遭遇nat.exe,socks.exe,USP10.dll,BOSC.dll,kb080387.CNT,~ctwxw.txt等1

本文涉及的产品
公网NAT网关,每月750个小时 15CU
简介: 遭遇nat.exe,socks.exe,USP10.dll,BOSC.dll,kb080387.CNT,~ctwxw.txt等1

位朋友在使用QQ时,一位网友传来文件“我的照片.rar”,这位朋友接收并打开后,电脑出现问题:无法打网页;桌面莫名其妙地出现了淘宝等图标,无法删除;莫名其妙地多出了115浏览器、IE守护者等软件;有名为nat.exe的命令提示符窗口一闪而过;金山卫士、QQ电脑管家无法打开;以安全模式启动会蓝屏……重启电脑故障依旧,请偶帮忙解决。

 从症状看,与之前遇到的鬼影病毒相似。

 用U盘将pe_xscan拷入电脑并运行,扫描log并分析,发现如下可疑项:

pe_xscan 09-06-21 by Purple Endurer
2011-1-21 18:14:38Windows XP Service Pack 3(5.1.2600)MSIE:6.0.2900.5512管理员用户组正常模式
[System Process] * 0 
   C:/WINDOWS/system32/GDI32.dll | 2009-3-14 2:3:58 | Microsoft? Windows? Operating System | 5.1.2600.5698 | GDI Client DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) | Microsoft Corporation| ? | gdi32 | gdi32 
   C:/WINDOWS/system32/netapi32.dll | 2009-3-14 2:3:58 | Microsoft? Windows? Operating System | 5.1.2600.5694 | Net Win32 API DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) | Microsoft Corporation| ? | NetApi32.DLL | NetApi32.DLL 
   C:/WINDOWS/system32/USP10.dll | 2011-1-21 17:36:43 
   C:/Program Files/Common Files/BOSC.dll | 2011-1-21 18:11:18 
   C:/WINDOWS/system32/msctfime.ime | 2009-8-11 15:49:15 | Microsoft? Windows? Operating System | 5.1.2600.5768 | Microsoft Text Frame Work Service IME | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5768 (xpsp_sp3_qfe.090226-1518) | Microsoft Corporation| ? | MSCTFIME | MSCTFIME.IME 
   C:/Program Files/msconfig.dll | 2011-1-21 18:11:18 
C:/WINDOWS/system32/csrss.exe* 784 | 2009-3-14 2:3:58 
   C:/WINDOWS/system32/GDI32.dll | 2009-3-14 2:3:58 | Microsoft? Windows? Operating System | 5.1.2600.5698 | GDI Client DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) | Microsoft Corporation| ? | gdi32 | gdi32 
C:/WINDOWS/system32/winlogon.exe* 912 | 2009-3-14 2:3:58 | Microsoft(R) Windows(R) Operating System | 5.1.2600.5512 | Windows NT Logon Application | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2113) | Microsoft Corporation| ? | winlogon | WINLOGON.EXE 
   C:/WINDOWS/system32/GDI32.dll | 2009-3-14 2:3:58 | Microsoft? Windows? Operating System | 5.1.2600.5698 | GDI Client DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) | Microsoft Corporation| ? | gdi32 | gdi32 
   C:/WINDOWS/system32/netapi32.dll | 2009-3-14 2:3:58 | Microsoft? Windows? Operating System | 5.1.2600.5694 | Net Win32 API DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) | Microsoft Corporation| ? | NetApi32.DLL | NetApi32.DLL 
   C:/WINDOWS/system32/USP10.dll | 2011-1-21 17:36:43 
   C:/WINDOWS/system32/msctfime.ime | 2009-8-11 15:49:15 | Microsoft? Windows? Operating System | 5.1.2600.5768 | Microsoft Text Frame Work Service IME | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5768 (xpsp_sp3_qfe.090226-1518) | Microsoft Corporation| ? | MSCTFIME | MSCTFIME.IME 
C:/WINDOWS/system32/services.exe* 1004 | 2009-3-14 2:3:58 
   C:/WINDOWS/system32/GDI32.dll | 2009-3-14 2:3:58 | Microsoft? Windows? Operating System | 5.1.2600.5698 | GDI Client DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) | Microsoft Corporation| ? | gdi32 | gdi32 
   C:/WINDOWS/system32/netapi32.dll | 2009-3-14 2:3:58 | Microsoft? Windows? Operating System | 5.1.2600.5694 | Net Win32 API DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) | Microsoft Corporation| ? | NetApi32.DLL | NetApi32.DLL 
   C:/WINDOWS/system32/USP10.dll | 2011-1-21 17:36:43 
C:/WINDOWS/system32/lsass.exe* 1016 | 2009-3-14 2:3:58 
   C:/WINDOWS/system32/GDI32.dll | 2009-3-14 2:3:58 | Microsoft? Windows? Operating System | 5.1.2600.5698 | GDI Client DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) | Microsoft Corporation| ? | gdi32 | gdi32 
   C:/WINDOWS/system32/netapi32.dll | 2009-3-14 2:3:58 | Microsoft? Windows? Operating System | 5.1.2600.5694 | Net Win32 API DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) | Microsoft Corporation| ? | NetApi32.DLL | NetApi32.DLL 
   C:/WINDOWS/system32/USP10.dll | 2011-1-21 17:36:43 
C:/WINDOWS/system32/svchost.exe* 1460 | 2009-3-14 2:3:58 
   C:/WINDOWS/system32/GDI32.dll | 2009-3-14 2:3:58 | Microsoft? Windows? Operating System | 5.1.2600.5698 | GDI Client DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) | Microsoft Corporation| ? | gdi32 | gdi32 
   C:/WINDOWS/system32/USP10.dll | 2011-1-21 17:36:43 
   C:/WINDOWS/system32/netapi32.dll | 2009-3-14 2:3:58 | Microsoft? Windows? Operating System | 5.1.2600.5694 | Net Win32 API DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) | Microsoft Corporation| ? | NetApi32.DLL | NetApi32.DLL 
   C:/Program Files/Common Files/System/kb080387.CNT | 2011-1-21 17:40:38 
   C:/WINDOWS/system32/rasadhlp.dll | 2011-1-21 17:43:11 | Microsoft? Windows? Operating System | 5.1.2600.5512 | Remote Access AutoDial Helper | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-0852) | Microsoft Corporation| ? | rasadhlp.dll | rasadhlp.dll 
   C:/Program Files/Common Files/System/kb763371.sig | 2011-1-21 17:42:6 
   C:/Program Files/Common Files/System/kb064444.dla | 2011-1-21 17:43:11 
   C:/Program Files/Common Files/System/kb080387.CNT | 2011-1-21 17:40:38 
C:/WINDOWS/explorer.exe* 264 | 2009-3-14 2:3:58 
   C:/WINDOWS/system32/GDI32.dll | 2009-3-14 2:3:58 | Microsoft? Windows? Operating System | 5.1.2600.5698 | GDI Client DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) | Microsoft Corporation| ? | gdi32 | gdi32 
   C:/WINDOWS/system32/netapi32.dll | 2009-3-14 2:3:58 | Microsoft? Windows? Operating System | 5.1.2600.5694 | Net Win32 API DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) | Microsoft Corporation| ? | NetApi32.DLL | NetApi32.DLL 
   C:/WINDOWS/system32/USP10.dll | 2011-1-21 17:36:43 
   C:/WINDOWS/system32/msctfime.ime | 2009-8-11 15:49:15 | Microsoft? Windows? Operating System | 5.1.2600.5768 | Microsoft Text Frame Work Service IME | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5768 (xpsp_sp3_qfe.090226-1518) | Microsoft Corporation| ? | MSCTFIME | MSCTFIME.IME 
   C:/Program Files/msconfig.dll | 2011-1-21 18:11:18 
   C:/Program Files/Common Files/BOSC.dll | 2011-1-21 18:11:18 
   C:/WINDOWS/system32/bhoexe.dll | 2011-1-21 17:44:6 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2622 | Windows XP USER API Client DLL | Copyright 1997 | 5.1.2600.2622 | Microsoft Corporation| ? | apphelp | apphelp 
C:/WINDOWS/system32/wefjdxvihc/smss.exe * 1480 | 2011-1-21 17:42:3 
   C:/WINDOWS/system32/GDI32.dll | 2009-3-14 2:3:58 | Microsoft? Windows? Operating System | 5.1.2600.5698 | GDI Client DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) | Microsoft Corporation| ? | gdi32 | gdi32 
   C:/WINDOWS/system32/USP10.dll | 2011-1-21 17:36:43 
   C:/Program Files/msconfig.dll | 2011-1-21 18:11:18 
   C:/Program Files/Common Files/BOSC.dll | 2011-1-21 18:11:18 
C:/Program Files/svchost.exe * 1768 | 2011-1-21 17:42:46 
   C:/WINDOWS/system32/GDI32.dll | 2009-3-14 2:3:58 | Microsoft? Windows? Operating System | 5.1.2600.5698 | GDI Client DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) | Microsoft Corporation| ? | gdi32 | gdi32 
   C:/WINDOWS/system32/USP10.dll | 2011-1-21 17:36:43 
   C:/Program Files/msconfig.dll | 2011-1-21 18:11:18 
   C:/Program Files/Common Files/BOSC.dll | 2011-1-21 18:11:18 
   C:/WINDOWS/system32/msctfime.ime | 2009-8-11 15:49:15 | Microsoft? Windows? Operating System | 5.1.2600.5768 | Microsoft Text Frame Work Service IME | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5768 (xpsp_sp3_qfe.090226-1518) | Microsoft Corporation| ? | MSCTFIME | MSCTFIME.IME 
   C:/Program Files/Common Files/System/kb080387.CNT | 2011-1-21 17:40:38 
   C:/WINDOWS/system32/netapi32.dll | 2009-3-14 2:3:58 | Microsoft? Windows? Operating System | 5.1.2600.5694 | Net Win32 API DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) | Microsoft Corporation| ? | NetApi32.DLL | NetApi32.DLL 
   C:/WINDOWS/system32/rasadhlp.dll | 2011-1-21 17:43:11 | Microsoft? Windows? Operating System | 5.1.2600.5512 | Remote Access AutoDial Helper | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-0852) | Microsoft Corporation| ? | rasadhlp.dll | rasadhlp.dll 
   C:/Program Files/Common Files/System/kb763371.sig | 2011-1-21 17:42:6 
   C:/Program Files/Common Files/System/kb064444.dla | 2011-1-21 17:43:11 
C:/WINDOWS/system32/ctfmon.exe* 240 | 2009-3-14 2:3:58 
   C:/WINDOWS/system32/GDI32.dll | 2009-3-14 2:3:58 | Microsoft? Windows? Operating System | 5.1.2600.5698 | GDI Client DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) | Microsoft Corporation| ? | gdi32 | gdi32 
   C:/WINDOWS/system32/USP10.dll | 2011-1-21 17:36:43 
   C:/WINDOWS/system32/msctfime.ime | 2009-8-11 15:49:15 | Microsoft? Windows? Operating System | 5.1.2600.5768 | Microsoft Text Frame Work Service IME | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5768 (xpsp_sp3_qfe.090226-1518) | Microsoft Corporation| ? | MSCTFIME | MSCTFIME.IME 
   C:/Program Files/msconfig.dll | 2011-1-21 18:11:18 

C:/WINDOWS/system32/alg.exe* 2072 | 2009-3-14 2:3:58 
   C:/WINDOWS/system32/GDI32.dll | 2009-3-14 2:3:58 | Microsoft? Windows? Operating System | 5.1.2600.5698 | GDI Client DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) | Microsoft Corporation| ? | gdi32 | gdi32 
   C:/WINDOWS/system32/USP10.dll | 2011-1-21 17:36:43 
   C:/Program Files/Common Files/System/kb080387.CNT | 2011-1-21 17:40:38 
C:/WINDOWS/system32/rundll32.exe* 832 | 2009-3-14 2:3:58 
   C:/WINDOWS/system32/GDI32.dll | 2009-3-14 2:3:58 | Microsoft? Windows? Operating System | 5.1.2600.5698 | GDI Client DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) | Microsoft Corporation| ? | gdi32 | gdi32 
   C:/WINDOWS/system32/USP10.dll | 2011-1-21 17:36:43 
   C:/WINDOWS/system32/popupk.dll | 2005-1-21 12:12:0 
   C:/Program Files/Common Files/BOSC.dll | 2011-1-21 18:11:18 
   C:/WINDOWS/system32/msctfime.ime | 2009-8-11 15:49:15 | Microsoft? Windows? Operating System | 5.1.2600.5768 | Microsoft Text Frame Work Service IME | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5768 (xpsp_sp3_qfe.090226-1518) | Microsoft Corporation| ? | MSCTFIME | MSCTFIME.IME 
   C:/WINDOWS/system32/netapi32.dll | 2009-3-14 2:3:58 | Microsoft? Windows? Operating System | 5.1.2600.5694 | Net Win32 API DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) | Microsoft Corporation| ? | NetApi32.DLL | NetApi32.DLL 
   C:/WINDOWS/system32/rasadhlp.dll | 2011-1-21 17:43:11 | Microsoft? Windows? Operating System | 5.1.2600.5512 | Remote Access AutoDial Helper | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-0852) | Microsoft Corporation| ? | rasadhlp.dll | rasadhlp.dll 
   C:/Program Files/Common Files/System/kb763371.sig | 2011-1-21 17:42:6 
   C:/Program Files/Common Files/System/kb064444.dla | 2011-1-21 17:43:11 
   C:/Program Files/Common Files/System/kb080387.CNT | 2011-1-21 17:40:38 
C:/Program Files/Internet Explorer/IEXPLORE.EXE* 2364 | 2010-8-2 11:3:54 
   C:/WINDOWS/system32/GDI32.dll | 2009-3-14 2:3:58 | Microsoft? Windows? Operating System | 5.1.2600.5698 | GDI Client DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) | Microsoft Corporation| ? | gdi32 | gdi32 
   C:/WINDOWS/system32/netapi32.dll | 2009-3-14 2:3:58 | Microsoft? Windows? Operating System | 5.1.2600.5694 | Net Win32 API DLL | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) | Microsoft Corporation| ? | NetApi32.DLL | NetApi32.DLL 
   C:/WINDOWS/system32/USP10.dll | 2011-1-21 17:36:43 
   C:/Program Files/Common Files/BOSC.dll | 2011-1-21 18:11:18 
   C:/WINDOWS/system32/msctfime.ime | 2009-8-11 15:49:15 | Microsoft? Windows? Operating System | 5.1.2600.5768 | Microsoft Text Frame Work Service IME | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5768 (xpsp_sp3_qfe.090226-1518) | Microsoft Corporation| ? | MSCTFIME | MSCTFIME.IME 
   C:/WINDOWS/system32/bhoexe.dll | 2011-1-21 17:44:6 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2622 | Windows XP USER API Client DLL | Copyright 1997 | 5.1.2600.2622 | Microsoft Corporation| ? | apphelp | apphelp 
   C:/Program Files/Common Files/System/kb080387.CNT | 2011-1-21 17:40:38 
   C:/Program Files/msconfig.dll | 2011-1-21 18:11:18 
   C:/WINDOWS/system32/rasadhlp.dll | 2011-1-21 17:43:11 | Microsoft? Windows? Operating System | 5.1.2600.5512 | Remote Access AutoDial Helper | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-0852) | Microsoft Corporation| ? | rasadhlp.dll | rasadhlp.dll 
   C:/Program Files/Common Files/System/kb763371.sig | 2011-1-21 17:42:6 
   C:/Program Files/Common Files/System/kb064444.dla | 2011-1-21 17:43:11

F2 - REG: system.ini: UserInit = <C:/WINDOWS/system32/userinit.exe, C:/WINDOWS/socks.exe> | 2009-3-14 2:3:58
O2 - BHO BHOApp Class - {CE7C3CEF-4B15-11D1-ABED-FA4C0C0931ED} = C:/WINDOWS/system32/bhoexe.dll | 2011-1-21 17:44:6
O4 - HKLM/../run: [KVP] C:/WINDOWS/system32/drivers/svchost.exe
O4 - HKLM/../run: [360safeman] C:/Program Files/svchost.exe
O4 - HKLM/../run: [IEProtector] C:/Program Files/IEProtector/ieprotector.exe hide ,start
O4 - Global Startup: 1229.tmp 
O4 - Global Startup: 221.tmp 
O4 - Global Startup: 228.tmp 
O4 - Global Startup: yfwkrmowvh.exe 
AT1.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT2.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT3.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT4.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT5.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT6.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT7.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT8.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT9.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT10.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT11.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT12.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT13.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT14.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT15.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT16.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT17.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT18.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT19.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT20.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT21.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT22.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT23.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT24.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT25.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT26.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT27.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT28.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT29.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT30.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT31.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT32.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT33.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT34.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT35.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT36.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT37.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT38.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT39.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT40.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT41.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT42.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT43.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT44.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT45.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT46.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT47.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT48.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT49.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT50.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT51.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT52.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT53.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT54.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT55.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT56.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT57.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT58.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT59.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT60.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT61.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT62.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT63.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT64.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT65.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT66.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT67.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT68.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT69.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT70.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT71.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe
AT72.job -> C:/WINDOWS/system32/Macromadendt/jmqtwd.exe

O23 - 服务: ctwxw (ctwxw) - C:/Documents and Settings/Administrator/Application Data/~ctwxw.txt | 2011-1-21 17:48:28(手动)
O23 - 服务: dibaf (dibaf) - C:/Documents and Settings/Administrator/Application Data/~dibaf.txt | 2011-1-21 18:11:15(手动)
O23 - 服务: DMusic (Microsoft Kernel DLS Syntheiszer) - C:/WINDOWS/system32/drivers/kpscc.sys | 2011-1-21 17:48:31(手动)
O23 - 服务: FireFox (FireFox Driver) - C:/WINDOWS/system32/firefox.exe (自动)
O23 - 服务: NPF (Netgroup Packet Filter) -  system32/drivers/npf.sys | 2011-1-21 17:36:54 | WinPcap Netgroup Packet Filter Driver | 3, 1, 0, 27 | npf | Copyright ? 2005 CACE Technologies. Copyright ? 2003-2005 NetGroup, Politecnico di Torino. | 3, 1, 0, 27 | CACE Technologies | | NPF + TME | npf.sys(手动)
O23 - 服务: PciDevice (PciDevice) - C:/Program files/MSDN/PciDisk.sys (手动)
O23 - 服务: PCIDump () - C:/WINDOWS/system32/drivers/PCIDump.sys | 2011-1-21 18:11:43(系统)
O23 - 服务: SoftDaemo (SoftDaemo) - C:/WINDOWS/system32/drivers/SoftDaemo.sys | 2011-1-21 18:11:9(手动)
O26 - IFEO: 360deepscan.exe -> ntsd -d
O26 - IFEO: 360hotfix.exe -> ntsd -d
O26 - IFEO: 360rp.exe -> ntsd -d
O26 - IFEO: 360rpt.exe -> ntsd -d
O26 - IFEO: 360Safe.exe -> ntsd -d
O26 - IFEO: 360safebox.exe -> ntsd -d
O26 - IFEO: 360sd.exe -> ntsd -d
O26 - IFEO: 360sdrun.exe -> ntsd -d
O26 - IFEO: 360tray.exe -> ntsd -d
O26 - IFEO: 799d.exe -> ntsd -d
O26 - IFEO: adam.exe -> ntsd -d
O26 - IFEO: AgentSvr.exe -> ntsd -d
O26 - IFEO: AntiArp.exe -> ntsd -d
O26 - IFEO: AntiU.exe -> ntsd -d
O26 - IFEO: AoYun.exe -> ntsd -d
O26 - IFEO: appdllman.exe -> ntsd -d
O26 - IFEO: AppSvc32.exe -> ntsd -d
O26 - IFEO: ArSwp.exe -> ntsd -d
O26 - IFEO: ArSwp2.exe -> ntsd -d
O26 - IFEO: ArSwp3.exe -> ntsd -d
O26 - IFEO: arvmon.exe -> ntsd -d
O26 - IFEO: AST.exe -> ntsd -d
O26 - IFEO: atpup.exe -> ntsd -d
O26 - IFEO: auto.exe -> ntsd -d
O26 - IFEO: AutoGuarder.exe -> ntsd -d
O26 - IFEO: AutoRun.exe -> ntsd -d
O26 - IFEO: autoruns.exe -> ntsd -d
O26 - IFEO: av.exe -> ntsd -d
O26 - IFEO: AvastU3.exe -> ntsd -d
O26 - IFEO: avcenter.exe -> ntsd -d
O26 - IFEO: avconsol.exe -> ntsd -d
O26 - IFEO: avgaurd.exe -> ntsd -d
O26 - IFEO: avgnt.exe -> ntsd -d
O26 - IFEO: avgrssvc.exe -> ntsd -d
O26 - IFEO: AvMonitor.exe -> ntsd -d
O26 - IFEO: avp.com -> ntsd -d
O26 - IFEO: avp.exe -> ntsd -d
O26 - IFEO: AvU3Launcher.exe -> ntsd -d
O26 - IFEO: CCenter.exe -> ntsd -d
O26 - IFEO: ccSvcHst.exe -> ntsd -d
O26 - IFEO: cross.exe -> ntsd -d
O26 - IFEO: Discovery.exe -> ntsd -d
O26 - IFEO: DSMain.exe -> ntsd -d
O26 - IFEO: EGHOST.exe -> ntsd -d
O26 - IFEO: egui.exe -> ntsd -d
O26 - IFEO: ekrn.exe -> ntsd -d
O26 - IFEO: FileDsty.exe -> ntsd -d
O26 - IFEO: filmst.exe -> ntsd -d
O26 - IFEO: findt2005.exe -> ntsd -d
O26 - IFEO: FTCleanerShell.exe -> ntsd -d
O26 - IFEO: FYFireWall.exe -> ntsd -d
O26 - IFEO: ghost.exe -> ntsd -d
O26 - IFEO: guangd.exe -> ntsd -d
O26 - IFEO: HijackThis.exe -> ntsd -d
O26 - IFEO: IceSword.exe -> ntsd -d
O26 - IFEO: iparmo.exe -> ntsd -d
O26 - IFEO: Iparmor.exe -> ntsd -d
O26 - IFEO: irsetup.exe -> ntsd -d
O26 - IFEO: IsHelp.exe -> ntsd -d
O26 - IFEO: isPwdSvc.exe -> ntsd -d
O26 - IFEO: jisu.exe -> ntsd -d
O26 - IFEO: kabaload.exe -> ntsd -d
O26 - IFEO: KaScrScn.SCR -> ntsd -d
O26 - IFEO: KASMain.exe -> ntsd -d
O26 - IFEO: KASTask.exe -> ntsd -d
O26 - IFEO: KAV32.exe -> ntsd -d
O26 - IFEO: KAVDX.exe -> ntsd -d
O26 - IFEO: KAVPF.exe -> ntsd -d
O26 - IFEO: KAVPFW.exe -> ntsd -d
O26 - IFEO: KAVSetup.exe -> ntsd -d
O26 - IFEO: kavstart.exe -> ntsd -d
O26 - IFEO: kernelwind32.exe -> ntsd -d
O26 - IFEO: killhidepid.exe -> ntsd -d
O26 - IFEO: KISLnchr.exe -> ntsd -d
O26 - IFEO: kissvc.exe -> ntsd -d
O26 - IFEO: KMailMon.exe -> ntsd -d
O26 - IFEO: KMFilter.exe -> ntsd -d
O26 - IFEO: knsd.exe -> ntsd -d
O26 - IFEO: knsdave.exe -> ntsd -d
O26 - IFEO: knsdtray.exe -> ntsd -d
O26 - IFEO: KPFW32.exe -> ntsd -d
O26 - IFEO: KPFW32X.exe -> ntsd -d
O26 - IFEO: KPfwSvc.exe -> ntsd -d
O26 - IFEO: KRegEx.exe -> ntsd -d
O26 - IFEO: KRepair.com -> ntsd -d
O26 - IFEO: krnl360svc.exe -> ntsd -d
O26 - IFEO: KsLoader.exe -> ntsd -d
O26 - IFEO: KSWebShield.exe -> ntsd -d
O26 - IFEO: KVCenter.kxp -> ntsd -d
O26 - IFEO: KvDetect.exe -> ntsd -d
O26 - IFEO: kvfw.exe -> ntsd -d
O26 - IFEO: KvfwMcl.exe -> ntsd -d
O26 - IFEO: KVMonXP.kxp -> ntsd -d
O26 - IFEO: KVMonXP_1.kxp -> ntsd -d
O26 - IFEO: kvol.exe -> ntsd -d
O26 - IFEO: kvolself.exe -> ntsd -d
O26 - IFEO: KvReport.kxp -> ntsd -d
O26 - IFEO: KVScan.kxp -> ntsd -d
O26 - IFEO: KVSrvXP.exe -> ntsd -d
O26 - IFEO: KVStub.kxp -> ntsd -d
O26 - IFEO: kvupload.exe -> ntsd -d
O26 - IFEO: kvwsc.exe -> ntsd -d
O26 - IFEO: KvXP.kxp -> ntsd -d
O26 - IFEO: KvXP_1.kxp -> ntsd -d
O26 - IFEO: KWatch.exe -> ntsd -d
O26 - IFEO: KWatch9x.exe -> ntsd -d
O26 - IFEO: KWatchX.exe -> ntsd -d
O26 - IFEO: KWSMain.exe -> ntsd -d
O26 - IFEO: kwstray.exe -> ntsd -d
O26 - IFEO: KWSUpd.exe -> ntsd -d
O26 - IFEO: LiveUpdate360.exe -> ntsd -d
O26 - IFEO: loaddll.exe -> ntsd -d
O26 - IFEO: logogo.exe -> ntsd -d
O26 - IFEO: MagicSet.exe -> ntsd -d
O26 - IFEO: mcconsol.exe -> ntsd -d
O26 - IFEO: McNAsvc.exe -> ntsd -d
O26 - IFEO: McProxy.exe -> ntsd -d
O26 - IFEO: Mcshield.exe -> ntsd -d
O26 - IFEO: Mcsysmon.exe -> ntsd -d
O26 - IFEO: mmqczj.exe -> ntsd -d
O26 - IFEO: mmsk.exe -> ntsd -d
O26 - IFEO: Navapsvc.exe -> ntsd -d
O26 - IFEO: Navapw32.exe -> ntsd -d
O26 - IFEO: NAVSetup.exe -> ntsd -d
O26 - IFEO: niu.exe -> ntsd -d
O26 - IFEO: nod32.exe -> ntsd -d
O26 - IFEO: nod32krn.exe -> ntsd -d
O26 - IFEO: nod32kui.exe -> ntsd -d
O26 - IFEO: NPFMntor.exe -> ntsd -d
O26 - IFEO: pagefile.exe -> ntsd -d
O26 - IFEO: pagefile.pif -> ntsd -d
O26 - IFEO: pfserver.exe -> ntsd -d
O26 - IFEO: PFW.exe -> ntsd -d
O26 - IFEO: PFWLiveUpdate.exe -> ntsd -d
O26 - IFEO: qheart.exe -> ntsd -d
O26 - IFEO: QHSET.exe -> ntsd -d
O26 - IFEO: QQDoctor.exe -> ntsd -d
O26 - IFEO: QQDoctorMain.exe -> ntsd -d
O26 - IFEO: QQDoctorRtp.exe -> ntsd -d
O26 - IFEO: QQKav.exe -> ntsd -d
O26 - IFEO: QQPCMgr.exe -> ntsd -d
O26 - IFEO: QQPCRTP.exe -> ntsd -d
O26 - IFEO: QQPCSmashFile.exe -> ntsd -d
O26 - IFEO: QQPCTray.exe -> ntsd -d
O26 - IFEO: QQSC.exe -> ntsd -d
O26 - IFEO: qsetup.exe -> ntsd -d
O26 - IFEO: Ras.exe -> ntsd -d
O26 - IFEO: Rav.exe -> ntsd -d
O26 - IFEO: ravcopy.exe -> ntsd -d
O26 - IFEO: RavMon.exe -> ntsd -d
O26 - IFEO: RavMonD.exe -> ntsd -d
O26 - IFEO: RavStore.exe -> ntsd -d
O26 - IFEO: RavStub.exe -> ntsd -d
O26 - IFEO: ravt08.exe -> ntsd -d
O26 - IFEO: RavTask.exe -> ntsd -d
O26 - IFEO: RegClean.exe -> ntsd -d
O26 - IFEO: RegEx.exe -> ntsd -d
O26 - IFEO: rfwcfg.exe -> ntsd -d
O26 - IFEO: rfwmain.exe -> ntsd -d
O26 - IFEO: rfwolusr.exe -> ntsd -d
O26 - IFEO: rfwProxy.exe -> ntsd -d
O26 - IFEO: rfwsrv.exe -> ntsd -d
O26 - IFEO: RsAgent.exe -> ntsd -d
O26 - IFEO: Rsaupd.exe -> ntsd -d
O26 - IFEO: RsMain.exe -> ntsd -d
O26 - IFEO: rsnetsvr.exe -> ntsd -d
O26 - IFEO: RsTray.exe -> ntsd -d
O26 - IFEO: rstrui.exe -> ntsd -d
O26 - IFEO: runiep.exe -> ntsd -d
O26 - IFEO: safebank.exe -> ntsd -d
O26 - IFEO: safeboxTray.exe -> ntsd -d
O26 - IFEO: safelive.exe -> ntsd -d
O26 - IFEO: scan32.exe -> ntsd -d
O26 - IFEO: ScanFrm.exe -> ntsd -d
O26 - IFEO: ScanU3.exe -> ntsd -d
O26 - IFEO: SDGames.exe -> ntsd -d
O26 - IFEO: SelfUpdate.exe -> ntsd -d
O26 - IFEO: servet.exe -> ntsd -d
O26 - IFEO: shcfg32.exe -> ntsd -d
O26 - IFEO: smartassistant.exe -> ntsd -d
O26 - IFEO: SmartUp.exe -> ntsd -d
O26 - IFEO: sos.exe -> ntsd -d
O26 - IFEO: SREng.EXE -> ntsd -d
O26 - IFEO: SREngPS.EXE -> ntsd -d
O26 - IFEO: stormii.exe -> ntsd -d
O26 - IFEO: SuperKiller.exe -> ntsd -d
O26 - IFEO: sxgame.exe -> ntsd -d
O26 - IFEO: symlcsvc.exe -> ntsd -d
O26 - IFEO: syscheck.exe -> ntsd -d
O26 - IFEO: Syscheck2.exe -> ntsd -d
O26 - IFEO: SysSafe.exe -> ntsd -d
O26 - IFEO: tmp.exe -> ntsd -d
O26 - IFEO: TNT.Exe -> ntsd -d
O26 - IFEO: ToolsUp.exe -> ntsd -d
O26 - IFEO: TrojanDetector.exe -> ntsd -d
O26 - IFEO: Trojanwall.exe -> ntsd -d
O26 - IFEO: TrojDie.kxp -> ntsd -d
O26 - IFEO: TxoMoU.Exe -> ntsd -d
O26 - IFEO: UFO.exe -> ntsd -d
O26 - IFEO: UIHost.exe -> ntsd -d
O26 - IFEO: UmxAgent.exe -> ntsd -d
O26 - IFEO: UmxAttachment.exe -> ntsd -d
O26 - IFEO: UmxCfg.exe -> ntsd -d
O26 - IFEO: UmxFwHlp.exe -> ntsd -d
O26 - IFEO: UmxPol.exe -> ntsd -d
O26 - IFEO: upiea.exe -> ntsd -d
O26 - IFEO: UpLive.exe -> ntsd -d
O26 - IFEO: USBCleaner.exe -> ntsd -d
O26 - IFEO: vsstat.exe -> ntsd -d
O26 - IFEO: wbapp.exe -> ntsd -d
O26 - IFEO: webscanx.exe -> ntsd -d
O26 - IFEO: WoptiClean.exe -> ntsd -d
O26 - IFEO: Wsyscheck.exe -> ntsd -d
O26 - IFEO: XDelBox.exe -> ntsd -d
O26 - IFEO: XP.exe -> ntsd -d
O26 - IFEO: zhudongfangyu.exe -> ntsd -d
O26 - IFEO: zjb.exe -> ntsd -d
O26 - IFEO: zxsweep.exe -> ntsd -d
O26 - IFEO: ~.exe -> ntsd -d
O29 - HKCU-Start Page = hxxp://www.155.com/?id=990035
O29 - HKLM-Start Page = hxxp://www.1323.cc/
O30 - IeOpenHomePage = "c:/program files/internet explorer/iexplore.exe" hxxp://www.bcyk.net/?100147
相关实践学习
每个IT人都想学的“Web应用上云经典架构”实战
本实验从Web应用上云这个最基本的、最普遍的需求出发,帮助IT从业者们通过“阿里云Web应用上云解决方案”,了解一个企业级Web应用上云的常见架构,了解如何构建一个高可用、可扩展的企业级应用架构。
相关文章
|
2月前
|
存储 机器学习/深度学习 数据可视化
解析exe文件
如何使用`objdump`工具解析exe文件,包括exe文件的组成、`objdump`的用法以及如何查看exe文件的节头信息和完整内容。
90 0
解析exe文件
|
3月前
|
安全 Windows
中了Viking,抓到CONFIG.EXE,NTDLL32.dll,webpnt.exe等
中了Viking,抓到CONFIG.EXE,NTDLL32.dll,webpnt.exe等
|
3月前
|
网络协议 安全
使用映像劫持,ARP欺骗,autorun.inf等技术的AV杀手mgemtjk.exe,sb.exe,qodwjay.exe,smsovct.exe等1
使用映像劫持,ARP欺骗,autorun.inf等技术的AV杀手mgemtjk.exe,sb.exe,qodwjay.exe,smsovct.exe等1
遭遇 kapjazy.dll,yhpri.dll,WinSys64.Sys,nwiztlbu.exe,myplayer.com 等1
遭遇 kapjazy.dll,yhpri.dll,WinSys64.Sys,nwiztlbu.exe,myplayer.com 等1
woauolt.exe,System.exe,Update.dll,MPKrnl.dll,360mon.dll,upnpsrv.dll等1
woauolt.exe,System.exe,Update.dll,MPKrnl.dll,360mon.dll,upnpsrv.dll等1
遭遇vchelp.exe,videodevice.dll,swchost.exe,IEXPLORE32.Sys等1
遭遇vchelp.exe,videodevice.dll,swchost.exe,IEXPLORE32.Sys等1
|
3月前
|
安全 Windows
遭遇scvhost.exe,qsetup.exe,dsound.dll,hnetcfg.dll,olepro32.dll等2
遭遇scvhost.exe,qsetup.exe,dsound.dll,hnetcfg.dll,olepro32.dll等2
|
3月前
|
安全 Windows
遭遇scvhost.exe,qsetup.exe,dsound.dll,hnetcfg.dll,olepro32.dll等1
遭遇scvhost.exe,qsetup.exe,dsound.dll,hnetcfg.dll,olepro32.dll等1
Win10系统msvcr120.dll丢失解决
Win10系统msvcr120.dll丢失解决
|
Windows
[笔记]Windows判断文件是可执行文件exe/dll文件/驱动文件sys
[笔记]Windows判断文件是可执行文件exe/dll文件/驱动文件sys