昨天又一个同事的电脑出了毛病表现为:进入桌面后卡巴斯基2010自动消失,电脑卡死,没有打开IE浏览器和QQ,但在任务管理器中发现名为iexplore.exe和TXPlatform.exe的进程,不久蓝屏,提示是AntiVirus.sys引起的。
询问同事得知,因为嫌卡巴斯基2010影响了电脑响应速度,把卡巴斯基关了。然后电脑就出现了这些症状。明显是中标了。
用最新版本的 pe_xscan 扫描log并分析,发现如下可疑项(进程模块部分有省略):
pe_xscan 09-10-13 by Purple Endurer
2009-10-14 13:2:55
Windows XP Service Pack 3(5.1.2600)
MSIE:6.0.2900.5512
管理员用户组
正常模式
[System Process] * 0
C:/Program Files/Common Files/system/abbhelp.dll | 2009-10-11 13:0:2 | | 1.0.0.0 | | | 2.0.0.0 | 梦想工作室 | | |
C:/Program Files/Internet Explorer/Top.dll | 2009-9-22 16:26:22
C:/WINDOWS/system32/winldr.dll | 2009-10-11 12:59:2 | | 4.5.2.0 | | | 4.5.2.0 | | ? | |
C:/WINDOWS/system32/QQyQ7452eAVkMqdNR.inf | 2009-10-11 13:0:2
C:/WINDOWS/system32/S5kSrtwDf35EW9f2kBDF.inf | 2009-10-11 12:59:48
C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-11 12:59:34
C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-10 18:4:18
C:/WINDOWS/Downloaded Program Files/q2wbJhgRG3deKh9h2eUq.cur | 2009-10-12 7:56:58
C:/WINDOWS/Downloaded Program Files/AnXnubyMnv58c9vaECWX.cur | 2009-10-10 20:38:42
C:/WINDOWS/Downloaded Program Files/Es4sCmxdCqnrzaQ6GZrj.cur | 2009-10-10 20:38:10
C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-10 20:38:18
C:/WINDOWS/fonts/CtZ8uc499k.fon | 2009-9-22 16:24:22
C:/WINDOWS/system32/B4yNKrEEhEerKFeeA4.inf | 2009-9-22 16:23:2
C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-9-22 16:22:22
C:/WINDOWS/Downloaded Program Files/6YYnDBbzHzrrmenHmv.cur | 2009-9-22 16:19:54
C:/WINDOWS/fonts/A97CRaCB.fon | 2009-9-22 16:21:54
C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-9-22 16:21:26
C:/WINDOWS/system32/2exJW3dsaTgWrf5uAPadmHN.inf | 2009-9-22 16:19:40
C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-9-22 16:19:14
C:/WINDOWS/system32/R8ZdwYqnBwz3JS4TseHvTJ.inf | 2009-9-22 16:19:0
C:/WINDOWS/system32/SrNRKs5F7Rkv9hp.inf | 2009-9-22 16:18:34
C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-9-22 16:18:48
C:/WINDOWS/Tasks/K6xzVUK4MRGJBPE76F.inf | 2009-9-22 16:18:20
C:/WINDOWS/Tasks/CgbYR44s5jCmgAd6ar.inf | 2009-9-22 16:19:28
C:/WINDOWS/System32/csrss.exe* 940 | 2007-6-1 0:0:0
C:/Program Files/Common Files/system/abbhelp.dll | 2009-10-11 13:0:2 | | 1.0.0.0 | | | 2.0.0.0 | 梦想工作室 | | |
C:/WINDOWS/System32/winlogon.exe* 964 | 2007-6-1 0:0:0
C:/WINDOWS/Tasks/CgbYR44s5jCmgAd6ar.inf | 2009-9-22 16:19:28
C:/WINDOWS/system32/klogon.dll |$Kaspersky Lab | 2009-9-3 4:14:36
C:/Program Files/Common Files/system/abbhelp.dll | 2009-10-11 13:0:2 | | 1.0.0.0 | | | 2.0.0.0 | 梦想工作室 | | |
C:/WINDOWS/System32/services.exe* 1012 | 2007-6-1 0:0:0
C:/WINDOWS/Tasks/CgbYR44s5jCmgAd6ar.inf | 2009-9-22 16:19:28
C:/Program Files/Common Files/system/abbhelp.dll | 2009-10-11 13:0:2 | | 1.0.0.0 | | | 2.0.0.0 | 梦想工作室 | | |
C:/WINDOWS/System32/lsass.exe* 1024 | 2007-6-1 0:0:0
C:/WINDOWS/Tasks/CgbYR44s5jCmgAd6ar.inf | 2009-9-22 16:19:28
C:/Program Files/Common Files/system/abbhelp.dll | 2009-10-11 13:0:2 | | 1.0.0.0 | | | 2.0.0.0 | 梦想工作室 | | |
C:/WINDOWS/explorer.exe* 1952 | 2007-6-1 0:0:0
C:/WINDOWS/Tasks/CgbYR44s5jCmgAd6ar.inf | 2009-9-22 16:19:28
C:/WINDOWS/Tasks/7xa6vJPUxshvgQhTZH.inf | 2009-9-22 16:18:6
C:/WINDOWS/Tasks/K6xzVUK4MRGJBPE76F.inf | 2009-9-22 16:18:20
C:/WINDOWS/system32/SrNRKs5F7Rkv9hp.inf | 2009-9-22 16:18:34
C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-9-22 16:18:48
C:/WINDOWS/system32/R8ZdwYqnBwz3JS4TseHvTJ.inf | 2009-9-22 16:19:0
C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-9-22 16:19:14
C:/WINDOWS/system32/2exJW3dsaTgWrf5uAPadmHN.inf | 2009-9-22 16:19:40
C:/WINDOWS/Downloaded Program Files/6YYnDBbzHzrrmenHmv.cur | 2009-9-22 16:19:54
C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-9-22 16:21:26
C:/WINDOWS/fonts/A97CRaCB.fon | 2009-9-22 16:21:54
C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-9-22 16:22:22
C:/WINDOWS/system32/tfVH2v7ehQBEprqtNm.inf | 2009-9-22 16:22:36
C:/WINDOWS/system32/P6VyQtQJUYa3rFan7J.inf | 2009-9-22 16:22:50
C:/WINDOWS/system32/B4yNKrEEhEerKFeeA4.inf | 2009-9-22 16:23:2
C:/WINDOWS/fonts/CtZ8uc499k.fon | 2009-9-22 16:24:22
C:/WINDOWS/Tasks/eHcEcHCEmwjD8CyZDd.inf | 2009-9-22 16:24:36
C:/Program Files/Internet Explorer/Top.dll | 2009-9-22 16:26:22
C:/Documents and Settings/Administrator/Application Data/Microsoft/Internet Explorer/Expert.Dll | 2009-10-12 10:43:34
C:/WINDOWS/Downloaded Program Files/Es4sCmxdCqnrzaQ6GZrj.cur | 2009-10-10 20:38:10
C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-10 20:38:18
C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur | 2009-10-10 20:38:30
C:/WINDOWS/Downloaded Program Files/AnXnubyMnv58c9vaECWX.cur | 2009-10-10 20:38:42
C:/WINDOWS/Downloaded Program Files/sZaeAC74EzXJeVeJu6p.cur | 2009-10-10 20:39:20
C:/WINDOWS/Tasks/SbrmpxjdCrgRAFhz4gHh.inf | 2009-10-10 20:39:24
C:/WINDOWS/Tasks/JJX5r8wnsqUnNxGwpwn.inf | 2009-10-10 22:56:52
C:/WINDOWS/Tasks/txPsQUxAThX8QTR6s6Yn.inf | 2009-10-12 7:54:26
C:/WINDOWS/Tasks/EfEPEaD4ZpVMUXrDbS.inf | 2009-10-12 7:55:10
C:/WINDOWS/Downloaded Program Files/q2wbJhgRG3deKh9h2eUq.cur | 2009-10-12 7:56:58
C:/WINDOWS/Tasks/2VeFNvQbcyFhKUaXTVE9.inf | 2009-10-12 7:58:6
C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-10 18:4:18
C:/WINDOWS/system32/winldr.dll | 2009-10-11 12:59:2 | | 4.5.2.0 | | | 4.5.2.0 | | ? | |
C:/WINDOWS/system32/COMRes.dll | 2009-10-11 13:0:0
C:/WINDOWS/system32/z6FVkEF47huPzgaXee.inf | 2009-10-11 12:59:40
C:/WINDOWS/system32/122B901E.dll | 2009-10-11 12:59:36
C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-11 12:59:34
C:/WINDOWS/system32/S5kSrtwDf35EW9f2kBDF.inf | 2009-10-11 12:59:48
C:/WINDOWS/system32/EMQzJJURMfVkrkEx9GJ.inf | 2009-10-11 12:59:22
C:/WINDOWS/system32/Je9hR9NedWPyAckEN42c.inf | 2009-10-11 12:59:24
C:/WINDOWS/system32/QQyQ7452eAVkMqdNR.inf | 2009-10-11 13:0:2
C:/Program Files/Common Files/system/abbhelp.dll | 2009-10-11 13:0:2 | | 1.0.0.0 | | | 2.0.0.0 | 梦想工作室 | | |
C:/PROGRA~1/INTERN~1/PLUGINS/IEPLUG.Dll | 2009-10-12 10:43:32
C:/WINDOWS/System32/svchost.exe* 172 | 2007-6-1 0:0:0
C:/WINDOWS/Tasks/CgbYR44s5jCmgAd6ar.inf | 2009-9-22 16:19:28
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/tmp.tmp | 2009-10-12 7:53:1
C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-9-22 16:21:26
C:/WINDOWS/system32/2exJW3dsaTgWrf5uAPadmHN.inf | 2009-9-22 16:19:40
C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-9-22 16:19:14
C:/WINDOWS/system32/R8ZdwYqnBwz3JS4TseHvTJ.inf | 2009-9-22 16:19:0
C:/WINDOWS/system32/SrNRKs5F7Rkv9hp.inf | 2009-9-22 16:18:34
C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-9-22 16:18:48
C:/WINDOWS/Tasks/K6xzVUK4MRGJBPE76F.inf | 2009-9-22 16:18:20
C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-10 18:4:18
C:/WINDOWS/Downloaded Program Files/q2wbJhgRG3deKh9h2eUq.cur | 2009-10-12 7:56:58
C:/WINDOWS/Downloaded Program Files/AnXnubyMnv58c9vaECWX.cur | 2009-10-10 20:38:42
C:/WINDOWS/Downloaded Program Files/Es4sCmxdCqnrzaQ6GZrj.cur | 2009-10-10 20:38:10
C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-10 20:38:18
C:/Program Files/Internet Explorer/Top.dll | 2009-9-22 16:26:22
C:/WINDOWS/fonts/CtZ8uc499k.fon | 2009-9-22 16:24:22
C:/WINDOWS/system32/B4yNKrEEhEerKFeeA4.inf | 2009-9-22 16:23:2
C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-9-22 16:22:22
C:/WINDOWS/Downloaded Program Files/6YYnDBbzHzrrmenHmv.cur | 2009-9-22 16:19:54
C:/WINDOWS/fonts/A97CRaCB.fon | 2009-9-22 16:21:54
C:/WINDOWS/system32/S5kSrtwDf35EW9f2kBDF.inf | 2009-10-11 12:59:48
C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-11 12:59:34
C:/Program Files/Common Files/system/abbhelp.dll | 2009-10-11 13:0:2 | | 1.0.0.0 | | | 2.0.0.0 | 梦想工作室 | | |
C:/WINDOWS/System32/ctfmon.exe* 780 | 2007-6-1 0:0:0
C:/WINDOWS/Tasks/CgbYR44s5jCmgAd6ar.inf | 2009-9-22 16:19:28
C:/Program Files/Internet Explorer/Top.dll | 2009-9-22 16:26:22
C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-10 18:4:18
C:/WINDOWS/Downloaded Program Files/q2wbJhgRG3deKh9h2eUq.cur | 2009-10-12 7:56:58
C:/WINDOWS/Downloaded Program Files/AnXnubyMnv58c9vaECWX.cur | 2009-10-10 20:38:42
C:/WINDOWS/Downloaded Program Files/Es4sCmxdCqnrzaQ6GZrj.cur | 2009-10-10 20:38:10
C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-10 20:38:18
C:/WINDOWS/fonts/CtZ8uc499k.fon | 2009-9-22 16:24:22
C:/WINDOWS/system32/B4yNKrEEhEerKFeeA4.inf | 2009-9-22 16:23:2
C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-9-22 16:22:22
C:/WINDOWS/Downloaded Program Files/6YYnDBbzHzrrmenHmv.cur | 2009-9-22 16:19:54
C:/WINDOWS/fonts/A97CRaCB.fon | 2009-9-22 16:21:54
C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-9-22 16:21:26
C:/WINDOWS/system32/2exJW3dsaTgWrf5uAPadmHN.inf | 2009-9-22 16:19:40
C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-9-22 16:19:14
C:/WINDOWS/system32/R8ZdwYqnBwz3JS4TseHvTJ.inf | 2009-9-22 16:19:0
C:/WINDOWS/system32/SrNRKs5F7Rkv9hp.inf | 2009-9-22 16:18:34
C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-9-22 16:18:48
C:/WINDOWS/Tasks/K6xzVUK4MRGJBPE76F.inf | 2009-9-22 16:18:20
C:/WINDOWS/system32/S5kSrtwDf35EW9f2kBDF.inf | 2009-10-11 12:59:48
C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-11 12:59:34
C:/WINDOWS/system32/QQyQ7452eAVkMqdNR.inf | 2009-10-11 13:0:2
C:/Program Files/Common Files/system/abbhelp.dll | 2009-10-11 13:0:2 | | 1.0.0.0 | | | 2.0.0.0 | 梦想工作室 | | |
C:/WINDOWS/system32/winldr.dll | 2009-10-11 12:59:2 | | 4.5.2.0 | | | 4.5.2.0 | | ? | |
C:/Program Files/Windows NT/TXPlatform.exe * 1884 | 2009-10-10 20:41:2
C:/Progra~1/Window~1/TXPlatform.exe | 2009-10-10 20:41:2
C:/WINDOWS/Tasks/CgbYR44s5jCmgAd6ar.inf | 2009-9-22 16:19:28
C:/Program Files/Common Files/system/abbhelp.dll | 2009-10-11 13:0:2 | | 1.0.0.0 | | | 2.0.0.0 | 梦想工作室 | | |
C:/WINDOWS/System32/conime.exe* 2196 | 2007-6-1 0:0:0
C:/WINDOWS/Tasks/CgbYR44s5jCmgAd6ar.inf | 2009-9-22 16:19:28
C:/Program Files/Internet Explorer/Top.dll | 2009-9-22 16:26:22
C:/WINDOWS/system32/winldr.dll | 2009-10-11 12:59:2 | | 4.5.2.0 | | | 4.5.2.0 | | ? | |
C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-10 18:4:18
C:/WINDOWS/Downloaded Program Files/q2wbJhgRG3deKh9h2eUq.cur | 2009-10-12 7:56:58
C:/WINDOWS/Downloaded Program Files/AnXnubyMnv58c9vaECWX.cur | 2009-10-10 20:38:42
C:/WINDOWS/Downloaded Program Files/Es4sCmxdCqnrzaQ6GZrj.cur | 2009-10-10 20:38:10
C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-10 20:38:18
C:/WINDOWS/fonts/CtZ8uc499k.fon | 2009-9-22 16:24:22
C:/WINDOWS/system32/B4yNKrEEhEerKFeeA4.inf | 2009-9-22 16:23:2
C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-9-22 16:22:22
C:/WINDOWS/Downloaded Program Files/6YYnDBbzHzrrmenHmv.cur | 2009-9-22 16:19:54
C:/WINDOWS/fonts/A97CRaCB.fon | 2009-9-22 16:21:54
C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-9-22 16:21:26
C:/WINDOWS/system32/2exJW3dsaTgWrf5uAPadmHN.inf | 2009-9-22 16:19:40
C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-9-22 16:19:14
C:/WINDOWS/system32/R8ZdwYqnBwz3JS4TseHvTJ.inf | 2009-9-22 16:19:0
C:/WINDOWS/system32/SrNRKs5F7Rkv9hp.inf | 2009-9-22 16:18:34
C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-9-22 16:18:48
C:/WINDOWS/Tasks/K6xzVUK4MRGJBPE76F.inf | 2009-9-22 16:18:20
C:/WINDOWS/system32/S5kSrtwDf35EW9f2kBDF.inf | 2009-10-11 12:59:48
C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-11 12:59:34
C:/Program Files/Common Files/system/abbhelp.dll | 2009-10-11 13:0:2 | | 1.0.0.0 | | | 2.0.0.0 | 梦想工作室 | | |
C:/WINDOWS/system32/QQyQ7452eAVkMqdNR.inf | 2009-10-11 13:0:2
F2 - REG: system.ini: UserInit = <C:/WINDOWS/system32/userinit.exe C:/PROGRA~1/COMMON~1/Tencent/QQPlug/QQdoctor.exe> | 2007-6-1 0:0:0 | Microsoft(R) Windows(R) Operating System | 5, 1, 2600, 2180 | Userinit Logon Application | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation | | USERINIT.EXE | USERINIT.EXE
F2 - Shell = <Explorer.exe C:/WINDOWS/conme.exe asds> | 2007-6-1 0:0:0
O2 - BHO EyeOnIE Class - {10E1725C-7237-41A9-954A-04DCCB1FD16C} =//? C:/PROGRA~1/COMMON~1/Tencent/QQPlug/domain.dll | 2009-9-22 16:26:36
O2 - BHO Invoke Class - {24C939A2-FBBB-422f-AAAE-5251CFDEB8A9} = C:/WINDOWS/system32/d2q6.dll
O2 - BHO Invoke Class - {6FE350BC-C169-4eb0-9A2C-8731EF59A7B4} = C:/WINDOWS/system32/d2q6.dll
O2 - BHO BHO Class - {AA3D3193-E700-4087-BD8B-CDC2CDC0820F} = C:/WINDOWS/system32/e54.dll
O2 - BHO - {AA7AC97F-55E1-4DBD-A23C-4A7C67FF1A01} = C:/PROGRA~1/INTERN~1/PLUGINS/IEPLUG.Dll | 2009-10-12 10:43:32
O4 - HKLM/../run: [updater] C:/WINDOWS/system32/updater.exe
7d4ac.job
7d4b.job
O20 - AppInit_DLLs = C:/WINDOWS/Tasks/CgbYR44s5jCmgAd6ar.inf ,msinet32.dll
O22 - SharedTaskScheduler: (First_ATL Class) - {153FC33C-8D26-4620-ACBA-3371AAC67A23} = C:/WINDOWS/System32/jcoyfile.dll
O23 - 服务: AppMgmt (Application Management) - C:/WINDOWS/system32/svchost.exe -k netsvcs | 2007-6-1 0:0:0
-> C:/WINDOWS/System32/appmgmts.dll | 2004-8-4 9:55:30(自动)
O23 - 服务: devene (devene) - C:/WINDOWS/system32/5fae.exe (自动)
O23 - 服务: drmkaud (Microsoft Kernel DRM Audio Descrambler) - c:/windows/AntiVirus.sys (手动)
O23 - 服务: HidServ (HID Input Service) - C:/WINDOWS/System32/svchost.exe -k netsvcs | 2007-6-1 0:0:0
-> C:/WINDOWS/System32/hidserv.dll (自动)
O23 - 服务: ISBCCCS (IMAPI System By Catch CD-Burning COM Service) - C:/WINDOWS/system32/bfilo.exe (自动)
O23 - 服务: mchInjDrv () - C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/mc29.tmp (禁用)
O23 - 服务: MintRoot (MintRoot) - C:/Program Files/Common Files/System/MintRoot.sys (手动)
O23 - 服务: mtlrd (mtlrd) - C:/Documents and Settings/All Users/Application Data/Microsoft/Media Player/wmp/mtlrd.sys | 2009-9-25 17:18:22(自动)
O23 - 服务: MyProt (Network Monitor Protocol Driver) - system32/DRIVERS/winyyy.sys (手动)
O23 - 服务: NtmsSvc (Removable Storage) - C:/WINDOWS/system32/svchost.exe -k netsvcs | 2007-6-1 0:0:0
-> C:/WINDOWS/system32/ntmssvc.dll | 2007-6-1 0:0:0(手动)
O23 - 服务: OSEvent (OSEvent) - C:/WINDOWS/system32/s.exe (自动)
O23 - 服务: upnphost (Universal Plug and Play Device Host) - C:/WINDOWS/system32/svchost.exe -k LocalService | 2007-6-1 0:0:0
-> C:/WINDOWS/System32/upnphost.dll | 2007-6-1 0:0:0(手动)
O23 - 服务: vb (vb) - C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/~1193312.ex (手动)
O23 - 服务: windows数据备份 (windows数据备份) - cmd.exe /c start C:/Progra~1/Window~1/TXPlatform.exe | Microsoft(R) Windows(R) Operating System | 5.1.2600.5512 | Windows Command Processor | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2111) | Microsoft Corporation| ? | cmd | Cmd.Exe(自动)
O23 - 服务: winhelp (winhelp) - c:/windows/system32/winhelp.exe (自动)
O23 - 服务: winhelp32 (winhelp32) - c:/windows/system32/winhelp32.exe (自动)
O23 - 服务: WinSCCOM (COM+ Windows System Server) - C:/WINDOWS/winsccoo.exe (自动)
O23 - 服务: WmdmPmSN (Portable Media Serial Number Service) - C:/WINDOWS/System32/svchost.exe -k netsvcs | 2007-6-1 0:0:0
-> C:/WINDOWS/system32/MsPMSNSv.dll | 2004-8-4 9:55:30(自动)
O23 - 服务: wmitpfs (WMITPFS Service) - C:/WINDOWS/system32/svchost.exe -k wmitpfs | 2007-6-1 0:0:0
-> C:/WINDOWS/system32/wmitpfs.dll (自动)
O23 - 服务: xmlprov (Network Provisioning Service) - C:/WINDOWS/System32/svchost.exe -k netsvcs | 2007-6-1 0:0:0
-> C:/WINDOWS/System32/xmlprov.dll | 2004-8-4 9:55:30(自动)
O24 - ShlExecHook: [8] - {7BACC4F8-0754-4BA0-BB18-9DDB1B8C6C48} = C:/WINDOWS/Tasks/7xa6vJPUxshvgQhTZH.inf | 2009-9-22 16:18:6
O24 - ShlExecHook: [9] - {66D2E7CF-582B-4146-85B3-93224CB76DC9} = C:/WINDOWS/Tasks/K6xzVUK4MRGJBPE76F.inf | 2009-9-22 16:18:20
O24 - ShlExecHook: [0] - {610B6886-2A1A-475A-A842-65A613C70460} = C:/WINDOWS/system32/SrNRKs5F7Rkv9hp.inf | 2009-9-22 16:18:34
O24 - ShlExecHook: [E] - {6049BC02-7EDA-4C41-B4AB-D5398607C39E} = C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-9-22 16:18:48
O24 - ShlExecHook: [5] - {79462C10-DB9A-4CA0-B3DB-24AE72636B75} = C:/WINDOWS/system32/R8ZdwYqnBwz3JS4TseHvTJ.inf | 2009-9-22 16:19:0
O24 - ShlExecHook: [6] - {526EB425-7F56-4773-8D70-B8E45AA8E2B6} = C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-9-22 16:19:14
O24 - ShlExecHook: [1] - {11FDB6D4-166A-47BF-A0F8-A09DABA75FC1} = C:/WINDOWS/Tasks/CgbYR44s5jCmgAd6ar.inf | 2009-9-22 16:19:28
O24 - ShlExecHook: [7] - {87DE8A1A-96C5-4420-B222-EF998F697CE7} = C:/WINDOWS/system32/2exJW3dsaTgWrf5uAPadmHN.inf | 2009-9-22 16:19:40
O24 - ShlExecHook: [D] - {E9C84B05-22D2-4820-99B0-4AAAA7CD6A5D} = C:/WINDOWS/Downloaded Program Files/6YYnDBbzHzrrmenHmv.cur | 2009-9-22 16:19:54
O24 - ShlExecHook: [C] - {122B901E-493F-4AD9-BC69-7DE8C3E52FCC} = C:/WINDOWS/system32/122B901E.dll | 2009-10-11 12:59:36
O24 - ShlExecHook: [7] - {CD478099-014D-4B3A-A4BB-B518F1019BC7} = C:/WINDOWS/system32/SCEVFJRCmaB7.dll
O24 - ShlExecHook: [2] - {93DA1E7D-7C46-4F90-8674-EC90511FCA72} = C:/WINDOWS/system32/CDuAUVkGy9.dll
O24 - ShlExecHook: [D] - {704C3595-DB85-40F6-A601-8D6F346907BD} = C:/WINDOWS/system32/704C3595.dll
O24 - ShlExecHook: [3] - {51716C09-6B08-4CCF-B526-718E912C0573} = C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-11 12:59:34
O24 - ShlExecHook: [2] - {1719B301-B494-4185-9379-242461F9CF02} = C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-9-22 16:21:26
O24 - ShlExecHook: [C] - {76CBCF38-0583-44C7-A1AE-D463DFE625EC} = C:/WINDOWS/system32/skcfujQ5EDN.dll
O24 - ShlExecHook: [1] - {8708994F-1758-4C2C-9A3F-FA22D6CCCB41} = C:/WINDOWS/fonts/A97CRaCB.fon | 2009-9-22 16:21:54
O24 - ShlExecHook: [9] - {5405A7B2-F3F5-446F-8715-2A4EF674E079} = C:/WINDOWS/system32/rfpz9wwyy2np.dll
O24 - ShlExecHook: [5] - {B9D0F4D7-C809-4C27-9CB4-63201DFB3D05} = C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-9-22 16:22:22
O24 - ShlExecHook: [6] - {23784612-5FEC-4E07-97FD-D5B5954A4236} = C:/WINDOWS/system32/tfVH2v7ehQBEprqtNm.inf | 2009-9-22 16:22:36
O24 - ShlExecHook: [D] - {E16EA4C8-040B-4A12-A0F5-783963AD665D} = C:/WINDOWS/system32/P6VyQtQJUYa3rFan7J.inf | 2009-9-22 16:22:50
O24 - ShlExecHook: [0] - {C1B34818-3883-4A0A-9665-189A8A39EAB0} = C:/WINDOWS/system32/B4yNKrEEhEerKFeeA4.inf | 2009-9-22 16:23:2
O24 - ShlExecHook: [B] - {4F5EEDE5-1687-49D2-8A17-FF0B454FB37B} = C:/WINDOWS/system32/qzp3jTZCSfSh.dll
O24 - ShlExecHook: [0] - {23DA65D2-C696-4EE4-BEE8-B4841DEC3E30} = C:/WINDOWS/system32/ndxq9awMc.dll
O24 - ShlExecHook: [A] - {36AC68E6-0C26-4D39-B98E-54B49DAB6BAA} = C:/WINDOWS/system32/dhDhwS7fFW.dll
O24 - ShlExecHook: [F] - {2EF0D734-21FD-4225-A1A2-BCD296182AAF} = C:/WINDOWS/system32/2EF0D734.dll
O24 - ShlExecHook: [A] - {C2EE4B05-6467-40E1-8638-C8B895AE335A} = C:/WINDOWS/fonts/CtZ8uc499k.fon | 2009-9-22 16:24:22
O24 - ShlExecHook: [B] - {A8939870-6CD5-40FC-8708-32215AF7DFEB} = C:/WINDOWS/Tasks/eHcEcHCEmwjD8CyZDd.inf | 2009-9-22 16:24:36
O24 - ShlExecHook: [] - {FE23FF53-3B2C-4DBE-92F8-90CF9F4C1480} = C:/Program Files/Internet Explorer/Top.dll | 2009-9-22 16:26:22
O24 - ShlExecHook: [] - {76757940-7773-4AA5-BB57-F4A0270E165C} = C:/Documents and Settings/Administrator/Application Data/Microsoft/Internet Explorer/Expert.Dll | 2009-10-12 10:43:34
O24 - ShlExecHook: [8] - {AA5D8D4C-4925-4E47-98F9-A79E465C81C8} = C:/WINDOWS/Downloaded Program Files/Es4sCmxdCqnrzaQ6GZrj.cur | 2009-10-10 20:38:10
O24 - ShlExecHook: [9] - {C20C5A13-4DD7-40D9-90B4-700BAB0BBBE9} = C:/WINDOWS/system32/S5kSrtwDf35EW9f2kBDF.inf | 2009-10-11 12:59:48
O24 - ShlExecHook: [9] - {84639C2D-CD75-4081-B515-329AFCECBF19} = C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-10 20:38:18
O24 - ShlExecHook: [3] - {9C20D654-5AF8-4DB7-A125-1A17D7065C73} = C:/WINDOWS/system32/QQyQ7452eAVkMqdNR.inf | 2009-10-11 13:0:2
O24 - ShlExecHook: [3] - {6B1604E2-A839-463C-906A-27A129781E93} = C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur | 2009-10-10 20:38:30
O24 - ShlExecHook: [9] - {C07B914B-C164-42D2-9838-1422C3F70D99} = C:/WINDOWS/system32/BPRBASgvesMzHRfu3AfB.inf
O24 - ShlExecHook: [8] - {B59F0A61-EF3E-4A2B-9E3A-4A84EDDF2308} = C:/WINDOWS/Downloaded Program Files/AnXnubyMnv58c9vaECWX.cur | 2009-10-10 20:38:42
O24 - ShlExecHook: [7] - {74DA2FEC-F68F-4DC7-9A45-9174AC044427} = C:/WINDOWS/system32/z6FVkEF47huPzgaXee.inf | 2009-10-11 12:59:40
O24 - ShlExecHook: [C] - {B7F1BFDC-4B6C-4E2F-AF7A-638D2D47802C} = C:/WINDOWS/system32/FsmBY3kmWnAG5gRbwGgU.inf
O24 - ShlExecHook: [9] - {7938BD2F-0143-4C46-991C-71069712D9D9} = C:/WINDOWS/system32/DMvJFcDsGe5Kccsmc6gZFjB.inf
O24 - ShlExecHook: [D] - {3F86C1E9-E95A-41AF-AD72-7D9A1742232D} = C:/WINDOWS/system32/aR5azFSWstNWktJjswK5.inf
O24 - ShlExecHook: [5] - {F181F067-7046-4DCB-993F-200990736305} = C:/WINDOWS/Downloaded Program Files/sZaeAC74EzXJeVeJu6p.cur | 2009-10-10 20:39:20
O24 - ShlExecHook: [B] - {827E2FB4-1047-43DE-848D-E12BB0C97AAB} = C:/WINDOWS/Tasks/SbrmpxjdCrgRAFhz4gHh.inf | 2009-10-10 20:39:24
O24 - ShlExecHook: [}] - {8A6A5B34-D995-4C5D-9338-B5E264B4A87} = C:/WINDOWS/system32/nXe2grrKNzF9dxYKmqg.inf
O24 - ShlExecHook: [B] - {A2BCFCEE-C939-433F-A32A-7353A6E720DB} = C:/WINDOWS/Tasks/JJX5r8wnsqUnNxGwpwn.inf | 2009-10-10 22:56:52
O24 - ShlExecHook: [0] - {D36A1DF7-6582-4160-B925-59A34E39FE30} = C:/WINDOWS/system32/EMQzJJURMfVkrkEx9GJ.inf | 2009-10-11 12:59:22
O24 - ShlExecHook: [3] - {20CFDC59-228C-481F-80B6-404BCFA16B13} = C:/WINDOWS/system32/Je9hR9NedWPyAckEN42c.inf | 2009-10-11 12:59:24
O24 - ShlExecHook: [B] - {B6C3510F-2666-496B-A46F-6EEFD6328C2B} = C:/WINDOWS/Tasks/txPsQUxAThX8QTR6s6Yn.inf | 2009-10-12 7:54:26
O24 - ShlExecHook: [0] - {7488E47D-E8F3-41C0-B2DA-9B2BD8803A80} = C:/WINDOWS/Tasks/EfEPEaD4ZpVMUXrDbS.inf | 2009-10-12 7:55:10
O24 - ShlExecHook: [E] - {08223B03-1B38-4A33-A83A-A4D3CC1D6E4E} = C:/WINDOWS/system32/08223B03.dll
O24 - ShlExecHook: [2] - {861603EA-21EB-487F-87FD-D373009787A2} = C:/WINDOWS/Downloaded Program Files/q2wbJhgRG3deKh9h2eUq.cur | 2009-10-12 7:56:58
O24 - ShlExecHook: [2] - {335A9BAE-19FA-42F2-AFD2-20C3275EF392} = C:/WINDOWS/system32/qfK6YS52MyExkxpwMDmHq.inf
O24 - ShlExecHook: [E] - {0DCB6565-A9F9-41CA-97E1-65F4A6345F3E} = C:/WINDOWS/Tasks/2VeFNvQbcyFhKUaXTVE9.inf | 2009-10-12 7:58:6
O24 - ShlExecHook: [0] - {CE38B9E6-AF0C-4B93-AFAB-A20C2311FFD0} = C:/WINDOWS/system32/X5T4kV8DNmMbdRXAUx82K.inf
O24 - ShlExecHook: [E] - {3DCB9005-ABA0-47F8-8C40-49ABC04AE5EE} = C:/WINDOWS/system32/W8MvNsbGCCW52XyxV8wQ.inf
O24 - ShlExecHook: [5] - {CB661471-055A-4C5B-9ED0-497B9908FEF5} = C:/WINDOWS/system32/CWcQnWxHjWqtE6PsYyEe.inf
O24 - ShlExecHook: [A] - {8E6D4583-0FA1-41B2-BAAA-63352E6333CA} = C:/WINDOWS/system32/jY8sGUnWqbZb3x2BPhY.dll
O24 - ShlExecHook: [3] - {09FDF8F4-0F9E-4C84-9F0C-21A1143815E3} = C:/WINDOWS/system32/pwd4Xpm8KYzkcbqcaKT.inf
O24 - ShlExecHook: [F] - {81EB905C-EDF8-4033-80BF-E0F4F46733DF} = C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-10 18:4:18
O25 - InsCom: {E6389DF0-CF0D-4018-82C6-7EF518E3262E} = C:/Program Files/Common Files/system/qmc.exe
O26 - IFEO: 360hotfix.exe -> ntsd -d
O26 - IFEO: 360rpt.exe -> ntsd -d
O26 - IFEO: 360safe.exe -> ntsd -d
O26 - IFEO: 360safebox.exe -> ntsd -d
O26 - IFEO: 360SoftMgrSvc.exe -> ntsd -d
O26 - IFEO: 360speedld.exe -> ntsd -d
O26 - IFEO: 360tray.exe -> ntsd -d
O26 - IFEO: ast.exe -> ntsd -d
O26 - IFEO: avcenter.exe -> ntsd -d
O26 - IFEO: avgnt.exe -> ntsd -d
O26 - IFEO: avguard.exe -> ntsd -d
O26 - IFEO: avmailc.exe -> ntsd -d
O26 - IFEO: avp.exe -> ntsd -d
O26 - IFEO: avwebgrd.exe -> ntsd -d
O26 - IFEO: bdagent.exe -> ntsd -d
O26 - IFEO: CCenter.exe -> ntsd -d
O26 - IFEO: ccSvcHst.exe -> ntsd -d
O26 - IFEO: egui.exe -> ntsd -d
O26 - IFEO: ekrn.exe -> ntsd -d
O26 - IFEO: kavstart.exe -> ntsd -d
O26 - IFEO: kissvc.exe -> ntsd -d
O26 - IFEO: kmailmon.exe -> ntsd -d
O26 - IFEO: kpfw32.exe -> ntsd -d
O26 - IFEO: kpfwsvc.exe -> ntsd -d
O26 - IFEO: krnl360svc -> ntsd -d
O26 - IFEO: krnl360svc.exe -> ntsd -d
O26 - IFEO: kswebshield.exe -> ntsd -d
O26 - IFEO: KVMonXP.kxp -> ntsd -d
O26 - IFEO: KVSrvXP.exe -> ntsd -d
O26 - IFEO: kwatch.exe -> ntsd -d
O26 - IFEO: livesrv.exe -> ntsd -d
O26 - IFEO: Mcagent.exe -> ntsd -d
O26 - IFEO: mcmscsvc.exe -> ntsd -d
O26 - IFEO: McNASvc.exe -> ntsd -d
O26 - IFEO: Mcods.exe -> ntsd -d
O26 - IFEO: McProxy.exe -> ntsd -d
O26 - IFEO: McSACore.exe -> ntsd -d
O26 - IFEO: Mcshield.exe -> ntsd -d
O26 - IFEO: mcsysmon.exe -> ntsd -d
O26 - IFEO: mcvsshld.exe -> ntsd -d
O26 - IFEO: MpfSrv.exe -> ntsd -d
O26 - IFEO: MPMon.exe -> ntsd -d
O26 - IFEO: MPSVC.exe -> ntsd -d
O26 - IFEO: MPSVC1.exe -> ntsd -d
O26 - IFEO: MPSVC2.exe -> ntsd -d
O26 - IFEO: msksrver.exe -> ntsd -d
O26 - IFEO: qutmserv.exe -> ntsd -d
O26 - IFEO: RavMonD.exe -> ntsd -d
O26 - IFEO: RavTask.exe -> ntsd -d
O26 - IFEO: RsAgent.exe -> ntsd -d
O26 - IFEO: rsnetsvr.exe -> ntsd -d
O26 - IFEO: RsTray.exe -> ntsd -d
O26 - IFEO: ScanFrm.exe -> ntsd -d
O26 - IFEO: sched.exe -> ntsd -d
O26 - IFEO: seccenter.exe -> ntsd -d
O26 - IFEO: SfCtlCom.exe -> ntsd -d
O26 - IFEO: TMBMSRV.exe -> ntsd -d
O26 - IFEO: TmProxy.exe -> ntsd -d
O26 - IFEO: UfSeAgnt.exe -> ntsd -d
O26 - IFEO: vsserv.exe -> ntsd -d
O26 - IFEO: 修复工具.exe -> ntsd -d
O29 - HKCU-Start Page = hxxp://www.2345.com/
O30 - IeOpenHomePage = C:/Program Files/Internet Explorer/iexplore.exe" hxxp://www.zhaodao123.com/?h
HKLM/SHOWALL 值非1
(未完待续)