woauolt.exe,System.exe,Update.dll,MPKrnl.dll,360mon.dll,upnpsrv.dll等1

endurer

1版

 

一位朋友说他的电脑最近反应很慢,拔号上网时卡住。请偶帮忙检修。

使用 pe_xscan 扫描 log 并分析,发现如下可疑项(进程模块部分有省略):

pe_xscan 07-07-21 by Purple Endurer 
2000-1-1 8:26:35
Windows XP Service Pack 2(5.1.2600)
管理员用户组
[System Process] * 0
  C:/windows/system32/HBmhly.dll | 2000-1-1 0:35:6
  C:/windows/system32/HBXY2.dll | 2000-1-2 18:31:12
  C:/windows/system32/HBDNF.dll | 2000-1-1 0:10:20
  C:/windows/system32/HBTL.dll | 2000-1-1 0:6:52
  C:/windows/system32/HBQQSG.dll | 2000-1-1 0:30:40
  C:/windows/system32/HBQQFFO.dll | 2000-1-1 0:25:26
  C:/windows/system32/HBQQXX.dll | 2000-1-1 0:28:0
  C:/windows/system32/HBWD.dll | 2000-1-1 0:33:48
  C:/WINDOWS/system32/jdsaex.dll | 2000-1-1 0:21:28
  C:/WINDOWS/system32/hhrdxd.dll | 2000-1-1 0:18:44
  C:/WINDOWS/system32/sgdewg.dll | 2000-1-1 0:18:24
  C:/WINDOWS/system32/ddserh.dll | 2000-1-1 0:16:4
  C:/windows/system32/DA63E650.dll | 2008-10-16 10:28:2
  C:/windows/system32/4BF9CBA3.dll | 2008-10-16 10:27:24
  C:/windows/system32/7ADC2AB1.dll | 2008-10-16 10:26:46
  C:/windows/system32/3474A8C2.dll | 2008-10-16 10:27:46
  C:/windows/system32/22D75360.dll | 2008-10-16 10:27:8
  C:/windows/system32/E4814792.dll | 2008-10-16 10:25:40
  C:/windows/system32/C250CF20.dll | 2008-10-16 10:25:14
  C:/windows/system32/82710040.dll | 2008-10-16 10:24:36
  C:/windows/system32/122B901E.dll | 2008-10-16 10:24:12
  C:/windows/system32/C56BCC10.dll | 2008-10-16 10:23:52
  C:/windows/system32/DE02F764.dll | 2008-10-16 10:23:36
  C:/windows/system32/43ACDCC5.dll | 2008-10-16 10:23:16
  C:/WINDOWS/system32/kgfghd.dll | 2000-1-1 0:25:24
  C:/WINDOWS/system32/jhfrxz.dll | 2000-1-1 0:24:6
  C:/WINDOWS/system32/zsdgff.dll | 2000-1-1 0:23:40
  C:/WINDOWS/system32/dndsaf.dll | 2000-1-1 0:23:2
  C:/WINDOWS/system32/wyrsdj.dll | 2000-1-1 0:22:22
  C:/WINDOWS/system32/fmcvxy.dll | 2000-1-1 0:22:0
  C:/WINDOWS/system32/tdggrz.dll | 2000-1-1 0:21:6
  C:/WINDOWS/system32/zycdex.dll | 2000-1-1 0:19:46
  C:/WINDOWS/system32/fsrgeb.dll | 2000-1-1 0:19:26
  C:/WINDOWS/system32/zgtwfx.dll | 2000-1-1 0:19:4
  C:/WINDOWS/system32/tdfhex.dll | 2000-1-1 0:17:46
  C:/WINDOWS/system32/tdffdl.dll | 2000-1-1 0:14:34
  C:/WINDOWS/system32/wklsdd.dll | 2000-1-1 0:13:38
  C:/WINDOWS/system32/mttwfh.dll | 2000-1-1 0:12:48
C:/windows/system32/csrss.exe* 508 | 2004-8-23 16:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Client Server Runtime Process | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | CSRSS.Exe | CSRSS.Exe
  C:/windows/system32/gdipro.dll | 2005-7-26 12:39:50
  C:/windows/system32/csrss.dll | 2005-7-26 12:39:50
  C:/windows/system32/sys05026.dll | 2005-7-26 12:39:50
C:/windows/system32/winlogon.exe* 532 | 2004-8-23 16:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Windows NT Logon Application | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | winlogon | WINLOGON.EXE
  C:/windows/system32/HBmhly.dll | 2000-1-1 0:35:6
  C:/windows/system32/HBXY2.dll | 2000-1-2 18:31:12
  C:/windows/system32/HBJXSJ.dll | 2000-1-2 0:46:4
  C:/windows/system32/HBSO2.dll | 2000-1-1 0:5:58
  C:/windows/system32/HBASKTAO.dll | 2000-1-2 18:29:56
  C:/windows/system32/HBWOW.dll | 2000-1-1 0:37:44
  C:/windows/system32/HBBO.dll | 2000-1-1 0:7:38
  C:/windows/system32/HBDNF.dll | 2000-1-1 0:10:20
  C:/windows/system32/HBTL.dll | 2000-1-1 0:6:52
  C:/windows/system32/HBQQSG.dll | 2000-1-1 0:30:40
  C:/windows/system32/HBQQFFO.dll | 2000-1-1 0:25:26
  C:/windows/system32/HBYY.dll | 2000-1-2 18:30:30
  C:/windows/system32/HBQQXX.dll | 2000-1-1 0:28:0
  C:/windows/system32/HBWD.dll | 2000-1-1 0:33:48
  C:/windows/system32/HBJTLQ.dll | 2000-1-1 0:22:38
  C:/windows/system32/HBZHUXIAN.dll | 2000-1-1 0:25:2
  C:/windows/system32/winlib .dll
  C:/WINDOWS/system32/360mon.dll | 2000-1-1 0:16:28
C:/windows/system32/services.exe* 576 | 2004-8-23 16:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Services and Controller app | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | services.exe | services.exe
  C:/windows/system32/HBmhly.dll | 2000-1-1 0:35:6
  C:/windows/system32/HBXY2.dll | 2000-1-2 18:31:12
  C:/windows/system32/HBJXSJ.dll | 2000-1-2 0:46:4
  C:/windows/system32/HBSO2.dll | 2000-1-1 0:5:58
  C:/windows/system32/HBASKTAO.dll | 2000-1-2 18:29:56
  C:/windows/system32/HBWOW.dll | 2000-1-1 0:37:44
  C:/windows/system32/HBBO.dll | 2000-1-1 0:7:38
  C:/windows/system32/HBDNF.dll | 2000-1-1 0:10:20
  C:/windows/system32/HBTL.dll | 2000-1-1 0:6:52
  C:/windows/system32/HBQQSG.dll | 2000-1-1 0:30:40
  C:/windows/system32/HBQQFFO.dll | 2000-1-1 0:25:26
  C:/windows/system32/HBYY.dll | 2000-1-2 18:30:30
  C:/windows/system32/HBQQXX.dll | 2000-1-1 0:28:0
  C:/windows/system32/HBWD.dll | 2000-1-1 0:33:48
  C:/windows/system32/HBJTLQ.dll | 2000-1-1 0:22:38
  C:/windows/system32/HBZHUXIAN.dll | 2000-1-1 0:25:2
C:/windows/system32/lsass.exe* 588 | 2004-8-23 16:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | LSA Shell (Export Version) | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | lsass.exe | lsass.exe
  C:/windows/system32/HBmhly.dll | 2000-1-1 0:35:6
  C:/windows/system32/HBXY2.dll | 2000-1-2 18:31:12
  C:/windows/system32/HBJXSJ.dll | 2000-1-2 0:46:4
  C:/windows/system32/HBSO2.dll | 2000-1-1 0:5:58
  C:/windows/system32/HBASKTAO.dll | 2000-1-2 18:29:56
  C:/windows/system32/HBWOW.dll | 2000-1-1 0:37:44
  C:/windows/system32/HBBO.dll | 2000-1-1 0:7:38
  C:/windows/system32/HBDNF.dll | 2000-1-1 0:10:20
  C:/windows/system32/HBTL.dll | 2000-1-1 0:6:52
  C:/windows/system32/HBQQSG.dll | 2000-1-1 0:30:40
  C:/windows/system32/HBQQFFO.dll | 2000-1-1 0:25:26
  C:/windows/system32/HBYY.dll | 2000-1-2 18:30:30
  C:/windows/system32/HBQQXX.dll | 2000-1-1 0:28:0
  C:/windows/system32/HBWD.dll | 2000-1-1 0:33:48
  C:/windows/system32/HBJTLQ.dll | 2000-1-1 0:22:38
  C:/windows/system32/HBZHUXIAN.dll | 2000-1-1 0:25:2
C:/windows/system32/svchost.exe* 744 | 2004-8-23 16:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | svchost.exe | svchost.exe
  C:/windows/system32/HBmhly.dll | 2000-1-1 0:35:6
  C:/windows/system32/HBXY2.dll | 2000-1-2 18:31:12
  C:/windows/system32/HBJXSJ.dll | 2000-1-2 0:46:4
  C:/windows/system32/HBSO2.dll | 2000-1-1 0:5:58
  C:/windows/system32/HBASKTAO.dll | 2000-1-2 18:29:56
  C:/windows/system32/HBWOW.dll | 2000-1-1 0:37:44
  C:/windows/system32/HBBO.dll | 2000-1-1 0:7:38
  C:/windows/system32/HBDNF.dll | 2000-1-1 0:10:20
  C:/windows/system32/HBTL.dll | 2000-1-1 0:6:52
  C:/windows/system32/HBQQSG.dll | 2000-1-1 0:30:40
  C:/windows/system32/HBQQFFO.dll | 2000-1-1 0:25:26
  C:/windows/system32/HBYY.dll | 2000-1-2 18:30:30
  C:/windows/system32/HBQQXX.dll | 2000-1-1 0:28:0
  C:/windows/system32/HBWD.dll | 2000-1-1 0:33:48
  C:/windows/system32/HBJTLQ.dll | 2000-1-1 0:22:38
  C:/windows/system32/HBZHUXIAN.dll | 2000-1-1 0:25:2
  C:/windows/system32/spcss.dll | 2005-7-26 12:39:50
  C:/windows/system32/srpcss.dll | 2005-7-26 12:39:50 | Microsoft? Windows? Operating System | 5.1.2600.2726 | Distributed COM Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Microsoft Corporation| ? | rpcss.dll | rpcss.dll
  C:/WINDOWS/system32/sgdewg.dll | 2000-1-1 0:18:24
  C:/WINDOWS/system32/zycdex.dll | 2000-1-1 0:19:46
  C:/WINDOWS/system32/mttwfh.dll | 2000-1-1 0:12:48
  C:/WINDOWS/system32/fsrgeb.dll | 2000-1-1 0:19:26
  C:/WINDOWS/system32/tdggrz.dll | 2000-1-1 0:21:6
  C:/WINDOWS/system32/jdsaex.dll | 2000-1-1 0:21:28
  C:/WINDOWS/system32/zgtwfx.dll | 2000-1-1 0:19:4
  C:/WINDOWS/system32/fmcvxy.dll | 2000-1-1 0:22:0
  C:/WINDOWS/system32/jhfrxz.dll | 2000-1-1 0:24:6
  C:/WINDOWS/system32/wklsdd.dll | 2000-1-1 0:13:38
  C:/WINDOWS/system32/dndsaf.dll | 2000-1-1 0:23:2
  C:/WINDOWS/system32/zsdgff.dll | 2000-1-1 0:23:40
  C:/windows/system32/DA63E650.dll | 2008-10-16 10:28:2
  C:/windows/system32/4BF9CBA3.dll | 2008-10-16 10:27:24
  C:/windows/system32/7ADC2AB1.dll | 2008-10-16 10:26:46
  C:/windows/system32/3474A8C2.dll | 2008-10-16 10:27:46
  C:/windows/system32/22D75360.dll | 2008-10-16 10:27:8
  C:/windows/system32/E4814792.dll | 2008-10-16 10:25:40
  C:/windows/system32/C250CF20.dll | 2008-10-16 10:25:14
  C:/windows/system32/82710040.dll | 2008-10-16 10:24:36
  C:/windows/system32/knx32.dll | 2000-1-1 8:16:12
  C:/windows/system32/122B901E.dll | 2008-10-16 10:24:12
  C:/windows/system32/C56BCC10.dll | 2008-10-16 10:23:52
  C:/windows/system32/DE02F764.dll | 2008-10-16 10:23:36
  C:/windows/system32/43ACDCC5.dll | 2008-10-16 10:23:16
  C:/WINDOWS/system32/kgfghd.dll | 2000-1-1 0:25:24
  C:/WINDOWS/system32/wyrsdj.dll | 2000-1-1 0:22:22
  C:/WINDOWS/system32/hhrdxd.dll | 2000-1-1 0:18:44
  C:/WINDOWS/system32/tdfhex.dll | 2000-1-1 0:17:46
  C:/WINDOWS/system32/ddserh.dll | 2000-1-1 0:16:4
  C:/WINDOWS/system32/tdffdl.dll | 2000-1-1 0:14:34
C:/windows/system32/svchost.exe* 1056 | 2004-8-23 16:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | svchost.exe | svchost.exe
  C:/windows/system32/HBmhly.dll | 2000-1-1 0:35:6
  C:/windows/system32/HBXY2.dll | 2000-1-2 18:31:12
  C:/windows/system32/HBJXSJ.dll | 2000-1-2 0:46:4
  C:/windows/system32/HBSO2.dll | 2000-1-1 0:5:58
  C:/windows/system32/HBASKTAO.dll | 2000-1-2 18:29:56
  C:/windows/system32/HBWOW.dll | 2000-1-1 0:37:44
  C:/windows/system32/HBBO.dll | 2000-1-1 0:7:38
  C:/windows/system32/HBDNF.dll | 2000-1-1 0:10:20
  C:/windows/system32/HBTL.dll | 2000-1-1 0:6:52
  C:/windows/system32/HBQQSG.dll | 2000-1-1 0:30:40
  C:/windows/system32/HBQQFFO.dll | 2000-1-1 0:25:26
  C:/windows/system32/HBYY.dll | 2000-1-2 18:30:30
  C:/windows/system32/HBQQXX.dll | 2000-1-1 0:28:0
  C:/windows/system32/HBWD.dll | 2000-1-1 0:33:48
  C:/windows/system32/HBJTLQ.dll | 2000-1-1 0:22:38
  C:/windows/system32/HBZHUXIAN.dll | 2000-1-1 0:25:2
  C:/windows/system32/upnpsrv.dll | 2004-8-23 16:0:0 | Microsoft(R) Windows(R) Operating System | 7.00.5730.13 | UPnP Device Host Service | ? Microsoft Corporation. All rights reserved. | 7.00.5730.13 (longhorn(wmbla).070711-1130) | Microsoft Corporation| ? | UPNPSRV.DLL | UPNPSRV.DLL
C:/windows/System32/svchost.exe* 1316 | 2004-8-23 16:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | svchost.exe | svchost.exe
  C:/windows/System32/HBmhly.dll | 2000-1-1 0:35:6
  C:/windows/System32/HBXY2.dll | 2000-1-2 18:31:12
  C:/windows/System32/HBJXSJ.dll | 2000-1-2 0:46:4
  C:/windows/System32/HBSO2.dll | 2000-1-1 0:5:58
  C:/windows/System32/HBASKTAO.dll | 2000-1-2 18:29:56
  C:/windows/System32/HBWOW.dll | 2000-1-1 0:37:44
  C:/windows/System32/HBBO.dll | 2000-1-1 0:7:38
  C:/windows/System32/HBDNF.dll | 2000-1-1 0:10:20
  C:/windows/System32/HBTL.dll | 2000-1-1 0:6:52
  C:/windows/System32/HBQQSG.dll | 2000-1-1 0:30:40
  C:/windows/System32/HBQQFFO.dll | 2000-1-1 0:25:26
  C:/windows/System32/HBYY.dll | 2000-1-2 18:30:30
  C:/windows/System32/HBQQXX.dll | 2000-1-1 0:28:0
  C:/windows/System32/HBWD.dll | 2000-1-1 0:33:48
  C:/windows/System32/HBJTLQ.dll | 2000-1-1 0:22:38
  C:/windows/System32/HBZHUXIAN.dll | 2000-1-1 0:25:2
  c:/windows/system32/nerres.dll | 2004-8-17 20:0:0 | STMP | 5.1.2600.2180 | Microsoft STMP Manager API (uses WinSNMP) | Copyright @ 2004 | 5.1.2600.2180 | @ Microsoft Corporation. All rights reserved. | | STMP | STMP.dll
C:/WINDOWS/system32/Userinit.exe* 1604 | 2004-8-23 16:0:0 | Microsoft(R) Windows(R) Operating System | 5, 1, 2600, 2180 | Userinit Logon Application | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation | | USERINIT.EXE | userinit.exe
  C:/WINDOWS/system32/HBmhly.dll | 2000-1-1 0:35:6
  C:/WINDOWS/system32/HBXY2.dll | 2000-1-2 18:31:12
  C:/WINDOWS/system32/HBDNF.dll | 2000-1-1 0:10:20
  C:/WINDOWS/system32/HBTL.dll | 2000-1-1 0:6:52
  C:/WINDOWS/system32/HBQQSG.dll | 2000-1-1 0:30:40
  C:/WINDOWS/system32/HBQQFFO.dll | 2000-1-1 0:25:26
  C:/WINDOWS/system32/HBQQXX.dll | 2000-1-1 0:28:0
  C:/WINDOWS/system32/HBWD.dll | 2000-1-1 0:33:48
  C:/WINDOWS/system32/tdggrz.dll | 2000-1-1 0:21:6
  C:/WINDOWS/system32/jdsaex.dll | 2000-1-1 0:21:28
  C:/WINDOWS/system32/zgtwfx.dll | 2000-1-1 0:19:4
  C:/WINDOWS/system32/fmcvxy.dll | 2000-1-1 0:22:0
  C:/WINDOWS/system32/jhfrxz.dll | 2000-1-1 0:24:6
  C:/WINDOWS/system32/zsdgff.dll | 2000-1-1 0:23:40
  C:/WINDOWS/system32/fsrgeb.dll | 2000-1-1 0:19:26
  C:/WINDOWS/system32/mttwfh.dll | 2000-1-1 0:12:48
  C:/WINDOWS/system32/tdffdl.dll | 2000-1-1 0:14:34
  C:/WINDOWS/system32/zycdex.dll | 2000-1-1 0:19:46
  C:/WINDOWS/system32/wklsdd.dll | 2000-1-1 0:13:38
  C:/WINDOWS/system32/dndsaf.dll | 2000-1-1 0:23:2
  C:/WINDOWS/system32/kgfghd.dll | 2000-1-1 0:25:24
  C:/WINDOWS/system32/wyrsdj.dll | 2000-1-1 0:22:22
  C:/WINDOWS/system32/sgdewg.dll | 2000-1-1 0:18:24
  C:/WINDOWS/system32/tdfhex.dll | 2000-1-1 0:17:46
  C:/WINDOWS/system32/ddserh.dll | 2000-1-1 0:16:4
  C:/WINDOWS/system32/hhrdxd.dll | 2000-1-1 0:18:44
  C:/windows/system32/DA63E650.dll | 2008-10-16 10:28:2
  C:/windows/system32/4BF9CBA3.dll | 2008-10-16 10:27:24
  C:/windows/system32/7ADC2AB1.dll | 2008-10-16 10:26:46
  C:/windows/system32/3474A8C2.dll | 2008-10-16 10:27:46
  C:/windows/system32/22D75360.dll | 2008-10-16 10:27:8
  C:/windows/system32/E4814792.dll | 2008-10-16 10:25:40
  C:/windows/system32/C250CF20.dll | 2008-10-16 10:25:14
  C:/windows/system32/82710040.dll | 2008-10-16 10:24:36
  C:/windows/system32/122B901E.dll | 2008-10-16 10:24:12
  C:/windows/system32/C56BCC10.dll | 2008-10-16 10:23:52
  C:/windows/system32/DE02F764.dll | 2008-10-16 10:23:36
  C:/windows/system32/43ACDCC5.dll | 2008-10-16 10:23:16
C:/windows/explorer.exe* 1664 | 2004-8-23 16:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2900.2180 | Windows Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | explorer | EXPLORER.EXE
  C:/windows/system32/HBmhly.dll | 2000-1-1 0:35:6
  C:/windows/system32/HBXY2.dll | 2000-1-2 18:31:12
  C:/windows/system32/HBJXSJ.dll | 2000-1-2 0:46:4
  C:/windows/system32/HBSO2.dll | 2000-1-1 0:5:58
  C:/windows/system32/HBASKTAO.dll | 2000-1-2 18:29:56
  C:/windows/system32/HBWOW.dll | 2000-1-1 0:37:44
  C:/windows/system32/HBBO.dll | 2000-1-1 0:7:38
  C:/windows/system32/HBDNF.dll | 2000-1-1 0:10:20
  C:/windows/system32/HBTL.dll | 2000-1-1 0:6:52
  C:/windows/system32/HBQQSG.dll | 2000-1-1 0:30:40
  C:/windows/system32/HBQQFFO.dll | 2000-1-1 0:25:26
  C:/windows/system32/HBYY.dll | 2000-1-2 18:30:30
  C:/windows/system32/HBQQXX.dll | 2000-1-1 0:28:0
  C:/windows/system32/HBWD.dll | 2000-1-1 0:33:48
  C:/windows/system32/HBJTLQ.dll | 2000-1-1 0:22:38
  C:/windows/system32/HBZHUXIAN.dll | 2000-1-1 0:25:2
  C:/WINDOWS/system32/mttwfh.dll | 2000-1-1 0:12:48
  C:/WINDOWS/system32/wklsdd.dll | 2000-1-1 0:13:38
  C:/WINDOWS/system32/tdffdl.dll | 2000-1-1 0:14:34
  C:/WINDOWS/system32/ddserh.dll | 2000-1-1 0:16:4
  C:/WINDOWS/system32/tdfhex.dll | 2000-1-1 0:17:46
  C:/WINDOWS/system32/sgdewg.dll | 2000-1-1 0:18:24
  C:/WINDOWS/system32/hhrdxd.dll | 2000-1-1 0:18:44
  C:/WINDOWS/system32/zgtwfx.dll | 2000-1-1 0:19:4
  C:/WINDOWS/system32/fsrgeb.dll | 2000-1-1 0:19:26
  C:/WINDOWS/system32/zycdex.dll | 2000-1-1 0:19:46
  C:/WINDOWS/system32/tdggrz.dll | 2000-1-1 0:21:6
  C:/WINDOWS/system32/jdsaex.dll | 2000-1-1 0:21:28
  C:/WINDOWS/system32/fmcvxy.dll | 2000-1-1 0:22:0
  C:/WINDOWS/system32/wyrsdj.dll | 2000-1-1 0:22:22
  C:/WINDOWS/system32/dndsaf.dll | 2000-1-1 0:23:2
  C:/WINDOWS/system32/zsdgff.dll | 2000-1-1 0:23:40
  C:/WINDOWS/system32/jhfrxz.dll | 2000-1-1 0:24:6
  C:/WINDOWS/system32/kgfghd.dll | 2000-1-1 0:25:24
  C:/windows/system32/43ACDCC5.dll | 2008-10-16 10:23:16
  C:/windows/system32/DE02F764.dll | 2008-10-16 10:23:36
  C:/windows/system32/C56BCC10.dll | 2008-10-16 10:23:52
  C:/windows/system32/122B901E.dll | 2008-10-16 10:24:12
  C:/windows/system32/82710040.dll | 2008-10-16 10:24:36
  C:/windows/system32/C250CF20.dll | 2008-10-16 10:25:14
  C:/windows/system32/E4814792.dll | 2008-10-16 10:25:40
  C:/windows/system32/22D75360.dll | 2008-10-16 10:27:8
  C:/windows/system32/3474A8C2.dll | 2008-10-16 10:27:46
  C:/windows/system32/7ADC2AB1.dll | 2008-10-16 10:26:46
  C:/windows/system32/4BF9CBA3.dll | 2008-10-16 10:27:24
  C:/windows/system32/DA63E650.dll | 2008-10-16 10:28:2
  C:/windows/system32/B3721C07.dll | 2008-10-16 10:28:36
  C:/windows/system32/4EFDDEBE.dll | 2008-10-16 10:28:54
  C:/windows/system32/8566F82E.dll | 2008-10-16 10:29:14
  C:/windows/system32/495271CA.dll | 2008-10-16 10:29:34
  C:/windows/system32/08223B03.dll | 2008-10-16 10:29:56
  C:/windows/system32/9CA963CA.dll | 2008-10-16 10:30:18
  C:/windows/system32/58FF3024.dll | 2000-1-1 0:13:10
  C:/windows/system32/D7C79813.dll | 2000-1-1 0:11:18
  C:/windows/system32/CABA599D.dll | 2000-1-2 0:47:48
  C:/windows/system32/3D144530.dll | 2000-1-2 0:48:10
  C:/windows/system32/E3367679.dll | 2000-1-2 0:51:40
  C:/windows/system32/12B02216.dll | 2000-1-2 0:51:0
  C:/windows/system32/9F684DE8.dll | 2000-1-2 0:52:24
  C:/windows/system32/E0D39066.dll | 2000-1-2 0:56:14
  C:/windows/system32/DFEC5CB7.dll | 2000-1-1 0:16:2
  C:/windows/system32/2EF0D734.dll | 2000-1-1 0:16:26
  C:/Program Files/Internet Explorer/53u1ttMe.2ys | 2000-1-1 0:52:8
  C:/windows/system32/BA7EDF54.dll | 2000-1-1 0:39:36
  C:/windows/system32/F65BDEC7.dll | 2000-1-1 0:40:32
  C:/windows/system32/66AFCB56.dll | 2000-1-1 0:44:38
  C:/windows/system32/3F21AA0C.dll | 2000-1-1 0:22:32
  C:/windows/system32/59964D2B.dll | 2000-1-1 0:23:36
  C:/windows/system32/F2CBFAC4.dll | 2000-1-1 0:24:8
  C:/windows/system32/F8E07BB2.dll | 2000-1-1 0:24:6
  C:/windows/system32/E5D39975.dll | 2000-1-1 0:24:44
  C:/windows/system32/4D023DE9.dll | 2000-1-1 0:26:36
  C:/windows/system32/93DEE065.dll | 2000-1-1 0:27:26
  C:/windows/system32/C8FFD223.dll | 2000-1-1 0:27:52
  C:/windows/system32/5243F5FA.dll | 2000-1-1 0:41:58
  C:/windows/system32/01AFE3DC.dll | 2000-1-1 0:39:2
  C:/windows/system32/70B0129E.dll | 2000-1-1 0:27:56
  C:/windows/Fonts/Framdee.ttf | 2000-1-1 8:13:56
  C:/windows/system32/upnpsrv.dll | 2004-8-23 16:0:0 | Microsoft(R) Windows(R) Operating System | 7.00.5730.13 | UPnP Device Host Service | ? Microsoft Corporation. All rights reserved. | 7.00.5730.13 (longhorn(wmbla).070711-1130) | Microsoft Corporation| ? | UPNPSRV.DLL | UPNPSRV.DLL
  C:/windows/Downloaded Program Files/ThunderAdvise.dll | 2000-1-1 0:28:6 | ThunderAdvise Module | 5, 0, 8, 74 | ThunderAdvise Module | Copyright 2004-2008 | 5, 0, 8, 74 | Thunder Networking Technologies,LTD| ? | ThunderAdvise| ?
  C:/windows/system32/alalin.dll | 2000-1-1 8:16:22
C:/windows/system32/ctfmon.exe* 1864 | 2004-8-23 16:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | CTF Loader | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | CTFMON | CTFMON.EXE
  C:/windows/system32/HBmhly.dll | 2000-1-1 0:35:6
  C:/windows/system32/HBXY2.dll | 2000-1-2 18:31:12
  C:/windows/system32/HBJXSJ.dll | 2000-1-2 0:46:4
  C:/windows/system32/HBSO2.dll | 2000-1-1 0:5:58
  C:/windows/system32/HBASKTAO.dll | 2000-1-2 18:29:56
  C:/windows/system32/HBWOW.dll | 2000-1-1 0:37:44
  C:/windows/system32/HBBO.dll | 2000-1-1 0:7:38
  C:/windows/system32/HBDNF.dll | 2000-1-1 0:10:20
  C:/windows/system32/HBTL.dll | 2000-1-1 0:6:52
  C:/windows/system32/HBQQSG.dll | 2000-1-1 0:30:40
  C:/windows/system32/HBQQFFO.dll | 2000-1-1 0:25:26
  C:/windows/system32/HBYY.dll | 2000-1-2 18:30:30
  C:/windows/system32/HBQQXX.dll | 2000-1-1 0:28:0
  C:/windows/system32/HBWD.dll | 2000-1-1 0:33:48
  C:/windows/system32/HBJTLQ.dll | 2000-1-1 0:22:38
  C:/windows/system32/HBZHUXIAN.dll | 2000-1-1 0:25:2
  C:/WINDOWS/system32/mttwfh.dll | 2000-1-1 0:12:48
  C:/WINDOWS/system32/tdggrz.dll | 2000-1-1 0:21:6
  C:/WINDOWS/system32/zycdex.dll | 2000-1-1 0:19:46
  C:/WINDOWS/system32/fsrgeb.dll | 2000-1-1 0:19:26
  C:/WINDOWS/system32/ddserh.dll | 2000-1-1 0:16:4
  C:/WINDOWS/system32/tdffdl.dll | 2000-1-1 0:14:34
  C:/WINDOWS/system32/wklsdd.dll | 2000-1-1 0:13:38
  C:/WINDOWS/system32/zgtwfx.dll | 2000-1-1 0:19:4
  C:/WINDOWS/system32/hhrdxd.dll | 2000-1-1 0:18:44
  C:/WINDOWS/system32/sgdewg.dll | 2000-1-1 0:18:24
  C:/WINDOWS/system32/tdfhex.dll | 2000-1-1 0:17:46
  C:/WINDOWS/system32/jdsaex.dll | 2000-1-1 0:21:28
  C:/WINDOWS/system32/kgfghd.dll | 2000-1-1 0:25:24
  C:/WINDOWS/system32/jhfrxz.dll | 2000-1-1 0:24:6
  C:/WINDOWS/system32/zsdgff.dll | 2000-1-1 0:23:40
  C:/WINDOWS/system32/dndsaf.dll | 2000-1-1 0:23:2
  C:/WINDOWS/system32/wyrsdj.dll | 2000-1-1 0:22:22
  C:/WINDOWS/system32/fmcvxy.dll | 2000-1-1 0:22:0
  C:/windows/system32/3474A8C2.dll | 2008-10-16 10:27:46
  C:/windows/system32/22D75360.dll | 2008-10-16 10:27:8
  C:/windows/system32/E4814792.dll | 2008-10-16 10:25:40
  C:/windows/system32/C250CF20.dll | 2008-10-16 10:25:14
  C:/windows/system32/82710040.dll | 2008-10-16 10:24:36
  C:/windows/system32/122B901E.dll | 2008-10-16 10:24:12
  C:/windows/system32/C56BCC10.dll | 2008-10-16 10:23:52
  C:/windows/system32/DE02F764.dll | 2008-10-16 10:23:36
  C:/windows/system32/43ACDCC5.dll | 2008-10-16 10:23:16
  C:/windows/system32/DA63E650.dll | 2008-10-16 10:28:2
  C:/windows/system32/4BF9CBA3.dll | 2008-10-16 10:27:24
  C:/windows/system32/7ADC2AB1.dll | 2008-10-16 10:26:46
C:/windows/system32/rundll32.exe* 2768 | 2004-8-23 16:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Run a DLL as an App | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | rundll | RUNDLL.EXE
  C:/windows/system32/HBmhly.dll | 2000-1-1 0:35:6
  C:/windows/system32/HBXY2.dll | 2000-1-2 18:31:12
  C:/windows/system32/HBDNF.dll | 2000-1-1 0:10:20
  C:/windows/system32/HBTL.dll | 2000-1-1 0:6:52
  C:/windows/system32/HBQQSG.dll | 2000-1-1 0:30:40
  C:/windows/system32/HBQQFFO.dll | 2000-1-1 0:25:26
  C:/windows/system32/HBQQXX.dll | 2000-1-1 0:28:0
  C:/windows/system32/HBWD.dll | 2000-1-1 0:33:48
  C:/windows/MKMKrnl.dll | 2000-1-1 0:27:22
  C:/WINDOWS/system32/wyrsdj.dll | 2000-1-1 0:22:22
  C:/WINDOWS/system32/fmcvxy.dll | 2000-1-1 0:22:0
  C:/WINDOWS/system32/fsrgeb.dll | 2000-1-1 0:19:26
  C:/WINDOWS/system32/sgdewg.dll | 2000-1-1 0:18:24
  C:/windows/system32/DA63E650.dll | 2008-10-16 10:28:2
  C:/windows/system32/4BF9CBA3.dll | 2008-10-16 10:27:24
  C:/windows/system32/7ADC2AB1.dll | 2008-10-16 10:26:46
  C:/windows/system32/3474A8C2.dll | 2008-10-16 10:27:46
  C:/windows/system32/22D75360.dll | 2008-10-16 10:27:8
  C:/windows/system32/E4814792.dll | 2008-10-16 10:25:40
  C:/windows/system32/C250CF20.dll | 2008-10-16 10:25:14
  C:/windows/system32/82710040.dll | 2008-10-16 10:24:36
  C:/windows/system32/122B901E.dll | 2008-10-16 10:24:12
  C:/windows/system32/C56BCC10.dll | 2008-10-16 10:23:52
  C:/windows/system32/DE02F764.dll | 2008-10-16 10:23:36
  C:/windows/system32/43ACDCC5.dll | 2008-10-16 10:23:16
  C:/WINDOWS/system32/kgfghd.dll | 2000-1-1 0:25:24
  C:/WINDOWS/system32/jhfrxz.dll | 2000-1-1 0:24:6
  C:/WINDOWS/system32/zsdgff.dll | 2000-1-1 0:23:40
  C:/WINDOWS/system32/dndsaf.dll | 2000-1-1 0:23:2
  C:/WINDOWS/system32/jdsaex.dll | 2000-1-1 0:21:28
  C:/WINDOWS/system32/tdggrz.dll | 2000-1-1 0:21:6
  C:/WINDOWS/system32/zycdex.dll | 2000-1-1 0:19:46
  C:/WINDOWS/system32/zgtwfx.dll | 2000-1-1 0:19:4
  C:/WINDOWS/system32/hhrdxd.dll | 2000-1-1 0:18:44
  C:/WINDOWS/system32/tdfhex.dll | 2000-1-1 0:17:46
  C:/WINDOWS/system32/ddserh.dll | 2000-1-1 0:16:4
  C:/WINDOWS/system32/tdffdl.dll | 2000-1-1 0:14:34
  C:/WINDOWS/system32/wklsdd.dll | 2000-1-1 0:13:38
  C:/WINDOWS/system32/mttwfh.dll | 2000-1-1 0:12:48
C:/windows/system32/System.exe * 3056 | 2008-10-16 10:21:40 | HB Inject Application | 1, 2, 1, 1007 | HB Inject Application Version 1.2.1.1007 | Copyright ? 2008, HB Software | 1, 2, 1, 1007 | HB Software| ? | HBInject | HBInject.exe
  C:/windows/system32/HBmhly.dll | 2000-1-1 0:35:6
  C:/windows/system32/HBXY2.dll | 2000-1-2 18:31:12
  C:/windows/system32/HBJXSJ.dll | 2000-1-2 0:46:4
  C:/windows/system32/HBSO2.dll | 2000-1-1 0:5:58
  C:/windows/system32/HBASKTAO.dll | 2000-1-2 18:29:56
  C:/windows/system32/HBWOW.dll | 2000-1-1 0:37:44
  C:/windows/system32/HBBO.dll | 2000-1-1 0:7:38
  C:/windows/system32/HBDNF.dll | 2000-1-1 0:10:20
  C:/windows/system32/HBTL.dll | 2000-1-1 0:6:52
  C:/windows/system32/HBQQSG.dll | 2000-1-1 0:30:40
  C:/windows/system32/HBQQFFO.dll | 2000-1-1 0:25:26
  C:/windows/system32/HBYY.dll | 2000-1-2 18:30:30
  C:/windows/system32/HBQQXX.dll | 2000-1-1 0:28:0
  C:/windows/system32/HBWD.dll | 2000-1-1 0:33:48
  C:/windows/system32/HBJTLQ.dll | 2000-1-1 0:22:38
  C:/windows/system32/HBZHUXIAN.dll | 2000-1-1 0:25:2
  C:/WINDOWS/system32/tdggrz.dll | 2000-1-1 0:21:6
  C:/WINDOWS/system32/hhrdxd.dll | 2000-1-1 0:18:44
  C:/WINDOWS/system32/zycdex.dll | 2000-1-1 0:19:46
  C:/WINDOWS/system32/fmcvxy.dll | 2000-1-1 0:22:0
  C:/WINDOWS/system32/tdfhex.dll | 2000-1-1 0:17:46
  C:/windows/system32/DA63E650.dll | 2008-10-16 10:28:2
  C:/windows/system32/4BF9CBA3.dll | 2008-10-16 10:27:24
  C:/windows/system32/7ADC2AB1.dll | 2008-10-16 10:26:46
  C:/windows/system32/3474A8C2.dll | 2008-10-16 10:27:46
  C:/windows/system32/22D75360.dll | 2008-10-16 10:27:8
  C:/windows/system32/E4814792.dll | 2008-10-16 10:25:40
  C:/windows/system32/C250CF20.dll | 2008-10-16 10:25:14
  C:/windows/system32/82710040.dll | 2008-10-16 10:24:36
  C:/windows/system32/122B901E.dll | 2008-10-16 10:24:12
  C:/windows/system32/C56BCC10.dll | 2008-10-16 10:23:52
  C:/windows/system32/DE02F764.dll | 2008-10-16 10:23:36
  C:/windows/system32/43ACDCC5.dll | 2008-10-16 10:23:16
  C:/WINDOWS/system32/kgfghd.dll | 2000-1-1 0:25:24
  C:/WINDOWS/system32/jhfrxz.dll | 2000-1-1 0:24:6
  C:/WINDOWS/system32/zsdgff.dll | 2000-1-1 0:23:40
  C:/WINDOWS/system32/dndsaf.dll | 2000-1-1 0:23:2
  C:/WINDOWS/system32/wyrsdj.dll | 2000-1-1 0:22:22
  C:/WINDOWS/system32/jdsaex.dll | 2000-1-1 0:21:28
  C:/WINDOWS/system32/fsrgeb.dll | 2000-1-1 0:19:26
  C:/WINDOWS/system32/zgtwfx.dll | 2000-1-1 0:19:4
  C:/WINDOWS/system32/sgdewg.dll | 2000-1-1 0:18:24
  C:/WINDOWS/system32/ddserh.dll | 2000-1-1 0:16:4
  C:/WINDOWS/system32/tdffdl.dll | 2000-1-1 0:14:34
  C:/WINDOWS/system32/wklsdd.dll | 2000-1-1 0:13:38
  C:/WINDOWS/system32/mttwfh.dll | 2000-1-1 0:12:48
C:/windows/system32/rundll32.exe* 3144 | 2004-8-23 16:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Run a DLL as an App | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | rundll | RUNDLL.EXE
  C:/windows/system32/HBmhly.dll | 2000-1-1 0:35:6
  C:/windows/system32/HBXY2.dll | 2000-1-2 18:31:12
  C:/windows/system32/HBDNF.dll | 2000-1-1 0:10:20
  C:/windows/system32/HBTL.dll | 2000-1-1 0:6:52
  C:/windows/system32/HBQQSG.dll | 2000-1-1 0:30:40
  C:/windows/system32/HBQQFFO.dll | 2000-1-1 0:25:26
  C:/windows/system32/HBQQXX.dll | 2000-1-1 0:28:0
  C:/windows/system32/HBWD.dll | 2000-1-1 0:33:48
  C:/windows/Update.dll | 2000-1-1 0:22:10
  C:/WINDOWS/system32/tdfhex.dll | 2000-1-1 0:17:46
  C:/WINDOWS/system32/zsdgff.dll | 2000-1-1 0:23:40
  C:/WINDOWS/system32/hhrdxd.dll | 2000-1-1 0:18:44
  C:/WINDOWS/system32/fmcvxy.dll | 2000-1-1 0:22:0
  C:/WINDOWS/system32/zgtwfx.dll | 2000-1-1 0:19:4
  C:/WINDOWS/system32/zycdex.dll | 2000-1-1 0:19:46
  C:/windows/system32/DA63E650.dll | 2008-10-16 10:28:2
  C:/windows/system32/4BF9CBA3.dll | 2008-10-16 10:27:24
  C:/windows/system32/7ADC2AB1.dll | 2008-10-16 10:26:46
  C:/windows/system32/3474A8C2.dll | 2008-10-16 10:27:46
  C:/windows/system32/22D75360.dll | 2008-10-16 10:27:8
  C:/windows/system32/E4814792.dll | 2008-10-16 10:25:40
  C:/windows/system32/C250CF20.dll | 2008-10-16 10:25:14
  C:/windows/system32/82710040.dll | 2008-10-16 10:24:36
  C:/windows/system32/122B901E.dll | 2008-10-16 10:24:12
  C:/windows/system32/C56BCC10.dll | 2008-10-16 10:23:52
  C:/windows/system32/DE02F764.dll | 2008-10-16 10:23:36
  C:/windows/system32/43ACDCC5.dll | 2008-10-16 10:23:16
  C:/WINDOWS/system32/kgfghd.dll | 2000-1-1 0:25:24
  C:/WINDOWS/system32/jhfrxz.dll | 2000-1-1 0:24:6
  C:/WINDOWS/system32/dndsaf.dll | 2000-1-1 0:23:2
  C:/WINDOWS/system32/wyrsdj.dll | 2000-1-1 0:22:22
  C:/WINDOWS/system32/jdsaex.dll | 2000-1-1 0:21:28
  C:/WINDOWS/system32/tdggrz.dll | 2000-1-1 0:21:6
  C:/WINDOWS/system32/fsrgeb.dll | 2000-1-1 0:19:26
  C:/WINDOWS/system32/sgdewg.dll | 2000-1-1 0:18:24
  C:/WINDOWS/system32/ddserh.dll | 2000-1-1 0:16:4
  C:/WINDOWS/system32/tdffdl.dll | 2000-1-1 0:14:34
  C:/WINDOWS/system32/wklsdd.dll | 2000-1-1 0:13:38
  C:/WINDOWS/system32/mttwfh.dll | 2000-1-1 0:12:48
C:/windows/system32/rundll32.exe* 3236 | 2004-8-23 16:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Run a DLL as an App | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | rundll | RUNDLL.EXE
  C:/windows/system32/HBmhly.dll | 2000-1-1 0:35:6
  C:/windows/system32/HBXY2.dll | 2000-1-2 18:31:12
  C:/windows/system32/HBDNF.dll | 2000-1-1 0:10:20
  C:/windows/system32/HBTL.dll | 2000-1-1 0:6:52
  C:/windows/system32/HBQQSG.dll | 2000-1-1 0:30:40
  C:/windows/system32/HBQQFFO.dll | 2000-1-1 0:25:26
  C:/windows/system32/HBQQXX.dll | 2000-1-1 0:28:0
  C:/windows/system32/HBWD.dll | 2000-1-1 0:33:48
  C:/windows/MPKrnl.dll | 2000-1-1 0:27:46
  C:/WINDOWS/system32/tdffdl.dll | 2000-1-1 0:14:34
  C:/WINDOWS/system32/zgtwfx.dll | 2000-1-1 0:19:4
  C:/WINDOWS/system32/fmcvxy.dll | 2000-1-1 0:22:0
  C:/WINDOWS/system32/dndsaf.dll | 2000-1-1 0:23:2
  C:/windows/system32/DA63E650.dll | 2008-10-16 10:28:2
  C:/windows/system32/4BF9CBA3.dll | 2008-10-16 10:27:24
  C:/windows/system32/7ADC2AB1.dll | 2008-10-16 10:26:46
  C:/windows/system32/3474A8C2.dll | 2008-10-16 10:27:46
  C:/windows/system32/22D75360.dll | 2008-10-16 10:27:8
  C:/windows/system32/E4814792.dll | 2008-10-16 10:25:40
  C:/windows/system32/C250CF20.dll | 2008-10-16 10:25:14
  C:/windows/system32/82710040.dll | 2008-10-16 10:24:36
  C:/windows/system32/122B901E.dll | 2008-10-16 10:24:12
  C:/windows/system32/C56BCC10.dll | 2008-10-16 10:23:52
  C:/windows/system32/DE02F764.dll | 2008-10-16 10:23:36
  C:/windows/system32/43ACDCC5.dll | 2008-10-16 10:23:16
  C:/WINDOWS/system32/kgfghd.dll | 2000-1-1 0:25:24
  C:/WINDOWS/system32/jhfrxz.dll | 2000-1-1 0:24:6
  C:/WINDOWS/system32/zsdgff.dll | 2000-1-1 0:23:40
  C:/WINDOWS/system32/wyrsdj.dll | 2000-1-1 0:22:22
  C:/WINDOWS/system32/jdsaex.dll | 2000-1-1 0:21:28
  C:/WINDOWS/system32/tdggrz.dll | 2000-1-1 0:21:6
  C:/WINDOWS/system32/zycdex.dll | 2000-1-1 0:19:46
  C:/WINDOWS/system32/fsrgeb.dll | 2000-1-1 0:19:26
  C:/WINDOWS/system32/hhrdxd.dll | 2000-1-1 0:18:44
  C:/WINDOWS/system32/sgdewg.dll | 2000-1-1 0:18:24
  C:/WINDOWS/system32/tdfhex.dll | 2000-1-1 0:17:46
  C:/WINDOWS/system32/ddserh.dll | 2000-1-1 0:16:4
  C:/WINDOWS/system32/wklsdd.dll | 2000-1-1 0:13:38
  C:/WINDOWS/system32/mttwfh.dll | 2000-1-1 0:12:48
C:/windows/system32/woauolt.exe * 3576 | 2008-10-16 10:13:10
  C:/windows/system32/woauolt.exe | 2008-10-16 10:13:10
  C:/windows/system32/HBmhly.dll | 2000-1-1 0:35:6
  C:/windows/system32/HBXY2.dll | 2000-1-2 18:31:12
  C:/windows/system32/HBJXSJ.dll | 2000-1-2 0:46:4
  C:/windows/system32/HBSO2.dll | 2000-1-1 0:5:58
  C:/windows/system32/HBASKTAO.dll | 2000-1-2 18:29:56
  C:/windows/system32/HBWOW.dll | 2000-1-1 0:37:44
  C:/windows/system32/HBBO.dll | 2000-1-1 0:7:38
  C:/windows/system32/HBDNF.dll | 2000-1-1 0:10:20
  C:/windows/system32/HBTL.dll | 2000-1-1 0:6:52
  C:/windows/system32/HBQQSG.dll | 2000-1-1 0:30:40
  C:/windows/system32/HBQQFFO.dll | 2000-1-1 0:25:26
  C:/windows/system32/HBYY.dll | 2000-1-2 18:30:30
  C:/windows/system32/HBQQXX.dll | 2000-1-1 0:28:0
  C:/windows/system32/HBWD.dll | 2000-1-1 0:33:48
  C:/windows/system32/HBJTLQ.dll | 2000-1-1 0:22:38
  C:/windows/system32/HBZHUXIAN.dll | 2000-1-1 0:25:2
  C:/WINDOWS/system32/jhfrxz.dll | 2000-1-1 0:24:6
  C:/WINDOWS/system32/tdggrz.dll | 2000-1-1 0:21:6
  C:/WINDOWS/system32/dndsaf.dll | 2000-1-1 0:23:2
  C:/WINDOWS/system32/fsrgeb.dll | 2000-1-1 0:19:26
  C:/WINDOWS/system32/zsdgff.dll | 2000-1-1 0:23:40
  C:/WINDOWS/system32/sgdewg.dll | 2000-1-1 0:18:24
  C:/WINDOWS/system32/zycdex.dll | 2000-1-1 0:19:46
  C:/windows/system32/DA63E650.dll | 2008-10-16 10:28:2
  C:/windows/system32/4BF9CBA3.dll | 2008-10-16 10:27:24
  C:/windows/system32/7ADC2AB1.dll | 2008-10-16 10:26:46
  C:/windows/system32/3474A8C2.dll | 2008-10-16 10:27:46
  C:/windows/system32/22D75360.dll | 2008-10-16 10:27:8
  C:/windows/system32/E4814792.dll | 2008-10-16 10:25:40
  C:/windows/system32/C250CF20.dll | 2008-10-16 10:25:14
  C:/windows/system32/82710040.dll | 2008-10-16 10:24:36
  C:/windows/system32/122B901E.dll | 2008-10-16 10:24:12
  C:/windows/system32/C56BCC10.dll | 2008-10-16 10:23:52
  C:/windows/system32/DE02F764.dll | 2008-10-16 10:23:36
  C:/windows/system32/43ACDCC5.dll | 2008-10-16 10:23:16
  C:/WINDOWS/system32/kgfghd.dll | 2000-1-1 0:25:24
  C:/WINDOWS/system32/wyrsdj.dll | 2000-1-1 0:22:22
  C:/WINDOWS/system32/fmcvxy.dll | 2000-1-1 0:22:0
  C:/WINDOWS/system32/jdsaex.dll | 2000-1-1 0:21:28
  C:/WINDOWS/system32/zgtwfx.dll | 2000-1-1 0:19:4
  C:/WINDOWS/system32/hhrdxd.dll | 2000-1-1 0:18:44
  C:/WINDOWS/system32/tdfhex.dll | 2000-1-1 0:17:46
  C:/WINDOWS/system32/ddserh.dll | 2000-1-1 0:16:4
  C:/WINDOWS/system32/tdffdl.dll | 2000-1-1 0:14:34
  C:/WINDOWS/system32/wklsdd.dll | 2000-1-1 0:13:38
  C:/WINDOWS/system32/mttwfh.dll | 2000-1-1 0:12:48
F2 - REG: system.ini: UserInit=C:/WINDOWS/system32/Userinit.exe,

O2 - BHO Info cache - {285AB8C6-FB22-4D17-8834-064E2BA0A6F0} -C:/windows/Poss/pbhealth.dll
O2 - BHO ThunderHlpObj Class - {97421D0D-E07F-40DF-8F07-99597B9585AD} -C:/windows/Downloaded Program Files/ThunderAdvise.dll
O2 - BHO - {F6A454AE-156A-415E-9F89-3795677A8A91} -C:/Program Files/Internet Explorer/53u1ttMe.2ys
O4 - HKLM/../Run: [361kary]C:/windows/system32/woauolt.exe
O4 - HKLM/../Run: [HBService32] System.exe
O4 - HKLM/../Run: [3PMmUpdate] rundll32 C:/windows/Update.dll" ,Main
O4 - HKLM/../Run: [MPKrnl] rundll32 C:/windows/MPKrnl.dll" ,KrnlMsgProc
O4 - HKLM/../Policies/Explorer/Run: [visin]C:/windows/system32/visin.exe
O4 - HKLM/../Policies/Explorer/Run: [kcodn] knx32.exe
O4 - HKLM/../Policies/Explorer/Run: [nwiz] alalin.exe
O4 - HKLM/../Policies/Explorer/Run: [MPMKrnl] rundll32 C:/windows/MKMKrnl.dll" ,KMainProc
O20 - AppInit_DLLs = HBmhly.dll,HBXY2.dll,HBJXSJ.dll,HBSO2.dll,HBASKTAO.dll,HBWOW.dll,HBBO.dll,HBDNF.dll,HBTL.dll,HBQQSG.dll,HBQQFFO.dll,HBYY.dll,HBQQXX.dll,HBWD.dll,HBJTLQ.dll,cenbezn.dll,meyotme.dll,batteo.dll,rexljeh.dll,docyanx.dll,qanhllao.dll,zongxim.dll,wonlins.dll,zesttns.dll,kodens.dll,lenyuns.dll,jolends.dll,xuntxn.dll,qqlemen.dll,tldcoco.dll,delnice.dll
O20 - Winlogon Notify: xy3safe -C:/WINDOWS/system32/360mon.dll
O21 - SSODL - Upnp(A) - {DE01DA19-A6A8-EB80-4D47-248DEB2A9399} =C:/windows/system32/upnpsrv.dll
O21 - SSODL - ThunderAdvise(ThunderHlpObj Class) - {97421D0D-E07F-40DF-8F07-99597B9585AD} =C:/windows/Downloaded Program Files/ThunderAdvise.dll
O23 - 服务: 19b5406 (19b5406) -C:/windows/system32/19b5406.sys | 2000-1-1 0:12:8(手动)
O23 - 服务: 4901228 (4901228) -C:/windows/system32/4901228.sys | 2008-10-16 10:23:14(手动)
O23 - 服务: 4c70249 (4c70249) -C:/windows/system32/4c70249.sys | 2008-10-16 10:25:38(手动)
O23 - 服务: 5102a80 (5102a80) -C:/windows/system32/5102a80.sys | 2000-1-2 0:54:28(手动)
O23 - 服务: 8882fa1 (8882fa1) -C:/windows/system32/8882fa1.sys | 2008-10-16 10:26:20(手动)
O23 - 服务: 9fd8db (9fd8db) -C:/windows/system32/9fd8db.sys | 2000-1-2 0:47:46(手动)
O23 - 服务: acpidisk (acpidisk) -C:/windows/system32/drivers/acpidisk.sys | 2008-11-12 10:27:44(自动)
O23 - 服务: aecff9 (aecff9) -C:/windows/system32/aecff9.sys | 2008-10-16 10:24:12(手动)
O23 - 服务: AlerMang (Alerter Manager) - C:/windows/System32/svchost.exe -k krnlsrvc ->C:/windows/system32/Nerres.dll | 2004-8-17 20:0:0 | STMP | 5.1.2600.2180 | Microsoft STMP Manager API (uses WinSNMP) | Copyright @ 2004 | 5.1.2600.2180 | @ Microsoft Corporation. All rights reserved. | | STMP | STMP.dll(自动)
O23 - 服务: aliimz () - System32/Drivers/aliimz.sys (手动)
O23 - 服务: c39e8db (c39e8db) -C:/windows/system32/c39e8db.sys | 2000-1-1 0:25:52(手动)
O23 - 服务: c551839 (c551839) -C:/windows/system32/c551839.sys | 2008-10-16 10:26:44(手动)
O23 - 服务: ca99d57 (ca99d57) -C:/windows/system32/ca99d57.sys | 2000-1-1 0:39:30(手动)
O23 - 服务: cceus (cceus) - system32/drivers/cceus.sys (引导)
O23 - 服务: d4f876 (d4f876) -C:/windows/system32/d4f876.sys | 2008-10-16 10:23:52(手动)
O23 - 服务: d7b49fa (d7b49fa) -C:/windows/system32/d7b49fa.sys | 2000-1-1 0:22:16(手动)
O23 - 服务: elsuo (elsuo) -C:/DOCUME~1/user/LOCALS~1/Temp/_tmp.bat (手动)
O23 - 服务: HBKernel32 (HBKernel32 Driver) - system32/drivers/HBKernel32.sys (引导)
O23 - 服务: msiffei () - System32/Drivers/msiffei.sys (手动)
O23 - 服务: pppccc (pppccc) -C:/WINDOWS/system32/drivers/pppccc.sys | 2000-1-1 0:14:6(手动)
O23 - 服务: SafeMon0 (360 safe mon) -C:/windows/system32/SafeMon0.sys | 2000-1-1 0:16:40(系统)
O24 - ShlExecHook: [MICROSOFT] - {021F087F-4378-545F-74FA-37D345AD7A8C} =C:/WINDOWS/system32/mttwfh.dll
O24 - ShlExecHook: [MICROSOFT] - {E8A3B193-77E3-4FB3-986D-F4FA4828BAFC} =C:/WINDOWS/system32/wklsdd.dll
O24 - ShlExecHook: [MICROSOFT] - {C0595A7E-2E2F-4B34-A83A-019270A0A464} =C:/WINDOWS/system32/tdffdl.dll
O24 - ShlExecHook: [MICROSOFT] - {A9895933-6636-4281-BC58-EE6DE2AF96E3} =C:/WINDOWS/system32/ddserh.dll
O24 - ShlExecHook: [MICROSOFT] - {0B846B26-BFE6-4E8E-A948-1DB17B77B483} =C:/WINDOWS/system32/tdfhex.dll
O24 - ShlExecHook: [MICROSOFT] - {8C41B7F7-3168-400D-A702-0E7EFE0BA304} =C:/WINDOWS/system32/sgdewg.dll
O24 - ShlExecHook: [MICROSOFT] - {17DFD111-BF3A-4CB4-ADB0-88FCBFE69821} =C:/WINDOWS/system32/hhrdxd.dll
O24 - ShlExecHook: [MICROSOFT] - {006CA8A1-61BC-4774-A54C-F49034270BAD} =C:/WINDOWS/system32/zgtwfx.dll
O24 - ShlExecHook: [MICROSOFT] - {EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6} =C:/WINDOWS/system32/fsrgeb.dll
O24 - ShlExecHook: [MICROSOFT] - {45AADFAA-DD36-42AB-83AD-0521BBF58C24} =C:/WINDOWS/system32/zycdex.dll
O24 - ShlExecHook: [MICROSOFT] - {4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4} =C:/WINDOWS/system32/tdggrz.dll
O24 - ShlExecHook: [MICROSOFT] - {B29583D8-033A-4B9F-8553-7C5458F3FB8E} =C:/WINDOWS/system32/jdsaex.dll
O24 - ShlExecHook: [MICROSOFT] - {73AE86E6-7F03-4C3B-8980-FB1DA157D3C7} =C:/WINDOWS/system32/fmcvxy.dll
O24 - ShlExecHook: [MICROSOFT] - {1E51C0FD-EE36-434B-AD2A-FD1FF3731C38} =C:/WINDOWS/system32/wyrsdj.dll
O24 - ShlExecHook: [MICROSOFT] - {259BF3CF-194D-4FE6-9ADB-DE6544B098B6} =C:/WINDOWS/system32/dndsaf.dll
O24 - ShlExecHook: [MICROSOFT] - {53D44DB6-E22B-4B17-97D3-572C96CCA6E1} =C:/WINDOWS/system32/zsdgff.dll
O24 - ShlExecHook: [MICROSOFT] - {7914E0AA-ECCB-4311-B584-C49538227824} =C:/WINDOWS/system32/jhfrxz.dll
O24 - ShlExecHook: [MICROSOFT] - {50A8A8C4-EDC9-4ABD-A0A2-2E2418982189} =C:/WINDOWS/system32/kgfghd.dll
O24 - ShlExecHook: [8] - {43ACDCC5-9009-4AF4-B80A-93BC656EF298} = 43ACDCC5.dll
O24 - ShlExecHook: [F] - {DE02F764-C51A-4788-9597-D78ECC2AC08F} = DE02F764.dll
O24 - ShlExecHook: [0] - {C56BCC10-503E-43AB-B208-3CD37FCFCE40} = C56BCC10.dll
O24 - ShlExecHook: [C] - {122B901E-493F-4AD9-BC69-7DE8C3E52FCC} = 122B901E.dll
O24 - ShlExecHook: [8] - {82710040-F86E-42E0-B1F8-04EDF75856F8} = 82710040.dll
O24 - ShlExecHook: [B] - {C250CF20-5F89-4310-9854-4BC261FB14FB} = C250CF20.dll
O24 - ShlExecHook: [8] - {E4814792-EFA3-4C20-93D0-8B130A59F9A8} = E4814792.dll
O24 - ShlExecHook: [6] - {22D75360-199D-4F79-880D-82E766675F06} = 22D75360.dll
O24 - ShlExecHook: [0] - {3474A8C2-BEF9-46C8-983A-A26A0030EC30} = 3474A8C2.dll
O24 - ShlExecHook: [C] - {7ADC2AB1-5C6A-4178-82DA-94863354AF7C} = 7ADC2AB1.dll
O24 - ShlExecHook: [F] - {4BF9CBA3-8DEE-41A1-8BDB-FC28D30E949F} = 4BF9CBA3.dll
O24 - ShlExecHook: [B] - {DA63E650-537C-4042-87BB-9D19D844680B} = DA63E650.dll
O24 - ShlExecHook: [F] - {B3721C07-62B3-411A-9DC7-F5F27E3E21FF} = B3721C07.dll
O24 - ShlExecHook: [1] - {4EFDDEBE-303C-4D1A-8C9E-E4F215C43651} = 4EFDDEBE.dll
O24 - ShlExecHook: [1] - {8566F82E-03A4-416E-AEAC-66600D8881F1} = 8566F82E.dll
O24 - ShlExecHook: [0] - {495271CA-D0C6-4052-ABE6-5B01C73CDFB0} = 495271CA.dll
O24 - ShlExecHook: [E] - {08223B03-1B38-4A33-A83A-A4D3CC1D6E4E} = 08223B03.dll
O24 - ShlExecHook: [3] - {9CA963CA-107C-4089-B0AB-31380F90D7E3} = 9CA963CA.dll
O24 - ShlExecHook: [E] - {58FF3024-8A83-4B1A-88E9-302F47646EEE} = 58FF3024.dll
O24 - ShlExecHook: [3] - {D7C79813-9233-4AE0-832C-99B2E8019673} = D7C79813.dll
O24 - ShlExecHook: [F] - {CABA599D-5089-4865-9420-E41FA3C1F55F} = CABA599D.dll
O24 - ShlExecHook: [2] - {3D144530-43DA-47CC-B7C7-A3A9F3B9A6B2} = 3D144530.dll
O24 - ShlExecHook: [B] - {E3367679-4775-4244-A62E-4CFE58FC850B} = E3367679.dll
O24 - ShlExecHook: [1] - {12B02216-AC3F-42A7-8313-449771237061} = 12B02216.dll
O24 - ShlExecHook: [1] - {9F684DE8-3E87-4174-9033-E02A3DFD8B61} = 9F684DE8.dll
O24 - ShlExecHook: [F] - {E0D39066-96D7-4891-8527-488ADAFCD60F} = E0D39066.dll
O24 - ShlExecHook: [A] - {DFEC5CB7-E2AA-4B0A-BEB3-D140E59ED53A} = DFEC5CB7.dll
O24 - ShlExecHook: [F] - {2EF0D734-21FD-4225-A1A2-BCD296182AAF} = 2EF0D734.dll
O24 - ShlExecHook: [] - {F6A454AE-156A-415E-9F89-3795677A8A91} =C:/Program Files/Internet Explorer/53u1ttMe.2ys
O24 - ShlExecHook: [4] - {BA7EDF54-8408-4B21-B351-7B447B344BA4} = BA7EDF54.dll
O24 - ShlExecHook: [C] - {F65BDEC7-4BF3-4512-840F-68B166B6D7AC} = F65BDEC7.dll
O24 - ShlExecHook: [8] - {66AFCB56-FAA9-42D2-8C72-2767A46C7FA8} = 66AFCB56.dll
O24 - ShlExecHook: [1] - {3F21AA0C-2A9E-4BE9-9083-9E58AB41BA01} = 3F21AA0C.dll
O24 - ShlExecHook: [8] - {59964D2B-044A-40AE-8837-0ED9EE8BDA08} = 59964D2B.dll
O24 - ShlExecHook: [C] - {F2CBFAC4-6FF9-4DE9-BCB1-0F2FA2AA0B4C} = F2CBFAC4.dll
O24 - ShlExecHook: [4] - {F8E07BB2-7A19-4057-80F1-E14646E630B4} = F8E07BB2.dll
O24 - ShlExecHook: [4] - {E5D39975-A103-4A21-9EE9-A638E9DD9EB4} = E5D39975.dll
O24 - ShlExecHook: [6] - {4D023DE9-F4B5-4BE0-99C6-7C7AD0CF5426} = 4D023DE9.dll
O24 - ShlExecHook: [F] - {93DEE065-EC9B-4505-ADD3-19880AD3C38F} = 93DEE065.dll
O24 - ShlExecHook: [9] - {C8FFD223-C0FB-40C5-94A0-FD7891AC18E9} = C8FFD223.dll
O24 - ShlExecHook: [B] - {5243F5FA-75D6-4469-90A8-A181E2AAAA5B} = 5243F5FA.dll
O24 - ShlExecHook: [8] - {01AFE3DC-2242-436E-9B44-6DD1C664E828} = 01AFE3DC.dll
O24 - ShlExecHook: [4] - {70B0129E-726E-4789-A7C0-5DDC33241E94} = 70B0129E.dll
O26 - IFEO: 360rpt.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: 360Safe.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: 360tray.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: adam.exe -> ntsd -d
O26 - IFEO: AgentSvr.exe -> ntsd -d
O26 - IFEO: AntiArp.exe -> ntsd -d
O26 - IFEO: AppSvc32.exe -> ntsd -d
O26 - IFEO: autoruns.exe -> ntsd -d
O26 - IFEO: avconsol.exe -> ntsd -d
O26 - IFEO: avgrssvc.exe -> ntsd -d
O26 - IFEO: AvMonitor.exe -> ntsd -d
O26 - IFEO: avp.com -> C:/windows/system32/svchost.exe
O26 - IFEO: avp.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: CCenter.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: ccSvcHst.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: DrvAnti.exe -> ntsd -d
O26 - IFEO: drwadins.exe -> ntsd -d
O26 - IFEO: drwebscd.exe -> ntsd -d
O26 - IFEO: drwebupw.exe -> ntsd -d
O26 - IFEO: EGHOST.exe -> ntsd -d
O26 - IFEO: FileDsty.exe -> ntsd -d
O26 - IFEO: filemon.exe -> ntsd -d
O26 - IFEO: FTCleanerShell.exe -> ntsd -d
O26 - IFEO: FYFireWall.exe -> ntsd -d
O26 - IFEO: GFRing3.exe -> ntsd -d
O26 - IFEO: GFUpd.exe -> ntsd -d
O26 - IFEO: GuardField.exe -> ntsd -d
O26 - IFEO: HijackThis.exe -> ntsd -d
O26 - IFEO: IceSword.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: iparmo.exe -> ntsd -d
O26 - IFEO: Iparmor.exe -> ntsd -d
O26 - IFEO: isPwdSvc.exe -> ntsd -d
O26 - IFEO: kabaload.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: KaScrScn.SCR -> C:/windows/system32/svchost.exe
O26 - IFEO: KASMain.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: KASTask.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: KAV32.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: KAVDX.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: KAVPF.exe -> ntsd -d
O26 - IFEO: KAVPFW.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: KAVSetup.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: KAVStart.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: KISLnchr.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: KMailMon.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: KMFilter.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: KPFW32.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: KPFW32X.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: KPfwSvc.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: KRegEx.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: KRepair.com -> C:/windows/system32/svchost.exe
O26 - IFEO: KsLoader.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: KVCenter.kxp -> C:/windows/system32/svchost.exe
O26 - IFEO: KvDetect.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: KvfwMcl.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: KVMonXP.kxp -> C:/windows/system32/svchost.exe
O26 - IFEO: KVMonXP_1.kxp -> C:/windows/system32/svchost.exe
O26 - IFEO: kvol.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: kvolself.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: KvReport.kxp -> C:/windows/system32/svchost.exe
O26 - IFEO: KVScan.kxp -> ntsd -d
O26 - IFEO: KVSrvXP.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: KVStub.kxp -> C:/windows/system32/svchost.exe
O26 - IFEO: kvupload.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: kvwsc.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: KvXP.kxp -> C:/windows/system32/svchost.exe
O26 - IFEO: KvXP_1.kxp -> ntsd -d
O26 - IFEO: KWatch.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: KWatch9x.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: KWatchX.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: MagicSet.exe -> ntsd -d
O26 - IFEO: mcconsol.exe -> ntsd -d
O26 - IFEO: mmqczj.exe -> ntsd -d
O26 - IFEO: mmsk.exe -> ntsd -d
O26 - IFEO: Navapsvc.exe -> ntsd -d
O26 - IFEO: Navapw32.exe -> ntsd -d
O26 - IFEO: NAVSetup.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: nod32.exe -> ntsd -d
O26 - IFEO: nod32krn.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: nod32kui.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: NPFMntor.exe -> ntsd -d
O26 - IFEO: OllyDBG.EXE -> ntsd -d
O26 - IFEO: OllyICE.EXE -> ntsd -d
O26 - IFEO: PFW.exe -> ntsd -d
O26 - IFEO: PFWLiveUpdate.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: procexp.exe -> ntsd -d
O26 - IFEO: QHSET.exe -> ntsd -d
O26 - IFEO: QQDoctor.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: QQKav.exe -> ntsd -d
O26 - IFEO: Ras.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: Rav.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: RavCopy.exe -> ntsd -d
O26 - IFEO: RavMon.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: RavMonD.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: RavStub.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: RavTask.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: RavXP.exe -> ntsd -d
O26 - IFEO: RawCopy.exe -> ntsd -d
O26 - IFEO: RegClean.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: regedit.exe -> ntsd -d
O26 - IFEO: regmon.exe -> ntsd -d
O26 - IFEO: RegTool.exe -> ntsd -d
O26 - IFEO: rfwcfg.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: rfwmain.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: rfwProxy.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: rfwsrv.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: rfwstub.exe -> ntsd -d
O26 - IFEO: RsAgent.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: Rsaupd.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: RStray.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: runiep.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: safelive.exe -> ntsd -d
O26 - IFEO: scan32.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: shcfg32.exe -> ntsd -d
O26 - IFEO: SmartUp.exe -> ntsd -d
O26 - IFEO: spiderml.exe -> ntsd -d
O26 - IFEO: spidernt.exe -> ntsd -d
O26 - IFEO: spiderui.exe -> ntsd -d
O26 - IFEO: spml_set.exe -> ntsd -d
O26 - IFEO: SREng.EXE -> ntsd -d
O26 - IFEO: svch0st.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: symlcsvc.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: SysSafe.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: Systom.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: taskmgar.exe -> ntsd -d
O26 - IFEO: TNT.Exe -> C:/windows/system32/svchost.exe
O26 - IFEO: TrojanDetector.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: Trojanwall.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: TrojDie.kxp -> C:/windows/system32/svchost.exe
O26 - IFEO: TxoMoU.Exe -> C:/windows/system32/svchost.exe
O26 - IFEO: ua80.EXE -> C:/windows/system32/svchost.exe
O26 - IFEO: UFO.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: UIHost.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: UmxAgent.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: UmxAttachment.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: UmxCfg.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: UmxFwHlp.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: UmxPol.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: UpLive.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: vsstat.exe -> ntsd -d
O26 - IFEO: webscanx.exe -> ntsd -d
O26 - IFEO: WoptiClean.exe -> C:/windows/system32/svchost.exe
O26 - IFEO: Your Image File Name Here without a path -> ntsd -d
O26 - IFEO: zxsweep.exe -> C:/windows/system32/svchost.exe

 


(未完待续)