winyyy.sys,hcpidesk.sys,mtlrd.sys,uldfhjfh.sys,servets.exe等1
endurer 原创
2009-11-19 第1版
一位朋友的电脑最近开机速度很慢,而且有QQ提示框说“您的QQ号已经被系统选取为【10周年庆典】的二等奖获得者”
很多程序运行不了,请偶帮忙检修。
用 pe_xscan 扫描 log 并分析,发现如下可疑项(进程模块部分有省略):
pe_xscan 09-06-21 by Purple Endurer
2009-11-10 19:49:16
Windows XP Service Pack 3(5.1.2600)
MSIE:6.0.2900.5512
管理员用户组
正常模式
[System Process] * 0
C:/WINDOWS/system32/kb110172630.dll | 2009-11-10 17:26:30
C:/WINDOWS/system32/kb210172648.dll | 2009-11-10 17:26:48
C:/WINDOWS/system32/kb510172916.dll | 2009-11-10 17:29:17
C:/WINDOWS/Fonts/kb28192213.dll | 2009-11-8 19:22:13
C:/WINDOWS/Fonts/kb48192251.dll | 2009-11-8 19:22:51
C:/WINDOWS/Fonts/kb2923529.dll | 2009-11-9 2:35:29
C:/WINDOWS/Fonts/kb410172748.dll | 2009-11-10 17:27:48
C:/WINDOWS/Fonts/kb5923711.dll | 2009-11-9 2:37:11
C:/Program Files/Internet Explorer/sdk2.dll | 2009-11-10 11:59:20
C:/Documents and Settings/Administrator/Application Data/Spy009.dll | 2009-11-9 2:41:52
C:/WINDOWS/system32/JMq7bpeR4Xa8eV5ftCB.inf | 2009-11-1 23:44:52
C:/WINDOWS/system32/RXNK8eR3xW8KTCWBCGTbqm.inf | 2009-11-10 11:17:32
C:/WINDOWS/system32/A2CbFrBy28J6zdXNZgqCtJ6Ae.inf | 2009-10-29 2:13:52
C:/WINDOWS/Downloaded Program Files/AnXnubyMnv58c9vaECWX.cur | 2009-10-29 2:14:2
C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur | 2009-10-29 2:14:20
C:/WINDOWS/Tasks/Wfayv6njQnCsg.inf | 2009-10-30 2:2:52
C:/WINDOWS/Tasks/4H5HJTHFZkxrCpehBpx4TmR.inf | 2009-10-29 1:47:10
C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-10-26 18:43:28
C:/WINDOWS/system32/WQVBYhAJ6ADw5qzCY8gv84KTH.inf | 2009-10-26 18:41:40
C:/WINDOWS/system32/qzp3jTZCSfSh.dll | 2009-10-26 18:41:2
C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur | 2009-10-26 18:41:22
C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-10-26 18:40:14
C:/WINDOWS/fonts/A97CRaCB.fon | 2009-10-26 18:39:42
C:/WINDOWS/system32/bWxJAeWKDxgRfhkaWEfA33C36nr.inf | 2009-10-26 18:38:54
C:/WINDOWS/system32/08223B03.dll | 2009-10-26 18:38:20
C:/WINDOWS/Downloaded Program Files/gxrSG8sdA4hAbGNQXnr9JGFu6nZ.cur | 2009-10-26 18:37:28
C:/WINDOWS/system32/FsmBY3kmWnAG5gRbwGgU.inf | 2009-10-26 18:37:12
C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-26 18:36:56
C:/WINDOWS/system32/2exJW3dsaTgWrf5uAPadmHN.dll | 2009-10-26 18:36:4
C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-10-26 18:36:22
C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-26 18:35:20
C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-10-26 18:35:34
C:/WINDOWS/system32/BhfwdJchYBNmD25PSCxza.inf | 2009-10-26 18:35:6
C:/WINDOWS/Downloaded Program Files/NnjrQW5EUm9zePgHXM2eB44E.cur | 2009-10-26 18:34:36
C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-26 18:34:52
C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf | 2009-11-10 11:30:6
C:/WINDOWS/System32/winlogon.exe* 540 | 2007-6-1 0:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.5512 | Windows NT Logon Application | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2113) | Microsoft Corporation| ? | winlogon | WINLOGON.EXE
C:/WINDOWS/system32/kb11011166.dll | 2009-11-10 11:16:6
C:/WINDOWS/system32/kb210111617.dll | 2009-11-10 11:16:18
C:/WINDOWS/system32/kb510111719.dll | 2009-11-10 11:17:20
C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf | 2009-11-10 11:30:6
C:/WINDOWS/Fonts/kb28192213.dll | 2009-11-8 19:22:13
C:/WINDOWS/Fonts/kb48192251.dll | 2009-11-8 19:22:51
C:/WINDOWS/Fonts/kb2923529.dll | 2009-11-9 2:35:29
C:/WINDOWS/Fonts/kb410111652.dll | 2009-11-10 11:16:52
C:/WINDOWS/Fonts/kb5923711.dll | 2009-11-9 2:37:11
C:/WINDOWS/system32/winlib .dll
C:/WINDOWS/system32/COMRes.dll | 2009-11-6 20:56:2
C:/WINDOWS/system32/syslib .dll
C:/WINDOWS/system32/kb110172630.dll | 2009-11-10 17:26:30
C:/WINDOWS/system32/kb210172648.dll | 2009-11-10 17:26:48
C:/WINDOWS/system32/kb510172916.dll | 2009-11-10 17:29:17
C:/WINDOWS/Tasks/JJX5r8wnsqUnNxGwpwn.inf | 2009-10-26 18:34:22
C:/WINDOWS/Downloaded Program Files/NnjrQW5EUm9zePgHXM2eB44E.cur | 2009-10-26 18:34:36
C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-26 18:34:52
C:/WINDOWS/system32/BhfwdJchYBNmD25PSCxza.inf | 2009-10-26 18:35:6
C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-26 18:35:20
C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-10-26 18:35:34
C:/WINDOWS/system32/SCEVFJRCmaB7.dll | 2009-10-26 18:35:50
C:/WINDOWS/system32/2exJW3dsaTgWrf5uAPadmHN.dll | 2009-10-26 18:36:4
C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-10-26 18:36:22
C:/WINDOWS/system32/ndxq9awMc.dll | 2009-10-26 18:36:36
C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-26 18:36:56
C:/WINDOWS/system32/FsmBY3kmWnAG5gRbwGgU.inf | 2009-10-26 18:37:12
C:/WINDOWS/Downloaded Program Files/gxrSG8sdA4hAbGNQXnr9JGFu6nZ.cur | 2009-10-26 18:37:28
C:/WINDOWS/Downloaded Program Files/sZaeAC74EzXJeVeJu6p.cur | 2009-10-26 18:37:42
C:/WINDOWS/system32/08223B03.dll | 2009-10-26 18:38:20
C:/WINDOWS/system32/z6FVkEF47huPzgaXee.inf | 2009-10-26 18:38:38
C:/WINDOWS/system32/bWxJAeWKDxgRfhkaWEfA33C36nr.inf | 2009-10-26 18:38:54
C:/WINDOWS/system32/122B901E.dll | 2009-10-26 18:39:10
C:/WINDOWS/Tasks/SbrmpxjdCrgRAFhz4gHh.inf | 2009-10-26 18:39:26
C:/WINDOWS/fonts/A97CRaCB.fon | 2009-10-26 18:39:42
C:/WINDOWS/fonts/SD78dgC7hD2sktQHyAu.fon | 2009-10-26 18:39:58
C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-10-26 18:40:14
C:/WINDOWS/system32/t9hdtMrwMeQcvYV3CMvhtNZpC.inf | 2009-10-26 18:40:30
C:/WINDOWS/system32/qzp3jTZCSfSh.dll | 2009-10-26 18:41:2
C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur | 2009-10-26 18:41:22
C:/WINDOWS/system32/WQVBYhAJ6ADw5qzCY8gv84KTH.inf | 2009-10-26 18:41:40
C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-10-26 18:43:28
C:/WINDOWS/system32/AMNCZw74h8gwd6CpYGkrZDy8.inf | 2009-10-29 2:13:48
C:/WINDOWS/Tasks/4H5HJTHFZkxrCpehBpx4TmR.inf | 2009-10-29 1:47:10
C:/WINDOWS/system32/A2CbFrBy28J6zdXNZgqCtJ6Ae.inf | 2009-10-29 2:13:52
C:/WINDOWS/Downloaded Program Files/AnXnubyMnv58c9vaECWX.cur | 2009-10-29 2:14:2
C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur | 2009-10-29 2:14:20
C:/WINDOWS/Tasks/Wfayv6njQnCsg.inf | 2009-10-30 2:2:52
C:/WINDOWS/system32/EMQzJJURMfVkrkEx9GJ.inf | 2009-10-30 10:32:12
C:/WINDOWS/system32/ujMhyGsS7tRV9gU2HHMkJcu7DPU.inf | 2009-11-2 1:10:32
C:/WINDOWS/system32/JMq7bpeR4Xa8eV5ftCB.inf | 2009-11-1 23:44:52
C:/WINDOWS/system32/jY8sGUnWqbZb3x2BPhY.dll | 2009-11-2 1:11:54
C:/Documents and Settings/Administrator/Application Data/Spy009.dll | 2009-11-9 2:41:52
C:/Program Files/Internet Explorer/sdk2.dll | 2009-11-10 11:59:20
C:/WINDOWS/system32/pEcFwPj48y6DADf87r.inf | 2009-11-7 11:6:12
C:/WINDOWS/Fonts/kb410172748.dll | 2009-11-10 17:27:48
C:/WINDOWS/system32/RXNK8eR3xW8KTCWBCGTbqm.inf | 2009-11-10 11:17:32
C:/WINDOWS/fonts/AN2Epfv2VzeHreV.fon | 2009-11-10 11:32:42
C:/WINDOWS/system32/CDuAUVkGy9.dll | 2009-11-10 11:33:4
C:/WINDOWS/System32/services.exe* 648 | 2009-2-9 19:21:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.5755 | Services and Controller app | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) | Microsoft Corporation| ? | services.exe | services.exe
C:/WINDOWS/system32/kb11011166.dll | 2009-11-10 11:16:6
C:/WINDOWS/system32/kb210111617.dll | 2009-11-10 11:16:18
C:/WINDOWS/system32/kb510111719.dll | 2009-11-10 11:17:20
C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf | 2009-11-10 11:30:6
C:/WINDOWS/Fonts/kb28192213.dll | 2009-11-8 19:22:13
C:/WINDOWS/Fonts/kb48192251.dll | 2009-11-8 19:22:51
C:/WINDOWS/Fonts/kb2923529.dll | 2009-11-9 2:35:29
C:/WINDOWS/Fonts/kb410111652.dll | 2009-11-10 11:16:52
C:/WINDOWS/Fonts/kb5923711.dll | 2009-11-9 2:37:11
C:/WINDOWS/system32/kb110172630.dll | 2009-11-10 17:26:30
C:/WINDOWS/system32/kb210172648.dll | 2009-11-10 17:26:48
C:/WINDOWS/system32/kb510172916.dll | 2009-11-10 17:29:17
C:/WINDOWS/System32/lsass.exe * 660 | 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | LSA Shell (Export Version) | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2113) | Microsoft Corporation| ? | lsass.exe | lsass.exe
C:/WINDOWS/system32/kb11011166.dll | 2009-11-10 11:16:6
C:/WINDOWS/system32/kb210111617.dll | 2009-11-10 11:16:18
C:/WINDOWS/system32/kb510111719.dll | 2009-11-10 11:17:20
C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf | 2009-11-10 11:30:6
C:/WINDOWS/Fonts/kb28192213.dll | 2009-11-8 19:22:13
C:/WINDOWS/Fonts/kb48192251.dll | 2009-11-8 19:22:51
C:/WINDOWS/Fonts/kb2923529.dll | 2009-11-9 2:35:29
C:/WINDOWS/Fonts/kb410111652.dll | 2009-11-10 11:16:52
C:/WINDOWS/Fonts/kb5923711.dll | 2009-11-9 2:37:11
C:/WINDOWS/system32/kb110172630.dll | 2009-11-10 17:26:30
C:/WINDOWS/system32/kb210172648.dll | 2009-11-10 17:26:48
C:/WINDOWS/system32/kb510172916.dll | 2009-11-10 17:29:17
C:/WINDOWS/System32/svchost.exe * 956 | 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2111) | Microsoft Corporation| ? | svchost.exe | svchost.exe
C:/WINDOWS/system32/kb11011166.dll | 2009-11-10 11:16:6
C:/WINDOWS/system32/kb210111617.dll | 2009-11-10 11:16:18
C:/WINDOWS/system32/kb510111719.dll | 2009-11-10 11:17:20
C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf | 2009-11-10 11:30:6
C:/WINDOWS/Fonts/kb28192213.dll | 2009-11-8 19:22:13
C:/WINDOWS/Fonts/kb48192251.dll | 2009-11-8 19:22:51
C:/WINDOWS/Fonts/kb2923529.dll | 2009-11-9 2:35:29
C:/WINDOWS/Fonts/kb410111652.dll | 2009-11-10 11:16:52
C:/WINDOWS/Fonts/kb5923711.dll | 2009-11-9 2:37:11
C:/WINDOWS/system32/COMRes.dll | 2009-11-6 20:56:2
C:/WINDOWS/system32/kb110172630.dll | 2009-11-10 17:26:30
C:/WINDOWS/system32/kb210172648.dll | 2009-11-10 17:26:48
C:/WINDOWS/system32/kb510172916.dll | 2009-11-10 17:29:17
C:/WINDOWS/System32/conime.exe * 1996 | 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | Console IME | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2105) | Microsoft Corporation| ? | Console | CONIME.EXE
C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf | 2009-11-10 11:30:6
C:/WINDOWS/Fonts/kb28192213.dll | 2009-11-8 19:22:13
C:/WINDOWS/Fonts/kb48192251.dll | 2009-11-8 19:22:51
C:/WINDOWS/Fonts/kb2923529.dll | 2009-11-9 2:35:29
C:/WINDOWS/Fonts/kb410111652.dll | 2009-11-10 11:16:52
C:/WINDOWS/system32/kb11011166.dll | 2009-11-10 11:16:6
C:/WINDOWS/system32/kb210111617.dll | 2009-11-10 11:16:18
C:/WINDOWS/system32/kb510111719.dll | 2009-11-10 11:17:20
C:/WINDOWS/Fonts/kb5923711.dll | 2009-11-9 2:37:11
C:/Documents and Settings/Administrator/Application Data/Spy009.dll | 2009-11-9 2:41:52
C:/WINDOWS/system32/JMq7bpeR4Xa8eV5ftCB.inf | 2009-11-1 23:44:52
C:/WINDOWS/system32/RXNK8eR3xW8KTCWBCGTbqm.inf | 2009-11-10 11:17:32
C:/WINDOWS/system32/A2CbFrBy28J6zdXNZgqCtJ6Ae.inf | 2009-10-29 2:13:52
C:/WINDOWS/Downloaded Program Files/AnXnubyMnv58c9vaECWX.cur | 2009-10-29 2:14:2
C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur | 2009-10-29 2:14:20
C:/WINDOWS/Tasks/Wfayv6njQnCsg.inf | 2009-10-30 2:2:52
C:/WINDOWS/Tasks/4H5HJTHFZkxrCpehBpx4TmR.inf | 2009-10-29 1:47:10
C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-10-26 18:43:28
C:/WINDOWS/system32/WQVBYhAJ6ADw5qzCY8gv84KTH.inf | 2009-10-26 18:41:40
C:/WINDOWS/system32/qzp3jTZCSfSh.dll | 2009-10-26 18:41:2
C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur | 2009-10-26 18:41:22
C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-10-26 18:40:14
C:/WINDOWS/fonts/A97CRaCB.fon | 2009-10-26 18:39:42
C:/WINDOWS/system32/bWxJAeWKDxgRfhkaWEfA33C36nr.inf | 2009-10-26 18:38:54
C:/WINDOWS/system32/08223B03.dll | 2009-10-26 18:38:20
C:/WINDOWS/Downloaded Program Files/gxrSG8sdA4hAbGNQXnr9JGFu6nZ.cur | 2009-10-26 18:37:28
C:/WINDOWS/system32/FsmBY3kmWnAG5gRbwGgU.inf | 2009-10-26 18:37:12
C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-26 18:36:56
C:/WINDOWS/system32/2exJW3dsaTgWrf5uAPadmHN.dll | 2009-10-26 18:36:4
C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-10-26 18:36:22
C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-26 18:35:20
C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-10-26 18:35:34
C:/WINDOWS/system32/BhfwdJchYBNmD25PSCxza.inf | 2009-10-26 18:35:6
C:/WINDOWS/Downloaded Program Files/NnjrQW5EUm9zePgHXM2eB44E.cur | 2009-10-26 18:34:36
C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-26 18:34:52
C:/Program Files/Internet Explorer/sdk2.dll | 2009-11-10 11:59:20
C:/WINDOWS/smss.exe * 2272 | 2009-11-10 17:23:42 | Microsoft(R) Windows(R) Operating System | 5.2.3790.1830 | Generic Host Process for Win32 Services | (C) Microsoft Corporation. All rights reserved. | 5.2.3790.1830 | Microsoft Corporation | | rpcs.exe | rpcs.exe
C:/WINDOWS/system32/kb11011166.dll | 2009-11-10 11:16:6
C:/WINDOWS/system32/kb210111617.dll | 2009-11-10 11:16:18
C:/WINDOWS/system32/kb510111719.dll | 2009-11-10 11:17:20
C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf | 2009-11-10 11:30:6
C:/WINDOWS/Fonts/kb28192213.dll | 2009-11-8 19:22:13
C:/WINDOWS/Fonts/kb48192251.dll | 2009-11-8 19:22:51
C:/WINDOWS/Fonts/kb2923529.dll | 2009-11-9 2:35:29
C:/WINDOWS/Fonts/kb410111652.dll | 2009-11-10 11:16:52
C:/WINDOWS/Fonts/kb5923711.dll | 2009-11-9 2:37:11
C:/WINDOWS/system32/kb110172630.dll | 2009-11-10 17:26:30
C:/WINDOWS/system32/kb210172648.dll | 2009-11-10 17:26:48
C:/WINDOWS/system32/kb510172916.dll | 2009-11-10 17:29:17
C:/WINDOWS/explorer.exe * 9884 | 2007-6-1 0:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2900.5512 | Windows Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.5512 (xpsp.080413-2105) | Microsoft Corporation| ? | explorer | EXPLORER.EXE
C:/WINDOWS/system32/kb110172630.dll | 2009-11-10 17:26:30
C:/WINDOWS/system32/kb210172648.dll | 2009-11-10 17:26:48
C:/WINDOWS/system32/kb510172916.dll | 2009-11-10 17:29:17
C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf | 2009-11-10 11:30:6
C:/WINDOWS/Fonts/kb28192213.dll | 2009-11-8 19:22:13
C:/WINDOWS/Fonts/kb48192251.dll | 2009-11-8 19:22:51
C:/WINDOWS/Fonts/kb2923529.dll | 2009-11-9 2:35:29
C:/WINDOWS/Fonts/kb410172748.dll | 2009-11-10 17:27:48
C:/WINDOWS/Fonts/kb5923711.dll | 2009-11-9 2:37:11
C:/WINDOWS/system32/COMRes.dll | 2009-11-6 20:56:2
c:/windows/system32/wmitpfs.dll | 2009-10-30 10:38:4
C:/WINDOWS/Tasks/JJX5r8wnsqUnNxGwpwn.inf | 2009-10-26 18:34:22
C:/WINDOWS/Downloaded Program Files/NnjrQW5EUm9zePgHXM2eB44E.cur | 2009-10-26 18:34:36
C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-26 18:34:52
C:/WINDOWS/system32/BhfwdJchYBNmD25PSCxza.inf | 2009-10-26 18:35:6
C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-26 18:35:20
C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-10-26 18:35:34
C:/WINDOWS/system32/SCEVFJRCmaB7.dll | 2009-10-26 18:35:50
C:/WINDOWS/system32/2exJW3dsaTgWrf5uAPadmHN.dll | 2009-10-26 18:36:4
C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-10-26 18:36:22
C:/WINDOWS/system32/ndxq9awMc.dll | 2009-10-26 18:36:36
C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-26 18:36:56
C:/WINDOWS/system32/FsmBY3kmWnAG5gRbwGgU.inf | 2009-10-26 18:37:12
C:/WINDOWS/Downloaded Program Files/gxrSG8sdA4hAbGNQXnr9JGFu6nZ.cur | 2009-10-26 18:37:28
C:/WINDOWS/Downloaded Program Files/sZaeAC74EzXJeVeJu6p.cur | 2009-10-26 18:37:42
C:/WINDOWS/system32/08223B03.dll | 2009-10-26 18:38:20
C:/WINDOWS/system32/z6FVkEF47huPzgaXee.inf | 2009-10-26 18:38:38
C:/WINDOWS/system32/bWxJAeWKDxgRfhkaWEfA33C36nr.inf | 2009-10-26 18:38:54
C:/WINDOWS/system32/122B901E.dll | 2009-10-26 18:39:10
C:/WINDOWS/Tasks/SbrmpxjdCrgRAFhz4gHh.inf | 2009-10-26 18:39:26
C:/WINDOWS/fonts/A97CRaCB.fon | 2009-10-26 18:39:42
C:/WINDOWS/fonts/SD78dgC7hD2sktQHyAu.fon | 2009-10-26 18:39:58
C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-10-26 18:40:14
C:/WINDOWS/system32/t9hdtMrwMeQcvYV3CMvhtNZpC.inf | 2009-10-26 18:40:30
C:/WINDOWS/system32/qzp3jTZCSfSh.dll | 2009-10-26 18:41:2
C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur | 2009-10-26 18:41:22
C:/WINDOWS/system32/WQVBYhAJ6ADw5qzCY8gv84KTH.inf | 2009-10-26 18:41:40
C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-10-26 18:43:28
C:/WINDOWS/system32/AMNCZw74h8gwd6CpYGkrZDy8.inf | 2009-10-29 2:13:48
C:/WINDOWS/Tasks/4H5HJTHFZkxrCpehBpx4TmR.inf | 2009-10-29 1:47:10
C:/WINDOWS/system32/A2CbFrBy28J6zdXNZgqCtJ6Ae.inf | 2009-10-29 2:13:52
C:/WINDOWS/Downloaded Program Files/AnXnubyMnv58c9vaECWX.cur | 2009-10-29 2:14:2
C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur | 2009-10-29 2:14:20
C:/WINDOWS/Tasks/Wfayv6njQnCsg.inf | 2009-10-30 2:2:52
C:/WINDOWS/system32/EMQzJJURMfVkrkEx9GJ.inf | 2009-10-30 10:32:12
C:/WINDOWS/system32/ujMhyGsS7tRV9gU2HHMkJcu7DPU.inf | 2009-11-2 1:10:32
C:/WINDOWS/system32/JMq7bpeR4Xa8eV5ftCB.inf | 2009-11-1 23:44:52
C:/WINDOWS/system32/jY8sGUnWqbZb3x2BPhY.dll | 2009-11-2 1:11:54
C:/Documents and Settings/Administrator/Application Data/Spy009.dll | 2009-11-9 2:41:52
C:/Program Files/Internet Explorer/sdk2.dll | 2009-11-10 11:59:20
C:/WINDOWS/system32/pEcFwPj48y6DADf87r.inf | 2009-11-7 11:6:12
C:/WINDOWS/system32/RXNK8eR3xW8KTCWBCGTbqm.inf | 2009-11-10 11:17:32
C:/WINDOWS/fonts/AN2Epfv2VzeHreV.fon | 2009-11-10 11:32:42
C:/WINDOWS/system32/CDuAUVkGy9.dll | 2009-11-10 11:33:4
F2 - REG: system.ini: UserInit = <C:/WINDOWS/system32/userinit.exe,> | 2007-6-1 0:0:0
O1 - Hosts: 98.126.44.146 show.qq.com
O1 - Hosts: 98.126.122.106 bbs1.qq.com
O1 - Hosts: 98.126.44.146 music.qq.com
O1 - Hosts: 98.126.44.146 minix.soso.com
O1 - Hosts: 98.126.44.146 ic.qzone.qq.com
O1 - Hosts: 98.126.44.146 adsclick.qq.com
O1 - Hosts: 98.126.122.106 adsfile.qq.com
O1 - Hosts: 98.126.122.106 adsview.qq.com
O1 - Hosts: 98.126.122.106 minigame.qq.com
O1 - Hosts: 127.1.1.1 xb520dx.kmip.net
O1 - Hosts: 127.1.1.1 dxz.974671.com
O1 - Hosts: 127.1.1.1 www.dy2004.com
O1 - Hosts: 127.1.1.1 www.114Baines.com
O1 - Hosts: 127.1.1.1 tj.3800down.com
O1 - Hosts: 127.1.1.1 a6tt4.114anhui.com
O1 - Hosts: 127.1.1.1 ak.114anhui.com
O1 - Hosts: 127.1.1.1 wwd.243542.com
O1 - Hosts: 127.1.1.1 w8.lao998.com
O1 - Hosts: 127.1.1.1 nhy7ubgv.114anhui.com
O1 - Hosts: 127.1.1.1 g6tt4.114anhui.com
O1 - Hosts: 127.1.1.1 x.qingsewuyuet.cn
O1 - Hosts: 127.1.1.1 www.114Baines.com
O1 - Hosts: 127.1.1.1 ok3.114graph.com
O1 - Hosts: 127.1.1.1 nhy7ubgv.114anhui.com
O1 - Hosts: 127.1.1.1 www.ok182.com
O1 - Hosts: 127.1.1.1 down.my227.com
O1 - Hosts: 127.1.1.1 n1xln1l1nx.3322.org
O1 - Hosts: 127.1.1.1 txt119.kmip.net
O1 - Hosts: 127.1.1.1 126.123fga.cn
O1 - Hosts: 127.1.1.1 ya.com.9d1u.cn
O1 - Hosts: 127.1.1.1 demo.jikesoft.cn
O1 - Hosts: 127.1.1.1 bmw8x.cn
O1 - Hosts: 127.1.1.1 mck.o0oq.cn
O1 - Hosts: 127.1.1.1 0.9d3f.cn
O1 - Hosts: 127.1.1.1 www.114baines.com
O1 - Hosts: 127.0.1.1 zsmdo.cn
O1 - Hosts: 127.1.1.1 wwd.976777.com
O1 - Hosts: 127.1.1.1 www.tt2sf.net
O1 - Hosts: 127.1.1.1 msn.com.9d1u.cn
O1 - Hosts: 127.1.1.1 ll.wwooaini88.com
O1 - Hosts: 127.1.1.1 jh.jhjsyehxkd.cn
O1 - Hosts: 127.1.1.1 kcs.cn
O1 - Hosts: 127.1.1.1 mck.o0oq.cn
O1 - Hosts: 127.1.1.1 x.moneyinfom.com
O1 - Hosts: 127.1.1.1 1.888888ok.com.cn
O1 - Hosts: 127.1.1.1 3w.97sesewww.cn
O1 - Hosts: 127.0.0.1 b.nmbrx.com
O1 - Hosts: 222.189.238.40 adsclick.qq.com
O1 - Hosts: 222.189.238.40 adsview.qq.com
O1 - Hosts: 222.189.238.40 bbs1.qq.com
O1 - Hosts: 222.189.238.40 ic.qzone.qq.com
O1 - Hosts: 222.189.238.40 minigame.qq.com
O1 - Hosts: 222.189.238.40 minix.soso.com
O1 - Hosts: 222.189.238.40 music.qq.com
O1 - Hosts: 222.189.238.40 show.qq.com
O1 - Hosts: 222.189.238.40 www.yxnpc.com
O1 - Hosts: 222.189.238.40 www2.im.alisoft.com
O1 - Hosts: 222.189.238.40 file.fetion.chinacache.neL
O1 - Hosts: 222.189.238.40 adsview.qq.com
O1 - Hosts: 222.189.238.40 bbs1.qq.com
O1 - Hosts: 222.189.238.40 ic.qzone.qq.com
O1 - Hosts: 222.189.238.40 minigame.qq.com
O1 - Hosts: 222.189.238.40 minix.soso.com
O1 - Hosts: 222.189.238.40 music.qq.com
O1 - Hosts: 222.189.238.40 show.qq.com
O1 - Hosts: 222.189.238.40 www.yxnpc.com
O1 - Hosts: 222.189.238.40 www2.im.alisoft.com
O1 - Hosts: 222.189.238.40 file.fetion.chinacache.net?
O1 - Hosts: 222.189.238.40 bbs1.qq.com
O1 - Hosts: 222.189.238.40 ic.qzone.qq.com
O1 - Hosts: 222.189.238.40 minigame.qq.com
O1 - Hosts: 222.189.238.40 minix.soso.com
O1 - Hosts: 222.189.238.40 music.qq.com
O1 - Hosts: 222.189.238.40 show.qq.com
O1 - Hosts: 222.189.238.40 www.yxnpc.com
O1 - Hosts: 222.189.238.40 www2.im.alisoft.com
O1 - Hosts: 222.189.238.40 file.fetion.chi
O2 - BHO CAdLogic Object - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} = C:/Program Files/Common Files/PushWare/cpush.dll | 2009-11-9 14:40:52| ? | 1.1.6.2| ?| ? | 1.1.6.2| ?| ? | softpush.dll | softpush.dll
O2 - BHO google cache - {296AB1C7-FB22-4D17-8834-064E2BA0A6F0} = C:/WINDOWS/MICROSOFT/winsys.dll | 2007-3-15 2:32:20 | | 2. 3, 0, 2 | Windows Services Module | | 2. 3, 0, 2 | Hello Loons.Fad | | | Beijing zhongguancun
O4 - HKCU/../run: [msconfigs] C:/WINDOWS/system32/TnvTy.exe
O4 - HKLM/../run: [system] C:/WINDOWS/system32/system.exe
O4 - HKLM/../run: [Trough] C:/WINDOWS/system32/TroughClient.exe 0
O4 - HKLM/../run: [RsTray] C:/WINDOWS/system32/scvhost.exe
O4 - HKLM/../run: [msconfigs] C:/WINDOWS/system32/TnvTy.exe
O4 - HKLM/../run: [aowii_19831028_game] "c:/windows/system32/jmodirwgq.exe" -at
O4 - HKLM/../run: [aowii_19831028_sogouip] "c:/windows/system32/rqtvfpyiy.exe" -at
O4 - HKLM/../run: [autorun_19831028_kingsoftgo] "c:/windows/system32/qsrvucimrd.exe" -at
At1.job
At2.job
At3.job
At4.job
At5.job
At6.job
At7.job
At8.job
At9.job
O20 - AppInit_DLLs = C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf ,C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur,C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur,C:/WINDOWS/Fonts/kb28192213.dll,C:/WINDOWS/Fonts/kb48192251.dll,C:/WINDOWS/Fonts/kb2923529.dll,C:/WINDOWS/Fonts/kb5923711.dll,C:/WINDOWS/Fonts/kb410172748.dll
O23 - 服务: AmdK8 (AmdK8 Compatible Device) - System32/drivers/amdk8.sys | 2008-1-3 17:1:23 | AMD Processor Driver | 1.3.2 | AMD Processor Driver | Copyright (C) AMD, Inc.2002-2006 | 1.3.2 (dnsrv(wmbla).060701-2226) | Advanced Micro Devices| ? | AmdK8.sys | AmdK8.sys(手动)
O23 - 服务: AsyncMac (RAS Asynchronous Media Driver) - system32/DRIVERS/asyncmac.sys (手动)
O23 - 服务: hcpidesk (hcpidesk) - C:/WINDOWS/system32/drivers/hcpidesk.sys | 2009-11-10 11:39:36(自动)
O23 - 服务: mtlrd (mtlrd) - C:/Documents and Settings/All Users/Application Data/Microsoft/Media Player/wmp/mtlrd.sys | 2009-9-25 17:18:22(自动)
O23 - 服务: MyProt (Network Monitor Protocol Driver) - system32/DRIVERS/winyyy.sys | 2009-11-9 2:57:54 | Windows (R) 2000 DDK driver | 5.1.2600.2180 | NDIS User mode I/O Driver | | 5.1.2600.2180 built by: WinDDK | Windows (R) 2000 DDK provider| ? | NDISPROT.SYS | NDISPROT.SYS(手动)
O23 - 服务: Netlogon (Net Logon) - C:/WINDOWS/system32/lsass.exe | 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | LSA Shell (Export Version) | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2113) | Microsoft Corporation| ? | lsass.exe | lsass.exe(手动)
O23 - 服务: NtLmSsp (NT LM Security Support Provider) - C:/WINDOWS/system32/lsass.exe | 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | LSA Shell (Export Version) | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2113) | Microsoft Corporation| ? | lsass.exe | lsass.exe(手动)
O23 - 服务: pcidump (pcidump) - C:/WINDOWS/system32/drivers/pcidump.sys (禁用)
O23 - 服务: pnpmem (pnpmem) - C:/WINDOWS/system32/drivers/pnpmem.sys | 2009-11-10 12:23:51(自动)
O23 - 服务: PolicyAgent (IPSEC Services) - C:/WINDOWS/system32/lsass.exe | 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | LSA Shell (Export Version) | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2113) | Microsoft Corporation| ? | lsass.exe | lsass.exe(自动)
O23 - 服务: ProtectedStorage (Protected Storage) - C:/WINDOWS/system32/lsass.exe | 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | LSA Shell (Export Version) | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2113) | Microsoft Corporation| ? | lsass.exe | lsass.exe(自动)
O23 - 服务: SamSs (Security Accounts Manager) - C:/WINDOWS/system32/lsass.exe | 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | LSA Shell (Export Version) | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2113) | Microsoft Corporation| ? | lsass.exe | lsass.exe(自动)
O23 - 服务: uldfhjfh (uldfhjfh) - C:/WINDOWS/system32/drivers/uldfhjfh.sys | 2009-11-10 11:35:10(系统)
O23 - 服务: W32Time (Windows Time) - C:/WINDOWS/System32/svchost.exe -k netsvcs| 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2111) | Microsoft Corporation| ? | svchost.exe | svchost.exe
-> C:/WINDOWS/system32/Lang/tmcvomuigt.dll | 2009-11-10 11:38:48 | WinSVC | 2.8 | Time Windows | Microsoft LTD | 4.2.2.327 | Microsoft Corporation. | | 4.1.1.5 | (自动)
O23 - 服务: Windowss (Removableo) - C:/WINDOWS/system32/servets.exe | 2009-11-10 11:34:32(自动)
O23 - 服务: winhelp (winhelp) - c:/windows/system32/winhelp.exe | 2009-11-10 17:26:40(自动)
O23 - 服务: winhelp32 (winhelp32) - c:/windows/system32/winhelp32.exe | 2009-11-10 11:36:52(自动)
O23 - 服务: WinSCCOM (COM+ Windows System Server) - C:/WINDOWS/winsccoo.exe | 2009-11-10 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.2.3790.1830 | Generic Host Process for Win32 Services | (C) Microsoft Corporation. All rights reserved. | 5.2.3790.1830 | Microsoft Corporation | | rpcs.exe | rpcs.exe(自动)
O23 - 服务: wmitpfs (WMITPFS Service) - C:/WINDOWS/system32/svchost.exe -k wmitpfs | 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2111) | Microsoft Corporation| ? | svchost.exe | svchost.exe
-> C:/WINDOWS/system32/wmitpfs.dll | 2009-10-30 10:38:4(自动)
O23 - 服务: xx (xx) - C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/~443475.ex (手动)
O24 - ShlExecHook: [B] - {A2BCFCEE-C939-433F-A32A-7353A6E720DB} = C:/WINDOWS/Tasks/JJX5r8wnsqUnNxGwpwn.inf | 2009-10-26 18:34:22
O24 - ShlExecHook: [C] - {E1639D0B-CC74-4C22-B662-F2F9367CBEFC} = C:/WINDOWS/Downloaded Program Files/NnjrQW5EUm9zePgHXM2eB44E.cur | 2009-10-26 18:34:36
O24 - ShlExecHook: [3] - {51716C09-6B08-4CCF-B526-718E912C0573} = C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-26 18:34:52
O24 - ShlExecHook: [C] - {9EB86543-64B5-4CA8-9241-D672720CB0BC} = C:/WINDOWS/system32/BhfwdJchYBNmD25PSCxza.inf | 2009-10-26 18:35:6
O24 - ShlExecHook: [9] - {84639C2D-CD75-4081-B515-329AFCECBF19} = C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-26 18:35:20
O24 - ShlExecHook: [5] - {B9D0F4D7-C809-4C27-9CB4-63201DFB3D05} = C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-10-26 18:35:34
O24 - ShlExecHook: [7] - {CD478099-014D-4B3A-A4BB-B518F1019BC7} = C:/WINDOWS/system32/SCEVFJRCmaB7.dll | 2009-10-26 18:35:50
O24 - ShlExecHook: [7] - {87DE8A1A-96C5-4420-B222-EF998F697CE7} = C:/WINDOWS/system32/2exJW3dsaTgWrf5uAPadmHN.dll | 2009-10-26 18:36:4
O24 - ShlExecHook: [6] - {526EB425-7F56-4773-8D70-B8E45AA8E2B6} = C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-10-26 18:36:22
O24 - ShlExecHook: [0] - {23DA65D2-C696-4EE4-BEE8-B4841DEC3E30} = C:/WINDOWS/system32/ndxq9awMc.dll | 2009-10-26 18:36:36
O24 - ShlExecHook: [F] - {81EB905C-EDF8-4033-80BF-E0F4F46733DF} = C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-26 18:36:56
O24 - ShlExecHook: [C] - {B7F1BFDC-4B6C-4E2F-AF7A-638D2D47802C} = C:/WINDOWS/system32/FsmBY3kmWnAG5gRbwGgU.inf | 2009-10-26 18:37:12
O24 - ShlExecHook: [C] - {C53C1999-1B56-41BD-8F76-520D618F112C} = C:/WINDOWS/Downloaded Program Files/gxrSG8sdA4hAbGNQXnr9JGFu6nZ.cur | 2009-10-26 18:37:28
O24 - ShlExecHook: [5] - {F181F067-7046-4DCB-993F-200990736305} = C:/WINDOWS/Downloaded Program Files/sZaeAC74EzXJeVeJu6p.cur | 2009-10-26 18:37:42
O24 - ShlExecHook: [E] - {08223B03-1B38-4A33-A83A-A4D3CC1D6E4E} = C:/WINDOWS/system32/08223B03.dll | 2009-10-26 18:38:20
O24 - ShlExecHook: [7] - {74DA2FEC-F68F-4DC7-9A45-9174AC044427} = C:/WINDOWS/system32/z6FVkEF47huPzgaXee.inf | 2009-10-26 18:38:38
O24 - ShlExecHook: [2] - {05EDDA35-1E5B-4A77-8F68-99AB967CF632} = C:/WINDOWS/system32/bWxJAeWKDxgRfhkaWEfA33C36nr.inf | 2009-10-26 18:38:54
O24 - ShlExecHook: [C] - {122B901E-493F-4AD9-BC69-7DE8C3E52FCC} = C:/WINDOWS/system32/122B901E.dll | 2009-10-26 18:39:10
O24 - ShlExecHook: [B] - {827E2FB4-1047-43DE-848D-E12BB0C97AAB} = C:/WINDOWS/Tasks/SbrmpxjdCrgRAFhz4gHh.inf | 2009-10-26 18:39:26
O24 - ShlExecHook: [1] - {8708994F-1758-4C2C-9A3F-FA22D6CCCB41} = C:/WINDOWS/fonts/A97CRaCB.fon | 2009-10-26 18:39:42
O24 - ShlExecHook: [7] - {24144CB8-10ED-4BFC-843F-68A9F3369947} = C:/WINDOWS/fonts/SD78dgC7hD2sktQHyAu.fon | 2009-10-26 18:39:58
O24 - ShlExecHook: [E] - {6049BC02-7EDA-4C41-B4AB-D5398607C39E} = C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-10-26 18:40:14
O24 - ShlExecHook: [C] - {F317E464-D4A4-4C79-82E8-CABADF738C7C} = C:/WINDOWS/system32/t9hdtMrwMeQcvYV3CMvhtNZpC.inf | 2009-10-26 18:40:30
O24 - ShlExecHook: [}] - {8A6A5B34-D995-4C5D-9338-B5E264B4A87} = C:/WINDOWS/system32/nXe2grrKNzF9dxYKmqg.inf | 2009-11-10 11:41:10
O24 - ShlExecHook: [B] - {4F5EEDE5-1687-49D2-8A17-FF0B454FB37B} = C:/WINDOWS/system32/qzp3jTZCSfSh.dll | 2009-10-26 18:41:2
O24 - ShlExecHook: [3] - {6B1604E2-A839-463C-906A-27A129781E93} = C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur | 2009-10-26 18:41:22
O24 - ShlExecHook: [4] - {D55E3C90-C192-411F-85FC-6A8A69D0C634} = C:/WINDOWS/system32/WQVBYhAJ6ADw5qzCY8gv84KTH.inf | 2009-10-26 18:41:40
O24 - ShlExecHook: [2] - {1719B301-B494-4185-9379-242461F9CF02} = C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-10-26 18:43:28
O24 - ShlExecHook: [C] - {C4BD9D5C-04CA-45E6-8539-98B07D99B6BC} = C:/WINDOWS/system32/AMNCZw74h8gwd6CpYGkrZDy8.inf | 2009-10-29 2:13:48
O24 - ShlExecHook: [5] - {3373CD28-8C35-4A36-8569-672D8CA197F5} = C:/WINDOWS/Tasks/4H5HJTHFZkxrCpehBpx4TmR.inf | 2009-10-29 1:47:10
O24 - ShlExecHook: [C] - {C3634CF6-FD22-4F3D-BBB4-AE36174A868C} = C:/WINDOWS/system32/A2CbFrBy28J6zdXNZgqCtJ6Ae.inf | 2009-10-29 2:13:52
O24 - ShlExecHook: [8] - {B59F0A61-EF3E-4A2B-9E3A-4A84EDDF2308} = C:/WINDOWS/Downloaded Program Files/AnXnubyMnv58c9vaECWX.cur | 2009-10-29 2:14:2
O24 - ShlExecHook: [B] - {012B7C3C-53AF-424E-869C-7DB92D25C31B} = C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur | 2009-10-29 2:14:20
O24 - ShlExecHook: [B] - {012AA32F-36E6-405F-9F3F-588E0AA73FBB} = C:/WINDOWS/Tasks/Wfayv6njQnCsg.inf | 2009-10-30 2:2:52
O24 - ShlExecHook: [0] - {D36A1DF7-6582-4160-B925-59A34E39FE30} = C:/WINDOWS/system32/EMQzJJURMfVkrkEx9GJ.inf | 2009-10-30 10:32:12
O24 - ShlExecHook: [0] - {7CC109E5-B2FC-4FEE-AF04-74B2DCBD2540} = C:/WINDOWS/system32/ujMhyGsS7tRV9gU2HHMkJcu7DPU.inf | 2009-11-2 1:10:32
O24 - ShlExecHook: [5] - {7198F428-77AC-4837-AFBE-1E0393575935} = C:/WINDOWS/system32/JMq7bpeR4Xa8eV5ftCB.inf | 2009-11-1 23:44:52
O24 - ShlExecHook: [A] - {8E6D4583-0FA1-41B2-BAAA-63352E6333CA} = C:/WINDOWS/system32/jY8sGUnWqbZb3x2BPhY.dll | 2009-11-2 1:11:54
O24 - ShlExecHook: [] - {C8417122-386F-48C7-8900-C82E4694FEBC} = C:/Documents and Settings/Administrator/Application Data/Spy009.dll | 2009-11-9 2:41:52
O24 - ShlExecHook: [] - {556F0F4D-9CD8-4C91-A95B-0F88D638406A} = C:/Program Files/Internet Explorer/sdk2.dll | 2009-11-10 11:59:20
O24 - ShlExecHook: [2] - {81BC0740-6E31-4BA4-81C8-EFF9ECEB3BA2} = C:/WINDOWS/system32/pEcFwPj48y6DADf87r.inf | 2009-11-7 11:6:12
O24 - ShlExecHook: [4] - {C3BDE61A-DB4C-4a68-8A01-CD4A29B88974} = C:/WINDOWS/Fonts/kb2923529.dll | 2009-11-9 2:35:29
O24 - ShlExecHook: [3] - {F9B6B005-901D-48c8-A35D-BA745F98FBD3} = C:/WINDOWS/Fonts/kb410172748.dll | 2009-11-10 17:27:48
O24 - ShlExecHook: [1] - {001A8F88-01D3-4a02-AA3F-B98E100176F1} = C:/WINDOWS/Fonts/kb5923711.dll | 2009-11-9 2:37:11
O24 - ShlExecHook: [1] - {F8EC4F9D-F88B-41CF-BC8D-3DD1737B6451} = C:/WINDOWS/system32/RXNK8eR3xW8KTCWBCGTbqm.inf | 2009-11-10 11:17:32
O24 - ShlExecHook: [F] - {DEA30687-C84E-4588-A761-5F2749455B2F} = C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf | 2009-11-10 11:30:6
O24 - ShlExecHook: [9] - {B8D2813F-E0ED-42C6-95DD-2969BD5DC639} = C:/WINDOWS/fonts/AN2Epfv2VzeHreV.fon | 2009-11-10 11:32:42
O24 - ShlExecHook: [2] - {93DA1E7D-7C46-4F90-8674-EC90511FCA72} = C:/WINDOWS/system32/CDuAUVkGy9.dll | 2009-11-10 11:33:4
O26 - IFEO: 360rpt.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: 360Safe.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: 360tray.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: DrRtp.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: egui.exe -> services.exe
O26 - IFEO: QQDoctor.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: RStray.exe -> C:/WINDOWS/system32/svchost.exe
O29 - HKCU-Start Page = hxxp://www.7357.cn/#1008
O29 - HKLM-Start Page = hxxp://www.2298.cn/
(未完待续)