遭遇kav32.exe,scvhost.exe,NXD.exe,extext74296t.exe等1
endurer 原创
2009-11-10 第1版
昨天一位同事的电脑中了病毒,瑞星监控小伞图标消失;点击开始菜单中的程序项无法运行程序;无法运行WinRAR,提示文件被另外一个程序使用;无法关机……请偶帮忙检修~
使用 pe_xscan 扫描log 并分析,发现如下可疑项(进程模块部分有省略):
pe_xscan 09-10-13 by Purple Endurer
2009-11-9 10:3:40
Windows XP Service Pack 3(5.1.2600)
MSIE:6.0.2900.5512
管理员用户组
正常模式
[System Process] * 0
C:/WINDOWS/Fonts/kb12922049.dll | 2009-10-29 22:0:49
C:/WINDOWS/Fonts/kb1118573.dll | 2009-11-1 18:57:3
C:/WINDOWS/Fonts/kb13224250.dll | 2009-11-3 22:42:50
C:/WINDOWS/system32/WINMSCABC.IME | 2009-10-17 12:57:26 | | 1, 0, 0, 1 | 英文(美国) | 版权所有(C) 1999 | 1, 0, 0, 1 | | | | 英文(美国)
C:/WINDOWS/system32/substdals.dll | 2009-10-17 12:57:26
C:/WINDOWS/system32/wininet.dll | 2008-6-12 10:0:51 | Microsoft(R) Windows(R) Operating System | 6.00.2900.5583 | Internet Extensions for Win32 | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430) | Microsoft Corporation | ? | wininet.dll | wininet.dll
C:/WINDOWS/Downloaded Program Files/RUw6jGCJJGg4B6RDY83.cur | 2009-11-8 9:16:5
C:/WINDOWS/system32/EHcM5UkuFS6pQv5sm.inf | 2009-11-8 9:15:59
C:/WINDOWS/system32/JMq7bpeR4Xa8eV5ftCB.inf | 2009-11-3 10:25:1
C:/WINDOWS/Tasks/4H5HJTHFZkxrCpehBpx4TmR.inf | 2009-10-30 20:19:58
C:/WINDOWS/system32/A2CbFrBy28J6zdXNZgqCtJ6Ae.inf | 2009-10-30 20:19:51
C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur | 2009-10-30 20:19:10
C:/WINDOWS/Tasks/Wfayv6njQnCsg.inf | 2009-10-30 20:18:3
C:/WINDOWS/system32/WQVBYhAJ6ADw5qzCY8gv84KTH.inf | 2009-10-26 8:27:52
C:/WINDOWS/system32/ujMhyGsS7tRV9gU2HHMkJcu7DPU.inf | 2009-10-26 8:26:26
C:/WINDOWS/system32/rb37sCqvGmszGJ3aQYB5qRczx.inf | 2009-10-26 8:25:48
C:/WINDOWS/system32/AMNCZw74h8gwd6CpYGkrZDy8.inf | 2009-10-17 12:57:32
C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-14 16:20:30
C:/WINDOWS/system32/pwd4Xpm8KYzkcbqcaKT.inf | 2009-10-14 8:18:22
C:/WINDOWS/Tasks/txPsQUxAThX8QTR6s6Yn.inf | 2009-10-12 18:50:42
C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur | 2009-10-12 18:49:58
C:/WINDOWS/system32/Je9hR9NedWPyAckEN42c.inf | 2009-10-12 18:48:57
C:/WINDOWS/system32/S5kSrtwDf35EW9f2kBDF.inf | 2009-10-12 18:48:32
C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-10-12 18:49:46
C:/WINDOWS/system32/08223B03.dll | 2009-10-10 19:0:52
C:/WINDOWS/system32/qzp3jTZCSfSh.dll | 2009-10-12 18:50:17
C:/WINDOWS/system32/QQyQ7452eAVkMqdNR.inf | 2009-10-12 8:59:17
C:/WINDOWS/system32/FsmBY3kmWnAG5gRbwGgU.inf | 2009-10-12 18:50:5
C:/WINDOWS/fonts/A97CRaCB.fon | 2009-10-12 18:50:55
C:/WINDOWS/system32/BPRBASgvesMzHRfu3AfB.inf | 2009-10-12 18:50:36
C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-10-12 18:48:38
C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-12 18:48:14
C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-10-12 18:48:45
C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-10 18:59:17
C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-10-12 18:50:30
C:/WINDOWS/system32/winlogon.exe* 764 | 2008-4-14 20:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.5512 | Windows NT Logon Application | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2113) | Microsoft Corporation | ? | winlogon | WINLOGON.EXE
C:/WINDOWS/Fonts/kb12922049.dll | 2009-10-29 22:0:49
C:/WINDOWS/Fonts/kb1118573.dll | 2009-11-1 18:57:3
C:/WINDOWS/Fonts/kb13224250.dll | 2009-11-3 22:42:50
C:/WINDOWS/system32/sfc_os.dll | 2008-6-12 10:1:11 | Microsoft(R) Windows(R) Operating System | 5.1.2600.5512 | Windows 文件保护 | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2111) | Microsoft Corporation | ? | sfc.dll | sfc.dll
C:/WINDOWS/system32/WINMSCABC.IME | 2009-10-17 12:57:26 | | 1, 0, 0, 1 | 英文(美国) | 版权所有(C) 1999 | 1, 0, 0, 1 | | | | 英文(美国)
C:/WINDOWS/system32/substdals.dll | 2009-10-17 12:57:26
C:/WINDOWS/system32/wininet.dll | 2008-6-12 10:0:51 | Microsoft(R) Windows(R) Operating System | 6.00.2900.5583 | Internet Extensions for Win32 | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430) | Microsoft Corporation | ? | wininet.dll | wininet.dll
C:/WINDOWS/system32/COMRes.dll | 2009-11-8 9:16:11
C:/WINDOWS/WinSxS/x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df/gdiplus.dll | 2009-10-20 16:1:6 | Microsoft? Windows? Operating System | 5.2.6001.22319 | Microsoft GDI+ | ? Microsoft Corporation. All rights reserved. | 5.2.6001.22319 (vistasp1_ldr.081126-1506) | Microsoft Corporation | ? | gdiplus | gdiplus
C:/WINDOWS/system32/kb1891611.dll | 2009-11-8 9:16:11
C:/WINDOWS/system32/lsass.exe* 844 | 2008-4-14 20:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | LSA Shell (Export Version) | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2113) | Microsoft Corporation | ? | lsass.exe | lsass.exe
C:/WINDOWS/system32/DNSAPI.dll | 2008-6-21 1:46:0 | Microsoft? Windows? Operating System | 5.1.2600.5625 | DNS Client API DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) | Microsoft Corporation | ? | dnsapi | dnsapi
C:/WINDOWS/system32/mswsock.dll | 2008-6-21 1:46:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.5625 | Microsoft Windows Sockets 2.0 Service Provider | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) | Microsoft Corporation | ? | mswsock.dll | mswsock.dll
C:/WINDOWS/system32/qt-dx3.dll | 2009-10-12 18:47:55
C:/WINDOWS/system32/sfc_os.dll | 2008-6-12 10:1:11 | Microsoft(R) Windows(R) Operating System | 5.1.2600.5512 | Windows 文件保护 | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2111) | Microsoft Corporation | ? | sfc.dll | sfc.dll
C:/WINDOWS/system32/svchost.exe* 1152 | 2008-4-14 20:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2111) | Microsoft Corporation | ? | svchost.exe | svchost.exe
C:/WINDOWS/system32/mswsock.dll | 2008-6-21 1:46:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.5625 | Microsoft Windows Sockets 2.0 Service Provider | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) | Microsoft Corporation | ? | mswsock.dll | mswsock.dll
C:/WINDOWS/system32/qt-dx3.dll | 2009-10-12 18:47:55
C:/WINDOWS/system32/sfc_os.dll | 2008-6-12 10:1:11 | Microsoft(R) Windows(R) Operating System | 5.1.2600.5512 | Windows 文件保护 | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2111) | Microsoft Corporation | ? | sfc.dll | sfc.dll
C:/WINDOWS/system32/DNSAPI.dll | 2008-6-21 1:46:0 | Microsoft? Windows? Operating System | 5.1.2600.5625 | DNS Client API DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) | Microsoft Corporation | ? | dnsapi | dnsapi
C:/WINDOWS/system32/COMRes.dll | 2009-11-8 9:16:11
C:/WINDOWS/WinSxS/x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df/gdiplus.dll | 2009-10-20 16:1:6 | Microsoft? Windows? Operating System | 5.2.6001.22319 | Microsoft GDI+ | ? Microsoft Corporation. All rights reserved. | 5.2.6001.22319 (vistasp1_ldr.081126-1506) | Microsoft Corporation | ? | gdiplus | gdiplus
C:/WINDOWS/system32/kb1891611.dll | 2009-11-8 9:16:11
C:/WINDOWS/system32/userinit.exe* 1976 | 2009-10-12 8:56:38
C:/WINDOWS/system32/WININET.dll | 2008-6-12 10:0:51 | Microsoft(R) Windows(R) Operating System | 6.00.2900.5583 | Internet Extensions for Win32 | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430) | Microsoft Corporation | ? | wininet.dll | wininet.dll
C:/WINDOWS/Fonts/kb12922049.dll | 2009-10-29 22:0:49
C:/WINDOWS/Fonts/kb1118573.dll | 2009-11-1 18:57:3
C:/WINDOWS/Fonts/kb13224250.dll | 2009-11-3 22:42:50
C:/WINDOWS/system32/mswsock.dll | 2008-6-21 1:46:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.5625 | Microsoft Windows Sockets 2.0 Service Provider | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) | Microsoft Corporation | ? | mswsock.dll | mswsock.dll
C:/WINDOWS/system32/qt-dx3.dll | 2009-10-12 18:47:55
C:/WINDOWS/system32/sfc_os.dll | 2008-6-12 10:1:11 | Microsoft(R) Windows(R) Operating System | 5.1.2600.5512 | Windows 文件保护 | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2111) | Microsoft Corporation | ? | sfc.dll | sfc.dll
C:/WINDOWS/Downloaded Program Files/RUw6jGCJJGg4B6RDY83.cur | 2009-11-8 9:16:5
C:/WINDOWS/system32/EHcM5UkuFS6pQv5sm.inf | 2009-11-8 9:15:59
C:/WINDOWS/system32/JMq7bpeR4Xa8eV5ftCB.inf | 2009-11-3 10:25:1
C:/WINDOWS/Tasks/4H5HJTHFZkxrCpehBpx4TmR.inf | 2009-10-30 20:19:58
C:/WINDOWS/system32/A2CbFrBy28J6zdXNZgqCtJ6Ae.inf | 2009-10-30 20:19:51
C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur | 2009-10-30 20:19:10
C:/WINDOWS/Tasks/Wfayv6njQnCsg.inf | 2009-10-30 20:18:3
C:/WINDOWS/system32/WQVBYhAJ6ADw5qzCY8gv84KTH.inf | 2009-10-26 8:27:52
C:/WINDOWS/system32/ujMhyGsS7tRV9gU2HHMkJcu7DPU.inf | 2009-10-26 8:26:26
C:/WINDOWS/system32/rb37sCqvGmszGJ3aQYB5qRczx.inf | 2009-10-26 8:25:48
C:/WINDOWS/system32/AMNCZw74h8gwd6CpYGkrZDy8.inf | 2009-10-17 12:57:32
C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-14 16:20:30
C:/WINDOWS/system32/pwd4Xpm8KYzkcbqcaKT.inf | 2009-10-14 8:18:22
C:/WINDOWS/Tasks/txPsQUxAThX8QTR6s6Yn.inf | 2009-10-12 18:50:42
C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur | 2009-10-12 18:49:58
C:/WINDOWS/system32/Je9hR9NedWPyAckEN42c.inf | 2009-10-12 18:48:57
C:/WINDOWS/system32/S5kSrtwDf35EW9f2kBDF.inf | 2009-10-12 18:48:32
C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-10-12 18:49:46
C:/WINDOWS/system32/08223B03.dll | 2009-10-10 19:0:52
C:/WINDOWS/system32/qzp3jTZCSfSh.dll | 2009-10-12 18:50:17
C:/WINDOWS/system32/QQyQ7452eAVkMqdNR.inf | 2009-10-12 8:59:17
C:/WINDOWS/system32/FsmBY3kmWnAG5gRbwGgU.inf | 2009-10-12 18:50:5
C:/WINDOWS/fonts/A97CRaCB.fon | 2009-10-12 18:50:55
C:/WINDOWS/system32/BPRBASgvesMzHRfu3AfB.inf | 2009-10-12 18:50:36
C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-10-12 18:48:38
C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-12 18:48:14
C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-10-12 18:48:45
C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-10 18:59:17
C:/WINDOWS/system32/DNSAPI.dll | 2008-6-21 1:46:0 | Microsoft? Windows? Operating System | 5.1.2600.5625 | DNS Client API DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) | Microsoft Corporation | ? | dnsapi | dnsapi
C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-10-12 18:50:30
C:/WINDOWS/explorer.exe* 196 | 2008-4-14 20:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2900.5512 | Windows Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.5512 (xpsp.080413-2105) | Microsoft Corporation | ? | explorer | EXPLORER.EXE
C:/WINDOWS/system32/WININET.dll | 2008-6-12 10:0:51 | Microsoft(R) Windows(R) Operating System | 6.00.2900.5583 | Internet Extensions for Win32 | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430) | Microsoft Corporation | ? | wininet.dll | wininet.dll
C:/WINDOWS/Fonts/kb12922049.dll | 2009-10-29 22:0:49
C:/WINDOWS/Fonts/kb1118573.dll | 2009-11-1 18:57:3
C:/WINDOWS/Fonts/kb13224250.dll | 2009-11-3 22:42:50
C:/WINDOWS/system32/WINMSCABC.IME | 2009-10-17 12:57:26 | | 1, 0, 0, 1 | 英文(美国) | 版权所有(C) 1999 | 1, 0, 0, 1 | | | | 英文(美国)
C:/WINDOWS/system32/substdals.dll | 2009-10-17 12:57:26
C:/WINDOWS/system32/COMRes.dll | 2009-11-8 9:16:11
C:/WINDOWS/WinSxS/x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df/gdiplus.dll | 2009-10-20 16:1:6 | Microsoft? Windows? Operating System | 5.2.6001.22319 | Microsoft GDI+ | ? Microsoft Corporation. All rights reserved. | 5.2.6001.22319 (vistasp1_ldr.081126-1506) | Microsoft Corporation | ? | gdiplus | gdiplus
C:/WINDOWS/system32/kb1891611.dll | 2009-11-8 9:16:11
C:/WINDOWS/system32/RavExt.dll |$Beijing Rising Information Technology Corporation Limited | 2009-6-2 16:26:24 | Rising AntiVirus 2009 | 21, 0, 0, 12 | Rising Shell Ext Module | Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved. | 21, 0, 0, 12 | Beijing Rising Information Technology Co., Ltd. | ? | Beijing Rising Information Technology Co., Ltd. | RavExt.DLL
C:/WINDOWS/system32/CDuAUVkGy9.dll | 2009-10-12 18:49:34
C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-10-12 18:50:30
C:/WINDOWS/system32/SCEVFJRCmaB7.dll | 2009-10-12 18:49:22
C:/WINDOWS/Tasks/SbrmpxjdCrgRAFhz4gHh.inf | 2009-10-12 18:51:1
C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-10 18:59:17
C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-10-12 18:48:45
C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-12 18:48:14
C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-10-12 18:48:38
C:/WINDOWS/system32/BPRBASgvesMzHRfu3AfB.inf | 2009-10-12 18:50:36
C:/WINDOWS/Downloaded Program Files/sZaeAC74EzXJeVeJu6p.cur | 2009-10-12 18:50:24
C:/WINDOWS/fonts/A97CRaCB.fon | 2009-10-12 18:50:55
C:/WINDOWS/system32/FsmBY3kmWnAG5gRbwGgU.inf | 2009-10-12 18:50:5
C:/WINDOWS/system32/z6FVkEF47huPzgaXee.inf | 2009-10-12 18:49:28
C:/WINDOWS/system32/DMvJFcDsGe5Kccsmc6gZFjB.inf | 2009-10-10 19:0:30
C:/WINDOWS/system32/QQyQ7452eAVkMqdNR.inf | 2009-10-12 8:59:17
C:/WINDOWS/system32/qzp3jTZCSfSh.dll | 2009-10-12 18:50:17
C:/WINDOWS/system32/ndxq9awMc.dll | 2009-10-12 18:48:51
C:/WINDOWS/system32/08223B03.dll | 2009-10-10 19:0:52
C:/WINDOWS/system32/122B901E.dll | 2009-10-12 18:49:9
C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-10-12 18:49:46
C:/WINDOWS/system32/S5kSrtwDf35EW9f2kBDF.inf | 2009-10-12 18:48:32
C:/WINDOWS/system32/Je9hR9NedWPyAckEN42c.inf | 2009-10-12 18:48:57
C:/WINDOWS/system32/jY8sGUnWqbZb3x2BPhY.dll | 2009-10-12 18:49:3
C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur | 2009-10-12 18:49:58
C:/WINDOWS/system32/CWcQnWxHjWqtE6PsYyEe.inf | 2009-10-12 18:50:11
C:/WINDOWS/Tasks/txPsQUxAThX8QTR6s6Yn.inf | 2009-10-12 18:50:42
C:/WINDOWS/system32/pwd4Xpm8KYzkcbqcaKT.inf | 2009-10-14 8:18:22
C:/WINDOWS/system32/FXNEE8UE86dAU4wwQSW.inf | 2009-10-14 8:20:26
C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-14 16:20:30
C:/WINDOWS/system32/AMNCZw74h8gwd6CpYGkrZDy8.inf | 2009-10-17 12:57:32
C:/WINDOWS/system32/rb37sCqvGmszGJ3aQYB5qRczx.inf | 2009-10-26 8:25:48
C:/WINDOWS/system32/ujMhyGsS7tRV9gU2HHMkJcu7DPU.inf | 2009-10-26 8:26:26
C:/WINDOWS/system32/t9hdtMrwMeQcvYV3CMvhtNZpC.inf | 2009-10-26 8:26:44
C:/WINDOWS/system32/WQVBYhAJ6ADw5qzCY8gv84KTH.inf | 2009-10-26 8:27:52
C:/WINDOWS/Downloaded Program Files/gxrSG8sdA4hAbGNQXnr9JGFu6nZ.cur | 2009-10-26 22:31:6
C:/WINDOWS/Tasks/Wfayv6njQnCsg.inf | 2009-10-30 20:18:3
C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur | 2009-10-30 20:19:10
C:/WINDOWS/system32/A2CbFrBy28J6zdXNZgqCtJ6Ae.inf | 2009-10-30 20:19:51
C:/WINDOWS/Tasks/4H5HJTHFZkxrCpehBpx4TmR.inf | 2009-10-30 20:19:58
C:/WINDOWS/Downloaded Program Files/SsdvFhFVu3Q7T5u.cur | 2009-11-3 10:24:49
C:/WINDOWS/system32/JMq7bpeR4Xa8eV5ftCB.inf | 2009-11-3 10:25:1
C:/WINDOWS/system32/EHcM5UkuFS6pQv5sm.inf | 2009-11-8 9:15:59
C:/WINDOWS/Downloaded Program Files/RUw6jGCJJGg4B6RDY83.cur | 2009-11-8 9:16:5
C:/WINDOWS/system32/YYWP.dll
C:/WINDOWS/system32/stobject.dll | 2009-10-12 18:45:23 | Microsoft(R) Windows(R) Operating System | 5.1.2600.5512 | Systray shell service object | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2105) | Microsoft Corporation | ? | stobject | stobject.dll
C:/Program Files/Messenger/msgscr.dll | 2009-11-9 10:2:48 | Messenger | Version 4.7.3002 | Messenger Service | Copyright (c) Microsoft Corporation 2004 | 4.7.3002 | Microsoft Corporation | Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. | ? | ?
C:/Program Files/Internet Explorer/iedw.dll | 2009-10-12 18:51:19
C:/WINDOWS/system32/sfc_os.dll | 2008-6-12 10:1:11 | Microsoft(R) Windows(R) Operating System | 5.1.2600.5512 | Windows 文件保护 | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2111) | Microsoft Corporation | ? | sfc.dll | sfc.dll
C:/Program Files/WinRar/ZipExt.dll | 2009-10-12 18:47:31
C:/WINDOWS/system32/SoundxVolumns.dll | 2009-10-12 8:57:36 | BrowserHelper | 1.00 | ? | ? | 1.00 | Lenovo (Beijing) Limited | ? | BrowserHelper | BrowserHelper.dll
C:/WINDOWS/system32/conime.exe* 1628 | 2008-4-14 20:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | Console IME | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2105) | Microsoft Corporation | ? | Console | CONIME.EXE
C:/WINDOWS/Fonts/kb12922049.dll | 2009-10-29 22:0:49
C:/WINDOWS/Fonts/kb1118573.dll | 2009-11-1 18:57:3
C:/WINDOWS/Fonts/kb13224250.dll | 2009-11-3 22:42:50
C:/WINDOWS/system32/WINMSCABC.IME | 2009-10-17 12:57:26 | | 1, 0, 0, 1 | 英文(美国) | 版权所有(C) 1999 | 1, 0, 0, 1 | | | | 英文(美国)
C:/WINDOWS/system32/substdals.dll | 2009-10-17 12:57:26
C:/WINDOWS/system32/wininet.dll | 2008-6-12 10:0:51 | Microsoft(R) Windows(R) Operating System | 6.00.2900.5583 | Internet Extensions for Win32 | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430) | Microsoft Corporation | ? | wininet.dll | wininet.dll
C:/WINDOWS/Downloaded Program Files/RUw6jGCJJGg4B6RDY83.cur | 2009-11-8 9:16:5
C:/WINDOWS/system32/EHcM5UkuFS6pQv5sm.inf | 2009-11-8 9:15:59
C:/WINDOWS/system32/JMq7bpeR4Xa8eV5ftCB.inf | 2009-11-3 10:25:1
C:/WINDOWS/Tasks/4H5HJTHFZkxrCpehBpx4TmR.inf | 2009-10-30 20:19:58
C:/WINDOWS/system32/A2CbFrBy28J6zdXNZgqCtJ6Ae.inf | 2009-10-30 20:19:51
C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur | 2009-10-30 20:19:10
C:/WINDOWS/Tasks/Wfayv6njQnCsg.inf | 2009-10-30 20:18:3
C:/WINDOWS/system32/WQVBYhAJ6ADw5qzCY8gv84KTH.inf | 2009-10-26 8:27:52
C:/WINDOWS/system32/ujMhyGsS7tRV9gU2HHMkJcu7DPU.inf | 2009-10-26 8:26:26
C:/WINDOWS/system32/rb37sCqvGmszGJ3aQYB5qRczx.inf | 2009-10-26 8:25:48
C:/WINDOWS/system32/AMNCZw74h8gwd6CpYGkrZDy8.inf | 2009-10-17 12:57:32
C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-14 16:20:30
C:/WINDOWS/system32/pwd4Xpm8KYzkcbqcaKT.inf | 2009-10-14 8:18:22
C:/WINDOWS/Tasks/txPsQUxAThX8QTR6s6Yn.inf | 2009-10-12 18:50:42
C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur | 2009-10-12 18:49:58
C:/WINDOWS/system32/Je9hR9NedWPyAckEN42c.inf | 2009-10-12 18:48:57
C:/WINDOWS/system32/S5kSrtwDf35EW9f2kBDF.inf | 2009-10-12 18:48:32
C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-10-12 18:49:46
C:/WINDOWS/system32/08223B03.dll | 2009-10-10 19:0:52
C:/WINDOWS/system32/qzp3jTZCSfSh.dll | 2009-10-12 18:50:17
C:/WINDOWS/system32/QQyQ7452eAVkMqdNR.inf | 2009-10-12 8:59:17
C:/WINDOWS/system32/FsmBY3kmWnAG5gRbwGgU.inf | 2009-10-12 18:50:5
C:/WINDOWS/fonts/A97CRaCB.fon | 2009-10-12 18:50:55
C:/WINDOWS/system32/BPRBASgvesMzHRfu3AfB.inf | 2009-10-12 18:50:36
C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-10-12 18:48:38
C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-12 18:48:14
C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-10-12 18:48:45
C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-10 18:59:17
C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-10-12 18:50:30
C:/WINDOWS/system32/rundll32.exe* 248 | 2008-4-14 20:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.5512 | Run a DLL as an App | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2105) | Microsoft Corporation | ? | rundll | RUNDLL.EXE
C:/WINDOWS/Fonts/kb12922049.dll | 2009-10-29 22:0:49
C:/WINDOWS/Fonts/kb1118573.dll | 2009-11-1 18:57:3
C:/WINDOWS/Fonts/kb13224250.dll | 2009-11-3 22:42:50
C:/WINDOWS/MKMKrnl.dll | 2009-10-12 18:47:37
C:/WINDOWS/system32/WININET.dll | 2008-6-12 10:0:51 | Microsoft(R) Windows(R) Operating System | 6.00.2900.5583 | Internet Extensions for Win32 | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430) | Microsoft Corporation | ? | wininet.dll | wininet.dll
C:/WINDOWS/system32/WINMSCABC.IME | 2009-10-17 12:57:26 | | 1, 0, 0, 1 | 英文(美国) | 版权所有(C) 1999 | 1, 0, 0, 1 | | | | 英文(美国)
C:/WINDOWS/system32/substdals.dll | 2009-10-17 12:57:26
C:/WINDOWS/Downloaded Program Files/RUw6jGCJJGg4B6RDY83.cur | 2009-11-8 9:16:5
C:/WINDOWS/system32/EHcM5UkuFS6pQv5sm.inf | 2009-11-8 9:15:59
C:/WINDOWS/system32/JMq7bpeR4Xa8eV5ftCB.inf | 2009-11-3 10:25:1
C:/WINDOWS/Tasks/4H5HJTHFZkxrCpehBpx4TmR.inf | 2009-10-30 20:19:58
C:/WINDOWS/system32/A2CbFrBy28J6zdXNZgqCtJ6Ae.inf | 2009-10-30 20:19:51
C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur | 2009-10-30 20:19:10
C:/WINDOWS/Tasks/Wfayv6njQnCsg.inf | 2009-10-30 20:18:3
C:/WINDOWS/system32/WQVBYhAJ6ADw5qzCY8gv84KTH.inf | 2009-10-26 8:27:52
C:/WINDOWS/system32/ujMhyGsS7tRV9gU2HHMkJcu7DPU.inf | 2009-10-26 8:26:26
C:/WINDOWS/system32/rb37sCqvGmszGJ3aQYB5qRczx.inf | 2009-10-26 8:25:48
C:/WINDOWS/system32/AMNCZw74h8gwd6CpYGkrZDy8.inf | 2009-10-17 12:57:32
C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-14 16:20:30
C:/WINDOWS/system32/pwd4Xpm8KYzkcbqcaKT.inf | 2009-10-14 8:18:22
C:/WINDOWS/Tasks/txPsQUxAThX8QTR6s6Yn.inf | 2009-10-12 18:50:42
C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur | 2009-10-12 18:49:58
C:/WINDOWS/system32/Je9hR9NedWPyAckEN42c.inf | 2009-10-12 18:48:57
C:/WINDOWS/system32/S5kSrtwDf35EW9f2kBDF.inf | 2009-10-12 18:48:32
C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-10-12 18:49:46
C:/WINDOWS/system32/08223B03.dll | 2009-10-10 19:0:52
C:/WINDOWS/system32/qzp3jTZCSfSh.dll | 2009-10-12 18:50:17
C:/WINDOWS/system32/QQyQ7452eAVkMqdNR.inf | 2009-10-12 8:59:17
C:/WINDOWS/system32/FsmBY3kmWnAG5gRbwGgU.inf | 2009-10-12 18:50:5
C:/WINDOWS/fonts/A97CRaCB.fon | 2009-10-12 18:50:55
C:/WINDOWS/system32/BPRBASgvesMzHRfu3AfB.inf | 2009-10-12 18:50:36
C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-10-12 18:48:38
C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-12 18:48:14
C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-10-12 18:48:45
C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-10 18:59:17
C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-10-12 18:50:30
C:/WINDOWS/System32/mswsock.dll | 2008-6-21 1:46:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.5625 | Microsoft Windows Sockets 2.0 Service Provider | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) | Microsoft Corporation | ? | mswsock.dll | mswsock.dll
C:/WINDOWS/system32/qt-dx3.dll | 2009-10-12 18:47:55
C:/WINDOWS/system32/sfc_os.dll | 2008-6-12 10:1:11 | Microsoft(R) Windows(R) Operating System | 5.1.2600.5512 | Windows 文件保护 | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2111) | Microsoft Corporation | ? | sfc.dll | sfc.dll
C:/WINDOWS/system32/DNSAPI.dll | 2008-6-21 1:46:0 | Microsoft? Windows? Operating System | 5.1.2600.5625 | DNS Client API DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) | Microsoft Corporation | ? | dnsapi | dnsapi
C:/WINDOWS/system32/rundll32.exe* 1924 | 2008-4-14 20:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.5512 | Run a DLL as an App | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2105) | Microsoft Corporation | ? | rundll | RUNDLL.EXE
C:/WINDOWS/Fonts/kb12922049.dll | 2009-10-29 22:0:49
C:/WINDOWS/Fonts/kb1118573.dll | 2009-11-1 18:57:3
C:/WINDOWS/Fonts/kb13224250.dll | 2009-11-3 22:42:50
C:/WINDOWS/system32/WINMSCABC.IME | 2009-10-17 12:57:26 | | 1, 0, 0, 1 | 英文(美国) | 版权所有(C) 1999 | 1, 0, 0, 1 | | | | 英文(美国)
C:/WINDOWS/system32/substdals.dll | 2009-10-17 12:57:26
C:/WINDOWS/system32/wininet.dll | 2008-6-12 10:0:51 | Microsoft(R) Windows(R) Operating System | 6.00.2900.5583 | Internet Extensions for Win32 | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430) | Microsoft Corporation | ? | wininet.dll | wininet.dll
C:/WINDOWS/Downloaded Program Files/RUw6jGCJJGg4B6RDY83.cur | 2009-11-8 9:16:5
C:/WINDOWS/system32/EHcM5UkuFS6pQv5sm.inf | 2009-11-8 9:15:59
C:/WINDOWS/system32/JMq7bpeR4Xa8eV5ftCB.inf | 2009-11-3 10:25:1
C:/WINDOWS/Tasks/4H5HJTHFZkxrCpehBpx4TmR.inf | 2009-10-30 20:19:58
C:/WINDOWS/system32/A2CbFrBy28J6zdXNZgqCtJ6Ae.inf | 2009-10-30 20:19:51
C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur | 2009-10-30 20:19:10
C:/WINDOWS/Tasks/Wfayv6njQnCsg.inf | 2009-10-30 20:18:3
C:/WINDOWS/system32/WQVBYhAJ6ADw5qzCY8gv84KTH.inf | 2009-10-26 8:27:52
C:/WINDOWS/system32/ujMhyGsS7tRV9gU2HHMkJcu7DPU.inf | 2009-10-26 8:26:26
C:/WINDOWS/system32/rb37sCqvGmszGJ3aQYB5qRczx.inf | 2009-10-26 8:25:48
C:/WINDOWS/system32/AMNCZw74h8gwd6CpYGkrZDy8.inf | 2009-10-17 12:57:32
C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-14 16:20:30
C:/WINDOWS/system32/pwd4Xpm8KYzkcbqcaKT.inf | 2009-10-14 8:18:22
C:/WINDOWS/Tasks/txPsQUxAThX8QTR6s6Yn.inf | 2009-10-12 18:50:42
C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur | 2009-10-12 18:49:58
C:/WINDOWS/system32/Je9hR9NedWPyAckEN42c.inf | 2009-10-12 18:48:57
C:/WINDOWS/system32/S5kSrtwDf35EW9f2kBDF.inf | 2009-10-12 18:48:32
C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-10-12 18:49:46
C:/WINDOWS/system32/08223B03.dll | 2009-10-10 19:0:52
C:/WINDOWS/system32/qzp3jTZCSfSh.dll | 2009-10-12 18:50:17
C:/WINDOWS/system32/QQyQ7452eAVkMqdNR.inf | 2009-10-12 8:59:17
C:/WINDOWS/system32/FsmBY3kmWnAG5gRbwGgU.inf | 2009-10-12 18:50:5
C:/WINDOWS/fonts/A97CRaCB.fon | 2009-10-12 18:50:55
C:/WINDOWS/system32/BPRBASgvesMzHRfu3AfB.inf | 2009-10-12 18:50:36
C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-10-12 18:48:38
C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-12 18:48:14
C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-10-12 18:48:45
C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-10 18:59:17
C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-10-12 18:50:30
C:/WINDOWS/system32/scvhost.exe* 2096 | 2009-10-10 20:9:30
C:/WINDOWS/Fonts/kb12922049.dll | 2009-10-29 22:0:49
C:/WINDOWS/Fonts/kb1118573.dll | 2009-11-1 18:57:3
C:/WINDOWS/Fonts/kb13224250.dll | 2009-11-3 22:42:50
C:/WINDOWS/system32/rundll32.exe* 2172 | 2008-4-14 20:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.5512 | Run a DLL as an App | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2105) | Microsoft Corporation | ? | rundll | RUNDLL.EXE
C:/WINDOWS/Fonts/kb12922049.dll | 2009-10-29 22:0:49
C:/WINDOWS/Fonts/kb1118573.dll | 2009-11-1 18:57:3
C:/WINDOWS/Fonts/kb13224250.dll | 2009-11-3 22:42:50
C:/WINDOWS/MPKrnl.dll | 2009-10-12 18:48:2
C:/WINDOWS/system32/WININET.dll | 2008-6-12 10:0:51 | Microsoft(R) Windows(R) Operating System | 6.00.2900.5583 | Internet Extensions for Win32 | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430) | Microsoft Corporation | ? | wininet.dll | wininet.dll
C:/WINDOWS/system32/WINMSCABC.IME | 2009-10-17 12:57:26 | | 1, 0, 0, 1 | 英文(美国) | 版权所有(C) 1999 | 1, 0, 0, 1 | | | | 英文(美国)
C:/WINDOWS/system32/substdals.dll | 2009-10-17 12:57:26
C:/WINDOWS/Downloaded Program Files/RUw6jGCJJGg4B6RDY83.cur | 2009-11-8 9:16:5
C:/WINDOWS/system32/EHcM5UkuFS6pQv5sm.inf | 2009-11-8 9:15:59
C:/WINDOWS/system32/JMq7bpeR4Xa8eV5ftCB.inf | 2009-11-3 10:25:1
C:/WINDOWS/Tasks/4H5HJTHFZkxrCpehBpx4TmR.inf | 2009-10-30 20:19:58
C:/WINDOWS/system32/A2CbFrBy28J6zdXNZgqCtJ6Ae.inf | 2009-10-30 20:19:51
C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur | 2009-10-30 20:19:10
C:/WINDOWS/Tasks/Wfayv6njQnCsg.inf | 2009-10-30 20:18:3
C:/WINDOWS/system32/WQVBYhAJ6ADw5qzCY8gv84KTH.inf | 2009-10-26 8:27:52
C:/WINDOWS/system32/ujMhyGsS7tRV9gU2HHMkJcu7DPU.inf | 2009-10-26 8:26:26
C:/WINDOWS/system32/rb37sCqvGmszGJ3aQYB5qRczx.inf | 2009-10-26 8:25:48
C:/WINDOWS/system32/AMNCZw74h8gwd6CpYGkrZDy8.inf | 2009-10-17 12:57:32
C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-14 16:20:30
C:/WINDOWS/system32/pwd4Xpm8KYzkcbqcaKT.inf | 2009-10-14 8:18:22
C:/WINDOWS/Tasks/txPsQUxAThX8QTR6s6Yn.inf | 2009-10-12 18:50:42
C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur | 2009-10-12 18:49:58
C:/WINDOWS/system32/Je9hR9NedWPyAckEN42c.inf | 2009-10-12 18:48:57
C:/WINDOWS/system32/S5kSrtwDf35EW9f2kBDF.inf | 2009-10-12 18:48:32
C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-10-12 18:49:46
C:/WINDOWS/system32/08223B03.dll | 2009-10-10 19:0:52
C:/WINDOWS/system32/qzp3jTZCSfSh.dll | 2009-10-12 18:50:17
C:/WINDOWS/system32/QQyQ7452eAVkMqdNR.inf | 2009-10-12 8:59:17
C:/WINDOWS/system32/FsmBY3kmWnAG5gRbwGgU.inf | 2009-10-12 18:50:5
C:/WINDOWS/fonts/A97CRaCB.fon | 2009-10-12 18:50:55
C:/WINDOWS/system32/BPRBASgvesMzHRfu3AfB.inf | 2009-10-12 18:50:36
C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-10-12 18:48:38
C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-12 18:48:14
C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-10-12 18:48:45
C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-10 18:59:17
C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-10-12 18:50:30
C:/WINDOWS/System32/mswsock.dll | 2008-6-21 1:46:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.5625 | Microsoft Windows Sockets 2.0 Service Provider | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) | Microsoft Corporation | ? | mswsock.dll | mswsock.dll
C:/WINDOWS/system32/qt-dx3.dll | 2009-10-12 18:47:55
C:/WINDOWS/system32/sfc_os.dll | 2008-6-12 10:1:11 | Microsoft(R) Windows(R) Operating System | 5.1.2600.5512 | Windows 文件保护 | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2111) | Microsoft Corporation | ? | sfc.dll | sfc.dll
C:/WINDOWS/system32/DNSAPI.dll | 2008-6-21 1:46:0 | Microsoft? Windows? Operating System | 5.1.2600.5625 | DNS Client API DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) | Microsoft Corporation | ? | dnsapi | dnsapi
C:/WINDOWS/system32/COMRes.dll | 2009-11-8 9:16:11
C:/WINDOWS/WinSxS/x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df/gdiplus.dll | 2009-10-20 16:1:6 | Microsoft? Windows? Operating System | 5.2.6001.22319 | Microsoft GDI+ | ? Microsoft Corporation. All rights reserved. | 5.2.6001.22319 (vistasp1_ldr.081126-1506) | Microsoft Corporation | ? | gdiplus | gdiplus
C:/WINDOWS/system32/kb1891611.dll | 2009-11-8 9:16:11
C:/WINDOWS/MSVB50CHS.dll | 2009-10-12 18:48:2 | WmiLib | 1.00 | ? | ? | 1.00 | Matrix | ? | WMILib | WMILib.dll
C:/WINDOWS/system32/ctfmon.exe* 2224 | 2008-4-14 20:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | CTF Loader | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2105) | Microsoft Corporation | ? | CTFMON | CTFMON.EXE
C:/WINDOWS/Fonts/kb12922049.dll | 2009-10-29 22:0:49
C:/WINDOWS/Fonts/kb1118573.dll | 2009-11-1 18:57:3
C:/WINDOWS/Fonts/kb13224250.dll | 2009-11-3 22:42:50
C:/WINDOWS/system32/WINMSCABC.IME | 2009-10-17 12:57:26 | | 1, 0, 0, 1 | 英文(美国) | 版权所有(C) 1999 | 1, 0, 0, 1 | | | | 英文(美国)
C:/WINDOWS/system32/substdals.dll | 2009-10-17 12:57:26
C:/WINDOWS/system32/wininet.dll | 2008-6-12 10:0:51 | Microsoft(R) Windows(R) Operating System | 6.00.2900.5583 | Internet Extensions for Win32 | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430) | Microsoft Corporation | ? | wininet.dll | wininet.dll
C:/WINDOWS/Downloaded Program Files/RUw6jGCJJGg4B6RDY83.cur | 2009-11-8 9:16:5
C:/WINDOWS/system32/EHcM5UkuFS6pQv5sm.inf | 2009-11-8 9:15:59
C:/WINDOWS/system32/JMq7bpeR4Xa8eV5ftCB.inf | 2009-11-3 10:25:1
C:/WINDOWS/Tasks/4H5HJTHFZkxrCpehBpx4TmR.inf | 2009-10-30 20:19:58
C:/WINDOWS/system32/A2CbFrBy28J6zdXNZgqCtJ6Ae.inf | 2009-10-30 20:19:51
C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur | 2009-10-30 20:19:10
C:/WINDOWS/Tasks/Wfayv6njQnCsg.inf | 2009-10-30 20:18:3
C:/WINDOWS/system32/WQVBYhAJ6ADw5qzCY8gv84KTH.inf | 2009-10-26 8:27:52
C:/WINDOWS/system32/ujMhyGsS7tRV9gU2HHMkJcu7DPU.inf | 2009-10-26 8:26:26
C:/WINDOWS/system32/rb37sCqvGmszGJ3aQYB5qRczx.inf | 2009-10-26 8:25:48
C:/WINDOWS/system32/AMNCZw74h8gwd6CpYGkrZDy8.inf | 2009-10-17 12:57:32
C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-14 16:20:30
C:/WINDOWS/system32/pwd4Xpm8KYzkcbqcaKT.inf | 2009-10-14 8:18:22
C:/WINDOWS/Tasks/txPsQUxAThX8QTR6s6Yn.inf | 2009-10-12 18:50:42
C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur | 2009-10-12 18:49:58
C:/WINDOWS/system32/Je9hR9NedWPyAckEN42c.inf | 2009-10-12 18:48:57
C:/WINDOWS/system32/S5kSrtwDf35EW9f2kBDF.inf | 2009-10-12 18:48:32
C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-10-12 18:49:46
C:/WINDOWS/system32/08223B03.dll | 2009-10-10 19:0:52
C:/WINDOWS/system32/qzp3jTZCSfSh.dll | 2009-10-12 18:50:17
C:/WINDOWS/system32/QQyQ7452eAVkMqdNR.inf | 2009-10-12 8:59:17
C:/WINDOWS/system32/FsmBY3kmWnAG5gRbwGgU.inf | 2009-10-12 18:50:5
C:/WINDOWS/fonts/A97CRaCB.fon | 2009-10-12 18:50:55
C:/WINDOWS/system32/BPRBASgvesMzHRfu3AfB.inf | 2009-10-12 18:50:36
C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-10-12 18:48:38
C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-12 18:48:14
C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-10-12 18:48:45
C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-10 18:59:17
C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-10-12 18:50:30
C:/WINDOWS/extext74296t.exe* 3328 | 2009-11-9 10:3:32
C:/WINDOWS/system32/WININET.dll | 2008-6-12 10:0:51 | Microsoft(R) Windows(R) Operating System | 6.00.2900.5583 | Internet Extensions for Win32 | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430) | Microsoft Corporation | ? | wininet.dll | wininet.dll
C:/WINDOWS/Fonts/kb12922049.dll | 2009-10-29 22:0:49
C:/WINDOWS/Fonts/kb1118573.dll | 2009-11-1 18:57:3
C:/WINDOWS/Fonts/kb13224250.dll | 2009-11-3 22:42:50
C:/WINDOWS/extext74406t.exe* 4016 | 2009-11-9 10:3:32
C:/WINDOWS/system32/WININET.dll | 2008-6-12 10:0:51 | Microsoft(R) Windows(R) Operating System | 6.00.2900.5583 | Internet Extensions for Win32 | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430) | Microsoft Corporation | ? | wininet.dll | wininet.dll
C:/WINDOWS/Fonts/kb12922049.dll | 2009-10-29 22:0:49
C:/WINDOWS/Fonts/kb1118573.dll | 2009-11-1 18:57:3
C:/WINDOWS/Fonts/kb13224250.dll | 2009-11-3 22:42:50
F2 - REG: system.ini: UserInit = <C:/WINDOWS/system32/userinit.exe,> | 2009-10-12 8:56:38
F2 - Shell = <Explorer.exe> | 2008-4-14 20:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2900.5512 | Windows Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.5512 (xpsp.080413-2105) | Microsoft Corporation | ? | explorer | EXPLORER.EXE
O2 - BHO - {0010BB0C-2F85-46C3-B06A-0F87BB08646C} = .dll
O2 - BHO BrowserHelper.CBrowserHelper - {3AC4BF88-8BEB-4B87-AFBC-D090AB40B812} = C:/WINDOWS/system32/SoundxVolumns.dll | 2009-10-12 8:57:36 | BrowserHelper | 1.00 | ? | ? | 1.00 | Lenovo (Beijing) Limited | ? | BrowserHelper | BrowserHelper.dll
O4 - HKLM/../run: [360Soft] C:/WINDOWS/system32/scvhost.exe
O4 - HKLM/../run: [RsTray] C:/WINDOWS/system32/scvhost.exe
O4 - HKLM/../run: [MPKrnl] rundll32 "C:/WINDOWS/MPKrnl.dll",KrnlMsgProc
C:/autorun.inf
/-----
[AutoRun]
open= recycle.{645FF040-5081-101B-9F08-00AA002F954E}/kav32.exe
shell/open= 打开(&O)
shell/open/Command= recycle.{645FF040-5081-101B-9F08-00AA002F954E}/kav32.exe
shell/explore= 资源管理器 (&X)
shell/explore/Command= recycle.{645FF040-5081-101B-9F08-00AA002F954E}/kav32.exe
-----/
O20 - AppInit_DLLs = C:/WINDOWS/Downloaded Program Files/RUw6jGCJJGg4B6RDY83.cur,C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur,C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur,C:/WINDOWS/Fonts/kb12922049.dll,C:/WINDOWS/Fonts/kb1118573.dll,C:/WINDOWS/Fonts/kb13224250.dll
O23 - 服务: AFD (AFD) - C:/WINDOWS/System32/drivers/afd.sys | 2008-6-20 19:40:8 | Microsoft? Windows? Operating System | 5.1.2600.5625 | Ancillary Function Driver for WinSock | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) | Microsoft Corporation | ? | afd.sys | afd.sys(将启)
O23 - 服务: Nla (Network Location Awareness (NLA)) - C:/WINDOWS/system32/svchost.exe -k netsvcs | 2008-4-14 20:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2111) | Microsoft Corporation | ? | svchost.exe | svchost.exe
-> C:/WINDOWS/System32/mswsock.dll | 2008-6-21 1:46:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.5625 | Microsoft Windows Sockets 2.0 Service Provider | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) | Microsoft Corporation | ? | mswsock.dll | mswsock.dll(将启)
O23 - 服务: NXD (NXD Service) - C:/WINDOWS/system32/NXD.exe | 2009-10-10 20:14:19 | Rising AntiVirus 2009 | 21.00 | RavCopy Module | Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved. | 21.0.0.17 | Beijing Rising Information Technology Co., Ltd. | ? | Beijing Rising Information Technology Co., Ltd. | ravcopy.exe(停止)
O23 - 服务: sbgsz (sphg) - C:/WINDOWS/system32/drivers/sphgp.sys(将启)
O24 - ShlExecHook: [2] - {93DA1E7D-7C46-4F90-8674-EC90511FCA72} = C:/WINDOWS/system32/CDuAUVkGy9.dll | 2009-10-12 18:49:34
O24 - ShlExecHook: [2] - {1719B301-B494-4185-9379-242461F9CF02} = C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-10-12 18:50:30
O24 - ShlExecHook: [7] - {CD478099-014D-4B3A-A4BB-B518F1019BC7} = C:/WINDOWS/system32/SCEVFJRCmaB7.dll | 2009-10-12 18:49:22
O24 - ShlExecHook: [B] - {827E2FB4-1047-43DE-848D-E12BB0C97AAB} = C:/WINDOWS/Tasks/SbrmpxjdCrgRAFhz4gHh.inf | 2009-10-12 18:51:1
O24 - ShlExecHook: [F] - {2EF0D734-21FD-4225-A1A2-BCD296182AAF} = C:/WINDOWS/system32/2EF0D734.dll
O24 - ShlExecHook: [8] - {AA5D8D4C-4925-4E47-98F9-A79E465C81C8} = C:/WINDOWS/Downloaded Program Files/Es4sCmxdCqnrzaQ6GZrj.cur
O24 - ShlExecHook: [3] - {51716C09-6B08-4CCF-B526-718E912C0573} = C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-10 18:59:17
O24 - ShlExecHook: [E] - {6049BC02-7EDA-4C41-B4AB-D5398607C39E} = C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-10-12 18:48:45
O24 - ShlExecHook: [9] - {84639C2D-CD75-4081-B515-329AFCECBF19} = C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-12 18:48:14
O24 - ShlExecHook: [6] - {526EB425-7F56-4773-8D70-B8E45AA8E2B6} = C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-10-12 18:48:38
O24 - ShlExecHook: [D] - {DD8A574E-DFEC-4B02-9465-64692491072D} = C:/WINDOWS/Downloaded Program Files/dScKUgK2NYg8Uar5xyA9.cur
O24 - ShlExecHook: [7] - {87DE8A1A-96C5-4420-B222-EF998F697CE7} = C:/WINDOWS/system32/2exJW3dsaTgWrf5uAPadmHN.inf
O24 - ShlExecHook: [9] - {C07B914B-C164-42D2-9838-1422C3F70D99} = C:/WINDOWS/system32/BPRBASgvesMzHRfu3AfB.inf | 2009-10-12 18:50:36
O24 - ShlExecHook: [5] - {F181F067-7046-4DCB-993F-200990736305} = C:/WINDOWS/Downloaded Program Files/sZaeAC74EzXJeVeJu6p.cur | 2009-10-12 18:50:24
O24 - ShlExecHook: [1] - {8708994F-1758-4C2C-9A3F-FA22D6CCCB41} = C:/WINDOWS/fonts/A97CRaCB.fon | 2009-10-12 18:50:55
O24 - ShlExecHook: [C] - {B7F1BFDC-4B6C-4E2F-AF7A-638D2D47802C} = C:/WINDOWS/system32/FsmBY3kmWnAG5gRbwGgU.inf | 2009-10-12 18:50:5
O24 - ShlExecHook: [8] - {B59F0A61-EF3E-4A2B-9E3A-4A84EDDF2308} = C:/WINDOWS/Downloaded Program Files/AnXnubyMnv58c9vaECWX.cur
O24 - ShlExecHook: [}] - {8A6A5B34-D995-4C5D-9338-B5E264B4A87} = C:/WINDOWS/system32/nXe2grrKNzF9dxYKmqg.inf | 2009-11-3 22:42:42
O24 - ShlExecHook: [7] - {74DA2FEC-F68F-4DC7-9A45-9174AC044427} = C:/WINDOWS/system32/z6FVkEF47huPzgaXee.inf | 2009-10-12 18:49:28
O24 - ShlExecHook: [1] - {11FDB6D4-166A-47BF-A0F8-A09DABA75FC1} = C:/WINDOWS/Tasks/CgbYR44s5jCmgAd6ar.inf
O24 - ShlExecHook: [9] - {7938BD2F-0143-4C46-991C-71069712D9D9} = C:/WINDOWS/system32/DMvJFcDsGe5Kccsmc6gZFjB.inf | 2009-10-10 19:0:30
O24 - ShlExecHook: [3] - {9C20D654-5AF8-4DB7-A125-1A17D7065C73} = C:/WINDOWS/system32/QQyQ7452eAVkMqdNR.inf | 2009-10-12 8:59:17
O24 - ShlExecHook: [B] - {4F5EEDE5-1687-49D2-8A17-FF0B454FB37B} = C:/WINDOWS/system32/qzp3jTZCSfSh.dll | 2009-10-12 18:50:17
O24 - ShlExecHook: [0] - {23DA65D2-C696-4EE4-BEE8-B4841DEC3E30} = C:/WINDOWS/system32/ndxq9awMc.dll | 2009-10-12 18:48:51
O24 - ShlExecHook: [E] - {08223B03-1B38-4A33-A83A-A4D3CC1D6E4E} = C:/WINDOWS/system32/08223B03.dll | 2009-10-10 19:0:52
O24 - ShlExecHook: [C] - {122B901E-493F-4AD9-BC69-7DE8C3E52FCC} = C:/WINDOWS/system32/122B901E.dll | 2009-10-12 18:49:9
O24 - ShlExecHook: [A] - {36AC68E6-0C26-4D39-B98E-54B49DAB6BAA} = C:/WINDOWS/system32/dhDhwS7fFW.dll
O24 - ShlExecHook: [5] - {B9D0F4D7-C809-4C27-9CB4-63201DFB3D05} = C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-10-12 18:49:46
O24 - ShlExecHook: [D] - {594EFEFB-4932-421C-9C83-A6BEB868E52D} = C:/WINDOWS/fonts/acCjngH97w.fon
O24 - ShlExecHook: [E] - {3DCB9005-ABA0-47F8-8C40-49ABC04AE5EE} = C:/WINDOWS/system32/W8MvNsbGCCW52XyxV8wQ.inf
O24 - ShlExecHook: [2] - {335A9BAE-19FA-42F2-AFD2-20C3275EF392} = C:/WINDOWS/system32/qfK6YS52MyExkxpwMDmHq.inf | 2009-10-10 20:12:20
O24 - ShlExecHook: [9] - {C20C5A13-4DD7-40D9-90B4-700BAB0BBBE9} = C:/WINDOWS/system32/S5kSrtwDf35EW9f2kBDF.inf | 2009-10-12 18:48:32
O24 - ShlExecHook: [3] - {20CFDC59-228C-481F-80B6-404BCFA16B13} = C:/WINDOWS/system32/Je9hR9NedWPyAckEN42c.inf | 2009-10-12 18:48:57
O24 - ShlExecHook: [A] - {8E6D4583-0FA1-41B2-BAAA-63352E6333CA} = C:/WINDOWS/system32/jY8sGUnWqbZb3x2BPhY.dll | 2009-10-12 18:49:3
O24 - ShlExecHook: [3] - {6B1604E2-A839-463C-906A-27A129781E93} = C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur | 2009-10-12 18:49:58
O24 - ShlExecHook: [5] - {CB661471-055A-4C5B-9ED0-497B9908FEF5} = C:/WINDOWS/system32/CWcQnWxHjWqtE6PsYyEe.inf | 2009-10-12 18:50:11
O24 - ShlExecHook: [B] - {B6C3510F-2666-496B-A46F-6EEFD6328C2B} = C:/WINDOWS/Tasks/txPsQUxAThX8QTR6s6Yn.inf | 2009-10-12 18:50:42
O24 - ShlExecHook: [3] - {09FDF8F4-0F9E-4C84-9F0C-21A1143815E3} = C:/WINDOWS/system32/pwd4Xpm8KYzkcbqcaKT.inf | 2009-10-14 8:18:22
O24 - ShlExecHook: [F] - {B7D21764-31A1-4B15-B975-8AAA398CE07F} = C:/WINDOWS/system32/FXNEE8UE86dAU4wwQSW.inf | 2009-10-14 8:20:26
O24 - ShlExecHook: [F] - {81EB905C-EDF8-4033-80BF-E0F4F46733DF} = C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-14 16:20:30
O24 - ShlExecHook: [C] - {C4BD9D5C-04CA-45E6-8539-98B07D99B6BC} = C:/WINDOWS/system32/AMNCZw74h8gwd6CpYGkrZDy8.inf | 2009-10-17 12:57:32
O24 - ShlExecHook: [2] - {30E05169-5E63-4038-9709-5FAD6E488ED2} = C:/WINDOWS/system32/rb37sCqvGmszGJ3aQYB5qRczx.inf | 2009-10-26 8:25:48
O24 - ShlExecHook: [0] - {7CC109E5-B2FC-4FEE-AF04-74B2DCBD2540} = C:/WINDOWS/system32/ujMhyGsS7tRV9gU2HHMkJcu7DPU.inf | 2009-10-26 8:26:26
O24 - ShlExecHook: [C] - {F317E464-D4A4-4C79-82E8-CABADF738C7C} = C:/WINDOWS/system32/t9hdtMrwMeQcvYV3CMvhtNZpC.inf | 2009-10-26 8:26:44
O24 - ShlExecHook: [4] - {D55E3C90-C192-411F-85FC-6A8A69D0C634} = C:/WINDOWS/system32/WQVBYhAJ6ADw5qzCY8gv84KTH.inf | 2009-10-26 8:27:52
O24 - ShlExecHook: [2] - {05EDDA35-1E5B-4A77-8F68-99AB967CF632} = C:/WINDOWS/system32/bWxJAeWKDxgRfhkaWEfA33C36nr.inf | 2009-10-26 8:32:44
O24 - ShlExecHook: [C] - {C53C1999-1B56-41BD-8F76-520D618F112C} = C:/WINDOWS/Downloaded Program Files/gxrSG8sdA4hAbGNQXnr9JGFu6nZ.cur | 2009-10-26 22:31:6
O24 - ShlExecHook: [B] - {012AA32F-36E6-405F-9F3F-588E0AA73FBB} = C:/WINDOWS/Tasks/Wfayv6njQnCsg.inf | 2009-10-30 20:18:3
O24 - ShlExecHook: [B] - {012B7C3C-53AF-424E-869C-7DB92D25C31B} = C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur | 2009-10-30 20:19:10
O24 - ShlExecHook: [C] - {C3634CF6-FD22-4F3D-BBB4-AE36174A868C} = C:/WINDOWS/system32/A2CbFrBy28J6zdXNZgqCtJ6Ae.inf | 2009-10-30 20:19:51
O24 - ShlExecHook: [5] - {3373CD28-8C35-4A36-8569-672D8CA197F5} = C:/WINDOWS/Tasks/4H5HJTHFZkxrCpehBpx4TmR.inf | 2009-10-30 20:19:58
O24 - ShlExecHook: [E] - {CA74B10B-4DDF-4ee0-966F-7B232A45068E} = C:/WINDOWS/Fonts/kb13224250.dll | 2009-11-3 22:42:50
O24 - ShlExecHook: [5] - {4E49E5A9-91B3-47AA-BC9E-BFF2F69C19B5} = C:/WINDOWS/Downloaded Program Files/SsdvFhFVu3Q7T5u.cur | 2009-11-3 10:24:49
O24 - ShlExecHook: [5] - {7198F428-77AC-4837-AFBE-1E0393575935} = C:/WINDOWS/system32/JMq7bpeR4Xa8eV5ftCB.inf | 2009-11-3 10:25:1
O24 - ShlExecHook: [0] - {88A49137-7C53-4D6E-8EAE-1E46226788A0} = C:/WINDOWS/system32/EHcM5UkuFS6pQv5sm.inf | 2009-11-8 9:15:59
O24 - ShlExecHook: [C] - {5E320EF5-1D2B-4C5F-8584-475AD5B0DD4C} = C:/WINDOWS/Downloaded Program Files/RUw6jGCJJGg4B6RDY83.cur | 2009-11-8 9:16:5
O29 - HKCU-Start Page = hxxp://www.9348.cn/?205471
O29 - HKLM-Start Page = hxxp://www.9348.cn/?205471
HKLM/SHOWALL 值非1
(未完待续)