分享一下我老师大神的人工智能教程。零基础!通俗易懂!风趣幽默!还带黄段子!希望你也加入到我们人工智能的队伍中来!https://blog.csdn.net/jiangjunshow

winyyy.sys,hcpidesk.sys,mtlrd.sys,uldfhjfh.sys,servets.exe等1

endurer 原创
2009-11-19 第1版

一位朋友的电脑最近开机速度很慢,而且有QQ提示框说“您的QQ号已经被系统选取为【10周年庆典】的二等奖获得者”

很多程序运行不了,请偶帮忙检修。

用 pe_xscan 扫描 log 并分析,发现如下可疑项(进程模块部分有省略):

pe_xscan 09-06-21 by Purple Endurer2009-11-10 19:49:16Windows XP Service Pack 3(5.1.2600)MSIE:6.0.2900.5512管理员用户组正常模式[System Process] * 0    C:/WINDOWS/system32/kb110172630.dll | 2009-11-10 17:26:30    C:/WINDOWS/system32/kb210172648.dll | 2009-11-10 17:26:48    C:/WINDOWS/system32/kb510172916.dll | 2009-11-10 17:29:17    C:/WINDOWS/Fonts/kb28192213.dll | 2009-11-8 19:22:13    C:/WINDOWS/Fonts/kb48192251.dll | 2009-11-8 19:22:51    C:/WINDOWS/Fonts/kb2923529.dll | 2009-11-9 2:35:29    C:/WINDOWS/Fonts/kb410172748.dll | 2009-11-10 17:27:48    C:/WINDOWS/Fonts/kb5923711.dll | 2009-11-9 2:37:11    C:/Program Files/Internet Explorer/sdk2.dll | 2009-11-10 11:59:20    C:/Documents and Settings/Administrator/Application Data/Spy009.dll | 2009-11-9 2:41:52    C:/WINDOWS/system32/JMq7bpeR4Xa8eV5ftCB.inf | 2009-11-1 23:44:52    C:/WINDOWS/system32/RXNK8eR3xW8KTCWBCGTbqm.inf | 2009-11-10 11:17:32    C:/WINDOWS/system32/A2CbFrBy28J6zdXNZgqCtJ6Ae.inf | 2009-10-29 2:13:52    C:/WINDOWS/Downloaded Program Files/AnXnubyMnv58c9vaECWX.cur | 2009-10-29 2:14:2    C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur | 2009-10-29 2:14:20    C:/WINDOWS/Tasks/Wfayv6njQnCsg.inf | 2009-10-30 2:2:52    C:/WINDOWS/Tasks/4H5HJTHFZkxrCpehBpx4TmR.inf | 2009-10-29 1:47:10    C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-10-26 18:43:28    C:/WINDOWS/system32/WQVBYhAJ6ADw5qzCY8gv84KTH.inf | 2009-10-26 18:41:40    C:/WINDOWS/system32/qzp3jTZCSfSh.dll | 2009-10-26 18:41:2    C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur | 2009-10-26 18:41:22    C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-10-26 18:40:14    C:/WINDOWS/fonts/A97CRaCB.fon | 2009-10-26 18:39:42    C:/WINDOWS/system32/bWxJAeWKDxgRfhkaWEfA33C36nr.inf | 2009-10-26 18:38:54    C:/WINDOWS/system32/08223B03.dll | 2009-10-26 18:38:20    C:/WINDOWS/Downloaded Program Files/gxrSG8sdA4hAbGNQXnr9JGFu6nZ.cur | 2009-10-26 18:37:28    C:/WINDOWS/system32/FsmBY3kmWnAG5gRbwGgU.inf | 2009-10-26 18:37:12    C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-26 18:36:56    C:/WINDOWS/system32/2exJW3dsaTgWrf5uAPadmHN.dll | 2009-10-26 18:36:4    C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-10-26 18:36:22    C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-26 18:35:20    C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-10-26 18:35:34    C:/WINDOWS/system32/BhfwdJchYBNmD25PSCxza.inf | 2009-10-26 18:35:6    C:/WINDOWS/Downloaded Program Files/NnjrQW5EUm9zePgHXM2eB44E.cur | 2009-10-26 18:34:36    C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-26 18:34:52    C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf | 2009-11-10 11:30:6 C:/WINDOWS/System32/winlogon.exe* 540 | 2007-6-1 0:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.5512 | Windows NT Logon Application | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2113) | Microsoft Corporation| ? | winlogon | WINLOGON.EXE    C:/WINDOWS/system32/kb11011166.dll | 2009-11-10 11:16:6    C:/WINDOWS/system32/kb210111617.dll | 2009-11-10 11:16:18    C:/WINDOWS/system32/kb510111719.dll | 2009-11-10 11:17:20    C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf | 2009-11-10 11:30:6    C:/WINDOWS/Fonts/kb28192213.dll | 2009-11-8 19:22:13    C:/WINDOWS/Fonts/kb48192251.dll | 2009-11-8 19:22:51    C:/WINDOWS/Fonts/kb2923529.dll | 2009-11-9 2:35:29    C:/WINDOWS/Fonts/kb410111652.dll | 2009-11-10 11:16:52    C:/WINDOWS/Fonts/kb5923711.dll | 2009-11-9 2:37:11    C:/WINDOWS/system32/winlib .dll   C:/WINDOWS/system32/COMRes.dll | 2009-11-6 20:56:2   C:/WINDOWS/system32/syslib .dll    C:/WINDOWS/system32/kb110172630.dll | 2009-11-10 17:26:30    C:/WINDOWS/system32/kb210172648.dll | 2009-11-10 17:26:48    C:/WINDOWS/system32/kb510172916.dll | 2009-11-10 17:29:17    C:/WINDOWS/Tasks/JJX5r8wnsqUnNxGwpwn.inf | 2009-10-26 18:34:22    C:/WINDOWS/Downloaded Program Files/NnjrQW5EUm9zePgHXM2eB44E.cur | 2009-10-26 18:34:36    C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-26 18:34:52    C:/WINDOWS/system32/BhfwdJchYBNmD25PSCxza.inf | 2009-10-26 18:35:6    C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-26 18:35:20    C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-10-26 18:35:34    C:/WINDOWS/system32/SCEVFJRCmaB7.dll | 2009-10-26 18:35:50    C:/WINDOWS/system32/2exJW3dsaTgWrf5uAPadmHN.dll | 2009-10-26 18:36:4    C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-10-26 18:36:22    C:/WINDOWS/system32/ndxq9awMc.dll | 2009-10-26 18:36:36    C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-26 18:36:56    C:/WINDOWS/system32/FsmBY3kmWnAG5gRbwGgU.inf | 2009-10-26 18:37:12    C:/WINDOWS/Downloaded Program Files/gxrSG8sdA4hAbGNQXnr9JGFu6nZ.cur | 2009-10-26 18:37:28    C:/WINDOWS/Downloaded Program Files/sZaeAC74EzXJeVeJu6p.cur | 2009-10-26 18:37:42    C:/WINDOWS/system32/08223B03.dll | 2009-10-26 18:38:20    C:/WINDOWS/system32/z6FVkEF47huPzgaXee.inf | 2009-10-26 18:38:38    C:/WINDOWS/system32/bWxJAeWKDxgRfhkaWEfA33C36nr.inf | 2009-10-26 18:38:54    C:/WINDOWS/system32/122B901E.dll | 2009-10-26 18:39:10    C:/WINDOWS/Tasks/SbrmpxjdCrgRAFhz4gHh.inf | 2009-10-26 18:39:26    C:/WINDOWS/fonts/A97CRaCB.fon | 2009-10-26 18:39:42    C:/WINDOWS/fonts/SD78dgC7hD2sktQHyAu.fon | 2009-10-26 18:39:58    C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-10-26 18:40:14    C:/WINDOWS/system32/t9hdtMrwMeQcvYV3CMvhtNZpC.inf | 2009-10-26 18:40:30    C:/WINDOWS/system32/qzp3jTZCSfSh.dll | 2009-10-26 18:41:2    C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur | 2009-10-26 18:41:22    C:/WINDOWS/system32/WQVBYhAJ6ADw5qzCY8gv84KTH.inf | 2009-10-26 18:41:40    C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-10-26 18:43:28    C:/WINDOWS/system32/AMNCZw74h8gwd6CpYGkrZDy8.inf | 2009-10-29 2:13:48    C:/WINDOWS/Tasks/4H5HJTHFZkxrCpehBpx4TmR.inf | 2009-10-29 1:47:10    C:/WINDOWS/system32/A2CbFrBy28J6zdXNZgqCtJ6Ae.inf | 2009-10-29 2:13:52    C:/WINDOWS/Downloaded Program Files/AnXnubyMnv58c9vaECWX.cur | 2009-10-29 2:14:2    C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur | 2009-10-29 2:14:20    C:/WINDOWS/Tasks/Wfayv6njQnCsg.inf | 2009-10-30 2:2:52    C:/WINDOWS/system32/EMQzJJURMfVkrkEx9GJ.inf | 2009-10-30 10:32:12    C:/WINDOWS/system32/ujMhyGsS7tRV9gU2HHMkJcu7DPU.inf | 2009-11-2 1:10:32    C:/WINDOWS/system32/JMq7bpeR4Xa8eV5ftCB.inf | 2009-11-1 23:44:52    C:/WINDOWS/system32/jY8sGUnWqbZb3x2BPhY.dll | 2009-11-2 1:11:54    C:/Documents and Settings/Administrator/Application Data/Spy009.dll | 2009-11-9 2:41:52    C:/Program Files/Internet Explorer/sdk2.dll | 2009-11-10 11:59:20    C:/WINDOWS/system32/pEcFwPj48y6DADf87r.inf | 2009-11-7 11:6:12    C:/WINDOWS/Fonts/kb410172748.dll | 2009-11-10 17:27:48    C:/WINDOWS/system32/RXNK8eR3xW8KTCWBCGTbqm.inf | 2009-11-10 11:17:32    C:/WINDOWS/fonts/AN2Epfv2VzeHreV.fon | 2009-11-10 11:32:42    C:/WINDOWS/system32/CDuAUVkGy9.dll | 2009-11-10 11:33:4 C:/WINDOWS/System32/services.exe* 648 | 2009-2-9 19:21:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.5755 | Services and Controller app | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) | Microsoft Corporation| ? | services.exe | services.exe    C:/WINDOWS/system32/kb11011166.dll | 2009-11-10 11:16:6    C:/WINDOWS/system32/kb210111617.dll | 2009-11-10 11:16:18    C:/WINDOWS/system32/kb510111719.dll | 2009-11-10 11:17:20    C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf | 2009-11-10 11:30:6    C:/WINDOWS/Fonts/kb28192213.dll | 2009-11-8 19:22:13    C:/WINDOWS/Fonts/kb48192251.dll | 2009-11-8 19:22:51    C:/WINDOWS/Fonts/kb2923529.dll | 2009-11-9 2:35:29    C:/WINDOWS/Fonts/kb410111652.dll | 2009-11-10 11:16:52    C:/WINDOWS/Fonts/kb5923711.dll | 2009-11-9 2:37:11    C:/WINDOWS/system32/kb110172630.dll | 2009-11-10 17:26:30    C:/WINDOWS/system32/kb210172648.dll | 2009-11-10 17:26:48    C:/WINDOWS/system32/kb510172916.dll | 2009-11-10 17:29:17  C:/WINDOWS/System32/lsass.exe * 660 | 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | LSA Shell (Export Version) | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2113) | Microsoft Corporation| ? | lsass.exe | lsass.exe    C:/WINDOWS/system32/kb11011166.dll | 2009-11-10 11:16:6    C:/WINDOWS/system32/kb210111617.dll | 2009-11-10 11:16:18    C:/WINDOWS/system32/kb510111719.dll | 2009-11-10 11:17:20    C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf | 2009-11-10 11:30:6    C:/WINDOWS/Fonts/kb28192213.dll | 2009-11-8 19:22:13    C:/WINDOWS/Fonts/kb48192251.dll | 2009-11-8 19:22:51    C:/WINDOWS/Fonts/kb2923529.dll | 2009-11-9 2:35:29    C:/WINDOWS/Fonts/kb410111652.dll | 2009-11-10 11:16:52    C:/WINDOWS/Fonts/kb5923711.dll | 2009-11-9 2:37:11    C:/WINDOWS/system32/kb110172630.dll | 2009-11-10 17:26:30    C:/WINDOWS/system32/kb210172648.dll | 2009-11-10 17:26:48    C:/WINDOWS/system32/kb510172916.dll | 2009-11-10 17:29:17 C:/WINDOWS/System32/svchost.exe * 956 | 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2111) | Microsoft Corporation| ? | svchost.exe | svchost.exe    C:/WINDOWS/system32/kb11011166.dll | 2009-11-10 11:16:6    C:/WINDOWS/system32/kb210111617.dll | 2009-11-10 11:16:18    C:/WINDOWS/system32/kb510111719.dll | 2009-11-10 11:17:20    C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf | 2009-11-10 11:30:6    C:/WINDOWS/Fonts/kb28192213.dll | 2009-11-8 19:22:13    C:/WINDOWS/Fonts/kb48192251.dll | 2009-11-8 19:22:51    C:/WINDOWS/Fonts/kb2923529.dll | 2009-11-9 2:35:29    C:/WINDOWS/Fonts/kb410111652.dll | 2009-11-10 11:16:52    C:/WINDOWS/Fonts/kb5923711.dll | 2009-11-9 2:37:11   C:/WINDOWS/system32/COMRes.dll | 2009-11-6 20:56:2   C:/WINDOWS/system32/kb110172630.dll | 2009-11-10 17:26:30    C:/WINDOWS/system32/kb210172648.dll | 2009-11-10 17:26:48    C:/WINDOWS/system32/kb510172916.dll | 2009-11-10 17:29:17 C:/WINDOWS/System32/conime.exe * 1996 | 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | Console IME | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2105) | Microsoft Corporation| ? | Console | CONIME.EXE    C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf | 2009-11-10 11:30:6    C:/WINDOWS/Fonts/kb28192213.dll | 2009-11-8 19:22:13    C:/WINDOWS/Fonts/kb48192251.dll | 2009-11-8 19:22:51    C:/WINDOWS/Fonts/kb2923529.dll | 2009-11-9 2:35:29    C:/WINDOWS/Fonts/kb410111652.dll | 2009-11-10 11:16:52    C:/WINDOWS/system32/kb11011166.dll | 2009-11-10 11:16:6    C:/WINDOWS/system32/kb210111617.dll | 2009-11-10 11:16:18    C:/WINDOWS/system32/kb510111719.dll | 2009-11-10 11:17:20    C:/WINDOWS/Fonts/kb5923711.dll | 2009-11-9 2:37:11    C:/Documents and Settings/Administrator/Application Data/Spy009.dll | 2009-11-9 2:41:52    C:/WINDOWS/system32/JMq7bpeR4Xa8eV5ftCB.inf | 2009-11-1 23:44:52    C:/WINDOWS/system32/RXNK8eR3xW8KTCWBCGTbqm.inf | 2009-11-10 11:17:32    C:/WINDOWS/system32/A2CbFrBy28J6zdXNZgqCtJ6Ae.inf | 2009-10-29 2:13:52    C:/WINDOWS/Downloaded Program Files/AnXnubyMnv58c9vaECWX.cur | 2009-10-29 2:14:2    C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur | 2009-10-29 2:14:20    C:/WINDOWS/Tasks/Wfayv6njQnCsg.inf | 2009-10-30 2:2:52    C:/WINDOWS/Tasks/4H5HJTHFZkxrCpehBpx4TmR.inf | 2009-10-29 1:47:10    C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-10-26 18:43:28    C:/WINDOWS/system32/WQVBYhAJ6ADw5qzCY8gv84KTH.inf | 2009-10-26 18:41:40    C:/WINDOWS/system32/qzp3jTZCSfSh.dll | 2009-10-26 18:41:2    C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur | 2009-10-26 18:41:22    C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-10-26 18:40:14    C:/WINDOWS/fonts/A97CRaCB.fon | 2009-10-26 18:39:42    C:/WINDOWS/system32/bWxJAeWKDxgRfhkaWEfA33C36nr.inf | 2009-10-26 18:38:54    C:/WINDOWS/system32/08223B03.dll | 2009-10-26 18:38:20    C:/WINDOWS/Downloaded Program Files/gxrSG8sdA4hAbGNQXnr9JGFu6nZ.cur | 2009-10-26 18:37:28    C:/WINDOWS/system32/FsmBY3kmWnAG5gRbwGgU.inf | 2009-10-26 18:37:12    C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-26 18:36:56    C:/WINDOWS/system32/2exJW3dsaTgWrf5uAPadmHN.dll | 2009-10-26 18:36:4    C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-10-26 18:36:22    C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-26 18:35:20    C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-10-26 18:35:34    C:/WINDOWS/system32/BhfwdJchYBNmD25PSCxza.inf | 2009-10-26 18:35:6    C:/WINDOWS/Downloaded Program Files/NnjrQW5EUm9zePgHXM2eB44E.cur | 2009-10-26 18:34:36    C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-26 18:34:52    C:/Program Files/Internet Explorer/sdk2.dll | 2009-11-10 11:59:20  C:/WINDOWS/smss.exe * 2272 | 2009-11-10 17:23:42 | Microsoft(R) Windows(R) Operating System | 5.2.3790.1830 | Generic Host Process for Win32 Services | (C) Microsoft Corporation. All rights reserved. | 5.2.3790.1830 | Microsoft Corporation | | rpcs.exe | rpcs.exe    C:/WINDOWS/system32/kb11011166.dll | 2009-11-10 11:16:6    C:/WINDOWS/system32/kb210111617.dll | 2009-11-10 11:16:18    C:/WINDOWS/system32/kb510111719.dll | 2009-11-10 11:17:20    C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf | 2009-11-10 11:30:6    C:/WINDOWS/Fonts/kb28192213.dll | 2009-11-8 19:22:13    C:/WINDOWS/Fonts/kb48192251.dll | 2009-11-8 19:22:51    C:/WINDOWS/Fonts/kb2923529.dll | 2009-11-9 2:35:29    C:/WINDOWS/Fonts/kb410111652.dll | 2009-11-10 11:16:52    C:/WINDOWS/Fonts/kb5923711.dll | 2009-11-9 2:37:11    C:/WINDOWS/system32/kb110172630.dll | 2009-11-10 17:26:30    C:/WINDOWS/system32/kb210172648.dll | 2009-11-10 17:26:48    C:/WINDOWS/system32/kb510172916.dll | 2009-11-10 17:29:17 C:/WINDOWS/explorer.exe * 9884 | 2007-6-1 0:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2900.5512 | Windows Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.5512 (xpsp.080413-2105) | Microsoft Corporation| ? | explorer | EXPLORER.EXE    C:/WINDOWS/system32/kb110172630.dll | 2009-11-10 17:26:30    C:/WINDOWS/system32/kb210172648.dll | 2009-11-10 17:26:48    C:/WINDOWS/system32/kb510172916.dll | 2009-11-10 17:29:17    C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf | 2009-11-10 11:30:6    C:/WINDOWS/Fonts/kb28192213.dll | 2009-11-8 19:22:13    C:/WINDOWS/Fonts/kb48192251.dll | 2009-11-8 19:22:51    C:/WINDOWS/Fonts/kb2923529.dll | 2009-11-9 2:35:29    C:/WINDOWS/Fonts/kb410172748.dll | 2009-11-10 17:27:48    C:/WINDOWS/Fonts/kb5923711.dll | 2009-11-9 2:37:11   C:/WINDOWS/system32/COMRes.dll | 2009-11-6 20:56:2    c:/windows/system32/wmitpfs.dll | 2009-10-30 10:38:4    C:/WINDOWS/Tasks/JJX5r8wnsqUnNxGwpwn.inf | 2009-10-26 18:34:22    C:/WINDOWS/Downloaded Program Files/NnjrQW5EUm9zePgHXM2eB44E.cur | 2009-10-26 18:34:36    C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-26 18:34:52    C:/WINDOWS/system32/BhfwdJchYBNmD25PSCxza.inf | 2009-10-26 18:35:6    C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-26 18:35:20    C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-10-26 18:35:34    C:/WINDOWS/system32/SCEVFJRCmaB7.dll | 2009-10-26 18:35:50    C:/WINDOWS/system32/2exJW3dsaTgWrf5uAPadmHN.dll | 2009-10-26 18:36:4    C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-10-26 18:36:22    C:/WINDOWS/system32/ndxq9awMc.dll | 2009-10-26 18:36:36    C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-26 18:36:56    C:/WINDOWS/system32/FsmBY3kmWnAG5gRbwGgU.inf | 2009-10-26 18:37:12    C:/WINDOWS/Downloaded Program Files/gxrSG8sdA4hAbGNQXnr9JGFu6nZ.cur | 2009-10-26 18:37:28    C:/WINDOWS/Downloaded Program Files/sZaeAC74EzXJeVeJu6p.cur | 2009-10-26 18:37:42    C:/WINDOWS/system32/08223B03.dll | 2009-10-26 18:38:20    C:/WINDOWS/system32/z6FVkEF47huPzgaXee.inf | 2009-10-26 18:38:38    C:/WINDOWS/system32/bWxJAeWKDxgRfhkaWEfA33C36nr.inf | 2009-10-26 18:38:54    C:/WINDOWS/system32/122B901E.dll | 2009-10-26 18:39:10    C:/WINDOWS/Tasks/SbrmpxjdCrgRAFhz4gHh.inf | 2009-10-26 18:39:26    C:/WINDOWS/fonts/A97CRaCB.fon | 2009-10-26 18:39:42    C:/WINDOWS/fonts/SD78dgC7hD2sktQHyAu.fon | 2009-10-26 18:39:58    C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-10-26 18:40:14    C:/WINDOWS/system32/t9hdtMrwMeQcvYV3CMvhtNZpC.inf | 2009-10-26 18:40:30    C:/WINDOWS/system32/qzp3jTZCSfSh.dll | 2009-10-26 18:41:2    C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur | 2009-10-26 18:41:22    C:/WINDOWS/system32/WQVBYhAJ6ADw5qzCY8gv84KTH.inf | 2009-10-26 18:41:40    C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-10-26 18:43:28    C:/WINDOWS/system32/AMNCZw74h8gwd6CpYGkrZDy8.inf | 2009-10-29 2:13:48    C:/WINDOWS/Tasks/4H5HJTHFZkxrCpehBpx4TmR.inf | 2009-10-29 1:47:10    C:/WINDOWS/system32/A2CbFrBy28J6zdXNZgqCtJ6Ae.inf | 2009-10-29 2:13:52    C:/WINDOWS/Downloaded Program Files/AnXnubyMnv58c9vaECWX.cur | 2009-10-29 2:14:2    C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur | 2009-10-29 2:14:20    C:/WINDOWS/Tasks/Wfayv6njQnCsg.inf | 2009-10-30 2:2:52    C:/WINDOWS/system32/EMQzJJURMfVkrkEx9GJ.inf | 2009-10-30 10:32:12    C:/WINDOWS/system32/ujMhyGsS7tRV9gU2HHMkJcu7DPU.inf | 2009-11-2 1:10:32    C:/WINDOWS/system32/JMq7bpeR4Xa8eV5ftCB.inf | 2009-11-1 23:44:52    C:/WINDOWS/system32/jY8sGUnWqbZb3x2BPhY.dll | 2009-11-2 1:11:54    C:/Documents and Settings/Administrator/Application Data/Spy009.dll | 2009-11-9 2:41:52    C:/Program Files/Internet Explorer/sdk2.dll | 2009-11-10 11:59:20    C:/WINDOWS/system32/pEcFwPj48y6DADf87r.inf | 2009-11-7 11:6:12    C:/WINDOWS/system32/RXNK8eR3xW8KTCWBCGTbqm.inf | 2009-11-10 11:17:32    C:/WINDOWS/fonts/AN2Epfv2VzeHreV.fon | 2009-11-10 11:32:42    C:/WINDOWS/system32/CDuAUVkGy9.dll | 2009-11-10 11:33:4 F2 - REG: system.ini: UserInit = <C:/WINDOWS/system32/userinit.exe,> | 2007-6-1 0:0:0 O1 - Hosts: 98.126.44.146  show.qq.comO1 - Hosts: 98.126.122.106  bbs1.qq.comO1 - Hosts: 98.126.44.146  music.qq.comO1 - Hosts: 98.126.44.146  minix.soso.comO1 - Hosts: 98.126.44.146  ic.qzone.qq.comO1 - Hosts: 98.126.44.146  adsclick.qq.comO1 - Hosts: 98.126.122.106  adsfile.qq.comO1 - Hosts: 98.126.122.106  adsview.qq.comO1 - Hosts: 98.126.122.106  minigame.qq.comO1 - Hosts: 127.1.1.1       xb520dx.kmip.netO1 - Hosts: 127.1.1.1       dxz.974671.comO1 - Hosts: 127.1.1.1       www.dy2004.comO1 - Hosts: 127.1.1.1       www.114Baines.comO1 - Hosts: 127.1.1.1       tj.3800down.comO1 - Hosts: 127.1.1.1       a6tt4.114anhui.comO1 - Hosts: 127.1.1.1       ak.114anhui.comO1 - Hosts: 127.1.1.1       wwd.243542.comO1 - Hosts: 127.1.1.1       w8.lao998.comO1 - Hosts: 127.1.1.1       nhy7ubgv.114anhui.comO1 - Hosts: 127.1.1.1       g6tt4.114anhui.comO1 - Hosts: 127.1.1.1       x.qingsewuyuet.cnO1 - Hosts: 127.1.1.1       www.114Baines.comO1 - Hosts: 127.1.1.1       ok3.114graph.comO1 - Hosts: 127.1.1.1       nhy7ubgv.114anhui.comO1 - Hosts: 127.1.1.1       www.ok182.comO1 - Hosts: 127.1.1.1       down.my227.comO1 - Hosts: 127.1.1.1       n1xln1l1nx.3322.orgO1 - Hosts: 127.1.1.1       txt119.kmip.netO1 - Hosts: 127.1.1.1       126.123fga.cnO1 - Hosts: 127.1.1.1       ya.com.9d1u.cnO1 - Hosts: 127.1.1.1       demo.jikesoft.cnO1 - Hosts: 127.1.1.1       bmw8x.cnO1 - Hosts: 127.1.1.1       mck.o0oq.cnO1 - Hosts: 127.1.1.1       0.9d3f.cnO1 - Hosts: 127.1.1.1       www.114baines.comO1 - Hosts: 127.0.1.1       zsmdo.cnO1 - Hosts: 127.1.1.1       wwd.976777.comO1 - Hosts: 127.1.1.1       www.tt2sf.netO1 - Hosts: 127.1.1.1       msn.com.9d1u.cnO1 - Hosts: 127.1.1.1       ll.wwooaini88.comO1 - Hosts: 127.1.1.1       jh.jhjsyehxkd.cnO1 - Hosts: 127.1.1.1       kcs.cnO1 - Hosts: 127.1.1.1       mck.o0oq.cnO1 - Hosts: 127.1.1.1       x.moneyinfom.comO1 - Hosts: 127.1.1.1       1.888888ok.com.cnO1 - Hosts: 127.1.1.1       3w.97sesewww.cnO1 - Hosts: 127.0.0.1       b.nmbrx.comO1 - Hosts: 222.189.238.40  adsclick.qq.comO1 - Hosts: 222.189.238.40  adsview.qq.comO1 - Hosts: 222.189.238.40  bbs1.qq.comO1 - Hosts: 222.189.238.40  ic.qzone.qq.comO1 - Hosts: 222.189.238.40  minigame.qq.comO1 - Hosts: 222.189.238.40  minix.soso.comO1 - Hosts: 222.189.238.40  music.qq.comO1 - Hosts: 222.189.238.40  show.qq.comO1 - Hosts: 222.189.238.40  www.yxnpc.comO1 - Hosts: 222.189.238.40  www2.im.alisoft.comO1 - Hosts: 222.189.238.40  file.fetion.chinacache.neLO1 - Hosts: 222.189.238.40  adsview.qq.comO1 - Hosts: 222.189.238.40  bbs1.qq.comO1 - Hosts: 222.189.238.40  ic.qzone.qq.comO1 - Hosts: 222.189.238.40  minigame.qq.comO1 - Hosts: 222.189.238.40  minix.soso.comO1 - Hosts: 222.189.238.40  music.qq.comO1 - Hosts: 222.189.238.40  show.qq.comO1 - Hosts: 222.189.238.40  www.yxnpc.comO1 - Hosts: 222.189.238.40  www2.im.alisoft.comO1 - Hosts: 222.189.238.40  file.fetion.chinacache.net?O1 - Hosts: 222.189.238.40  bbs1.qq.comO1 - Hosts: 222.189.238.40  ic.qzone.qq.comO1 - Hosts: 222.189.238.40  minigame.qq.comO1 - Hosts: 222.189.238.40  minix.soso.comO1 - Hosts: 222.189.238.40  music.qq.comO1 - Hosts: 222.189.238.40  show.qq.comO1 - Hosts: 222.189.238.40  www.yxnpc.comO1 - Hosts: 222.189.238.40  www2.im.alisoft.comO1 - Hosts: 222.189.238.40  file.fetion.chiO2 - BHO CAdLogic Object - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} = C:/Program Files/Common Files/PushWare/cpush.dll | 2009-11-9 14:40:52| ? | 1.1.6.2| ?| ? | 1.1.6.2| ?| ? | softpush.dll | softpush.dll O2 - BHO google cache - {296AB1C7-FB22-4D17-8834-064E2BA0A6F0} = C:/WINDOWS/MICROSOFT/winsys.dll | 2007-3-15 2:32:20 | | 2. 3, 0, 2 | Windows Services Module | | 2. 3, 0, 2 | Hello Loons.Fad | | | Beijing zhongguancun O4 - HKCU/../run: [msconfigs] C:/WINDOWS/system32/TnvTy.exeO4 - HKLM/../run: [system] C:/WINDOWS/system32/system.exeO4 - HKLM/../run: [Trough] C:/WINDOWS/system32/TroughClient.exe 0O4 - HKLM/../run: [RsTray] C:/WINDOWS/system32/scvhost.exeO4 - HKLM/../run: [msconfigs] C:/WINDOWS/system32/TnvTy.exeO4 - HKLM/../run: [aowii_19831028_game]  "c:/windows/system32/jmodirwgq.exe" -atO4 - HKLM/../run: [aowii_19831028_sogouip]  "c:/windows/system32/rqtvfpyiy.exe" -atO4 - HKLM/../run: [autorun_19831028_kingsoftgo]  "c:/windows/system32/qsrvucimrd.exe" -at At1.job  At2.job  At3.job  At4.job  At5.job  At6.job  At7.job  At8.job  At9.job O20 - AppInit_DLLs = C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf ,C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur,C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur,C:/WINDOWS/Fonts/kb28192213.dll,C:/WINDOWS/Fonts/kb48192251.dll,C:/WINDOWS/Fonts/kb2923529.dll,C:/WINDOWS/Fonts/kb5923711.dll,C:/WINDOWS/Fonts/kb410172748.dll O23 - 服务: AmdK8 (AmdK8 Compatible Device) -  System32/drivers/amdk8.sys | 2008-1-3 17:1:23 | AMD Processor Driver | 1.3.2 | AMD Processor Driver | Copyright (C) AMD, Inc.2002-2006 | 1.3.2 (dnsrv(wmbla).060701-2226) | Advanced Micro Devices| ? | AmdK8.sys | AmdK8.sys(手动) O23 - 服务: AsyncMac (RAS Asynchronous Media Driver) -  system32/DRIVERS/asyncmac.sys (手动) O23 - 服务: hcpidesk (hcpidesk) - C:/WINDOWS/system32/drivers/hcpidesk.sys | 2009-11-10 11:39:36(自动) 

O23 - 服务: mtlrd (mtlrd) - C:/Documents and Settings/All Users/Application Data/Microsoft/Media Player/wmp/mtlrd.sys | 2009-9-25 17:18:22(自动) O23 - 服务: MyProt (Network Monitor Protocol Driver) -  system32/DRIVERS/winyyy.sys | 2009-11-9 2:57:54 | Windows (R) 2000 DDK driver | 5.1.2600.2180 | NDIS User mode I/O Driver | | 5.1.2600.2180 built by: WinDDK | Windows (R) 2000 DDK provider| ? | NDISPROT.SYS | NDISPROT.SYS(手动) O23 - 服务: Netlogon (Net Logon) - C:/WINDOWS/system32/lsass.exe | 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | LSA Shell (Export Version) | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2113) | Microsoft Corporation| ? | lsass.exe | lsass.exe(手动) O23 - 服务: NtLmSsp (NT LM Security Support Provider) - C:/WINDOWS/system32/lsass.exe | 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | LSA Shell (Export Version) | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2113) | Microsoft Corporation| ? | lsass.exe | lsass.exe(手动) O23 - 服务: pcidump (pcidump) - C:/WINDOWS/system32/drivers/pcidump.sys (禁用) O23 - 服务: pnpmem (pnpmem) - C:/WINDOWS/system32/drivers/pnpmem.sys | 2009-11-10 12:23:51(自动) O23 - 服务: PolicyAgent (IPSEC Services) - C:/WINDOWS/system32/lsass.exe | 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | LSA Shell (Export Version) | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2113) | Microsoft Corporation| ? | lsass.exe | lsass.exe(自动) O23 - 服务: ProtectedStorage (Protected Storage) - C:/WINDOWS/system32/lsass.exe | 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | LSA Shell (Export Version) | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2113) | Microsoft Corporation| ? | lsass.exe | lsass.exe(自动) O23 - 服务: SamSs (Security Accounts Manager) - C:/WINDOWS/system32/lsass.exe | 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | LSA Shell (Export Version) | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2113) | Microsoft Corporation| ? | lsass.exe | lsass.exe(自动) O23 - 服务: uldfhjfh (uldfhjfh) - C:/WINDOWS/system32/drivers/uldfhjfh.sys | 2009-11-10 11:35:10(系统) O23 - 服务: W32Time (Windows Time) - C:/WINDOWS/System32/svchost.exe -k netsvcs| 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2111) | Microsoft Corporation| ? | svchost.exe | svchost.exe   -> C:/WINDOWS/system32/Lang/tmcvomuigt.dll | 2009-11-10 11:38:48 | WinSVC | 2.8 | Time Windows | Microsoft LTD | 4.2.2.327 | Microsoft Corporation. | | 4.1.1.5 | (自动) O23 - 服务: Windowss (Removableo) - C:/WINDOWS/system32/servets.exe | 2009-11-10 11:34:32(自动) O23 - 服务: winhelp (winhelp) - c:/windows/system32/winhelp.exe | 2009-11-10 17:26:40(自动) O23 - 服务: winhelp32 (winhelp32) - c:/windows/system32/winhelp32.exe | 2009-11-10 11:36:52(自动) O23 - 服务: WinSCCOM (COM+ Windows System Server) - C:/WINDOWS/winsccoo.exe | 2009-11-10 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.2.3790.1830 | Generic Host Process for Win32 Services | (C) Microsoft Corporation. All rights reserved. | 5.2.3790.1830 | Microsoft Corporation | | rpcs.exe | rpcs.exe(自动) O23 - 服务: wmitpfs (WMITPFS Service) - C:/WINDOWS/system32/svchost.exe -k wmitpfs | 2007-6-1 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2111) | Microsoft Corporation| ? | svchost.exe | svchost.exe   -> C:/WINDOWS/system32/wmitpfs.dll | 2009-10-30 10:38:4(自动) O23 - 服务: xx (xx) - C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/~443475.ex (手动) O24 - ShlExecHook: [B] - {A2BCFCEE-C939-433F-A32A-7353A6E720DB} = C:/WINDOWS/Tasks/JJX5r8wnsqUnNxGwpwn.inf | 2009-10-26 18:34:22 O24 - ShlExecHook: [C] - {E1639D0B-CC74-4C22-B662-F2F9367CBEFC} = C:/WINDOWS/Downloaded Program Files/NnjrQW5EUm9zePgHXM2eB44E.cur | 2009-10-26 18:34:36 O24 - ShlExecHook: [3] - {51716C09-6B08-4CCF-B526-718E912C0573} = C:/WINDOWS/system32/PERrGx5DkqSbQdwauCRQH.dll | 2009-10-26 18:34:52 O24 - ShlExecHook: [C] - {9EB86543-64B5-4CA8-9241-D672720CB0BC} = C:/WINDOWS/system32/BhfwdJchYBNmD25PSCxza.inf | 2009-10-26 18:35:6 O24 - ShlExecHook: [9] - {84639C2D-CD75-4081-B515-329AFCECBF19} = C:/WINDOWS/Downloaded Program Files/SjRjQgREDp3P8B4rEEg.cur | 2009-10-26 18:35:20 O24 - ShlExecHook: [5] - {B9D0F4D7-C809-4C27-9CB4-63201DFB3D05} = C:/WINDOWS/Tasks/c2nH4numz9knY5zqnC.inf | 2009-10-26 18:35:34 O24 - ShlExecHook: [7] - {CD478099-014D-4B3A-A4BB-B518F1019BC7} = C:/WINDOWS/system32/SCEVFJRCmaB7.dll | 2009-10-26 18:35:50 O24 - ShlExecHook: [7] - {87DE8A1A-96C5-4420-B222-EF998F697CE7} = C:/WINDOWS/system32/2exJW3dsaTgWrf5uAPadmHN.dll | 2009-10-26 18:36:4 O24 - ShlExecHook: [6] - {526EB425-7F56-4773-8D70-B8E45AA8E2B6} = C:/WINDOWS/Downloaded Program Files/WUstNjhyfQfpv8PQbC.cur | 2009-10-26 18:36:22 O24 - ShlExecHook: [0] - {23DA65D2-C696-4EE4-BEE8-B4841DEC3E30} = C:/WINDOWS/system32/ndxq9awMc.dll | 2009-10-26 18:36:36 O24 - ShlExecHook: [F] - {81EB905C-EDF8-4033-80BF-E0F4F46733DF} = C:/WINDOWS/Tasks/TDz5y2TEAKw2z7xkPhf9Sqj.inf | 2009-10-26 18:36:56 O24 - ShlExecHook: [C] - {B7F1BFDC-4B6C-4E2F-AF7A-638D2D47802C} = C:/WINDOWS/system32/FsmBY3kmWnAG5gRbwGgU.inf | 2009-10-26 18:37:12 O24 - ShlExecHook: [C] - {C53C1999-1B56-41BD-8F76-520D618F112C} = C:/WINDOWS/Downloaded Program Files/gxrSG8sdA4hAbGNQXnr9JGFu6nZ.cur | 2009-10-26 18:37:28 O24 - ShlExecHook: [5] - {F181F067-7046-4DCB-993F-200990736305} = C:/WINDOWS/Downloaded Program Files/sZaeAC74EzXJeVeJu6p.cur | 2009-10-26 18:37:42 O24 - ShlExecHook: [E] - {08223B03-1B38-4A33-A83A-A4D3CC1D6E4E} = C:/WINDOWS/system32/08223B03.dll | 2009-10-26 18:38:20 O24 - ShlExecHook: [7] - {74DA2FEC-F68F-4DC7-9A45-9174AC044427} = C:/WINDOWS/system32/z6FVkEF47huPzgaXee.inf | 2009-10-26 18:38:38 O24 - ShlExecHook: [2] - {05EDDA35-1E5B-4A77-8F68-99AB967CF632} = C:/WINDOWS/system32/bWxJAeWKDxgRfhkaWEfA33C36nr.inf | 2009-10-26 18:38:54 O24 - ShlExecHook: [C] - {122B901E-493F-4AD9-BC69-7DE8C3E52FCC} = C:/WINDOWS/system32/122B901E.dll | 2009-10-26 18:39:10 O24 - ShlExecHook: [B] - {827E2FB4-1047-43DE-848D-E12BB0C97AAB} = C:/WINDOWS/Tasks/SbrmpxjdCrgRAFhz4gHh.inf | 2009-10-26 18:39:26 O24 - ShlExecHook: [1] - {8708994F-1758-4C2C-9A3F-FA22D6CCCB41} = C:/WINDOWS/fonts/A97CRaCB.fon | 2009-10-26 18:39:42 O24 - ShlExecHook: [7] - {24144CB8-10ED-4BFC-843F-68A9F3369947} = C:/WINDOWS/fonts/SD78dgC7hD2sktQHyAu.fon | 2009-10-26 18:39:58 O24 - ShlExecHook: [E] - {6049BC02-7EDA-4C41-B4AB-D5398607C39E} = C:/WINDOWS/Tasks/yGfdVUegEQm9fhY5rnN.inf | 2009-10-26 18:40:14 O24 - ShlExecHook: [C] - {F317E464-D4A4-4C79-82E8-CABADF738C7C} = C:/WINDOWS/system32/t9hdtMrwMeQcvYV3CMvhtNZpC.inf | 2009-10-26 18:40:30 O24 - ShlExecHook: [}] - {8A6A5B34-D995-4C5D-9338-B5E264B4A87} = C:/WINDOWS/system32/nXe2grrKNzF9dxYKmqg.inf | 2009-11-10 11:41:10 O24 - ShlExecHook: [B] - {4F5EEDE5-1687-49D2-8A17-FF0B454FB37B} = C:/WINDOWS/system32/qzp3jTZCSfSh.dll | 2009-10-26 18:41:2 O24 - ShlExecHook: [3] - {6B1604E2-A839-463C-906A-27A129781E93} = C:/WINDOWS/Downloaded Program Files/rJaeKv7CcbwSzhQbDu.cur | 2009-10-26 18:41:22 O24 - ShlExecHook: [4] - {D55E3C90-C192-411F-85FC-6A8A69D0C634} = C:/WINDOWS/system32/WQVBYhAJ6ADw5qzCY8gv84KTH.inf | 2009-10-26 18:41:40 O24 - ShlExecHook: [2] - {1719B301-B494-4185-9379-242461F9CF02} = C:/WINDOWS/system32/BtmBAnd89jc9PsPq5EKNj.inf | 2009-10-26 18:43:28 O24 - ShlExecHook: [C] - {C4BD9D5C-04CA-45E6-8539-98B07D99B6BC} = C:/WINDOWS/system32/AMNCZw74h8gwd6CpYGkrZDy8.inf | 2009-10-29 2:13:48 O24 - ShlExecHook: [5] - {3373CD28-8C35-4A36-8569-672D8CA197F5} = C:/WINDOWS/Tasks/4H5HJTHFZkxrCpehBpx4TmR.inf | 2009-10-29 1:47:10 O24 - ShlExecHook: [C] - {C3634CF6-FD22-4F3D-BBB4-AE36174A868C} = C:/WINDOWS/system32/A2CbFrBy28J6zdXNZgqCtJ6Ae.inf | 2009-10-29 2:13:52 O24 - ShlExecHook: [8] - {B59F0A61-EF3E-4A2B-9E3A-4A84EDDF2308} = C:/WINDOWS/Downloaded Program Files/AnXnubyMnv58c9vaECWX.cur | 2009-10-29 2:14:2 O24 - ShlExecHook: [B] - {012B7C3C-53AF-424E-869C-7DB92D25C31B} = C:/WINDOWS/Downloaded Program Files/uBwdaS5QeRv5fUyk7etsUNqVEjT.cur | 2009-10-29 2:14:20 O24 - ShlExecHook: [B] - {012AA32F-36E6-405F-9F3F-588E0AA73FBB} = C:/WINDOWS/Tasks/Wfayv6njQnCsg.inf | 2009-10-30 2:2:52 O24 - ShlExecHook: [0] - {D36A1DF7-6582-4160-B925-59A34E39FE30} = C:/WINDOWS/system32/EMQzJJURMfVkrkEx9GJ.inf | 2009-10-30 10:32:12 O24 - ShlExecHook: [0] - {7CC109E5-B2FC-4FEE-AF04-74B2DCBD2540} = C:/WINDOWS/system32/ujMhyGsS7tRV9gU2HHMkJcu7DPU.inf | 2009-11-2 1:10:32 O24 - ShlExecHook: [5] - {7198F428-77AC-4837-AFBE-1E0393575935} = C:/WINDOWS/system32/JMq7bpeR4Xa8eV5ftCB.inf | 2009-11-1 23:44:52 O24 - ShlExecHook: [A] - {8E6D4583-0FA1-41B2-BAAA-63352E6333CA} = C:/WINDOWS/system32/jY8sGUnWqbZb3x2BPhY.dll | 2009-11-2 1:11:54 O24 - ShlExecHook: [] - {C8417122-386F-48C7-8900-C82E4694FEBC} = C:/Documents and Settings/Administrator/Application Data/Spy009.dll | 2009-11-9 2:41:52 O24 - ShlExecHook: [] - {556F0F4D-9CD8-4C91-A95B-0F88D638406A} = C:/Program Files/Internet Explorer/sdk2.dll | 2009-11-10 11:59:20 O24 - ShlExecHook: [2] - {81BC0740-6E31-4BA4-81C8-EFF9ECEB3BA2} = C:/WINDOWS/system32/pEcFwPj48y6DADf87r.inf | 2009-11-7 11:6:12 O24 - ShlExecHook: [4] - {C3BDE61A-DB4C-4a68-8A01-CD4A29B88974} = C:/WINDOWS/Fonts/kb2923529.dll | 2009-11-9 2:35:29 O24 - ShlExecHook: [3] - {F9B6B005-901D-48c8-A35D-BA745F98FBD3} = C:/WINDOWS/Fonts/kb410172748.dll | 2009-11-10 17:27:48 O24 - ShlExecHook: [1] - {001A8F88-01D3-4a02-AA3F-B98E100176F1} = C:/WINDOWS/Fonts/kb5923711.dll | 2009-11-9 2:37:11 O24 - ShlExecHook: [1] - {F8EC4F9D-F88B-41CF-BC8D-3DD1737B6451} = C:/WINDOWS/system32/RXNK8eR3xW8KTCWBCGTbqm.inf | 2009-11-10 11:17:32 O24 - ShlExecHook: [F] - {DEA30687-C84E-4588-A761-5F2749455B2F} = C:/WINDOWS/Tasks/zUzgU8WWpYntt6NfUWT.inf | 2009-11-10 11:30:6 O24 - ShlExecHook: [9] - {B8D2813F-E0ED-42C6-95DD-2969BD5DC639} = C:/WINDOWS/fonts/AN2Epfv2VzeHreV.fon | 2009-11-10 11:32:42 O24 - ShlExecHook: [2] - {93DA1E7D-7C46-4F90-8674-EC90511FCA72} = C:/WINDOWS/system32/CDuAUVkGy9.dll | 2009-11-10 11:33:4O26 - IFEO: 360rpt.exe -> C:/WINDOWS/system32/svchost.exeO26 - IFEO: 360Safe.exe -> C:/WINDOWS/system32/svchost.exeO26 - IFEO: 360tray.exe -> C:/WINDOWS/system32/svchost.exeO26 - IFEO: DrRtp.exe -> C:/WINDOWS/system32/svchost.exeO26 - IFEO: egui.exe -> services.exeO26 - IFEO: QQDoctor.exe -> C:/WINDOWS/system32/svchost.exeO26 - IFEO: RStray.exe -> C:/WINDOWS/system32/svchost.exe O29 - HKCU-Start Page =  hxxp://www.7357.cn/#1008O29 - HKLM-Start Page =  hxxp://www.2298.cn/

(未完待续)

分享一下我老师大神的人工智能教程。零基础!通俗易懂!风趣幽默!还带黄段子!希望你也加入到我们人工智能的队伍中来!https://blog.csdn.net/jiangjunshow

winyyy sys hcpidesk sys mtlrd sys uldfhjfh sys servets exe等1相关推荐

  1. winyyy.sys,hcpidesk.sys,mtlrd.sys,uldfhjfh.sys,servets.exe等1

    winyyy.sys,hcpidesk.sys,mtlrd.sys,uldfhjfh.sys,servets.exe等1 endurer 原创 2009-11-19 第1版 一位朋友的电脑最近开机速度 ...

  2. python中sys用法_python中os和sys模块的区别与常用方法总结

    python 的 python中os和sys模块的区别与常用方法总结 前言 本文主要介绍了关于python中os和sys模块区别与常用方法的相关内容,分享出来供大家参考学习,下面话不多说了,来一起看看 ...

  3. python的sys模块有什么用_python sys模块详解

    Python sys 模块详解 1. 简介 "sys"即"system","系统"之意.该模块提供了一些接口,用于访问 Python 解释器 ...

  4. python中sys模块有什么用_Python sys模块用法详解

    sys 模块代表了 Python 解释器,主要用于获取和 Python 解释器相关的信息. 在 Python 的交互式解释器中先导入 sys 模块,然后输入 [e for e in dir(sys) ...

  5. python sys干嘛的_Python之sys模块

    Sys模块函数之多,我只能选取自己认为比较实用的一些函数列在此处.借马云找员工的说法,"找最合适的而不是最天才的",这句话,我个人觉得在很多方面都能适应,学习也不在话下.Sys模块 ...

  6. python中sys模块有问题_python中sys模块之输入输出错误流

    import sys sys.stdout.write("msg")   # 控制台白色字体打印 普通输出流 sys.stderr.write("msg") # ...

  7. python sys模块详解_python之sys模块详解

    sys模块功能多,我们这里介绍一些比较实用的功能,相信你会喜欢的,和我一起走进python的模块吧! sys模块的常见函数列表 sys.argv: 实现从程序外部向程序传递参数. sys.exit([ ...

  8. windows的pagefile.sys是什么文件?pagefile.sys文件太大如何移动到D盘中?

    在C盘系统下,有一个命名为pagefile.sys的文件占用C盘太大的空间,不少用户怕删除pagefile.sys文件之后会对系统造成影响,而不少用户想要将pagefile.sys文件移动到D盘中.那 ...

  9. python sys模块讲解_python模块之sys模块和序列化模块(实例讲解)

    sys模块 sys模块是与python解释器交互的一个接口 sys.argv 命令行参数List,第一个元素是程序本身路径 sys.exit(n) 退出程序,正常退出时exit(0),错误退出sys. ...

  10. linux中oracle切sys,Linux环境oracle数据库重置sys用户密码

    今天在使用研发环境oracle数据库时发现普通用户被锁定了,需要sys用户去解锁.结果悲催的是sys用户密码不知道.然后请教同事,总结以下便捷方式重置sys用户密码并解锁普通数据库用户. 1.首先要登 ...

最新文章

  1. Web网站搭建从零到一
  2. android -自定义view
  3. python如何进阶提升_Python序列操作之进阶篇
  4. webService学习6:解析组件 's:schema' 时出错。在该组件中检测到 's:schem
  5. 百度AI学习-错误类型大全
  6. 苹果推送iOS 15系统正式版:实况文本等功能上线
  7. AndroidStudio安卓原生开发_Activity的IntentFlag_的第一个值_FLAG_ACTIVITY_NEW_TASK的用法---Android原生开发工作笔记89
  8. Deppin系统 Liunx显示器分辨率异常解决方法
  9. 最新公开的SEO优化公式
  10. TIOBE 9 月编程语言:C++ 突起、Java 流行度下降
  11. 整理一些质量不错的教程、博客、论坛
  12. Linux基础(13)文本查找利器find的使用方法
  13. php项目源码发布linux,php代码上传到linux服务器无法正常显示
  14. Div 高度、滚动条距 Div 顶部偏移量、Div 中文档总高度
  15. HTML动态视频背景全代码
  16. ORA-00932: 数据类型不一致: 应为 NUMBER, 但却获得NUMBER
  17. 利用原生写js满天星星
  18. 科研试剂Norbornene-5-TAMRA,降冰片烯-5-羧基四甲基罗丹明
  19. MOS管中的N型/P型是什么意思?沟道呢?金属氧化物膜又是什么
  20. 我开发了一个机器人应用,让 HEXA 机器人可以追逐光——HEXA The Light Chaser

热门文章

  1. 机敏问答[博弈][0] #20210628
  2. Java Jna调用Dll动态库函数读写IC卡
  3. java加密算法之DES篇
  4. 12款开源或免费的3D建模软件
  5. [转]程序员资料整理
  6. gmt绘制江苏省高程异常图
  7. Stata+R: 一文读懂中介效应分析
  8. mysql 图像数据类型_MySQL数据类型
  9. 易班 使用接口快速刷完成学习任务
  10. 压缩包加密破解常见方法总结 CTF中Misc必备