热门标签 | HotTags
当前位置:  开发笔记 > 编程语言 > 正文

winyyy.sys,hcpidesk.sys,mtlrd.sys,uldfhjfh.sys,servets.exe等1:

本文主要介绍关于人工智能,shell的知识点,对【winyyy.sys,hcpidesk.sys,mtlrd.sys,uldfhjfh.sys,servets.exe等1】和【】有兴趣的朋友可以看下由

本文主要介绍关于人工智能,shell的知识点,对【winyyy.sys,hcpidesk.sys,mtlrd.sys,uldfhjfh.sys,servets.exe等1】和【】有兴趣的朋友可以看下由【iteye_6637】投稿的技术文章,希望该技术和经验能帮到你解决你所遇的【】相关技术问题。

winyyy.sys,hcpidesk.sys,mtlrd.sys,uldfhjfh.sys,servets.exe等1

endurer 原创
2009-11-19 第1

一位朋友的电脑最近开机速度很慢,而且有QQ提示框说“您的QQ号已经被系统选取为【10周年庆典】的二等奖获得者”

很多程序运行不了,请偶帮忙检修。


用 pe_xscan 扫描 log 并分析,发现如下可疑项(进程模块部分有省略):

pe_xscan 09-06-21 by Purple Endurer
2009-11-10 19:49:16
Windows XP Service Pack 3(5.1.2600)
MSIE:6.0.2900.5512
管理员用户组
正常模式
[System Process] * 0
  C:/WINDOWS/system32/kb110172630.dll | 2009-11-10 17:26:30
  C:/WINDOWS/system32/kb210172648.dll | 2009-11-10 17:26:48
  C:/WINDOWS/system32/kb510172916.dll | 2009-11-10 17:29:17
  C:/WINDOWS/Fonts/kb28192213.dll | 2009-11-8 19:22:13
  C:/WINDOWS/Fonts/kb48192251.dll | 2009-11-8 19:22:51
  C:/WINDOWS/Fonts/kb2923529.dll | 2009-11-9 2:35:29
  C:/WINDOWS/Fonts/kb410172748.dll | 2009-11-10 17:27:48
  C:/WINDOWS/Fonts/kb5923711.dll | 2009-11-9 2:37:11
  C:/Program Files/Internet Explorer/sdk2.dll | 2009-11-10 11:59:20
  C:/Documents and Settings/Administrator/Application Data/Spy009.dll | 2009-11-9 2:41:52
  C:/WINDOWS/system32/JMq7bpeR4Xa8eV5ftCB.inf | 2009-11-1 23:44:52
  C:/WINDOWS/system32/RXNK8eR3xW8KTCWBCGTbqm.inf | 2009-11-10 11:17:32
  C:/WINDOWS/system32/A2CbFrBy28J6zdXNZgqCtJ6Ae.inf | 2009-10-29 2:13:52
  C:/WINDOWS/Downloaded Program Files/AnXnubyMnv58c9vaECWX.cur | 2009-10-29 2:14:2
  C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur | 2009-10-29 2:14:20
  C:/WINDOWS/Tasks/Wfayv6njQnCsg.inf | 2009-10-30 2:2:52
  C:/WINDOWS/Tasks/4H5HJTHFZkxrCpehBpx4TmR.inf | 2009-10-29 1:47:10
  C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-10-26 18:43:28
  C:/WINDOWS/system32/WQVBYhAJ6ADw5qzCY8gv84KTH.inf | 2009-10-26 18:41:40
  C:/WINDOWS/system32/qzp3jTZCSfSh.dll | 2009-10-26 18:41:2
  C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur | 2009-10-26 18:41:22
  C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-10-26 18:40:14
  C:/WINDOWS/fonts/A97CRaCB.fon | 2009-10-26 18:39:42
  C:/WINDOWS/system32/bWxJAeWKDxgRfhkaWEfA33C36nr.inf | 2009-10-26 18:38:54
  C:/WINDOWS/system32/08223B03.dll | 2009-10-26 18:38:20
  C:/WINDOWS/Downloaded Program Files/gxrSG8sdA4hAbGNQXnr9JGFu6nZ.cur | 2009-10-26 18:37:28
  C:/WINDOWS/system32/FsmBY3kmWnAG5gRbwGgU.inf | 2009-10-26 18:37:12
  C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-26 18:36:56
  C:/WINDOWS/system32/2exJW3dsaTgWrf5uAPadmHN.dll | 2009-10-26 18:36:4
  C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-10-26 18:36:22
  C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-26 18:35:20
  C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-10-26 18:35:34
  C:/WINDOWS/system32/BhfwdJchYBNmD25PSCxza.inf | 2009-10-26 18:35:6
  C:/WINDOWS/Downloaded Program Files/NnjrQW5EUm9zePgHXM2eB44E.cur | 2009-10-26 18:34:36
  C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-26 18:34:52
  C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf | 2009-11-10 11:30:6
C:/WINDOWS/System32/winlogon.exe* 540 | 2007-6-1 0:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.5512 | Windows NT Logon Application | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2113) | Microsoft Corporation| ? | winlogon | WINLOGON.EXE
  C:/WINDOWS/system32/kb11011166.dll | 2009-11-10 11:16:6
  C:/WINDOWS/system32/kb210111617.dll | 2009-11-10 11:16:18
  C:/WINDOWS/system32/kb510111719.dll | 2009-11-10 11:17:20
  C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf | 2009-11-10 11:30:6
  C:/WINDOWS/Fonts/kb28192213.dll | 2009-11-8 19:22:13
  C:/WINDOWS/Fonts/kb48192251.dll | 2009-11-8 19:22:51
  C:/WINDOWS/Fonts/kb2923529.dll | 2009-11-9 2:35:29
  C:/WINDOWS/Fonts/kb410111652.dll | 2009-11-10 11:16:52
  C:/WINDOWS/Fonts/kb5923711.dll | 2009-11-9 2:37:11
  C:/WINDOWS/system32/winlib .dll
  C:/WINDOWS/system32/COMRes.dll | 2009-11-6 20:56:2
  C:/WINDOWS/system32/syslib .dll
  C:/WINDOWS/system32/kb110172630.dll | 2009-11-10 17:26:30
  C:/WINDOWS/system32/kb210172648.dll | 2009-11-10 17:26:48
  C:/WINDOWS/system32/kb510172916.dll | 2009-11-10 17:29:17
  C:/WINDOWS/Tasks/JJX5r8wnsqUnNxGwpwn.inf | 2009-10-26 18:34:22
  C:/WINDOWS/Downloaded Program Files/NnjrQW5EUm9zePgHXM2eB44E.cur | 2009-10-26 18:34:36
  C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-26 18:34:52
  C:/WINDOWS/system32/BhfwdJchYBNmD25PSCxza.inf | 2009-10-26 18:35:6
  C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-26 18:35:20
  C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-10-26 18:35:34
  C:/WINDOWS/system32/SCEVFJRCmaB7.dll | 2009-10-26 18:35:50
  C:/WINDOWS/system32/2exJW3dsaTgWrf5uAPadmHN.dll | 2009-10-26 18:36:4
  C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-10-26 18:36:22
  C:/WINDOWS/system32/ndxq9awMc.dll | 2009-10-26 18:36:36
  C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-26 18:36:56
  C:/WINDOWS/system32/FsmBY3kmWnAG5gRbwGgU.inf | 2009-10-26 18:37:12
  C:/WINDOWS/Downloaded Program Files/gxrSG8sdA4hAbGNQXnr9JGFu6nZ.cur | 2009-10-26 18:37:28
  C:/WINDOWS/Downloaded Program Files/sZaeAC74EzXJeVeJu6p.cur | 2009-10-26 18:37:42
  C:/WINDOWS/system32/08223B03.dll | 2009-10-26 18:38:20
  C:/WINDOWS/system32/z6FVkEF47huPzgaXee.inf | 2009-10-26 18:38:38
  C:/WINDOWS/system32/bWxJAeWKDxgRfhkaWEfA33C36nr.inf | 2009-10-26 18:38:54
  C:/WINDOWS/system32/122B901E.dll | 2009-10-26 18:39:10
  C:/WINDOWS/Tasks/SbrmpxjdCrgRAFhz4gHh.inf | 2009-10-26 18:39:26
  C:/WINDOWS/fonts/A97CRaCB.fon | 2009-10-26 18:39:42
  C:/WINDOWS/fonts/SD78dgC7hD2sktQHyAu.fon | 2009-10-26 18:39:58
  C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-10-26 18:40:14
  C:/WINDOWS/system32/t9hdtMrwMeQcvYV3CMvhtNZpC.inf | 2009-10-26 18:40:30
  C:/WINDOWS/system32/qzp3jTZCSfSh.dll | 2009-10-26 18:41:2
  C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur | 2009-10-26 18:41:22
  C:/WINDOWS/system32/WQVBYhAJ6ADw5qzCY8gv84KTH.inf | 2009-10-26 18:41:40
  C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-10-26 18:43:28
  C:/WINDOWS/system32/AMNCZw74h8gwd6CpYGkrZDy8.inf | 2009-10-29 2:13:48
  C:/WINDOWS/Tasks/4H5HJTHFZkxrCpehBpx4TmR.inf | 2009-10-29 1:47:10
  C:/WINDOWS/system32/A2CbFrBy28J6zdXNZgqCtJ6Ae.inf | 2009-10-29 2:13:52
  C:/WINDOWS/Downloaded Program Files/AnXnubyMnv58c9vaECWX.cur | 2009-10-29 2:14:2
  C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur | 2009-10-29 2:14:20
  C:/WINDOWS/Tasks/Wfayv6njQnCsg.inf | 2009-10-30 2:2:52
  C:/WINDOWS/system32/EMQzJJURMfVkrkEx9GJ.inf | 2009-10-30 10:32:12
  C:/WINDOWS/system32/ujMhyGsS7tRV9gU2HHMkJcu7DPU.inf | 2009-11-2 1:10:32
  C:/WINDOWS/system32/JMq7bpeR4Xa8eV5ftCB.inf | 2009-11-1 23:44:52
  C:/WINDOWS/system32/jY8sGUnWqbZb3x2BPhY.dll | 2009-11-2 1:11:54
  C:/Documents and Settings/Administrator/Application Data/Spy009.dll | 2009-11-9 2:41:52
  C:/Program Files/Internet Explorer/sdk2.dll | 2009-11-10 11:59:20
  C:/WINDOWS/system32/pEcFwPj48y6DADf87r.inf | 2009-11-7 11:6:12
  C:/WINDOWS/Fonts/kb410172748.dll | 2009-11-10 17:27:48
  C:/WINDOWS/system32/RXNK8eR3xW8KTCWBCGTbqm.inf | 2009-11-10 11:17:32
  C:/WINDOWS/fonts/AN2Epfv2VzeHreV.fon | 2009-11-10 11:32:42
  C:/WINDOWS/system32/CDuAUVkGy9.dll | 2009-11-10 11:33:4
C:/WINDOWS/System32/services.exe* 648 | 2009-2-9 19:21:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.5755 | Services and Controller app | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) | Microsoft Corporation| ? | services.exe | services.exe
  C:/WINDOWS/system32/kb11011166.dll | 2009-11-10 11:16:6
  C:/WINDOWS/system32/kb210111617.dll | 2009-11-10 11:16:18
  C:/WINDOWS/system32/kb510111719.dll | 2009-11-10 11:17:20
  C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf | 2009-11-10 11:30:6
  C:/WINDOWS/Fonts/kb28192213.dll | 2009-11-8 19:22:13
  C:/WINDOWS/Fonts/kb48192251.dll | 2009-11-8 19:22:51
  C:/WINDOWS/Fonts/kb2923529.dll | 2009-11-9 2:35:29
  C:/WINDOWS/Fonts/kb410111652.dll | 2009-11-10 11:16:52
  C:/WINDOWS/Fonts/kb5923711.dll | 2009-11-9 2:37:11
  C:/WINDOWS/system32/kb110172630.dll | 2009-11-10 17:26:30
  C:/WINDOWS/system32/kb210172648.dll | 2009-11-10 17:26:48
  C:/WINDOWS/system32/kb510172916.dll | 2009-11-10 17:29:17
C:/WINDOWS/System32/lsass.exe * 660 | 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | LSA Shell (Export Version) | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2113) | Microsoft Corporation| ? | lsass.exe | lsass.exe
  C:/WINDOWS/system32/kb11011166.dll | 2009-11-10 11:16:6
  C:/WINDOWS/system32/kb210111617.dll | 2009-11-10 11:16:18
  C:/WINDOWS/system32/kb510111719.dll | 2009-11-10 11:17:20
  C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf | 2009-11-10 11:30:6
  C:/WINDOWS/Fonts/kb28192213.dll | 2009-11-8 19:22:13
  C:/WINDOWS/Fonts/kb48192251.dll | 2009-11-8 19:22:51
  C:/WINDOWS/Fonts/kb2923529.dll | 2009-11-9 2:35:29
  C:/WINDOWS/Fonts/kb410111652.dll | 2009-11-10 11:16:52
  C:/WINDOWS/Fonts/kb5923711.dll | 2009-11-9 2:37:11
  C:/WINDOWS/system32/kb110172630.dll | 2009-11-10 17:26:30
  C:/WINDOWS/system32/kb210172648.dll | 2009-11-10 17:26:48
  C:/WINDOWS/system32/kb510172916.dll | 2009-11-10 17:29:17
C:/WINDOWS/System32/svchost.exe * 956 | 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2111) | Microsoft Corporation| ? | svchost.exe | svchost.exe
  C:/WINDOWS/system32/kb11011166.dll | 2009-11-10 11:16:6
  C:/WINDOWS/system32/kb210111617.dll | 2009-11-10 11:16:18
  C:/WINDOWS/system32/kb510111719.dll | 2009-11-10 11:17:20
  C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf | 2009-11-10 11:30:6
  C:/WINDOWS/Fonts/kb28192213.dll | 2009-11-8 19:22:13
  C:/WINDOWS/Fonts/kb48192251.dll | 2009-11-8 19:22:51
  C:/WINDOWS/Fonts/kb2923529.dll | 2009-11-9 2:35:29
  C:/WINDOWS/Fonts/kb410111652.dll | 2009-11-10 11:16:52
  C:/WINDOWS/Fonts/kb5923711.dll | 2009-11-9 2:37:11
  C:/WINDOWS/system32/COMRes.dll | 2009-11-6 20:56:2
  C:/WINDOWS/system32/kb110172630.dll | 2009-11-10 17:26:30
  C:/WINDOWS/system32/kb210172648.dll | 2009-11-10 17:26:48
  C:/WINDOWS/system32/kb510172916.dll | 2009-11-10 17:29:17
C:/WINDOWS/System32/conime.exe * 1996 | 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | Console IME | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2105) | Microsoft Corporation| ? | Console | CONIME.EXE
  C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf | 2009-11-10 11:30:6
  C:/WINDOWS/Fonts/kb28192213.dll | 2009-11-8 19:22:13
  C:/WINDOWS/Fonts/kb48192251.dll | 2009-11-8 19:22:51
  C:/WINDOWS/Fonts/kb2923529.dll | 2009-11-9 2:35:29
  C:/WINDOWS/Fonts/kb410111652.dll | 2009-11-10 11:16:52
  C:/WINDOWS/system32/kb11011166.dll | 2009-11-10 11:16:6
  C:/WINDOWS/system32/kb210111617.dll | 2009-11-10 11:16:18
  C:/WINDOWS/system32/kb510111719.dll | 2009-11-10 11:17:20
  C:/WINDOWS/Fonts/kb5923711.dll | 2009-11-9 2:37:11
  C:/Documents and Settings/Administrator/Application Data/Spy009.dll | 2009-11-9 2:41:52
  C:/WINDOWS/system32/JMq7bpeR4Xa8eV5ftCB.inf | 2009-11-1 23:44:52
  C:/WINDOWS/system32/RXNK8eR3xW8KTCWBCGTbqm.inf | 2009-11-10 11:17:32
  C:/WINDOWS/system32/A2CbFrBy28J6zdXNZgqCtJ6Ae.inf | 2009-10-29 2:13:52
  C:/WINDOWS/Downloaded Program Files/AnXnubyMnv58c9vaECWX.cur | 2009-10-29 2:14:2
  C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur | 2009-10-29 2:14:20
  C:/WINDOWS/Tasks/Wfayv6njQnCsg.inf | 2009-10-30 2:2:52
  C:/WINDOWS/Tasks/4H5HJTHFZkxrCpehBpx4TmR.inf | 2009-10-29 1:47:10
  C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-10-26 18:43:28
  C:/WINDOWS/system32/WQVBYhAJ6ADw5qzCY8gv84KTH.inf | 2009-10-26 18:41:40
  C:/WINDOWS/system32/qzp3jTZCSfSh.dll | 2009-10-26 18:41:2
  C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur | 2009-10-26 18:41:22
  C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-10-26 18:40:14
  C:/WINDOWS/fonts/A97CRaCB.fon | 2009-10-26 18:39:42
  C:/WINDOWS/system32/bWxJAeWKDxgRfhkaWEfA33C36nr.inf | 2009-10-26 18:38:54
  C:/WINDOWS/system32/08223B03.dll | 2009-10-26 18:38:20
  C:/WINDOWS/Downloaded Program Files/gxrSG8sdA4hAbGNQXnr9JGFu6nZ.cur | 2009-10-26 18:37:28
  C:/WINDOWS/system32/FsmBY3kmWnAG5gRbwGgU.inf | 2009-10-26 18:37:12
  C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-26 18:36:56
  C:/WINDOWS/system32/2exJW3dsaTgWrf5uAPadmHN.dll | 2009-10-26 18:36:4
  C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-10-26 18:36:22
  C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-26 18:35:20
  C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-10-26 18:35:34
  C:/WINDOWS/system32/BhfwdJchYBNmD25PSCxza.inf | 2009-10-26 18:35:6
  C:/WINDOWS/Downloaded Program Files/NnjrQW5EUm9zePgHXM2eB44E.cur | 2009-10-26 18:34:36
  C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-26 18:34:52
  C:/Program Files/Internet Explorer/sdk2.dll | 2009-11-10 11:59:20
C:/WINDOWS/smss.exe * 2272 | 2009-11-10 17:23:42 | Microsoft(R) Windows(R) Operating System | 5.2.3790.1830 | Generic Host Process for Win32 Services | (C) Microsoft Corporation. All rights reserved. | 5.2.3790.1830 | Microsoft Corporation | | rpcs.exe | rpcs.exe
  C:/WINDOWS/system32/kb11011166.dll | 2009-11-10 11:16:6
  C:/WINDOWS/system32/kb210111617.dll | 2009-11-10 11:16:18
  C:/WINDOWS/system32/kb510111719.dll | 2009-11-10 11:17:20
  C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf | 2009-11-10 11:30:6
  C:/WINDOWS/Fonts/kb28192213.dll | 2009-11-8 19:22:13
  C:/WINDOWS/Fonts/kb48192251.dll | 2009-11-8 19:22:51
  C:/WINDOWS/Fonts/kb2923529.dll | 2009-11-9 2:35:29
  C:/WINDOWS/Fonts/kb410111652.dll | 2009-11-10 11:16:52
  C:/WINDOWS/Fonts/kb5923711.dll | 2009-11-9 2:37:11
  C:/WINDOWS/system32/kb110172630.dll | 2009-11-10 17:26:30
  C:/WINDOWS/system32/kb210172648.dll | 2009-11-10 17:26:48
  C:/WINDOWS/system32/kb510172916.dll | 2009-11-10 17:29:17
C:/WINDOWS/explorer.exe * 9884 | 2007-6-1 0:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2900.5512 | Windows Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.5512 (xpsp.080413-2105) | Microsoft Corporation| ? | explorer | EXPLORER.EXE
  C:/WINDOWS/system32/kb110172630.dll | 2009-11-10 17:26:30
  C:/WINDOWS/system32/kb210172648.dll | 2009-11-10 17:26:48
  C:/WINDOWS/system32/kb510172916.dll | 2009-11-10 17:29:17
  C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf | 2009-11-10 11:30:6
  C:/WINDOWS/Fonts/kb28192213.dll | 2009-11-8 19:22:13
  C:/WINDOWS/Fonts/kb48192251.dll | 2009-11-8 19:22:51
  C:/WINDOWS/Fonts/kb2923529.dll | 2009-11-9 2:35:29
  C:/WINDOWS/Fonts/kb410172748.dll | 2009-11-10 17:27:48
  C:/WINDOWS/Fonts/kb5923711.dll | 2009-11-9 2:37:11
  C:/WINDOWS/system32/COMRes.dll | 2009-11-6 20:56:2
  c:/windows/system32/wmitpfs.dll | 2009-10-30 10:38:4
  C:/WINDOWS/Tasks/JJX5r8wnsqUnNxGwpwn.inf | 2009-10-26 18:34:22
  C:/WINDOWS/Downloaded Program Files/NnjrQW5EUm9zePgHXM2eB44E.cur | 2009-10-26 18:34:36
  C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-26 18:34:52
  C:/WINDOWS/system32/BhfwdJchYBNmD25PSCxza.inf | 2009-10-26 18:35:6
  C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-26 18:35:20
  C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-10-26 18:35:34
  C:/WINDOWS/system32/SCEVFJRCmaB7.dll | 2009-10-26 18:35:50
  C:/WINDOWS/system32/2exJW3dsaTgWrf5uAPadmHN.dll | 2009-10-26 18:36:4
  C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-10-26 18:36:22
  C:/WINDOWS/system32/ndxq9awMc.dll | 2009-10-26 18:36:36
  C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-26 18:36:56
  C:/WINDOWS/system32/FsmBY3kmWnAG5gRbwGgU.inf | 2009-10-26 18:37:12
  C:/WINDOWS/Downloaded Program Files/gxrSG8sdA4hAbGNQXnr9JGFu6nZ.cur | 2009-10-26 18:37:28
  C:/WINDOWS/Downloaded Program Files/sZaeAC74EzXJeVeJu6p.cur | 2009-10-26 18:37:42
  C:/WINDOWS/system32/08223B03.dll | 2009-10-26 18:38:20
  C:/WINDOWS/system32/z6FVkEF47huPzgaXee.inf | 2009-10-26 18:38:38
  C:/WINDOWS/system32/bWxJAeWKDxgRfhkaWEfA33C36nr.inf | 2009-10-26 18:38:54
  C:/WINDOWS/system32/122B901E.dll | 2009-10-26 18:39:10
  C:/WINDOWS/Tasks/SbrmpxjdCrgRAFhz4gHh.inf | 2009-10-26 18:39:26
  C:/WINDOWS/fonts/A97CRaCB.fon | 2009-10-26 18:39:42
  C:/WINDOWS/fonts/SD78dgC7hD2sktQHyAu.fon | 2009-10-26 18:39:58
  C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-10-26 18:40:14
  C:/WINDOWS/system32/t9hdtMrwMeQcvYV3CMvhtNZpC.inf | 2009-10-26 18:40:30
  C:/WINDOWS/system32/qzp3jTZCSfSh.dll | 2009-10-26 18:41:2
  C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur | 2009-10-26 18:41:22
  C:/WINDOWS/system32/WQVBYhAJ6ADw5qzCY8gv84KTH.inf | 2009-10-26 18:41:40
  C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-10-26 18:43:28
  C:/WINDOWS/system32/AMNCZw74h8gwd6CpYGkrZDy8.inf | 2009-10-29 2:13:48
  C:/WINDOWS/Tasks/4H5HJTHFZkxrCpehBpx4TmR.inf | 2009-10-29 1:47:10
  C:/WINDOWS/system32/A2CbFrBy28J6zdXNZgqCtJ6Ae.inf | 2009-10-29 2:13:52
  C:/WINDOWS/Downloaded Program Files/AnXnubyMnv58c9vaECWX.cur | 2009-10-29 2:14:2
  C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur | 2009-10-29 2:14:20
  C:/WINDOWS/Tasks/Wfayv6njQnCsg.inf | 2009-10-30 2:2:52
  C:/WINDOWS/system32/EMQzJJURMfVkrkEx9GJ.inf | 2009-10-30 10:32:12
  C:/WINDOWS/system32/ujMhyGsS7tRV9gU2HHMkJcu7DPU.inf | 2009-11-2 1:10:32
  C:/WINDOWS/system32/JMq7bpeR4Xa8eV5ftCB.inf | 2009-11-1 23:44:52
  C:/WINDOWS/system32/jY8sGUnWqbZb3x2BPhY.dll | 2009-11-2 1:11:54
  C:/Documents and Settings/Administrator/Application Data/Spy009.dll | 2009-11-9 2:41:52
  C:/Program Files/Internet Explorer/sdk2.dll | 2009-11-10 11:59:20
  C:/WINDOWS/system32/pEcFwPj48y6DADf87r.inf | 2009-11-7 11:6:12
  C:/WINDOWS/system32/RXNK8eR3xW8KTCWBCGTbqm.inf | 2009-11-10 11:17:32
  C:/WINDOWS/fonts/AN2Epfv2VzeHreV.fon | 2009-11-10 11:32:42
  C:/WINDOWS/system32/CDuAUVkGy9.dll | 2009-11-10 11:33:4
F2 - REG: system.ini: UserInit =<C:/WINDOWS/system32/userinit.exe,>| 2007-6-1 0:0:0
O1 - Hosts: 98.126.44.146 show.qq.com
O1 - Hosts: 98.126.122.106 bbs1.qq.com
O1 - Hosts: 98.126.44.146 music.qq.com
O1 - Hosts: 98.126.44.146 minix.soso.com
O1 - Hosts: 98.126.44.146 ic.qzone.qq.com
O1 - Hosts: 98.126.44.146 adsclick.qq.com
O1 - Hosts: 98.126.122.106 adsfile.qq.com
O1 - Hosts: 98.126.122.106 adsview.qq.com
O1 - Hosts: 98.126.122.106 minigame.qq.com
O1 - Hosts: 127.1.1.1 xb520dx.kmip.net
O1 - Hosts: 127.1.1.1 dxz.974671.com
O1 - Hosts: 127.1.1.1 www.dy2004.com
O1 - Hosts: 127.1.1.1 www.114Baines.com
O1 - Hosts: 127.1.1.1 tj.3800down.com
O1 - Hosts: 127.1.1.1 a6tt4.114anhui.com
O1 - Hosts: 127.1.1.1 ak.114anhui.com
O1 - Hosts: 127.1.1.1 wwd.243542.com
O1 - Hosts: 127.1.1.1 w8.lao998.com
O1 - Hosts: 127.1.1.1 nhy7ubgv.114anhui.com
O1 - Hosts: 127.1.1.1 g6tt4.114anhui.com
O1 - Hosts: 127.1.1.1 x.qingsewuyuet.cn
O1 - Hosts: 127.1.1.1 www.114Baines.com
O1 - Hosts: 127.1.1.1 ok3.114graph.com
O1 - Hosts: 127.1.1.1 nhy7ubgv.114anhui.com
O1 - Hosts: 127.1.1.1 www.ok182.com
O1 - Hosts: 127.1.1.1 down.my227.com
O1 - Hosts: 127.1.1.1 n1xln1l1nx.3322.org
O1 - Hosts: 127.1.1.1 txt119.kmip.net
O1 - Hosts: 127.1.1.1 126.123fga.cn
O1 - Hosts: 127.1.1.1 ya.com.9d1u.cn
O1 - Hosts: 127.1.1.1 demo.jikesoft.cn
O1 - Hosts: 127.1.1.1 bmw8x.cn
O1 - Hosts: 127.1.1.1 mck.o0oq.cn
O1 - Hosts: 127.1.1.1 0.9d3f.cn
O1 - Hosts: 127.1.1.1 www.114baines.com
O1 - Hosts: 127.0.1.1 zsmdo.cn
O1 - Hosts: 127.1.1.1 wwd.976777.com
O1 - Hosts: 127.1.1.1 www.tt2sf.net
O1 - Hosts: 127.1.1.1 msn.com.9d1u.cn
O1 - Hosts: 127.1.1.1 ll.wwooaini88.com
O1 - Hosts: 127.1.1.1 jh.jhjsyehxkd.cn
O1 - Hosts: 127.1.1.1 kcs.cn
O1 - Hosts: 127.1.1.1 mck.o0oq.cn
O1 - Hosts: 127.1.1.1 x.moneyinfom.com
O1 - Hosts: 127.1.1.1 1.888888ok.com.cn
O1 - Hosts: 127.1.1.1 3w.97sesewww.cn
O1 - Hosts: 127.0.0.1 b.nmbrx.com
O1 - Hosts: 222.189.238.40 adsclick.qq.com
O1 - Hosts: 222.189.238.40 adsview.qq.com
O1 - Hosts: 222.189.238.40 bbs1.qq.com
O1 - Hosts: 222.189.238.40 ic.qzone.qq.com
O1 - Hosts: 222.189.238.40 minigame.qq.com
O1 - Hosts: 222.189.238.40 minix.soso.com
O1 - Hosts: 222.189.238.40 music.qq.com
O1 - Hosts: 222.189.238.40 show.qq.com
O1 - Hosts: 222.189.238.40 www.yxnpc.com
O1 - Hosts: 222.189.238.40 www2.im.alisoft.com
O1 - Hosts: 222.189.238.40 file.fetion.chinacache.neL
O1 - Hosts: 222.189.238.40 adsview.qq.com
O1 - Hosts: 222.189.238.40 bbs1.qq.com
O1 - Hosts: 222.189.238.40 ic.qzone.qq.com
O1 - Hosts: 222.189.238.40 minigame.qq.com
O1 - Hosts: 222.189.238.40 minix.soso.com
O1 - Hosts: 222.189.238.40 music.qq.com
O1 - Hosts: 222.189.238.40 show.qq.com
O1 - Hosts: 222.189.238.40 www.yxnpc.com
O1 - Hosts: 222.189.238.40 www2.im.alisoft.com
O1 - Hosts: 222.189.238.40 file.fetion.chinacache.net?
O1 - Hosts: 222.189.238.40 bbs1.qq.com
O1 - Hosts: 222.189.238.40 ic.qzone.qq.com
O1 - Hosts: 222.189.238.40 minigame.qq.com
O1 - Hosts: 222.189.238.40 minix.soso.com
O1 - Hosts: 222.189.238.40 music.qq.com
O1 - Hosts: 222.189.238.40 show.qq.com
O1 - Hosts: 222.189.238.40 www.yxnpc.com
O1 - Hosts: 222.189.238.40 www2.im.alisoft.com
O1 - Hosts: 222.189.238.40 file.fetion.chi
O2 - BHO CAdLogic Object - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} =C:/Program Files/Common Files/PushWare/cpush.dll | 2009-11-9 14:40:52| ? | 1.1.6.2| ?| ? | 1.1.6.2| ?| ? | softpush.dll | softpush.dll
O2 - BHO google cache - {296AB1C7-FB22-4D17-8834-064E2BA0A6F0} =C:/WINDOWS/MICROSOFT/winsys.dll | 2007-3-15 2:32:20 | | 2. 3, 0, 2 | Windows Services Module | | 2. 3, 0, 2 | Hello Loons.Fad | | | Beijing zhongguancun
O4 - HKCU/../run: [msconfigs]C:/WINDOWS/system32/TnvTy.exe
O4 - HKLM/../run: [system]C:/WINDOWS/system32/system.exe
O4 - HKLM/../run: [Trough]C:/WINDOWS/system32/TroughClient.exe 0
O4 - HKLM/../run: [RsTray]C:/WINDOWS/system32/scvhost.exe
O4 - HKLM/../run: [msconfigs]C:/WINDOWS/system32/TnvTy.exe
O4 - HKLM/../run: [aowii_19831028_game] "c:/windows/system32/jmodirwgq.exe" -at
O4 - HKLM/../run: [aowii_19831028_sogouip] "c:/windows/system32/rqtvfpyiy.exe" -at
O4 - HKLM/../run: [autorun_19831028_kingsoftgo] "c:/windows/system32/qsrvucimrd.exe" -at
At1.job
At2.job
At3.job
At4.job
At5.job
At6.job
At7.job
At8.job
At9.job
O20 - AppInit_DLLs =C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf ,C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur,C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur,C:/WINDOWS/Fonts/kb28192213.dll,C:/WINDOWS/Fonts/kb48192251.dll,C:/WINDOWS/Fonts/kb2923529.dll,C:/WINDOWS/Fonts/kb5923711.dll,C:/WINDOWS/Fonts/kb410172748.dll
O23 - 服务: AmdK8 (AmdK8 Compatible Device) - System32/drivers/amdk8.sys | 2008-1-3 17:1:23 | AMD Processor Driver | 1.3.2 | AMD Processor Driver | Copyright (C) AMD, Inc.2002-2006 | 1.3.2 (dnsrv(wmbla).060701-2226) | Advanced Micro Devices| ? | AmdK8.sys | AmdK8.sys(手动)
O23 - 服务: AsyncMac (RAS Asynchronous Media Driver) - system32/DRIVERS/asyncmac.sys (手动)
O23 - 服务: hcpidesk (hcpidesk) -C:/WINDOWS/system32/drivers/hcpidesk.sys | 2009-11-10 11:39:36(自动)

O23 - 服务: mtlrd (mtlrd) -C:/Documents and Settings/All Users/Application Data/Microsoft/Media Player/wmp/mtlrd.sys | 2009-9-25 17:18:22(自动)
O23 - 服务: MyProt (Network Monitor Protocol Driver) - system32/DRIVERS/winyyy.sys | 2009-11-9 2:57:54 | Windows (R) 2000 DDK driver | 5.1.2600.2180 | NDIS User mode I/O Driver | | 5.1.2600.2180 built by: WinDDK | Windows (R) 2000 DDK provider| ? | NDISPROT.SYS | NDISPROT.SYS(手动)
O23 - 服务: Netlogon (Net Logon) -C:/WINDOWS/system32/lsass.exe | 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | LSA Shell (Export Version) | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2113) | Microsoft Corporation| ? | lsass.exe | lsass.exe(手动)
O23 - 服务: NtLmSsp (NT LM Security Support Provider) -C:/WINDOWS/system32/lsass.exe | 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | LSA Shell (Export Version) | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2113) | Microsoft Corporation| ? | lsass.exe | lsass.exe(手动)
O23 - 服务: pcidump (pcidump) -C:/WINDOWS/system32/drivers/pcidump.sys (禁用)
O23 - 服务: pnpmem (pnpmem) -C:/WINDOWS/system32/drivers/pnpmem.sys | 2009-11-10 12:23:51(自动)
O23 - 服务: PolicyAgent (IPSEC Services) -C:/WINDOWS/system32/lsass.exe | 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | LSA Shell (Export Version) | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2113) | Microsoft Corporation| ? | lsass.exe | lsass.exe(自动)
O23 - 服务: ProtectedStorage (Protected Storage) -C:/WINDOWS/system32/lsass.exe | 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | LSA Shell (Export Version) | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2113) | Microsoft Corporation| ? | lsass.exe | lsass.exe(自动)
O23 - 服务: SamSs (Security Accounts Manager) -C:/WINDOWS/system32/lsass.exe | 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | LSA Shell (Export Version) | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2113) | Microsoft Corporation| ? | lsass.exe | lsass.exe(自动)
O23 - 服务: uldfhjfh (uldfhjfh) -C:/WINDOWS/system32/drivers/uldfhjfh.sys | 2009-11-10 11:35:10(系统)
O23 - 服务: W32Time (Windows Time) -C:/WINDOWS/System32/svchost.exe -k netsvcs| 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2111) | Microsoft Corporation| ? | svchost.exe | svchost.exe
  ->C:/WINDOWS/system32/Lang/tmcvomuigt.dll | 2009-11-10 11:38:48 | WinSVC | 2.8 | Time Windows | Microsoft LTD | 4.2.2.327 | Microsoft Corporation. | | 4.1.1.5 | (自动)
O23 - 服务: Windowss (Removableo) -C:/WINDOWS/system32/servets.exe | 2009-11-10 11:34:32(自动)
O23 - 服务: winhelp (winhelp) -c:/windows/system32/winhelp.exe | 2009-11-10 17:26:40(自动)
O23 - 服务: winhelp32 (winhelp32) -c:/windows/system32/winhelp32.exe | 2009-11-10 11:36:52(自动)
O23 - 服务: WinSCCOM (COM+ Windows System Server) -C:/WINDOWS/winsccoo.exe | 2009-11-10 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.2.3790.1830 | Generic Host Process for Win32 Services | (C) Microsoft Corporation. All rights reserved. | 5.2.3790.1830 | Microsoft Corporation | | rpcs.exe | rpcs.exe(自动)
O23 - 服务: wmitpfs (WMITPFS Service) -C:/WINDOWS/system32/svchost.exe -k wmitpfs | 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2111) | Microsoft Corporation| ? | svchost.exe | svchost.exe
  ->C:/WINDOWS/system32/wmitpfs.dll | 2009-10-30 10:38:4(自动)
O23 - 服务: xx (xx) -C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/~443475.ex (手动)
O24 - ShlExecHook: [B] - {A2BCFCEE-C939-433F-A32A-7353A6E720DB} =C:/WINDOWS/Tasks/JJX5r8wnsqUnNxGwpwn.inf | 2009-10-26 18:34:22
O24 - ShlExecHook: [C] - {E1639D0B-CC74-4C22-B662-F2F9367CBEFC} =C:/WINDOWS/Downloaded Program Files/NnjrQW5EUm9zePgHXM2eB44E.cur | 2009-10-26 18:34:36
O24 - ShlExecHook: [3] - {51716C09-6B08-4CCF-B526-718E912C0573} =C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-26 18:34:52
O24 - ShlExecHook: [C] - {9EB86543-64B5-4CA8-9241-D672720CB0BC} =C:/WINDOWS/system32/BhfwdJchYBNmD25PSCxza.inf | 2009-10-26 18:35:6
O24 - ShlExecHook: [9] - {84639C2D-CD75-4081-B515-329AFCECBF19} =C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-26 18:35:20
O24 - ShlExecHook: [5] - {B9D0F4D7-C809-4C27-9CB4-63201DFB3D05} =C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-10-26 18:35:34
O24 - ShlExecHook: [7] - {CD478099-014D-4B3A-A4BB-B518F1019BC7} =C:/WINDOWS/system32/SCEVFJRCmaB7.dll | 2009-10-26 18:35:50
O24 - ShlExecHook: [7] - {87DE8A1A-96C5-4420-B222-EF998F697CE7} =C:/WINDOWS/system32/2exJW3dsaTgWrf5uAPadmHN.dll | 2009-10-26 18:36:4
O24 - ShlExecHook: [6] - {526EB425-7F56-4773-8D70-B8E45AA8E2B6} =C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-10-26 18:36:22
O24 - ShlExecHook: [0] - {23DA65D2-C696-4EE4-BEE8-B4841DEC3E30} =C:/WINDOWS/system32/ndxq9awMc.dll | 2009-10-26 18:36:36
O24 - ShlExecHook: [F] - {81EB905C-EDF8-4033-80BF-E0F4F46733DF} =C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-26 18:36:56
O24 - ShlExecHook: [C] - {B7F1BFDC-4B6C-4E2F-AF7A-638D2D47802C} =C:/WINDOWS/system32/FsmBY3kmWnAG5gRbwGgU.inf | 2009-10-26 18:37:12
O24 - ShlExecHook: [C] - {C53C1999-1B56-41BD-8F76-520D618F112C} =C:/WINDOWS/Downloaded Program Files/gxrSG8sdA4hAbGNQXnr9JGFu6nZ.cur | 2009-10-26 18:37:28
O24 - ShlExecHook: [5] - {F181F067-7046-4DCB-993F-200990736305} =C:/WINDOWS/Downloaded Program Files/sZaeAC74EzXJeVeJu6p.cur | 2009-10-26 18:37:42
O24 - ShlExecHook: [E] - {08223B03-1B38-4A33-A83A-A4D3CC1D6E4E} =C:/WINDOWS/system32/08223B03.dll | 2009-10-26 18:38:20
O24 - ShlExecHook: [7] - {74DA2FEC-F68F-4DC7-9A45-9174AC044427} =C:/WINDOWS/system32/z6FVkEF47huPzgaXee.inf | 2009-10-26 18:38:38
O24 - ShlExecHook: [2] - {05EDDA35-1E5B-4A77-8F68-99AB967CF632} =C:/WINDOWS/system32/bWxJAeWKDxgRfhkaWEfA33C36nr.inf | 2009-10-26 18:38:54
O24 - ShlExecHook: [C] - {122B901E-493F-4AD9-BC69-7DE8C3E52FCC} =C:/WINDOWS/system32/122B901E.dll | 2009-10-26 18:39:10
O24 - ShlExecHook: [B] - {827E2FB4-1047-43DE-848D-E12BB0C97AAB} =C:/WINDOWS/Tasks/SbrmpxjdCrgRAFhz4gHh.inf | 2009-10-26 18:39:26
O24 - ShlExecHook: [1] - {8708994F-1758-4C2C-9A3F-FA22D6CCCB41} =C:/WINDOWS/fonts/A97CRaCB.fon | 2009-10-26 18:39:42
O24 - ShlExecHook: [7] - {24144CB8-10ED-4BFC-843F-68A9F3369947} =C:/WINDOWS/fonts/SD78dgC7hD2sktQHyAu.fon | 2009-10-26 18:39:58
O24 - ShlExecHook: [E] - {6049BC02-7EDA-4C41-B4AB-D5398607C39E} =C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-10-26 18:40:14
O24 - ShlExecHook: [C] - {F317E464-D4A4-4C79-82E8-CABADF738C7C} =C:/WINDOWS/system32/t9hdtMrwMeQcvYV3CMvhtNZpC.inf | 2009-10-26 18:40:30
O24 - ShlExecHook: [}] - {8A6A5B34-D995-4C5D-9338-B5E264B4A87} =C:/WINDOWS/system32/nXe2grrKNzF9dxYKmqg.inf | 2009-11-10 11:41:10
O24 - ShlExecHook: [B] - {4F5EEDE5-1687-49D2-8A17-FF0B454FB37B} =C:/WINDOWS/system32/qzp3jTZCSfSh.dll | 2009-10-26 18:41:2
O24 - ShlExecHook: [3] - {6B1604E2-A839-463C-906A-27A129781E93} =C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur | 2009-10-26 18:41:22
O24 - ShlExecHook: [4] - {D55E3C90-C192-411F-85FC-6A8A69D0C634} =C:/WINDOWS/system32/WQVBYhAJ6ADw5qzCY8gv84KTH.inf | 2009-10-26 18:41:40
O24 - ShlExecHook: [2] - {1719B301-B494-4185-9379-242461F9CF02} =C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-10-26 18:43:28
O24 - ShlExecHook: [C] - {C4BD9D5C-04CA-45E6-8539-98B07D99B6BC} =C:/WINDOWS/system32/AMNCZw74h8gwd6CpYGkrZDy8.inf | 2009-10-29 2:13:48
O24 - ShlExecHook: [5] - {3373CD28-8C35-4A36-8569-672D8CA197F5} =C:/WINDOWS/Tasks/4H5HJTHFZkxrCpehBpx4TmR.inf | 2009-10-29 1:47:10
O24 - ShlExecHook: [C] - {C3634CF6-FD22-4F3D-BBB4-AE36174A868C} =C:/WINDOWS/system32/A2CbFrBy28J6zdXNZgqCtJ6Ae.inf | 2009-10-29 2:13:52
O24 - ShlExecHook: [8] - {B59F0A61-EF3E-4A2B-9E3A-4A84EDDF2308} =C:/WINDOWS/Downloaded Program Files/AnXnubyMnv58c9vaECWX.cur | 2009-10-29 2:14:2
O24 - ShlExecHook: [B] - {012B7C3C-53AF-424E-869C-7DB92D25C31B} =C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur | 2009-10-29 2:14:20
O24 - ShlExecHook: [B] - {012AA32F-36E6-405F-9F3F-588E0AA73FBB} =C:/WINDOWS/Tasks/Wfayv6njQnCsg.inf | 2009-10-30 2:2:52
O24 - ShlExecHook: [0] - {D36A1DF7-6582-4160-B925-59A34E39FE30} =C:/WINDOWS/system32/EMQzJJURMfVkrkEx9GJ.inf | 2009-10-30 10:32:12
O24 - ShlExecHook: [0] - {7CC109E5-B2FC-4FEE-AF04-74B2DCBD2540} =C:/WINDOWS/system32/ujMhyGsS7tRV9gU2HHMkJcu7DPU.inf | 2009-11-2 1:10:32
O24 - ShlExecHook: [5] - {7198F428-77AC-4837-AFBE-1E0393575935} =C:/WINDOWS/system32/JMq7bpeR4Xa8eV5ftCB.inf | 2009-11-1 23:44:52
O24 - ShlExecHook: [A] - {8E6D4583-0FA1-41B2-BAAA-63352E6333CA} =C:/WINDOWS/system32/jY8sGUnWqbZb3x2BPhY.dll | 2009-11-2 1:11:54
O24 - ShlExecHook: [] - {C8417122-386F-48C7-8900-C82E4694FEBC} =C:/Documents and Settings/Administrator/Application Data/Spy009.dll | 2009-11-9 2:41:52
O24 - ShlExecHook: [] - {556F0F4D-9CD8-4C91-A95B-0F88D638406A} =C:/Program Files/Internet Explorer/sdk2.dll | 2009-11-10 11:59:20
O24 - ShlExecHook: [2] - {81BC0740-6E31-4BA4-81C8-EFF9ECEB3BA2} =C:/WINDOWS/system32/pEcFwPj48y6DADf87r.inf | 2009-11-7 11:6:12
O24 - ShlExecHook: [4] - {C3BDE61A-DB4C-4a68-8A01-CD4A29B88974} =C:/WINDOWS/Fonts/kb2923529.dll | 2009-11-9 2:35:29
O24 - ShlExecHook: [3] - {F9B6B005-901D-48c8-A35D-BA745F98FBD3} =C:/WINDOWS/Fonts/kb410172748.dll | 2009-11-10 17:27:48
O24 - ShlExecHook: [1] - {001A8F88-01D3-4a02-AA3F-B98E100176F1} =C:/WINDOWS/Fonts/kb5923711.dll | 2009-11-9 2:37:11
O24 - ShlExecHook: [1] - {F8EC4F9D-F88B-41CF-BC8D-3DD1737B6451} =C:/WINDOWS/system32/RXNK8eR3xW8KTCWBCGTbqm.inf | 2009-11-10 11:17:32
O24 - ShlExecHook: [F] - {DEA30687-C84E-4588-A761-5F2749455B2F} =C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf | 2009-11-10 11:30:6
O24 - ShlExecHook: [9] - {B8D2813F-E0ED-42C6-95DD-2969BD5DC639} =C:/WINDOWS/fonts/AN2Epfv2VzeHreV.fon | 2009-11-10 11:32:42
O24 - ShlExecHook: [2] - {93DA1E7D-7C46-4F90-8674-EC90511FCA72} =C:/WINDOWS/system32/CDuAUVkGy9.dll | 2009-11-10 11:33:4
O26 - IFEO: 360rpt.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: 360Safe.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: 360tray.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: DrRtp.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: egui.exe -> services.exe
O26 - IFEO: QQDoctor.exe -> C:/WINDOWS/system32/svchost.exe
O26 - IFEO: RStray.exe -> C:/WINDOWS/system32/svchost.exe
O29 - HKCU-Start Page = hxxp://www.7357.cn/#1008
O29 - HKLM-Start Page = hxxp://www.2298.cn/


(未完待续)

本文《winyyy.sys,hcpidesk.sys,mtlrd.sys,uldfhjfh.sys,servets.exe等1》版权归iteye_6637所有,引用winyyy.sys,hcpidesk.sys,mtlrd.sys,uldfhjfh.sys,servets.exe等1需遵循CC 4.0 BY-SA版权协议。


推荐阅读
  • TypeScript 实战分享:Google 工程师深度解析 TypeScript 开发经验与心得
    TypeScript 实战分享:Google 工程师深度解析 TypeScript 开发经验与心得 ... [详细]
  • 为了向用户提供虚拟应用程序,通常会在基础架构中部署StoreFront或Web Interface。为了确保安全的远程访问,通常需要在DMZ中配置Secure Gateway或Access Gateway。本文详细对比了这两种界面工具的功能特性,包括用户管理、安全性、性能优化等方面,为企业选择合适的解决方案提供了全面的参考。 ... [详细]
  • 在进行网络编程时,准确获取本地主机的IP地址是一项基本但重要的任务。Winsock作为20世纪90年代初由Microsoft与多家公司共同制定的Windows平台网络编程接口,为开发者提供了一套高效且易用的工具。通过Winsock,开发者可以轻松实现网络通信功能,并准确获取本地主机的IP地址,从而确保应用程序在网络环境中的稳定运行。此外,了解Winsock的工作原理及其API函数的使用方法,有助于提高开发效率和代码质量。 ... [详细]
  • 本文深入探讨了 MXOTDLL.dll 在 C# 环境中的应用与优化策略。针对近期公司从某生物技术供应商采购的指纹识别设备,该设备提供的 DLL 文件是用 C 语言编写的。为了更好地集成到现有的 C# 系统中,我们对原生的 C 语言 DLL 进行了封装,并利用 C# 的互操作性功能实现了高效调用。此外,文章还详细分析了在实际应用中可能遇到的性能瓶颈,并提出了一系列优化措施,以确保系统的稳定性和高效运行。 ... [详细]
  • 提升工作效率:掌握这些技巧,IDEA 使用效率翻倍 | IDEA 高效操作指南
    提升工作效率:掌握这些技巧,IDEA 使用效率翻倍 | IDEA 高效操作指南 ... [详细]
  • 基址获取与驱动开发:内核中提取ntoskrnl模块的基地址方法解析
    基址获取与驱动开发:内核中提取ntoskrnl模块的基地址方法解析 ... [详细]
  • 通过 NuGet 获取最新版本的 Rafy 框架及其详细文档
    为了帮助开发者更便捷地使用Rafy领域实体框架,我们已将最新版的Rafy框架程序集上传至nuget.org,并同步发布了最新版本的Rafy SDK至Visual Studio。此外,我们还提供了详尽的文档和示例,以确保开发者能够快速上手并充分利用该框架的强大功能。 ... [详细]
  • 本文深入探讨了ASP.NET中ViewState、Cookie和Session三种状态管理技术的区别与应用场景。ViewState主要用于保存页面控件的状态信息,确保在多次往返服务器过程中数据的一致性;Cookie则存储在客户端,适用于保存少量用户偏好设置等非敏感信息;而Session则在服务器端存储数据,适合处理需要跨页面保持的数据。文章详细分析了这三种技术的工作原理及其优缺点,并提供了实际应用中的最佳实践建议。 ... [详细]
  • 从零起步:使用IntelliJ IDEA搭建Spring Boot应用的详细指南
    从零起步:使用IntelliJ IDEA搭建Spring Boot应用的详细指南 ... [详细]
  • 结语 | 《探索二进制世界:软件安全与逆向分析》读书笔记:深入理解二进制代码的逆向工程方法
    结语 | 《探索二进制世界:软件安全与逆向分析》读书笔记:深入理解二进制代码的逆向工程方法 ... [详细]
  • 深入解析Spring框架中的双亲委派机制突破方法
    在探讨Spring框架中突破双亲委派机制的方法之前,首先需要了解类加载器的基本概念。类加载器负责将类的全限定名转换为对应的二进制字节流。每个类在被特定的类加载器加载后,其唯一性得到保证。然而,这种机制在某些场景下可能会限制灵活性,因此Spring框架提供了一些策略来突破这一限制,以实现更加动态和灵活的类加载。这些策略不仅能够提升系统的可扩展性,还能在复杂的运行环境中确保类的正确加载和管理。 ... [详细]
  • Apache Maven 3.5.0 版本的发布带来了多项重要特性和性能优化。该版本不仅改进了构建过程的效率,还增强了对复杂项目结构的支持。通过引入新的依赖解析机制和优化的插件系统,Maven 3.5.0 在提升用户体验的同时,也确保了更高的稳定性和兼容性。此外,该版本还修复了多个已知问题,进一步提升了整体的可靠性和安全性。 ... [详细]
  • 本书《.NET Core 2.* 开发者指南》是面向开发者的全面学习与实践手册,涵盖了从基础到高级的各个层面。书中详细解析了 .NET Core 的核心概念,包括如何创建 .NET Core 网站,并通过视频教程直观展示操作过程。此外,还深入探讨了 Startup 类的作用、项目目录结构的组织方式以及如何在应用中使用静态文件等内容。对于希望深入了解 .NET Core 架构和开发技巧的开发者来说,本书提供了丰富的实践案例和详尽的技术指导。 ... [详细]
  • Android开发常见问题汇总(含Gradle解决方案)第二篇
    本文继续深入探讨Android开发中常见的问题及其解决方案,特别聚焦于Gradle相关的挑战。通过详细分析和实例演示,帮助开发者高效解决构建过程中的各种难题,提升开发效率和项目稳定性。 ... [详细]
  • 基于STM32的智能太阳能路灯设计与华为云IOT集成方案
    基于STM32的智能太阳能路灯设计与华为云IOT集成方案 ... [详细]
author-avatar
冰点youth
这个家伙很懒,什么也没留下!
PHP1.CN | 中国最专业的PHP中文社区 | DevBox开发工具箱 | json解析格式化 |PHP资讯 | PHP教程 | 数据库技术 | 服务器技术 | 前端开发技术 | PHP框架 | 开发工具 | 在线工具
Copyright © 1998 - 2020 PHP1.CN. All Rights Reserved | 京公网安备 11010802041100号 | 京ICP备19059560号-4 | PHP1.CN 第一PHP社区 版权所有