOWS/system32/dpvvoxmh.dll | 2001-7-7 3:4:50
C:/WINDOWS/system32/cliconfgzx.dll | 2001-7-7 3:4:42
C:/WINDOWS/system32/rasdlgcq.dll | 2001-7-7 3:4:38
C:/WINDOWS/system32/cedafb.dll | 2000-7-7 3:5:57
C:/WINDOWS/system32/pedadt.dll | 2000-7-8 5:59:9
C:/WINDOWS/system32/hhrdxd.dll | 2000-7-7 3:5:41
C:/WINDOWS/system32/zycdex.dll | 2008-7-8 15:30:14
C:/WINDOWS/system32/tdggrz.dll | 2000-7-8 5:59:15
C:/WINDOWS/system32/tdffdl.dll | 2000-7-7 3:6:56
C:/WINDOWS/system32/mtewdh.dll | 2000-7-8 5:57:35
C:/WINDOWS/system32/mfdesy.dll | 2000-7-8 5:57:43
C:/WINDOWS/system32/wklsdd.dll | 2000-7-8 5:57:49
C:/WINDOWS/system32/rfdswc.dll | 2000-7-8 5:58:16
C:/WINDOWS/system32/jfrwdh.dll | 2000-7-7 3:4:53
C:/WINDOWS/system32/jhfrxz.dll | 2000-7-8 5:58:45
C:/WINDOWS/system32/sgdewg.dll | 2000-7-7 3:5:28
C:/WINDOWS/system32/jggtsr.dll | 2000-7-8 5:58:52
C:/WINDOWS/system32/fmcvxy.dll | 2000-7-8 5:58:58
C:/WINDOWS/system32/ddserh.dll | 2000-7-7 3:5:32
C:/WINDOWS/system32/fsrgeb.dll | 2000-7-8 5:59:4
C:/WINDOWS/system32/tdfhex.dll | 2000-7-7 3:6:52
C:/WINDOWS/system32/ydggsx.dll | 2000-7-7 3:6:50
C:/WINDOWS/system32/jdsaex.dll | 2000-7-7 3:6:44
C:/WINDOWS/system32/jfdses.dll | 2000-7-7 3:6:41
C:/WINDOWS/System32/conime.exe* 2696 | 2002-10-7 4:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Console IME | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | Console | CONIME.EXE
C:/WINDOWS/system32/NTNSDKWOW.dll | 2000-7-7 3:4:44 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP MSPLAY API DLL | (C) Microsoft Corporation. All rights resad. | 5.1.2600.3099 | Microsoft Corporation | Microsoft | msplay32 | msplay32
C:/WINDOWS/system32/imgutilhx2.dll | 2001-7-7 3:6:39
C:/WINDOWS/system32/ksuserfy.dll | 2001-7-7 3:6:36
C:/WINDOWS/system32/adsntzt.dll | 2001-7-7 3:6:32
C:/WINDOWS/system32/catsrvwl.dll | 2001-7-7 3:6:30
C:/WINDOWS/system32/bootvidgj.dll | 2001-7-7 3:6:27
C:/WINDOWS/system32/kbdswjr.dll | 2001-7-7 3:5:55
C:/WINDOWS/system32/dpvvoxmh.dll | 2001-7-7 3:4:50
C:/WINDOWS/system32/cliconfgzx.dll | 2001-7-7 3:4:42
C:/WINDOWS/system32/rasdlgcq.dll | 2001-7-7 3:4:38
C:/WINDOWS/system32/tdffdl.dll | 2000-7-7 3:6:56
C:/WINDOWS/system32/cedafb.dll | 2000-7-7 3:5:57
C:/WINDOWS/system32/pedadt.dll | 2000-7-8 5:59:9
C:/WINDOWS/system32/hhrdxd.dll | 2000-7-7 3:5:41
C:/WINDOWS/system32/zycdex.dll | 2008-7-8 15:30:14
C:/WINDOWS/system32/tdggrz.dll | 2000-7-8 5:59:15
C:/WINDOWS/system32/mtewdh.dll | 2000-7-8 5:57:35
C:/WINDOWS/system32/mfdesy.dll | 2000-7-8 5:57:43
C:/WINDOWS/system32/wklsdd.dll | 2000-7-8 5:57:49
C:/WINDOWS/system32/rfdswc.dll | 2000-7-8 5:58:16
C:/WINDOWS/system32/jfrwdh.dll | 2000-7-7 3:4:53
C:/WINDOWS/system32/jhfrxz.dll | 2000-7-8 5:58:45
C:/WINDOWS/system32/sgdewg.dll | 2000-7-7 3:5:28
C:/WINDOWS/system32/jggtsr.dll | 2000-7-8 5:58:52
C:/WINDOWS/system32/fmcvxy.dll | 2000-7-8 5:58:58
C:/WINDOWS/system32/ddserh.dll | 2000-7-7 3:5:32
C:/WINDOWS/system32/fsrgeb.dll | 2000-7-8 5:59:4
C:/WINDOWS/system32/tdfhex.dll | 2000-7-7 3:6:52
C:/WINDOWS/system32/ydggsx.dll | 2000-7-7 3:6:50
C:/WINDOWS/system32/jdsaex.dll | 2000-7-7 3:6:44
C:/WINDOWS/system32/jfdses.dll | 2000-7-7 3:6:41
C:/Program Files/Internet Explorer/iexplore.exe * 2088 | 2004-5-19 7:39:58 | Windows? Internet Explorer | 7.00.6000.16674 | Internet Explorer | ? Microsoft Corporation. All rights reserved. | 7.00.6000.16674 (vista_gdr.080415-1732) | Microsoft Corporation| ? | iexplore | IEXPLORE.EXE
C:/WINDOWS/system32/NTNSDKWOW.dll | 2000-7-7 3:4:44 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP MSPLAY API DLL | (C) Microsoft Corporation. All rights resad. | 5.1.2600.3099 | Microsoft Corporation | Microsoft | msplay32 | msplay32
C:/WINDOWS/system32/yzztnmsn.dll | 2004-8-8 6:0:25
C:/WINDOWS/system32/nhmxejkl.dll | 2004-8-8 6:0:38
C:/WINDOWS/system32/imgutilhx2.dll | 2001-7-7 3:6:39
C:/WINDOWS/system32/ksuserfy.dll | 2001-7-7 3:6:36
C:/WINDOWS/system32/adsntzt.dll | 2001-7-7 3:6:32
C:/WINDOWS/system32/catsrvwl.dll | 2001-7-7 3:6:30
C:/WINDOWS/system32/bootvidgj.dll | 2001-7-7 3:6:27
C:/WINDOWS/system32/kbdswjr.dll | 2001-7-7 3:5:55
C:/WINDOWS/system32/dpvvoxmh.dll | 2001-7-7 3:4:50
C:/WINDOWS/system32/cliconfgzx.dll | 2001-7-7 3:4:42
C:/WINDOWS/system32/rasdlgcq.dll | 2001-7-7 3:4:38
C:/WINDOWS/system32/wklsdd.dll | 2000-7-8 5:57:49
C:/WINDOWS/system32/sgdewg.dll | 2000-7-7 3:5:28
C:/WINDOWS/system32/tdfhex.dll | 2000-7-7 3:6:52
C:/WINDOWS/system32/zycdex.dll | 2008-7-8 15:30:14
C:/WINDOWS/system32/tdggrz.dll | 2000-7-8 5:59:15
C:/WINDOWS/system32/fmcvxy.dll | 2000-7-8 5:58:58
C:/WINDOWS/system32/ddserh.dll | 2000-7-7 3:5:32
C:/WINDOWS/system32/fsrgeb.dll | 2000-7-8 5:59:4
C:/WINDOWS/system32/jhfrxz.dll | 2000-7-8 5:58:45
C:/WINDOWS/system32/mfdesy.dll | 2000-7-8 5:57:43
C:/WINDOWS/system32/jdsaex.dll | 2000-7-7 3:6:44
C:/WINDOWS/system32/jfrwdh.dll | 2000-7-7 3:4:53
C:/WINDOWS/system32/jfdses.dll | 2000-7-7 3:6:41
C:/WINDOWS/system32/rfdswc.dll | 2000-7-8 5:58:16
C:/WINDOWS/system32/ydggsx.dll | 2000-7-7 3:6:50
C:/WINDOWS/system32/tdffdl.dll | 2000-7-7 3:6:56
C:/WINDOWS/system32/mtewdh.dll | 2000-7-8 5:57:35
C:/WINDOWS/system32/cedafb.dll | 2000-7-7 3:5:57
C:/WINDOWS/system32/hhrdxd.dll | 2000-7-7 3:5:41
C:/WINDOWS/system32/pedadt.dll | 2000-7-8 5:59:9
C:/WINDOWS/system32/jggtsr.dll | 2000-7-8 5:58:52
C:/WINDOWS/system32/oobe/tvkoywtebi.dll | 1982-7-8 15:28:43 | Time32 | 3.2 | Windows Times | | 3.1.2.422 | Microsoft LTD. | | 3.0.22 |
C:/Program Files/Common Files/CPUSH/cpush0.dll | 2008-7-8 14:25:18| ? | 1.0.9.4| ?| ? | 1.0.9.4| ?| ? | cpush.dll | cpush.dll
C:/WINDOWS/system32/229a.dll | 2008-7-8 16:25:46 | DLL Module | 1, 1, 0, 2 | DLL Module | Copyright 2007 | 1, 1, 0, 2 | | | DLL | DLL
C:/WINDOWS/system/zydld32080708.dll | 2008-7-9 2:49:39
C:/Documents and Settings/All Users/Application Data/Microsoft/PCTools/pctools.dll | 2008-6-16 11:29:20 | ati Module | 1, 0, 0, 0 | ati Module | Copyright 2007 | 1, 0, 0, 0 | 明勋科技有限公司 | | ati | ati.DLL
C:/WINDOWS/System32/usmsho.dll | 2008-6-30 4:18:42 | usmsho Module | 1, 0, 0, 7 | usmsho Module | Copyright 2008 | 1, 0, 0, 7 | | | usmsho | usmsho.DLL
C:/WINDOWS/System32/TElem32.dll | 2008-6-30 4:18:8 | TElem32 Dynamic Link Library | 1, 0, 0, 7 | TElem32 DLL | 版权所有 (C) 2008 | 1, 0, 0, 7 | | | TElem32 | TElem32.DLL
C:/Program Files/Internet Explorer/PLUGINS/UnixSys08.Sys | 2000-7-8 6:0:56
C:/Documents and Settings/All Users/Application Data/Microsoft/OFFICE/USERDATA/webbrowser_2145.dll | 2008-7-8 14:27:21 | | 3, 4, 6, 0 | | Copyright 2008 | 3, 4, 6, 0 | | | |
C:/WINDOWS/system32/xml42.dll | 2008-7-8 16:28:28
C:/WINDOWS/ThunderAtone.dll | 2008-7-8 15:30:40 | Thunder Download AtOnce | 1.1.1.5 | 迅雷浏览器高级特性支持模块 | Copyright 2005-2007 | 1.3.7.2 | Thunder Networking Technologies,LTD | | | abcr.dll
C:/WINDOWS/System32/cmd.exe* 3992 | 2002-10-7 4:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Windows Command Processor | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | cmd | Cmd.Exe
C:/WINDOWS/system32/NTNSDKWOW.dll | 2000-7-7 3:4:44 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Windows XP MSPLAY API DLL | (C) Microsoft Corporation. All rights resad. | 5.1.2600.3099 | Microsoft Corporation | Microsoft | msplay32 | msplay32
F2 - REG: system.ini: UserInit = <C:/WINDOWS/system32/userinit.exe,C:/WINDOWS/system32/sichost.exe>
F2 - Shell = <EXPLORER.EXE winxphelp.exe>
O2 - BHO CAdLogic Object - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} = C:/Program Files/Common Files/CPUSH/cpush0.dll | 2008-7-8 14:25:18| ? | 1.0.9.4| ?| ? | 1.0.9.4| ?| ? | cpush.dll | cpush.dll
O2 - BHO Invoke Class - {16ECEEE2-939F-4619-8419-B3D21C0B094C} = C:/WINDOWS/system32/229a.dll | 2008-7-8 16:25:46 | DLL Module | 1, 1, 0, 2 | DLL Module | Copyright 2007 | 1, 1, 0, 2 | | | DLL | DLL
O2 - BHO Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} = C:/Documents and Settings/All Users/Application Data/Microsoft/PCTools/pctools.dll | 2008-6-16 11:29:20 | ati Module | 1, 0, 0, 0 | ati Module | Copyright 2007 | 1, 0, 0, 0 | 明勋科技有限公司 | | ati | ati.DLL
O2 - BHO CMsgCenter Class - {6014EABC-B61A-4F07-A32B-440EAE835DF9} = C:/WINDOWS/System32/usmsho.dll | 2008-6-30 4:18:42 | usmsho Module | 1, 0, 0, 7 | usmsho Module | Copyright 2008 | 1, 0, 0, 7 | | | usmsho | usmsho.DLL
O2 - BHO - {74381DEC-D78B-43E4-BA5D-5244F669EBE4} = C:/Program Files/Internet Explorer/PLUGINS/UnixSys08.Sys | 2000-7-8 6:0:56
O2 - BHO WebHelper Class - {986488AF-13D5-9DDF-4FEF-9FB88698CFC1} = C:/Documents and Settings/All Users/Application Data/Microsoft/OFFICE/USERDATA/webbrowser_2145.dll | 2008-7-8 14:27:21 | | 3, 4, 6, 0 | | Copyright 2008 | 3, 4, 6, 0 | | | |
O2 - BHO Thunder下载辅助 - {EB2ECF2E-81B1-4D2C-9553-3DF0CCB52A09} = C:/WINDOWS/ThunderAtone.dll | 2008-7-8 15:30:40 | Thunder Download AtOnce | 1.1.1.5 | 迅雷浏览器高级特性支持模块 | Copyright 2005-2007 | 1.3.7.2 | Thunder Networking Technologies,LTD | | | abcr.dll
O2 - BHO - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} = C:/WINDOWS/system32/xml42.dll | 2008-7-8 16:28:28
O4 - HKLM/../Run: [NMGameX_AutoRun] C:/WINDOWS/system32/Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - HKLM/../Run: [login.jpg.exe] C:/WINDOWS/system32/login.jpg.exe
O4 - HKLM/../Run: [Funshion] C:/Program Files/Funshion Online/Funshion/Funshion.exe /tray
O4 - HKLM/../Run: [Counter] C:/Program Files/Counter/Counter.exe"
O4 - HKLM/../Run: [usmsvc] C:/WINDOWS/system32/usmsvc.exe
O4 - HKLM/../Run: [360] C:/WINDOWS/360safe.exe
O4 - HKLM/../Run: [RavMonS] C:/WINDOWS/soni.exe
O4 - HKLM/../Policies/Explorer/Run: [lljyn_df] C:/WINDOWS/system/lljyn080704.exe
O4 - HKLM/../Policies/Explorer/Run: [zy_df] C:/WINDOWS/system/zydle080708.exe
O4 - HKLM/../Policies/Explorer/Run: [c77b] rundll32 C:/WINDOWS/Downlo~1/c77b.dll" ,Run
CmdProcAuto = C:/WINDOWS/system32/sichost.exe
C:/autorun.inf
/-----
[AutoRun]
open=MSDOS.bat
shell/open=打开(&O)
shell/open/Command=MSDOS.bat
shell/open/Default=1
shell/explore=资源管理器(&X)
shell/explore/Command=MSDOS.bat
-----/
D:/autorun.inf
/-----
[AutoRun]
open=MSDOS.bat
shell/open=打开(&O)
shell/open/Command=MSDOS.bat
shell/open/Default=1
shell/explore=资源管理器(&X)
shell/explore/Command=MSDOS.bat
-----/
c77ac.job
c77sc.job
c77dc.job
c77b.job
O9 - IE工具栏扩展按钮HKLM:知识库 - {06926B30-424E-4f1c-8EE3-543CD96573DC} - hxxp://blank.la/?h
O9 - IE工具菜单扩展项HKLM: - {06926B30-424E-4f1c-8EE3-543CD96573DC} - hxxp://blank.la/?h
O10 - LSP: MSAFD IGMP = C:/WINDOWS/system32/mmchost.dll | 2004-3-19 0:12:2
O10 - LSP: MSAFD IGMP = C:/WINDOWS/system32/mmchost.dll | 2004-3-19 0:12:2
O20 - AppInit_DLLs = ieprot.dll,NTNSDKWOW.dll,toolbo.dll,wolko.dll,he1low.dll,gwofw.dll,momusi.dll,jsedf.dll,pocolieov.dll,wowolse.dll,zmsory.dll,wepome.dll,jcoolde.dll,ziflok.dll,qananp.dll,yzztnmsn.dll,nhmxejkl.dll,znsomy.dll,pcoseve.dll
O21 - SSODL - rasdlgcq.dll(2) - {00230023-0023-0023-0023-00230023BB15} = C:/WINDOWS/system32/rasdlgcq.dll | 2001-7-7 3:4:38
O21 - SSODL - cliconfgzx.dll(0) - {00050005-0005-0005-0005-00050005BB15} = C:/WINDOWS/system32/cliconfgzx.dll | 2001-7-7 3:4:42
O21 - SSODL - dpvvoxmh.dll(0) - {00070007-0007-0007-0007-00070007BB15} = C:/WINDOWS/system32/dpvvoxmh.dll | 2001-7-7 3:4:50
O21 - SSODL - kbdswjr.dll(1) - {00120012-0012-0012-0012-00120012BB15} = C:/WINDOWS/system32/kbdswjr.dll | 2001-7-7 3:5:55
O21 - SSODL - bootvidgj.dll(0) - {00030003-0003-0003-0003-00030003BB15} = C:/WINDOWS/system32/bootvidgj.dll | 2001-7-7 3:6:27
O21 - SSODL - catsrvwl.dll(0) - {00040004-0004-0004-0004-00040004BB15} = C:/WINDOWS/system32/catsrvwl.dll | 2001-7-7 3:6:30
O21 - SSODL - adsntzt.dll(0) - {00010001-0001-0001-0001-00010001BB15} = C:/WINDOWS/system32/adsntzt.dll | 2001-7-7 3:6:32
O21 - SSODL - ksuserfy.dll(1) - {00130013-0013-0013-0013-00130013BB15} = C:/WINDOWS/system32/ksuserfy.dll | 2001-7-7 3:6:36
O21 - SSODL - imgutilhx2.dll(0) - {00300030-0030-0030-0030-00300030BB15} = C:/WINDOWS/system32/imgutilhx2.dll | 2001-7-7 3:6:39
O23 - 服务: A30177B2 (A30177B2) - C:/WINDOWS/system32/7D4BDEF4.EXE -d | 2000-7-8 6:1:23| ?| ?| ?| ?| ?| ?| ?| ?| ?(自动)
O23 - 服务: acpidisk (acpidisk) - C:/WINDOWS/system32/drivers/acpidisk.sys | 2008-7-8 15:39:3(自动)
O23 - 服务: Apcdli () - C:/Program Files/Microsoft Office/SYSTEM/apcdli.sys (自动)
O23 - 服务: BITS (Background Intelligent Transfer Service) - C:/WINDOWS/System32/svchost.exe -> C:/WINDOWS/system32/BITSEx.dll | 2004-8-17 12:0:0 | svchost | 5.1.2600.2180 | Microsoft SNMP Manager API (uses WinSNMP) | Copyright @ 2004 | 5.1.2600.2180 | @ Microsoft Corporation. All rights reserved. | | svchost | svchost.dll(将启)
O23 - 服务: IIS Manager (IIS Manager ) - C:/DOCUME~1/rd/LOCALS~1/Temp/1.tmp (手动)
O23 - 服务: Irmon (Irmon) - C:/WINDOWS/System32/svchost.exe -> C:/WINDOWS/system32/irmon64.dll | 2008-6-30 3:29:36 | Microsoft(R) Windows(R) Operating System | 1, 0, 0, 1 | Microsoft RIP for Internet Protocol | (C) Microsoft Corporation. All rights reserved. | 1, 0, 0, 1 | Microsoft Corporation | | 6to4.dll | 6to4.dll(将启)
O23 - 服务: IPRIP () - C:/WINDOWS/System32/svchost.exe -k netsvcs -> C:/WINDOWS/icpb.dll | 2008-7-7 7:38:32(自动)
O23 - 服务: jzzethq (jzzethq) - system32/drivers/jzzethq.sys | 2002-10-7 4:0:0(引导)
O23 - 服务: kernel32 (kernel32) - c:/windows/system32/KERNEL32.exe | 2002-10-7 4:0:0(自动)
O23 - 服务: mfc42 (mfc42) - c:/windows/mfc42.exe | 2002-10-7 4:0:0(自动)
O23 - 服务: mrs5gz7 (mrs5gz7) - System32/DRIVERS/mrs5gz7.sys | | 1, 0, 0, 1 | File System Driver | (C) Microsoft Corporation. All rights reserved. | 1, 0, 0, 1 | | | | (引导)
O23 - 服务: Nessery (Nessery) - C:/WINDOWS/system32/Nessery.sys | 2004-11-15 12:21:11(手动)
O23 - 服务: Network Services (网络服务) - C:/WINDOWS/MayaBaby/MayaBabyMain.exe | 2008-7-8 15:32:0(自动)
O23 - 服务: ntptdb (ntptdb) - C:/Documents and Settings/All Users/Application Data/Microsoft/Office/SYSTEM/ntptdb.sys | 2008-7-3 8:57:12(自动)
O23 - 服务: Nwsapagent () - C:/WINDOWS/System32/svchost.exe -k netsvcs -> C:/WINDOWS/iasxin.dll | 2008-7-7 7:43:6 | Microsoft(R) Windows(R) Operating System | 1, 0, 0, 2 | Microsoft RIP for Internet Protocol | (C) Microsoft Corporation. All rights reserved. | 1, 0, 0, 2 | Microsoft Corporation | | 6to4.dll | 6to4.dll(自动)
O23 - 服务: ProtectedStorager5 (Protected Storage Manager) - C:/WINDOWS/System32/svchost.exe -k netsvcs -> c:/windows/system32/config/sam6.log | 2008-7-8 15:29:39 | Microsoft(R) Windows(R) Operating System | 5.1.2600.0 | Microsoft DCOM Client | (C) Microsoft Corporation. All rights reserved. | 5.1.2601.1 | Microsoft Corporation | | | (自动)
O23 - 服务: pvuv (Windows pvuv RunThem) - C:/WINDOWS/System32/svchost.exe -k netsvcs -> C:/PROGRA~1/kqpq/uaza.dll | 2008-7-8 15:31:29 | AdDm | 5, 0, 1, 0 | AdDm | Copyright ? 2006 | 5, 0, 1, 0 | | | AdDm | AdDm.exe(自动)
O23 - 服务: RESSDT (RESSDT) - C:/WINDOWS/system32/ssdtti.sys (手动)
O23 - 服务: ROCKEYNT (ROCKEYNT) - C:/WINDOWS/system32/drivers/Rockeynt.sys | 2005-1-11 14:18:46 | ROCKEY Device Driver | 4.00 | Rockey Device Driver | (C)Copyright FTCX,All Right Reserved! 1999-2000 | 4.00 | FeiTian Tech Co.,Ltd| ? | Rockeynt.sys | Rockeynt.sys(自动)
O23 - 服务: Tcpip (TCP/IP Protocol Driver) - System32/DRIVERS/tcpip.sys | 2002-10-7 4:0:0 | Microsoft? Windows? Operating System | 5.1.2600.3244 | TCP/IP Protocol Driver | ? Microsoft Corporation. All rights reserved. | 5.1.2600.3244 (xpsp_sp2_gdr.071030-1259) | Microsoft Corporation| ? | tcpip.sys | tcpip.sys(系统)
O23 - 服务: U3sHlpDr (U3sHlpDr) - C:/WINDOWS/System32/Drivers/U3sHlpDr.sys | 2004-11-8 12:18:22(自动)
O23 - 服务: ULSStorage (ULSStorage) - C:/WINDOWS/system32/2973a.exe | 2008-7-8 4:46:37 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Windows Progman Group Converter | Copyright Zhongsou(C) 2005 | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | GrpConv| ?(自动)
O23 - 服务: W32Time (Windows Time) - C:/WINDOWS/System32/svchost.exe -k netsvcs -> C:/WINDOWS/system32/oobe/tvkoywtebi.dll | 1982-7-8 15:28:43 | Time32 | 3.2 | Windows Times | | 3.1.2.422 | Microsoft LTD. | | 3.0.22 | (自动)
O23 - 服务: WbWin () - C:/WINDOWS/System32/svchost.exe -k netsvcs -> C:/WINDOWS/avtapit.dll | 2008-6-18 3:27:12 | Microsoft(R) Windows(R) Operating System | 1, 0, 0, 1 | Advanced Windows 32 Base API | (C) Microsoft Corporation. All rights reserved. | 1, 0, 0, 1 | Microsoft Corporation | | advapi32.dll | advapi32.dll(自动)
O23 - 服务: wwinsystem (wwinsystem) - C:/WINDOWS/system32/tcpip.exe | 2008-7-8 14:26:16(自动)
O24 - ShlExecHook: [5] - {00230023-0023-0023-0023-00230023BB15} = C:/WINDOWS/system32/rasdlgcq.dll | 2001-7-7 3:4:38
O24 - ShlExecHook: [5] - {00050005-0005-0005-0005-00050005BB15} = C:/WINDOWS/system32/cliconfgzx.dll | 2001-7-7 3:4:42
O24 - ShlExecHook: [5] - {00070007-0007-0007-0007-00070007BB15} = C:/WINDOWS/system32/dpvvoxmh.dll | 2001-7-7 3:4:50
O24 - ShlExecHook: [MICROSOFT] - {841529CB-7F77-4B99-A895-B5441E0D302F} = C:/WINDOWS/system32/jfrwdh.dll | 2000-7-7 3:4:53
O24 - ShlExecHook: [MICROSOFT] - {8C41B7F7-3168-400D-A702-0E7EFE0BA304} = C:/WINDOWS/system32/sgdewg.dll | 2000-7-7 3:5:28
O24 - ShlExecHook: [MICROSOFT] - {A9895933-6636-4281-BC58-EE6DE2AF96E3} = C:/WINDOWS/system32/ddserh.dll | 2000-7-7 3:5:32
O24 - ShlExecHook: [MICROSOFT] - {45AADFAA-DD36-42AB-83AD-0521BBF58C24} = C:/WINDOWS/system32/zycdex.dll | 2008-7-8 15:30:14
O24 - ShlExecHook: [MICROSOFT] - {17DFD111-BF3A-4CB4-ADB0-88FCBFE69821} = C:/WINDOWS/system32/hhrdxd.dll | 2000-7-7 3:5:41
O24 - ShlExecHook: [5] - {00120012-0012-0012-0012-00120012BB15} = C:/WINDOWS/system32/kbdswjr.dll | 2001-7-7 3:5:55
O24 - ShlExecHook: [MICROSOFT] - {84143967-B645-4BFF-B873-DA1DC886E9A7} = C:/WINDOWS/system32/cedafb.dll | 2000-7-7 3:5:57
O24 - ShlExecHook: [5] - {00030003-0003-0003-0003-00030003BB15} = C:/WINDOWS/system32/bootvidgj.dll | 2001-7-7 3:6:27
O24 - ShlExecHook: [5] - {00040004-0004-0004-0004-00040004BB15} = C:/WINDOWS/system32/catsrvwl.dll | 2001-7-7 3:6:30
O24 - ShlExecHook: [5] - {00010001-0001-0001-0001-00010001BB15} = C:/WINDOWS/system32/adsntzt.dll | 2001-7-7 3:6:32
O24 - ShlExecHook: [5] - {00130013-0013-0013-0013-00130013BB15} = C:/WINDOWS/system32/ksuserfy.dll | 2001-7-7 3:6:36
O24 - ShlExecHook: [5] - {00300030-0030-0030-0030-00300030BB15} = C:/WINDOWS/system32/imgutilhx2.dll | 2001-7-7 3:6:39
O24 - ShlExecHook: [MICROSOFT] - {81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B} = C:/WINDOWS/system32/jfdses.dll | 2000-7-7 3:6:41
O24 - ShlExecHook: [MICROSOFT] - {B29583D8-033A-4B9F-8553-7C5458F3FB8E} = C:/WINDOWS/system32/jdsaex.dll | 2000-7-7 3:6:44
O24 - ShlExecHook: [MICROSOFT] - {0086DD39-EB8E-4504-A085-AC8A433E34D0} = C:/WINDOWS/system32/ydggsx.dll | 2000-7-7 3:6:50
O24 - ShlExecHook: [MICROSOFT] - {0B846B26-BFE6-4E8E-A948-1DB17B77B483} = C:/WINDOWS/system32/tdfhex.dll | 2000-7-7 3:6:52
O24 - ShlExecHook: [MICROSOFT] - {C0595A7E-2E2F-4B34-A83A-019270A0A464} = C:/WINDOWS/system32/tdffdl.dll | 2000-7-7 3:6:56
O24 - ShlExecHook: [MICROSOFT] - {189F087F-4378-405F-85FA-37D955AD7A8C} = C:/WINDOWS/system32/mtewdh.dll | 2000-7-8 5:57:35
O24 - ShlExecHook: [MICROSOFT] - {DC3D30AE-0380-4151-8934-EE98A34B0370} = C:/WINDOWS/system32/mfdesy.dll | 2000-7-8 5:57:43
O24 - ShlExecHook: [MICROSOFT] - {E8A3B193-77E3-4FB3-986D-F4FA4828BAFC} = C:/WINDOWS/system32/wklsdd.dll | 2000-7-8 5:57:49
O24 - ShlExecHook: [MICROSOFT] - {461D2AB4-29A5-45C2-9134-D52272D3DE38} = C:/WINDOWS/system32/rfdswc.dll | 2000-7-8 5:58:16
O24 - ShlExecHook: [MICROSOFT] - {7914E0AA-ECCB-4311-B584-C49538227824} = C:/WINDOWS/system32/jhfrxz.dll | 2000-7-8 5:58:45
O24 - ShlExecHook: [MICROSOFT] - {CAED0F3B-DF8B-4DBF-BB20-8DFBC3199068} = C:/WINDOWS/system32/jggtsr.dll | 2000-7-8 5:58:52
O24 - ShlExecHook: [MICROSOFT] - {73AE86E6-7F03-4C3B-8980-FB1DA157D3C7} = C:/WINDOWS/system32/fmcvxy.dll | 2000-7-8 5:58:58
O24 - ShlExecHook: [MICROSOFT] - {EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6} = C:/WINDOWS/system32/fsrgeb.dll | 2000-7-8 5:59:4
O24 - ShlExecHook: [MICROSOFT] - {5E907A48-400E-4EA8-9792-FFAE052D59E9} = C:/WINDOWS/system32/pedadt.dll | 2000-7-8 5:59:9
O24 - ShlExecHook: [MICROSOFT] - {4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4} = C:/WINDOWS/system32/tdggrz.dll | 2000-7-8 5:59:15
O24 - ShlExecHook: [E] - {E490415F-65F8-B5C5-D8BA-9405FB12054E} = C:/WINDOWS/system32/yzztnmsn.dll | 2004-8-8 6:0:25
O24 - ShlExecHook: [8] - {87FD640A-158F-48AC-FD14-1597F14A9778} = C:/WINDOWS/system32/mndshsrv.dll | 2004-8-8 6:0:32
O24 - ShlExecHook: [5] - {57AC9076-C898-B098-D098-A18319080975} = C:/WINDOWS/system32/nhmxejkl.dll | 2004-8-8 6:0:38
O24 - ShlExecHook: [7] - {7C648541-1025-9650-9057-6541258720C7} = C:/WINDOWS/system32/mndhgdwd.dll | 2004-8-8 6:0:45
O24 - ShlExecHook: [8] - {80AF1289-F140-A140-D012-C1458759FC08} = C:/WINDOWS/system32/ypcqghlp.dll | 2004-8-8 6:0:52
O24 - ShlExecHook: [] - {74381DEC-D78B-43E4-BA5D-5244F669EBE4} = C:/Program Files/Internet Explorer/PLUGINS/UnixSys08.Sys | 2000-7-8 6:0:56
O24 - ShlExecHook: [MICROSOFT] - {259BF3CF-194D-4FE6-9ADB-DE6544B098B6} = C:/WINDOWS/system32/dndsaf.dll | 2008-7-8 13:16:4
O24 - ShlExecHook: [8] - {ACADABAE-1102-0010-8000-00AA006D2EA8} = C:/WINDOWS/system32/ShowAD.dll | 2008-7-8 15:31:24
O24 - ShlExecHook: [8] - {ACADABAE-1101-0010-8000-00AA006D2EA8} = C:/WINDOWS/system32/GameGuard02.dll | 2008-7-8 15:33:23
O26 - IFEO: 360rpt.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: 360safe.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: 360safebox.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: 360tray.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: adam.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: AgentSvr.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: AppSvc32.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: ati2evxx.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: autoruns.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: avconsol.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: avgrssvc.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: AvMonitor.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: avp.com -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: avp.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: CCenter.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: ccSvcHst.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: egui.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: esafe.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: FileDsty.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: FTCleanerShell.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: HijackThis.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: IceSword.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: idag.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: Iparmor.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: isPwdSvc.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: kabaload.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: kaccore.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KaScrScn.SCR -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KASMain.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KASTask.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KAV32.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KAVDX.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KAVPF.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KAVPFW.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KAVSetup.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KAVStart.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: kavsvc.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KAVsvcUI.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KISLnchr.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: kissvc.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KMailMon.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KMFilter.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KPFW32.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: kpfwsvc.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KPPMain.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KRegEx.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KRepair.com -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KsLoader.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KVCenter.kxp -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KvDetect.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KVFW.EXE -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KvfwMcl.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KVMonXP_1.kxp -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: kvol.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: kvolself.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KvReport.kxp -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KVScan.kxp -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KVsrvXP.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KVStub.kxp -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: kvupload.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KVwsc.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: kwatch.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KWatch9x.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: KWatchX.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: MagicSet.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: mcconsol.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: mmqczj.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: mmsk.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: navapsvc.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: Navapw32.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: nod32krn.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: NPFMntor.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: OllyDBG.EXE -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: OllyICE.EXE -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: PFW.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: PFWLiveUpdate.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: procexp.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: QHSET.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: QQDoctor.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: QQDoctorMain.exe -> TASKMAN.EXE
O26 - IFEO: qqkav.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: qqsc.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: Ras.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: rav.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: RAVmon.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: RAVmonD.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: ravstub.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: ravtask.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: ravtimer.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: ravtool.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: RegClean.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: regtool.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: rfwmain.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: rfwproxy.exeFYFireWall.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: rfwsrv.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: rfwstub.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: rising.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: Rsaupd.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: runiep.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: safebank.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: safeboxtray.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: safelive.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: scan32.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: SelfUpdate.exe -> TASKMAN.EXE
O26 - IFEO: shcfg32.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: SmartUp.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: SREng.EXE -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: symlcsvc.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: SysSafe.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: TrojanDetector.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: Trojanwall.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: TrojDie.kxp -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: UIHost.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: UmxAgent.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: UmxAttachment.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: UmxCfg.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: UmxFwHlp.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: UmxPol.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: UpLive.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: vsstat.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: webscanx.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: WinDbg.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: WoptiClean.exe -> C:/WINDOWS/system32/svchost.exe
O29 - HKCU-Start Page = hxxp://about.blank.la?g
HKLM/SHOWALL 值非1
朋友电脑中的这些恶意程序,使用 IEFO(映像劫持,pe_xscan 的O26项)技术阻止了卡巴斯基、卡卡安全助手的运行。
此外还使用了现在常见的shellExecuteHook(pe_xscan 的O24项),autorun.inf,SSODL(pe_xscan 的O21项),而CmdProcAuto = C:/WINDOWS/system32/sichost.exe这个曾经流行的技术再次被使用。
值得注意的是 计划任务 最近也被恶意程序使用的比较多……还好pe_xscan早有防备~
另外,发现 C:/WINDOWS/System32/lsass.exe 未能通过微软文件数字签名验证……可能是被恶意程序替换了。
(未完待续)
sichost.exe,winxphelp.exe,360up.exe,RavNT.exe,Counter.exe,login.jpg.exe等1相关推荐
- sichost.exe,winxphelp.exe,360up.exe,RavNT.exe,Counter.exe,login.jpg.exe等4
sichost.exe,winxphelp.exe,360up.exe,RavNT.exe,Counter.exe,login.jpg.exe等4 endurer 原创 2008-07-13 第1版 ...
- sichost.exe,winxphelp.exe,360up.exe,RavNT.exe,Counter.exe,login.jpg.exe等3
sichost.exe,winxphelp.exe,360up.exe,RavNT.exe,Counter.exe,login.jpg.exe等3 endurer 原创 2008-07-13 第1版 ...
- 如何查html病毒svchost.exe,小编教你在Win7系统中检查svchost.exe进程是否为病毒的方法步骤...
在win7系统中,有时候我们打开任务管理器会发现,里面有一个叫svchost.exe的进程,这是动态连接中运行的一种程序,它在系统中占一般居着很大一部分资源,因此这个进程也很容易携带病毒,那么我们如何 ...
- python转exe 体积_[转]用PyInstaller将python转成可执行文件exe笔记
1.安装PyInstaller PyInstaller的作用如标题所说,首先需要下载PyInstaller和UPX,UPX是用来压缩exe的,点击超链接下载吧,目前稳定版本是1.3,注意选择你使用的操 ...
- python编译exe文件太大了_python编译windows下可执行的exe文件
python编译windows下可执行的exe文件的操作流程: 1.在安装python环境的windows下,安装 pyinstaller,请在dos下执行如下命令: pip install pyin ...
- python exe文件运行依赖环境_python将py代码文件转换为EXE脱离环境运行
如何将python将py代码文件编译成为EXE文件,让其能够脱离python环境独立运行? 方法是有的,下面大家请看如何来操作. 我的环境是VS2017,同时安装了ironpython 一.安装pyi ...
- exe编辑器_【小功能】Unreal Editor中调用exe
后续文章更新移步→微信公众号"虚幻社区"(mantra-xhsq),您的支持是我创作的动力. 在程序界混,哪能碰上不改需求的策划 --Mantra 最近遇到了一个奇葩的需求,在Un ...
- c语言编译后找不到exe,在VS 2015命令提示符中找不到c – rc.exe
我刚刚安装了Windows 10 Creators Update(版本10.0.15063). 我安装了多个版本的Visual Studio(2012年,2013年,2015年和2017年).我几周前 ...
- vs python生成exe文件_使用VScode编写python程序并打包成.exe文件-文件夹变成exe
1. 下载vscode并安装 2. 配置Python环境 点击左下角的吃了图标,在弹出的菜单中选择extensions,在左上方搜索框内输入"Python",可以看到好多Pytho ...
最新文章
- 华为高级研究员谢凌曦:下一代人工智能计算模型探索
- 生成学习算法Generative Learning algorithms
- Accent-Insensitive, Accent Sensitive, a ã, e é 模糊查询
- 十进制网络,你也可以
- PB 级大规模 Elasticsearch 集群运维与调优实践
- 前端学习(178):表格元素
- 675. Cut Off Trees for Golf Event
- 谈谈金融行业的开源风险管理
- php常用数组,php常用数组函数
- 串口与并口有什么区别?
- dtft频移性质_08 DTFT变换的性质
- 项目管理十大知识领域一——项目整体管理
- 使程序在后台运行,后台进程实现原理
- SQL Server compute [by]
- 现在很迷茫怎么办啊?
- CorelDRAW2022矢量绘图软件老牌的矢量图形制作工具
- 微信小程序云开发之Node部署
- 【学校实验】编码实现一个地址簿类(AddressBook),通过getAllInfo()输出,实现另一个类(TestAddressBook)该类存有主方法
- 庆阳市西峰区中小学武术教学开展现状及应对措施-4
- Bloc入门之Cubit详解