caobihole
- 浏览: 952485 次
-
文章分类
最新评论
beep.sys/Trojan.NtRootKit.1192,msplugplay 1005.sys/BackDoor.Pigeon.13201等1
beep.sys/Trojan.NtRootKit.1192,msplugplay 1005.sys/BackDoor.Pigeon.13201等1
endurer 原创 2008-06-24 第1版
一位网友反映说他的电脑最近经常弹出广告窗口,有时反应很慢,运行程序就重启,请偶帮忙检修。
下载 pe_xscan 扫描 log 并分析,发现如下可疑项:
pe_xscan 08-04-26 by Purple Endurer
2008-5-22 12:36:54
Windows XP Service Pack 2(5.1.2600)
MSIE:6.0.2900.2180
管理员用户组
正常模式
[System Process] * 0
C:/WINDOWS/system32/cdwqfs.dll | 2008-5-17 12:41:36
C:/WINDOWS/system32/fsrgeb.dll | 2008-5-17 12:43:11
C:/WINDOWS/system32/tdffdl.dll | 2008-5-17 12:40:57
C:/WINDOWS/system32/zefdst.dll | 2008-5-17 12:41:7
C:/WINDOWS/system32/mfdesy.dll | 2008-5-17 12:40:19
C:/WINDOWS/system32/mtewdh.dll | 2008-5-17 12:40:9
C:/WINDOWS/system32/wrqszl.dll | 2008-5-13 11:57:3
C:/WINDOWS/system32/ddserh.dll | 2008-5-17 12:41:17
C:/WINDOWS/system32/rfdswc.dll | 2008-5-13 11:57:14
C:/WINDOWS/system32/jfrwdh.dll | 2008-5-13 11:57:25
C:/WINDOWS/system32/zgxfdx.dll | 2008-5-13 11:55:45
C:/WINDOWS/system32/sgrefg.dll | 2008-5-13 11:56:35
C:/WINDOWS/system32/zdesfx.dll | 2008-5-13 11:55:3
C:/WINDOWS/system32/hhrdxd.dll | 2008-5-13 11:54:52
C:/WINDOWS/system32/wzcfsw.dll | 2008-5-13 11:54:47
C:/WINDOWS/System32/winlogon.exe* 816 | 2004-8-17 4:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Windows NT Logon Application | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | winlogon | WINLOGON.EXE
C:/WINDOWS/system32/yzztimsn.dll | 2004-8-8 11:53:32
C:/WINDOWS/system32/nhmxcjkl.dll | 2004-8-8 11:53:55
C:/WINDOWS/system32/winlib .dll
C:/WINDOWS/System32/SVCHOST.EXE* 1048 | 2004-8-17 4:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | svchost.exe | svchost.exe
C:/WINDOWS/system32/kcomd32.dll | 2008-5-13 11:53:20
C:/WINDOWS/System32/SVCHOST.EXE* 284 | 2004-8-17 4:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | svchost.exe | svchost.exe
c:/windows/system32/bcvnsvc.dll | 2004-8-7 20:0:0 | Microsoft(R) Windows(R) Operating System | 6.6.3791.1831 | Background Intelligent Transfer Services | (C) Microsoft Corporation. All rights reserved. | 6.6.3791.1832 | Microsoft Corporation | | qmgr32.dll | qmgr32.dll
C:/WINDOWS/System32/SVCHOST.EXE* 1148 | 2004-8-17 4:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | svchost.exe | svchost.exe
c:/windows/system32/msplugplay1005.sys | 2004-8-7 20:0:0
C:/WINDOWS/System32/HBmhly.exe * 1340 | 2008-5-13 11:53:6
C:/WINDOWS/system32/yzztimsn.dll | 2004-8-8 11:53:32
C:/WINDOWS/system32/nhmxcjkl.dll | 2004-8-8 11:53:55
C:/WINDOWS/System32/SVCHOST.EXE* 1432 | 2004-8-17 4:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | svchost.exe | svchost.exe
C:/WINDOWS/system32/yzztimsn.dll | 2004-8-8 11:53:32
C:/WINDOWS/system32/nhmxcjkl.dll | 2004-8-8 11:53:55
C:/Program Files/Internet Explorer/iexplore.exe * 2424 | 2006-4-8 17:41:16 | Microsoft(R) Windows(R) Operating System | 6.00.2900.2180 | Internet Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | iexplore | IEXPLORE.EXE
C:/WINDOWS/system32/yzztimsn.dll | 2004-8-8 11:53:32
C:/WINDOWS/system32/nhmxcjkl.dll | 2004-8-8 11:53:55
C:/WINDOWS/system32/upudpkok.dll | 2008-5-22 4:6:6
C:/Program Files/Common Files/CPUSH/cpush0.dll | 2008-5-22 4:7:2| ? | 1.0.9.1| ?| ? | 1.0.9.1| ?| ? | cpush.dll | cpush.dll
C:/WINDOWS/system32/lassaplo.dll | 2004-8-8 11:54:5
C:/WINDOWS/system32/apzhbtde.dll | 2004-8-8 11:53:24
C:/Documents and Settings/All Users/Application Data/Microsoft/PCTools/pctools.dll | 2008-6-16 11:30:0 | ati Module | 1, 0, 0, 0 | ati Module | Copyright 2007 | 1, 0, 0, 0 | 明勋科技有限公司 | | ati | ati.DLL
C:/WINDOWS/system32/zycbdime.dll | 2004-8-8 11:53:42
C:/WINDOWS/system32/zptlcsys.dll | 2004-8-8 11:53:27
C:/WINDOWS/system32/ptjhehlp.dll | 2004-8-8 11:53:40
C:/WINDOWS/system32/oohxdbyt.dll | 2004-8-8 11:53:25
C:/WINDOWS/system32/mndhedwd.dll | 2004-8-8 11:53:15
C:/WINDOWS/system32/fgfsakuy.dll | 2004-8-8 11:54:7
C:/WINDOWS/system32/apsgejba.dll | 2004-8-8 11:53:30
C:/WINDOWS/system32/zywmgime.dll | 2004-8-8 11:53:35
C:/Documents and Settings/All Users/Application Data/Microsoft/OFFICE/USERDATA/webbrowser_2134.dll | 2008-5-22 4:5:59 | | 3, 4, 4, 0 | | Copyright 2008 | 3, 4, 4, 0 | | | |
C:/WINDOWS/Explorer.EXE* 3592 | 2004-8-17 4:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2900.2180 | Windows Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | explorer | EXPLORER.EXE
C:/WINDOWS/system32/yzztimsn.dll | 2004-8-8 11:53:32
C:/WINDOWS/system32/nhmxcjkl.dll | 2004-8-8 11:53:55
C:/WINDOWS/system32/mndhedwd.dll | 2004-8-8 11:53:15
C:/WINDOWS/system32/apzhbtde.dll | 2004-8-8 11:53:24
C:/WINDOWS/system32/oohxdbyt.dll | 2004-8-8 11:53:25
C:/WINDOWS/system32/zptlcsys.dll | 2004-8-8 11:53:27
C:/WINDOWS/system32/apsgejba.dll | 2004-8-8 11:53:30
C:/WINDOWS/system32/zywmgime.dll | 2004-8-8 11:53:35
C:/WINDOWS/system32/ptjhehlp.dll | 2004-8-8 11:53:40
C:/WINDOWS/system32/zycbdime.dll | 2004-8-8 11:53:42
C:/WINDOWS/system32/lassaplo.dll | 2004-8-8 11:54:5
C:/WINDOWS/system32/fgfsakuy.dll | 2004-8-8 11:54:7
C:/WINDOWS/system32/wzcfsw.dll | 2008-5-13 11:54:47
C:/WINDOWS/system32/hhrdxd.dll | 2008-5-13 11:54:52
C:/WINDOWS/system32/zdesfx.dll | 2008-5-13 11:55:3
C:/WINDOWS/system32/zgxfdx.dll | 2008-5-13 11:55:45
C:/WINDOWS/system32/sgrefg.dll | 2008-5-13 11:56:35
C:/WINDOWS/system32/wrqszl.dll | 2008-5-13 11:57:3
C:/WINDOWS/system32/rfdswc.dll | 2008-5-13 11:57:14
C:/WINDOWS/system32/jfrwdh.dll | 2008-5-13 11:57:25
C:/WINDOWS/system32/mtewdh.dll | 2008-5-17 12:40:9
C:/WINDOWS/system32/mfdesy.dll | 2008-5-17 12:40:19
C:/WINDOWS/system32/tdffdl.dll | 2008-5-17 12:40:57
C:/WINDOWS/system32/zefdst.dll | 2008-5-17 12:41:7
C:/WINDOWS/system32/ddserh.dll | 2008-5-17 12:41:17
C:/WINDOWS/system32/cdwqfs.dll | 2008-5-17 12:41:36
C:/WINDOWS/system32/fsrgeb.dll | 2008-5-17 12:43:11
D:/QQ2006/QQ.exe * 2536 | 2008-2-19 7:15:25 | QQ | 7,1,644,1777 | QQ | Copyright (C) 1998 - 2007 TENCENT Inc. All Rights Reserved | 7,1,644,1777 | TENCENT | | COMQQD | QQ.exe
C:/WINDOWS/system32/yzztimsn.dll | 2004-8-8 11:53:32
C:/WINDOWS/system32/nhmxcjkl.dll | 2004-8-8 11:53:55
C:/WINDOWS/system32/mndhedwd.dll | 2004-8-8 11:53:15
C:/WINDOWS/system32/apzhbtde.dll | 2004-8-8 11:53:24
C:/WINDOWS/system32/oohxdbyt.dll | 2004-8-8 11:53:25
C:/WINDOWS/system32/zptlcsys.dll | 2004-8-8 11:53:27
C:/WINDOWS/system32/apsgejba.dll | 2004-8-8 11:53:30
C:/WINDOWS/system32/zywmgime.dll | 2004-8-8 11:53:35
C:/WINDOWS/system32/ptjhehlp.dll | 2004-8-8 11:53:40
C:/WINDOWS/system32/zycbdime.dll | 2004-8-8 11:53:42
C:/WINDOWS/system32/lassaplo.dll | 2004-8-8 11:54:5
C:/WINDOWS/system32/fgfsakuy.dll | 2004-8-8 11:54:7
D:/QQ2006/TXPlatform.exe* 2568 | 2008-1-4 9:10:35 | TM2008 | 1, 0, 170, 201 | TM2008 | Copyright (C) 1998-2007 TENCENT Inc. All Rights Reserved | 1, 0, 170, 0 | Tencent| ? | |
C:/WINDOWS/system32/fsrgeb.dll | 2008-5-17 12:43:11
C:/WINDOWS/system32/cdwqfs.dll | 2008-5-17 12:41:36
C:/WINDOWS/system32/ddserh.dll | 2008-5-17 12:41:17
C:/WINDOWS/system32/zefdst.dll | 2008-5-17 12:41:7
C:/WINDOWS/system32/tdffdl.dll | 2008-5-17 12:40:57
C:/WINDOWS/system32/mfdesy.dll | 2008-5-17 12:40:19
C:/WINDOWS/system32/mtewdh.dll | 2008-5-17 12:40:9
C:/WINDOWS/system32/jfrwdh.dll | 2008-5-13 11:57:25
C:/WINDOWS/system32/rfdswc.dll | 2008-5-13 11:57:14
C:/WINDOWS/system32/wrqszl.dll | 2008-5-13 11:57:3
C:/WINDOWS/system32/zgxfdx.dll | 2008-5-13 11:55:45
C:/WINDOWS/system32/sgrefg.dll | 2008-5-13 11:56:35
C:/WINDOWS/system32/zdesfx.dll | 2008-5-13 11:55:3
C:/WINDOWS/system32/hhrdxd.dll | 2008-5-13 11:54:52
C:/WINDOWS/system32/wzcfsw.dll | 2008-5-13 11:54:47
O2 - BHO CAdLogic Object - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} -C:/Program Files/Common Files/CPUSH/cpush0.dll
O2 - BHO - {14698742-2059-3025-9058-954023874141} -C:/WINDOWS/system32/jkhxaklo.dll
O2 - BHO - {1AB1F65A-964F-4AE7-B254-05146A0E602E} -C:/Program Files/Internet Explorer/PLUGINS/WinSys48.Sys
O2 - BHO - {22596546-2036-9451-6058-658402589722} -C:/WINDOWS/system32/opshbbty.dll
O2 - BHO - {2B69874A-C58C-458D-69F0-698F874E41B2} -C:/WINDOWS/system32/lassaplo.dll
O2 - BHO - {2D698451-2015-6358-9871-2015987452D2} -C:/WINDOWS/system32/apzhbtde.dll
O2 - BHO - {35671234-7890-ABCD-CDEF-567801237653} -C:/WINDOWS/system32/yxcschlp.dll
O2 - BHO - {37AC9076-C898-B098-D098-A18319080973} -C:/WINDOWS/system32/nhmxcjkl.dll
O2 - BHO Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} -C:/Documents and Settings/All Users/Application Data/Microsoft/PCTools/pctools.dll
O2 - BHO - {4629FF4F-ACDB-5C90-A098-FACB3456A264} -C:/WINDOWS/system32/mpmydapi.dll
O2 - BHO - {4A698102-5904-AFD0-20DF-CD1A65829CA4} -C:/WINDOWS/system32/zycbdime.dll
O2 - BHO - {50940F85-F015-14F1-A05F-F69858AC6D05} -C:/WINDOWS/system32/zptlcsys.dll
O2 - BHO - {528DF602-9541-A985-210A-984A698C6F25} -C:/WINDOWS/system32/ptjhehlp.dll
O2 - BHO - {55694105-5108-9405-3695-954187462155} -C:/WINDOWS/system32/mpwdeapi.dll
O2 - BHO - {5A069845-2036-6084-9054-6087502480A5} -C:/WINDOWS/system32/ozfyebyt.dll
O2 - BHO - {5B1AEF69-DDAE-FDAD-DCAB-698F026ABDB5} -C:/WINDOWS/system32/oohxdbyt.dll
O2 - BHO - {5C648541-1025-9650-9057-6541258720C5} -C:/WINDOWS/system32/mndhedwd.dll
O2 - BHO - {5E091341-6715-2098-51F0-178367AE53E5} -C:/WINDOWS/system32/fgfsakuy.dll
O2 - BHO - {5FD45A54-9875-698F-E56E-65102358FDF5} -C:/WINDOWS/system32/apsgejba.dll
O2 - BHO - {6319A1F1-9410-9654-3201-345FFA349136} -C:/WINDOWS/system32/zywmfime.dll
O2 - BHO - {6A041F13-A111-12A3-B0CF-F99818AA68A6} -C:/WINDOWS/system32/zxmscwin.dll
O2 - BHO - {7319A1F1-9410-9654-3201-345FFA349137} -C:/WINDOWS/system32/zywmgime.dll
O2 - BHO - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} -C:/WINDOWS/system32/mnmhgsrv.dll
O2 - BHO - {81954FAC-1023-154F-895A-1458258AD818} -C:/WINDOWS/system32/ypdjfbmp.dll
O2 - BHO - {9490415F-65F8-B5C5-D8BA-9405FB120549} -C:/WINDOWS/system32/yzztimsn.dll
O2 - BHO Surfer Class - {986488AF-13D5-9DDF-4FEF-9FB88698CFC1} -C:/Documents and Settings/All Users/Application Data/Microsoft/OFFICE/USERDATA/webbrowser_2134.dll
O2 - BHO - {AA59145F-315D-BC23-AC1F-145DF81A34AA} -C:/WINDOWS/system32/zyzxjime.dll
O4 - HKLM/../Run: [wallpaper]c:/windows/system32/壁纸自动换.exe
O4 - HKLM/../Run: [HBmhly] C:/WINDOWS/system32/HBmhly.exe" -r
O4 - HKLM/../Run: [WinSysW]C:/WINDOWS/533931L.exe
O4 - HKLM/../Policies/Explorer/Run: [kcomd] kcomd32.exe
O4 - Global Startup: self.bat -> Invalid lnk file
O20 - AppInit_DLLs =exploreo.dll,yzztimsn.dll,nhmxcjkl.dll
O21 - SSODL - midimapwd(-) - {4F4F0064-71E0-4f0d-0018-708476C7815F} =C:/WINDOWS/system32/midimapwd.dll
O21 - SSODL - midimapgj(-) - {4F4F0064-71E0-4f0d-0003-708476C7815F} =C:/WINDOWS/system32/midimapgj.dll
O21 - SSODL - midimapqhx(-) - {4F4F0064-71E0-4f0d-0027-708476C7815F} =C:/WINDOWS/system32/midimapqhx.dll
O23 - 服务: 2j9raw (2j9raw) - System32/DRIVERS/2j9raw.sys | | 1, 0, 0, 1 | File System Driver | (C) Microsoft Corporation. All rights reserved. | 1, 0, 0, 1 | | | | (引导)
O23 - 服务: 5dinlqohl (5dinlqohl) - system32/drivers/5dinlqohl.sys (引导)
O23 - 服务: acpidisk (acpidisk) -C:/WINDOWS/system32/drivers/acpidisk.sys | 2008-5-22 4:9:9(自动)
O23 - 服务: apcdli (apcdli) -C:/Program Files/Microsoft Office/SYSTEM/apcdli.sys | 2008-6-13 8:59:44(自动)
O23 - 服务: Beep () -C:/WINDOWS/system32/drivers/Beep.sys | 2004-8-17 4:0:0(系统)
O23 - 服务: bbzxuu (bbzxuu) -C:/WINDOWS/system32/bbzxuu (手动)
O23 - 服务: bcvnsvc (Visual Studio Analyzer Remote bridge Helper Service) - C:/WINDOWS/System32/svchost.exe -k bcvnsvc ->C:/WINDOWS/system32/bcvnsvc.dll | 2004-8-7 20:0:0 | Microsoft(R) Windows(R) Operating System | 6.6.3791.1831 | Background Intelligent Transfer Services | (C) Microsoft Corporation. All rights reserved. | 6.6.3791.1832 | Microsoft Corporation | | qmgr32.dll | qmgr32.dll(自动)
O23 - 服务: EagleNT (EagleNT) -C:/WINDOWS/system32/drivers/EagleNT.sys (手动)
O23 - 服务: HBKernel (HBKernel Driver) - system32/DRIVERS/HBKernel.sys (引导)
O23 - 服务: hjdmc (hjdmc) - system32/drivers/hjdmc.sys (引导)
O23 - 服务: MSPlugPlay (Windows Plug and Play) - C:/WINDOWS/System32/svchost.exe -k MSPlugPlay ->c:/windows/system32/msplugplay1005.sys | 2004-8-7 20:0:0(自动)
O23 - 服务: nesepi (nesepi) -C:/WINDOWS/System32/drivers/nesepi.sys | 2007-12-15 11:49:15 | sys 应用程序 | 1, 0, 1, 3 | sys 应用程序 | 版权所有 (C) 2006 | 1, 0, 1, 3 | 北京三七二一科技有限公司| ? | sys | sys.exe(引导)
O23 - 服务: ntptdb (ntptdb) -C:/Documents and Settings/All Users/Application Data/Microsoft/Office/SYSTEM/ntptdb.sys | 2008-6-13 9:32:38(自动)
O23 - 服务: upudpkok (upudpkok) -C:/WINDOWS/system32/viscvc.exe | 2008-5-22 4:5:59(自动)
O23 - 服务: windowsupdata (windowsupdata) -C:/WINDOWS/system32/tcpip.exe | 2008-5-16 13:53:27(自动)
O24 - ShlExecHook: [5] - {55694105-5108-9405-3695-954187462155} =C:/WINDOWS/system32/mpwdeapi.dll
O24 - ShlExecHook: [6] - {6A041F13-A111-12A3-B0CF-F99818AA68A6} =C:/WINDOWS/system32/zxmscwin.dll
O24 - ShlExecHook: [5] - {5C648541-1025-9650-9057-6541258720C5} =C:/WINDOWS/system32/mndhedwd.dll | 2004-8-8 11:53:15
O24 - ShlExecHook: [4] - {4629FF4F-ACDB-5C90-A098-FACB3456A264} =C:/WINDOWS/system32/mpmydapi.dll
O24 - ShlExecHook: [2] - {2D698451-2015-6358-9871-2015987452D2} =C:/WINDOWS/system32/apzhbtde.dll | 2004-8-8 11:53:24
O24 - ShlExecHook: [5] - {5B1AEF69-DDAE-FDAD-DCAB-698F026ABDB5} =C:/WINDOWS/system32/oohxdbyt.dll | 2004-8-8 11:53:25
O24 - ShlExecHook: [5] - {50940F85-F015-14F1-A05F-F69858AC6D05} =C:/WINDOWS/system32/zptlcsys.dll | 2004-8-8 11:53:27
O24 - ShlExecHook: [5] - {5FD45A54-9875-698F-E56E-65102358FDF5} =C:/WINDOWS/system32/apsgejba.dll | 2004-8-8 11:53:30
O24 - ShlExecHook: [9] - {9490415F-65F8-B5C5-D8BA-9405FB120549} =C:/WINDOWS/system32/yzztimsn.dll | 2004-8-8 11:53:32
O24 - ShlExecHook: [7] - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} =C:/WINDOWS/system32/mnmhgsrv.dll
O24 - ShlExecHook: [7] - {7319A1F1-9410-9654-3201-345FFA349137} =C:/WINDOWS/system32/zywmgime.dll | 2004-8-8 11:53:35
O24 - ShlExecHook: [1] - {14698742-2059-3025-9058-954023874141} =C:/WINDOWS/system32/jkhxaklo.dll
O24 - ShlExecHook: [3] - {35671234-7890-ABCD-CDEF-567801237653} =C:/WINDOWS/system32/yxcschlp.dll
O24 - ShlExecHook: [5] - {528DF602-9541-A985-210A-984A698C6F25} =C:/WINDOWS/system32/ptjhehlp.dll | 2004-8-8 11:53:40
O24 - ShlExecHook: [4] - {4A698102-5904-AFD0-20DF-CD1A65829CA4} =C:/WINDOWS/system32/zycbdime.dll | 2004-8-8 11:53:42
O24 - ShlExecHook: [2] - {22596546-2036-9451-6058-658402589722} =C:/WINDOWS/system32/opshbbty.dll
O24 - ShlExecHook: [8] - {81954FAC-1023-154F-895A-1458258AD818} =C:/WINDOWS/system32/ypdjfbmp.dll
O24 - ShlExecHook: [5] - {5A069845-2036-6084-9054-6087502480A5} =C:/WINDOWS/system32/ozfyebyt.dll
O24 - ShlExecHook: [A] - {AA59145F-315D-BC23-AC1F-145DF81A34AA} =C:/WINDOWS/system32/zyzxjime.dll
O24 - ShlExecHook: [] - {1AB1F65A-964F-4AE7-B254-05146A0E602E} =C:/Program Files/Internet Explorer/PLUGINS/WinSys48.Sys
O24 - ShlExecHook: [3] - {37AC9076-C898-B098-D098-A18319080973} =C:/WINDOWS/system32/nhmxcjkl.dll | 2004-8-8 11:53:55
O24 - ShlExecHook: [2] - {2B69874A-C58C-458D-69F0-698F874E41B2} =C:/WINDOWS/system32/lassaplo.dll | 2004-8-8 11:54:5
O24 - ShlExecHook: [5] - {5E091341-6715-2098-51F0-178367AE53E5} =C:/WINDOWS/system32/fgfsakuy.dll | 2004-8-8 11:54:7
O24 - ShlExecHook: [6] - {6319A1F1-9410-9654-3201-345FFA349136} =C:/WINDOWS/system32/zywmfime.dll
O24 - ShlExecHook: [MICROSOFT] - {28766E1C-74B0-4417-8C75-F12AE309EF35} =C:/WINDOWS/system32/wzcfsw.dll | 2008-5-13 11:54:47
O24 - ShlExecHook: [MICROSOFT] - {17DFD111-BF3A-4CB4-ADB0-88FCBFE69821} =C:/WINDOWS/system32/hhrdxd.dll | 2008-5-13 11:54:52
O24 - ShlExecHook: [MICROSOFT] - {45AADFAA-DD36-42AB-83AD-0521BBF58C24} =C:/WINDOWS/system32/zdesfx.dll | 2008-5-13 11:55:3
O24 - ShlExecHook: [MICROSOFT] - {1E51C0FD-EE36-434B-AD2A-FD1FF3731C38} =C:/WINDOWS/system32/wyrsdj.dll
O24 - ShlExecHook: [MICROSOFT] - {6E6CA8A1-81BC-4707-A54C-F4903DD70BAD} =C:/WINDOWS/system32/zgxfdx.dll | 2008-5-13 11:55:45
O24 - ShlExecHook: [MICROSOFT] - {84143967-B645-4BFF-B873-DA1DC886E9A7} =C:/WINDOWS/system32/cedafb.dll
O24 - ShlExecHook: [MICROSOFT] - {8C41B7F7-3168-400D-A702-0E7EFE0BA304} =C:/WINDOWS/system32/sgrefg.dll | 2008-5-13 11:56:35
O24 - ShlExecHook: [MICROSOFT] - {F99DEFDD-200B-4410-B572-E90883D527D2} =C:/WINDOWS/system32/wrqszl.dll | 2008-5-13 11:57:3
O24 - ShlExecHook: [MICROSOFT] - {461D2AB4-29A5-45C2-9134-D52272D3DE38} =C:/WINDOWS/system32/rfdswc.dll | 2008-5-13 11:57:14
O24 - ShlExecHook: [MICROSOFT] - {841529CB-7F77-4B99-A895-B5441E0D302F} =C:/WINDOWS/system32/jfrwdh.dll | 2008-5-13 11:57:25
O24 - ShlExecHook: [MICROSOFT] - {189F087F-4378-405F-85FA-37D955AD7A8C} =C:/WINDOWS/system32/mtewdh.dll | 2008-5-17 12:40:9
O24 - ShlExecHook: [MICROSOFT] - {DC3D30AE-0380-4151-8934-EE98A34B0370} =C:/WINDOWS/system32/mfdesy.dll | 2008-5-17 12:40:19
O24 - ShlExecHook: [F] - {4F4F0064-71E0-4f0d-0018-708476C7815F} =C:/WINDOWS/system32/midimapwd.dll
O24 - ShlExecHook: [MICROSOFT] - {C0595A7E-2E2F-4B34-A83A-019270A0A464} =C:/WINDOWS/system32/tdffdl.dll | 2008-5-17 12:40:57
O24 - ShlExecHook: [MICROSOFT] - {28EB3777-3E23-4E72-8449-A992D09D24C3} =C:/WINDOWS/system32/zefdst.dll | 2008-5-17 12:41:7
O24 - ShlExecHook: [MICROSOFT] - {A9895933-6636-4281-BC58-EE6DE2AF96E3} =C:/WINDOWS/system32/ddserh.dll | 2008-5-17 12:41:17
O24 - ShlExecHook: [MICROSOFT] - {011DB9B9-44B4-44D9-B17E-BC7608F2E549} =C:/WINDOWS/system32/cdwqfs.dll | 2008-5-17 12:41:36
O24 - ShlExecHook: [F] - {4F4F0064-71E0-4f0d-0003-708476C7815F} =C:/WINDOWS/system32/midimapgj.dll
O24 - ShlExecHook: [F] - {4F4F0064-71E0-4f0d-0027-708476C7815F} =C:/WINDOWS/system32/midimapqhx.dll
O24 - ShlExecHook: [MICROSOFT] - {EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6} =C:/WINDOWS/system32/fsrgeb.dll | 2008-5-17 12:43:11
O26 - IFEO: DrvAnti.exe -> ntsd -d
(未完待续)
分享到:
发表评论
相关推荐
#pragma comment(lib, "../../../lib/fltkd.lib"); #pragma comment(lib, "wsock32.lib"); #pragma comment(lib, "comctl32.lib"); void beepcb(Fl_Widget *, void *) { printf("\007"); fflush(stdout); } void...
不是拷贝XP的beep.sys实现,使用的是InpOut库,32位及64位均可使用。 我自己加了音符频率表,内附一首生日歌,类似于20年前DOS开发一样,使用蜂鸣器播放音乐,其它歌曲请自己编写。 另附InpOut32的调用源代码,不...
Beep 是一个声音库和实用程序,用于警告长时间运行的命令执行结束。 Beep 还可以播放带有自然声音的 MIDI 文件/URL 或文本乐谱。 要播放演示音乐,请运行: $ GOPATH=$PWD/beep go get github....
API的用法之beep.rar
beep.uvgui_Administrator.bak
单片机应用技术 beep.pdsprj 学习资料 复习资料 教学资源
单片机应用技术 beep.hex 学习资料 复习资料 教学资源
1. C++使用Beep播放音乐 2. 实现常用工具分解质因数,清理电脑垃圾等 3. 如2048、攻击类、益智类小游戏 4. 学习+做题(有解析)功能 5. 休闲抽奖 6. 关机、重启等操作 7. 界面颜色、速度、音效等调节功能
易语言API的用法之beep.7z
构建VI,每秒显示一个0到1之间的随机数。同时,计算并显示产生的最后四个随机数的平均值。只有产生4个数以后才显示平均值,否则显示0。每次随机数大于0.5时,使用Beep.vi产生蜂鸣声。
C++蜂鸣音乐代码...通过连续使用Beep函数传入音高和音长连接成一首音乐,非常有趣!
基于java的开发源码-P2P应用程序协议框架 Java BEEP Core.zip 基于java的开发源码-P2P应用程序协议框架 Java BEEP Core.zip 基于java的开发源码-P2P应用程序协议框架 Java BEEP Core.zip 基于java的开发源码-P2P应用...
1.key_shake_beep
STM8S开发板范例,BEEP蜂鸣器的使用方法
beep.pdsprj
beep.c
NSURL *file_url = [[NSURL alloc] initFileURLWithPath:[NSString main_bundle_file_path:@"beep-beep.caf"]]; wid_ctrl.beep_url = file_url; [file_url release]; file_url = nil; wid_ctrl.custom_msg = @...
Nu_LB_NUC140_UCOSII_KEY_LCD_Beep.rar ucosII例程 : 按键 LCD显示 蜂鸣器 改进版本
5.rocker_rgb_beep
linux下beep驱动,用交叉编译器编译成开发板上能用的驱动