beep.sys/Trojan.NtRootKit.1192,msplugplay 1005.sys/BackDoor.Pigeon.13201等1
endurer 原创 2008-06-24 第1版
一位网友反映说他的电脑最近经常弹出广告窗口,有时反应很慢,运行程序就重启,请偶帮忙检修。
下载 pe_xscan 扫描 log 并分析,发现如下可疑项:
pe_xscan 08-04-26 by Purple Endurer 2008-5-22 12:36:54 Windows XP Service Pack 2(5.1.2600) MSIE:6.0.2900.2180 管理员用户组 正常模式 [System Process] * 0 C:/WINDOWS/system32/cdwqfs.dll | 2008-5-17 12:41:36 C:/WINDOWS/system32/fsrgeb.dll | 2008-5-17 12:43:11 C:/WINDOWS/system32/tdffdl.dll | 2008-5-17 12:40:57 C:/WINDOWS/system32/zefdst.dll | 2008-5-17 12:41:7 C:/WINDOWS/system32/mfdesy.dll | 2008-5-17 12:40:19 C:/WINDOWS/system32/mtewdh.dll | 2008-5-17 12:40:9 C:/WINDOWS/system32/wrqszl.dll | 2008-5-13 11:57:3 C:/WINDOWS/system32/ddserh.dll | 2008-5-17 12:41:17 C:/WINDOWS/system32/rfdswc.dll | 2008-5-13 11:57:14 C:/WINDOWS/system32/jfrwdh.dll | 2008-5-13 11:57:25 C:/WINDOWS/system32/zgxfdx.dll | 2008-5-13 11:55:45 C:/WINDOWS/system32/sgrefg.dll | 2008-5-13 11:56:35 C:/WINDOWS/system32/zdesfx.dll | 2008-5-13 11:55:3 C:/WINDOWS/system32/hhrdxd.dll | 2008-5-13 11:54:52 C:/WINDOWS/system32/wzcfsw.dll | 2008-5-13 11:54:47 C:/WINDOWS/System32/winlogon.exe* 816 | 2004-8-17 4:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Windows NT Logon Application | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | winlogon | WINLOGON.EXE C:/WINDOWS/system32/yzztimsn.dll | 2004-8-8 11:53:32 C:/WINDOWS/system32/nhmxcjkl.dll | 2004-8-8 11:53:55 C:/WINDOWS/system32/winlib .dll C:/WINDOWS/System32/SVCHOST.EXE* 1048 | 2004-8-17 4:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | svchost.exe | svchost.exe C:/WINDOWS/system32/kcomd32.dll | 2008-5-13 11:53:20 C:/WINDOWS/System32/SVCHOST.EXE* 284 | 2004-8-17 4:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | svchost.exe | svchost.exe c:/windows/system32/bcvnsvc.dll | 2004-8-7 20:0:0 | Microsoft(R) Windows(R) Operating System | 6.6.3791.1831 | Background Intelligent Transfer Services | (C) Microsoft Corporation. All rights reserved. | 6.6.3791.1832 | Microsoft Corporation | | qmgr32.dll | qmgr32.dll C:/WINDOWS/System32/SVCHOST.EXE* 1148 | 2004-8-17 4:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | svchost.exe | svchost.exe c:/windows/system32/msplugplay1005.sys | 2004-8-7 20:0:0 C:/WINDOWS/System32/HBmhly.exe * 1340 | 2008-5-13 11:53:6 C:/WINDOWS/system32/yzztimsn.dll | 2004-8-8 11:53:32 C:/WINDOWS/system32/nhmxcjkl.dll | 2004-8-8 11:53:55 C:/WINDOWS/System32/SVCHOST.EXE* 1432 | 2004-8-17 4:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | svchost.exe | svchost.exe C:/WINDOWS/system32/yzztimsn.dll | 2004-8-8 11:53:32 C:/WINDOWS/system32/nhmxcjkl.dll | 2004-8-8 11:53:55 C:/Program Files/Internet Explorer/iexplore.exe * 2424 | 2006-4-8 17:41:16 | Microsoft(R) Windows(R) Operating System | 6.00.2900.2180 | Internet Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | iexplore | IEXPLORE.EXE C:/WINDOWS/system32/yzztimsn.dll | 2004-8-8 11:53:32 C:/WINDOWS/system32/nhmxcjkl.dll | 2004-8-8 11:53:55 C:/WINDOWS/system32/upudpkok.dll | 2008-5-22 4:6:6 C:/Program Files/Common Files/CPUSH/cpush0.dll | 2008-5-22 4:7:2| ? | 1.0.9.1| ?| ? | 1.0.9.1| ?| ? | cpush.dll | cpush.dll C:/WINDOWS/system32/lassaplo.dll | 2004-8-8 11:54:5 C:/WINDOWS/system32/apzhbtde.dll | 2004-8-8 11:53:24 C:/Documents and Settings/All Users/Application Data/Microsoft/PCTools/pctools.dll | 2008-6-16 11:30:0 | ati Module | 1, 0, 0, 0 | ati Module | Copyright 2007 | 1, 0, 0, 0 | 明勋科技有限公司 | | ati | ati.DLL C:/WINDOWS/system32/zycbdime.dll | 2004-8-8 11:53:42 C:/WINDOWS/system32/zptlcsys.dll | 2004-8-8 11:53:27 C:/WINDOWS/system32/ptjhehlp.dll | 2004-8-8 11:53:40 C:/WINDOWS/system32/oohxdbyt.dll | 2004-8-8 11:53:25 C:/WINDOWS/system32/mndhedwd.dll | 2004-8-8 11:53:15 C:/WINDOWS/system32/fgfsakuy.dll | 2004-8-8 11:54:7 C:/WINDOWS/system32/apsgejba.dll | 2004-8-8 11:53:30 C:/WINDOWS/system32/zywmgime.dll | 2004-8-8 11:53:35 C:/Documents and Settings/All Users/Application Data/Microsoft/OFFICE/USERDATA/webbrowser_2134.dll | 2008-5-22 4:5:59 | | 3, 4, 4, 0 | | Copyright 2008 | 3, 4, 4, 0 | | | | C:/WINDOWS/Explorer.EXE* 3592 | 2004-8-17 4:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2900.2180 | Windows Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | explorer | EXPLORER.EXE C:/WINDOWS/system32/yzztimsn.dll | 2004-8-8 11:53:32 C:/WINDOWS/system32/nhmxcjkl.dll | 2004-8-8 11:53:55 C:/WINDOWS/system32/mndhedwd.dll | 2004-8-8 11:53:15 C:/WINDOWS/system32/apzhbtde.dll | 2004-8-8 11:53:24 C:/WINDOWS/system32/oohxdbyt.dll | 2004-8-8 11:53:25 C:/WINDOWS/system32/zptlcsys.dll | 2004-8-8 11:53:27 C:/WINDOWS/system32/apsgejba.dll | 2004-8-8 11:53:30 C:/WINDOWS/system32/zywmgime.dll | 2004-8-8 11:53:35 C:/WINDOWS/system32/ptjhehlp.dll | 2004-8-8 11:53:40 C:/WINDOWS/system32/zycbdime.dll | 2004-8-8 11:53:42 C:/WINDOWS/system32/lassaplo.dll | 2004-8-8 11:54:5 C:/WINDOWS/system32/fgfsakuy.dll | 2004-8-8 11:54:7 C:/WINDOWS/system32/wzcfsw.dll | 2008-5-13 11:54:47 C:/WINDOWS/system32/hhrdxd.dll | 2008-5-13 11:54:52 C:/WINDOWS/system32/zdesfx.dll | 2008-5-13 11:55:3 C:/WINDOWS/system32/zgxfdx.dll | 2008-5-13 11:55:45 C:/WINDOWS/system32/sgrefg.dll | 2008-5-13 11:56:35 C:/WINDOWS/system32/wrqszl.dll | 2008-5-13 11:57:3 C:/WINDOWS/system32/rfdswc.dll | 2008-5-13 11:57:14 C:/WINDOWS/system32/jfrwdh.dll | 2008-5-13 11:57:25 C:/WINDOWS/system32/mtewdh.dll | 2008-5-17 12:40:9 C:/WINDOWS/system32/mfdesy.dll | 2008-5-17 12:40:19 C:/WINDOWS/system32/tdffdl.dll | 2008-5-17 12:40:57 C:/WINDOWS/system32/zefdst.dll | 2008-5-17 12:41:7 C:/WINDOWS/system32/ddserh.dll | 2008-5-17 12:41:17 C:/WINDOWS/system32/cdwqfs.dll | 2008-5-17 12:41:36 C:/WINDOWS/system32/fsrgeb.dll | 2008-5-17 12:43:11 D:/QQ2006/QQ.exe * 2536 | 2008-2-19 7:15:25 | QQ | 7,1,644,1777 | QQ | Copyright (C) 1998 - 2007 TENCENT Inc. All Rights Reserved | 7,1,644,1777 | TENCENT | | COMQQD | QQ.exe C:/WINDOWS/system32/yzztimsn.dll | 2004-8-8 11:53:32 C:/WINDOWS/system32/nhmxcjkl.dll | 2004-8-8 11:53:55 C:/WINDOWS/system32/mndhedwd.dll | 2004-8-8 11:53:15 C:/WINDOWS/system32/apzhbtde.dll | 2004-8-8 11:53:24 C:/WINDOWS/system32/oohxdbyt.dll | 2004-8-8 11:53:25 C:/WINDOWS/system32/zptlcsys.dll | 2004-8-8 11:53:27 C:/WINDOWS/system32/apsgejba.dll | 2004-8-8 11:53:30 C:/WINDOWS/system32/zywmgime.dll | 2004-8-8 11:53:35 C:/WINDOWS/system32/ptjhehlp.dll | 2004-8-8 11:53:40 C:/WINDOWS/system32/zycbdime.dll | 2004-8-8 11:53:42 C:/WINDOWS/system32/lassaplo.dll | 2004-8-8 11:54:5 C:/WINDOWS/system32/fgfsakuy.dll | 2004-8-8 11:54:7 D:/QQ2006/TXPlatform.exe* 2568 | 2008-1-4 9:10:35 | TM2008 | 1, 0, 170, 201 | TM2008 | Copyright (C) 1998-2007 TENCENT Inc. All Rights Reserved | 1, 0, 170, 0 | Tencent| ? | | C:/WINDOWS/system32/fsrgeb.dll | 2008-5-17 12:43:11 C:/WINDOWS/system32/cdwqfs.dll | 2008-5-17 12:41:36 C:/WINDOWS/system32/ddserh.dll | 2008-5-17 12:41:17 C:/WINDOWS/system32/zefdst.dll | 2008-5-17 12:41:7 C:/WINDOWS/system32/tdffdl.dll | 2008-5-17 12:40:57 C:/WINDOWS/system32/mfdesy.dll | 2008-5-17 12:40:19 C:/WINDOWS/system32/mtewdh.dll | 2008-5-17 12:40:9 C:/WINDOWS/system32/jfrwdh.dll | 2008-5-13 11:57:25 C:/WINDOWS/system32/rfdswc.dll | 2008-5-13 11:57:14 C:/WINDOWS/system32/wrqszl.dll | 2008-5-13 11:57:3 C:/WINDOWS/system32/zgxfdx.dll | 2008-5-13 11:55:45 C:/WINDOWS/system32/sgrefg.dll | 2008-5-13 11:56:35 C:/WINDOWS/system32/zdesfx.dll | 2008-5-13 11:55:3 C:/WINDOWS/system32/hhrdxd.dll | 2008-5-13 11:54:52 C:/WINDOWS/system32/wzcfsw.dll | 2008-5-13 11:54:47 O2 - BHO CAdLogic Object - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:/Program Files/Common Files/CPUSH/cpush0.dll O2 - BHO - {14698742-2059-3025-9058-954023874141} - C:/WINDOWS/system32/jkhxaklo.dll O2 - BHO - {1AB1F65A-964F-4AE7-B254-05146A0E602E} - C:/Program Files/Internet Explorer/PLUGINS/WinSys48.Sys O2 - BHO - {22596546-2036-9451-6058-658402589722} - C:/WINDOWS/system32/opshbbty.dll O2 - BHO - {2B69874A-C58C-458D-69F0-698F874E41B2} - C:/WINDOWS/system32/lassaplo.dll O2 - BHO - {2D698451-2015-6358-9871-2015987452D2} - C:/WINDOWS/system32/apzhbtde.dll O2 - BHO - {35671234-7890-ABCD-CDEF-567801237653} - C:/WINDOWS/system32/yxcschlp.dll O2 - BHO - {37AC9076-C898-B098-D098-A18319080973} - C:/WINDOWS/system32/nhmxcjkl.dll O2 - BHO Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:/Documents and Settings/All Users/Application Data/Microsoft/PCTools/pctools.dll O2 - BHO - {4629FF4F-ACDB-5C90-A098-FACB3456A264} - C:/WINDOWS/system32/mpmydapi.dll O2 - BHO - {4A698102-5904-AFD0-20DF-CD1A65829CA4} - C:/WINDOWS/system32/zycbdime.dll O2 - BHO - {50940F85-F015-14F1-A05F-F69858AC6D05} - C:/WINDOWS/system32/zptlcsys.dll O2 - BHO - {528DF602-9541-A985-210A-984A698C6F25} - C:/WINDOWS/system32/ptjhehlp.dll O2 - BHO - {55694105-5108-9405-3695-954187462155} - C:/WINDOWS/system32/mpwdeapi.dll O2 - BHO - {5A069845-2036-6084-9054-6087502480A5} - C:/WINDOWS/system32/ozfyebyt.dll O2 - BHO - {5B1AEF69-DDAE-FDAD-DCAB-698F026ABDB5} - C:/WINDOWS/system32/oohxdbyt.dll O2 - BHO - {5C648541-1025-9650-9057-6541258720C5} - C:/WINDOWS/system32/mndhedwd.dll O2 - BHO - {5E091341-6715-2098-51F0-178367AE53E5} - C:/WINDOWS/system32/fgfsakuy.dll O2 - BHO - {5FD45A54-9875-698F-E56E-65102358FDF5} - C:/WINDOWS/system32/apsgejba.dll O2 - BHO - {6319A1F1-9410-9654-3201-345FFA349136} - C:/WINDOWS/system32/zywmfime.dll O2 - BHO - {6A041F13-A111-12A3-B0CF-F99818AA68A6} - C:/WINDOWS/system32/zxmscwin.dll O2 - BHO - {7319A1F1-9410-9654-3201-345FFA349137} - C:/WINDOWS/system32/zywmgime.dll O2 - BHO - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - C:/WINDOWS/system32/mnmhgsrv.dll O2 - BHO - {81954FAC-1023-154F-895A-1458258AD818} - C:/WINDOWS/system32/ypdjfbmp.dll O2 - BHO - {9490415F-65F8-B5C5-D8BA-9405FB120549} - C:/WINDOWS/system32/yzztimsn.dll O2 - BHO Surfer Class - {986488AF-13D5-9DDF-4FEF-9FB88698CFC1} - C:/Documents and Settings/All Users/Application Data/Microsoft/OFFICE/USERDATA/webbrowser_2134.dll O2 - BHO - {AA59145F-315D-BC23-AC1F-145DF81A34AA} - C:/WINDOWS/system32/zyzxjime.dll O4 - HKLM/../Run: [wallpaper] c:/windows/system32/壁纸自动换.exe O4 - HKLM/../Run: [HBmhly] C:/WINDOWS/system32/HBmhly.exe" -r O4 - HKLM/../Run: [WinSysW] C:/WINDOWS/533931L.exe O4 - HKLM/../Policies/Explorer/Run: [kcomd] kcomd32.exe O4 - Global Startup: self.bat -> Invalid lnk file O20 - AppInit_DLLs = exploreo.dll,yzztimsn.dll,nhmxcjkl.dll O21 - SSODL - midimapwd(-) - {4F4F0064-71E0-4f0d-0018-708476C7815F} = C:/WINDOWS/system32/midimapwd.dll O21 - SSODL - midimapgj(-) - {4F4F0064-71E0-4f0d-0003-708476C7815F} = C:/WINDOWS/system32/midimapgj.dll O21 - SSODL - midimapqhx(-) - {4F4F0064-71E0-4f0d-0027-708476C7815F} = C:/WINDOWS/system32/midimapqhx.dll O23 - 服务: 2j9raw (2j9raw) - System32/DRIVERS/2j9raw.sys | | 1, 0, 0, 1 | File System Driver | (C) Microsoft Corporation. All rights reserved. | 1, 0, 0, 1 | | | | (引导) O23 - 服务: 5dinlqohl (5dinlqohl) - system32/drivers/5dinlqohl.sys (引导) O23 - 服务: acpidisk (acpidisk) - C:/WINDOWS/system32/drivers/acpidisk.sys | 2008-5-22 4:9:9(自动) O23 - 服务: apcdli (apcdli) - C:/Program Files/Microsoft Office/SYSTEM/apcdli.sys | 2008-6-13 8:59:44(自动) O23 - 服务: Beep () - C:/WINDOWS/system32/drivers/Beep.sys | 2004-8-17 4:0:0(系统) O23 - 服务: bbzxuu (bbzxuu) - C:/WINDOWS/system32/bbzxuu (手动) O23 - 服务: bcvnsvc (Visual Studio Analyzer Remote bridge Helper Service) - C:/WINDOWS/System32/svchost.exe -k bcvnsvc -> C:/WINDOWS/system32/bcvnsvc.dll | 2004-8-7 20:0:0 | Microsoft(R) Windows(R) Operating System | 6.6.3791.1831 | Background Intelligent Transfer Services | (C) Microsoft Corporation. All rights reserved. | 6.6.3791.1832 | Microsoft Corporation | | qmgr32.dll | qmgr32.dll(自动) O23 - 服务: EagleNT (EagleNT) - C:/WINDOWS/system32/drivers/EagleNT.sys (手动) O23 - 服务: HBKernel (HBKernel Driver) - system32/DRIVERS/HBKernel.sys (引导) O23 - 服务: hjdmc (hjdmc) - system32/drivers/hjdmc.sys (引导) O23 - 服务: MSPlugPlay (Windows Plug and Play) - C:/WINDOWS/System32/svchost.exe -k MSPlugPlay -> c:/windows/system32/msplugplay1005.sys | 2004-8-7 20:0:0(自动) O23 - 服务: nesepi (nesepi) - C:/WINDOWS/System32/drivers/nesepi.sys | 2007-12-15 11:49:15 | sys 应用程序 | 1, 0, 1, 3 | sys 应用程序 | 版权所有 (C) 2006 | 1, 0, 1, 3 | 北京三七二一科技有限公司| ? | sys | sys.exe(引导) O23 - 服务: ntptdb (ntptdb) - C:/Documents and Settings/All Users/Application Data/Microsoft/Office/SYSTEM/ntptdb.sys | 2008-6-13 9:32:38(自动) O23 - 服务: upudpkok (upudpkok) - C:/WINDOWS/system32/viscvc.exe | 2008-5-22 4:5:59(自动) O23 - 服务: windowsupdata (windowsupdata) - C:/WINDOWS/system32/tcpip.exe | 2008-5-16 13:53:27(自动) O24 - ShlExecHook: [5] - {55694105-5108-9405-3695-954187462155} = C:/WINDOWS/system32/mpwdeapi.dll O24 - ShlExecHook: [6] - {6A041F13-A111-12A3-B0CF-F99818AA68A6} = C:/WINDOWS/system32/zxmscwin.dll O24 - ShlExecHook: [5] - {5C648541-1025-9650-9057-6541258720C5} = C:/WINDOWS/system32/mndhedwd.dll | 2004-8-8 11:53:15 O24 - ShlExecHook: [4] - {4629FF4F-ACDB-5C90-A098-FACB3456A264} = C:/WINDOWS/system32/mpmydapi.dll O24 - ShlExecHook: [2] - {2D698451-2015-6358-9871-2015987452D2} = C:/WINDOWS/system32/apzhbtde.dll | 2004-8-8 11:53:24 O24 - ShlExecHook: [5] - {5B1AEF69-DDAE-FDAD-DCAB-698F026ABDB5} = C:/WINDOWS/system32/oohxdbyt.dll | 2004-8-8 11:53:25 O24 - ShlExecHook: [5] - {50940F85-F015-14F1-A05F-F69858AC6D05} = C:/WINDOWS/system32/zptlcsys.dll | 2004-8-8 11:53:27 O24 - ShlExecHook: [5] - {5FD45A54-9875-698F-E56E-65102358FDF5} = C:/WINDOWS/system32/apsgejba.dll | 2004-8-8 11:53:30 O24 - ShlExecHook: [9] - {9490415F-65F8-B5C5-D8BA-9405FB120549} = C:/WINDOWS/system32/yzztimsn.dll | 2004-8-8 11:53:32 O24 - ShlExecHook: [7] - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} = C:/WINDOWS/system32/mnmhgsrv.dll O24 - ShlExecHook: [7] - {7319A1F1-9410-9654-3201-345FFA349137} = C:/WINDOWS/system32/zywmgime.dll | 2004-8-8 11:53:35 O24 - ShlExecHook: [1] - {14698742-2059-3025-9058-954023874141} = C:/WINDOWS/system32/jkhxaklo.dll O24 - ShlExecHook: [3] - {35671234-7890-ABCD-CDEF-567801237653} = C:/WINDOWS/system32/yxcschlp.dll O24 - ShlExecHook: [5] - {528DF602-9541-A985-210A-984A698C6F25} = C:/WINDOWS/system32/ptjhehlp.dll | 2004-8-8 11:53:40 O24 - ShlExecHook: [4] - {4A698102-5904-AFD0-20DF-CD1A65829CA4} = C:/WINDOWS/system32/zycbdime.dll | 2004-8-8 11:53:42 O24 - ShlExecHook: [2] - {22596546-2036-9451-6058-658402589722} = C:/WINDOWS/system32/opshbbty.dll O24 - ShlExecHook: [8] - {81954FAC-1023-154F-895A-1458258AD818} = C:/WINDOWS/system32/ypdjfbmp.dll O24 - ShlExecHook: [5] - {5A069845-2036-6084-9054-6087502480A5} = C:/WINDOWS/system32/ozfyebyt.dll O24 - ShlExecHook: [A] - {AA59145F-315D-BC23-AC1F-145DF81A34AA} = C:/WINDOWS/system32/zyzxjime.dll O24 - ShlExecHook: [] - {1AB1F65A-964F-4AE7-B254-05146A0E602E} = C:/Program Files/Internet Explorer/PLUGINS/WinSys48.Sys O24 - ShlExecHook: [3] - {37AC9076-C898-B098-D098-A18319080973} = C:/WINDOWS/system32/nhmxcjkl.dll | 2004-8-8 11:53:55 O24 - ShlExecHook: [2] - {2B69874A-C58C-458D-69F0-698F874E41B2} = C:/WINDOWS/system32/lassaplo.dll | 2004-8-8 11:54:5 O24 - ShlExecHook: [5] - {5E091341-6715-2098-51F0-178367AE53E5} = C:/WINDOWS/system32/fgfsakuy.dll | 2004-8-8 11:54:7 O24 - ShlExecHook: [6] - {6319A1F1-9410-9654-3201-345FFA349136} = C:/WINDOWS/system32/zywmfime.dll O24 - ShlExecHook: [MICROSOFT] - {28766E1C-74B0-4417-8C75-F12AE309EF35} = C:/WINDOWS/system32/wzcfsw.dll | 2008-5-13 11:54:47 O24 - ShlExecHook: [MICROSOFT] - {17DFD111-BF3A-4CB4-ADB0-88FCBFE69821} = C:/WINDOWS/system32/hhrdxd.dll | 2008-5-13 11:54:52 O24 - ShlExecHook: [MICROSOFT] - {45AADFAA-DD36-42AB-83AD-0521BBF58C24} = C:/WINDOWS/system32/zdesfx.dll | 2008-5-13 11:55:3 O24 - ShlExecHook: [MICROSOFT] - {1E51C0FD-EE36-434B-AD2A-FD1FF3731C38} = C:/WINDOWS/system32/wyrsdj.dll O24 - ShlExecHook: [MICROSOFT] - {6E6CA8A1-81BC-4707-A54C-F4903DD70BAD} = C:/WINDOWS/system32/zgxfdx.dll | 2008-5-13 11:55:45 O24 - ShlExecHook: [MICROSOFT] - {84143967-B645-4BFF-B873-DA1DC886E9A7} = C:/WINDOWS/system32/cedafb.dll O24 - ShlExecHook: [MICROSOFT] - {8C41B7F7-3168-400D-A702-0E7EFE0BA304} = C:/WINDOWS/system32/sgrefg.dll | 2008-5-13 11:56:35 O24 - ShlExecHook: [MICROSOFT] - {F99DEFDD-200B-4410-B572-E90883D527D2} = C:/WINDOWS/system32/wrqszl.dll | 2008-5-13 11:57:3 O24 - ShlExecHook: [MICROSOFT] - {461D2AB4-29A5-45C2-9134-D52272D3DE38} = C:/WINDOWS/system32/rfdswc.dll | 2008-5-13 11:57:14 O24 - ShlExecHook: [MICROSOFT] - {841529CB-7F77-4B99-A895-B5441E0D302F} = C:/WINDOWS/system32/jfrwdh.dll | 2008-5-13 11:57:25 O24 - ShlExecHook: [MICROSOFT] - {189F087F-4378-405F-85FA-37D955AD7A8C} = C:/WINDOWS/system32/mtewdh.dll | 2008-5-17 12:40:9 O24 - ShlExecHook: [MICROSOFT] - {DC3D30AE-0380-4151-8934-EE98A34B0370} = C:/WINDOWS/system32/mfdesy.dll | 2008-5-17 12:40:19 O24 - ShlExecHook: [F] - {4F4F0064-71E0-4f0d-0018-708476C7815F} = C:/WINDOWS/system32/midimapwd.dll O24 - ShlExecHook: [MICROSOFT] - {C0595A7E-2E2F-4B34-A83A-019270A0A464} = C:/WINDOWS/system32/tdffdl.dll | 2008-5-17 12:40:57 O24 - ShlExecHook: [MICROSOFT] - {28EB3777-3E23-4E72-8449-A992D09D24C3} = C:/WINDOWS/system32/zefdst.dll | 2008-5-17 12:41:7 O24 - ShlExecHook: [MICROSOFT] - {A9895933-6636-4281-BC58-EE6DE2AF96E3} = C:/WINDOWS/system32/ddserh.dll | 2008-5-17 12:41:17 O24 - ShlExecHook: [MICROSOFT] - {011DB9B9-44B4-44D9-B17E-BC7608F2E549} = C:/WINDOWS/system32/cdwqfs.dll | 2008-5-17 12:41:36 O24 - ShlExecHook: [F] - {4F4F0064-71E0-4f0d-0003-708476C7815F} = C:/WINDOWS/system32/midimapgj.dll O24 - ShlExecHook: [F] - {4F4F0064-71E0-4f0d-0027-708476C7815F} = C:/WINDOWS/system32/midimapqhx.dll O24 - ShlExecHook: [MICROSOFT] - {EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6} = C:/WINDOWS/system32/fsrgeb.dll |
(未完待续)