回复:中HBinject.exe,有扫描报告
启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<HBService><explore.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs>< eskisl.dll biroas.dll ringtte.dll mcromv.dll lensch.dll mduaey.dll wllame.dll,aaa.dll,HBmhly.dll catower.dll johandy.dll jolndyo.dll aotoppt.dll pewire.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{76D44356-B494-443a-BEDC-AA68DE4255E6}><C:\WINDOWS\system32\dispexcb.dll> []
<{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}><C:\WINDOWS\system32\adsntzt.dll> []
<{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}><C:\WINDOWS\system32\cliconfgzx.dll> []
<{2CB77746-8ECC-40ca-8217-10CA8BE5EFC8}><C:\WINDOWS\system32\tscfgwmijxsj.dll> []
<{A2C3BA54-DF75-4881-8EB3-E54B26BBBBC9}><C:\WINDOWS\system32\nwapi32dj.dll> []
<{D3112B69-A745-4805-874E-ABD480EA1299}><C:\WINDOWS\system32\bootvidgj.dll> []
<{DBEAF7DC-D4AA-4A2E-958A-58E9A6BC11C7}><DBEAF7DC.dll> []
<{EB9660D8-E1CD-4ff0-B4A9-00CD907F928A}><C:\WINDOWS\system32\slbiopfs2.dll> []
<{F0930A2F-D971-4828-8209-B7DFD266ED44}><C:\WINDOWS\system32\xolehlpjh.dll> []
<{00240024-0024-0024-0024-00240024BB15}><C:\WINDOWS\system32\scrruncqsj.dll> []
<{DA56B183-A731-402b-9235-2CB8803E212D}><C:\WINDOWS\system32\imgutilhx2.dll> []
<{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}><C:\WINDOWS\system32\zxaamoch.dll> []
<{9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5}><C:\WINDOWS\system32\certmgrkd.dll> []
<{898E02AB-9372-4a2c-9C4A-FFE1AF61097F}><C:\WINDOWS\system32\comuidsg.dll> []
<{6B9FEAD7-4319-4312-AB05-D8C9CD255BFE}><C:\WINDOWS\system32\avicapwm.dll> []
<{2876D76C-CAAA-4313-AF97-8D1D9A2A1087}><C:\WINDOWS\system32\dpvvoxmh.dll> []
<{71A78CD4-E470-4a18-8457-E0E0283DD507}><C:\WINDOWS\system32\lweurqhx.dll> []
<{BA4B5EBD-AB43-4c2b-84F5-F1AD85E79E4A}><C:\WINDOWS\system32\wtsapi32yt2.dll> []
<{434FA69C-5F0A-42e1-82B8-10AF2C8E53C6}><C:\WINDOWS\system32\twainyy.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<dispexcb.dll><C:\WINDOWS\system32\dispexcb.dll> []
<adsntzt.dll><C:\WINDOWS\system32\adsntzt.dll> []
<cliconfgzx.dll><C:\WINDOWS\system32\cliconfgzx.dll> []
<tscfgwmijxsj.dll><C:\WINDOWS\system32\tscfgwmijxsj.dll> []
<nwapi32dj.dll><C:\WINDOWS\system32\nwapi32dj.dll> []
<bootvidgj.dll><C:\WINDOWS\system32\bootvidgj.dll> []
<slbiopfs2.dll><C:\WINDOWS\system32\slbiopfs2.dll> []
<xolehlpjh.dll><C:\WINDOWS\system32\xolehlpjh.dll> []
<scrruncqsj.dll><C:\WINDOWS\system32\scrruncqsj.dll> []
<imgutilhx2.dll><C:\WINDOWS\system32\imgutilhx2.dll> []
<dsrycrlc.dll><C:\WINDOWS\system32\zxaamoch.dll> []
<certmgrkd.dll><C:\WINDOWS\system32\certmgrkd.dll> []
<comuidsg.dll><C:\WINDOWS\system32\comuidsg.dll> []
<zxaamoch.dll><C:\WINDOWS\system32\zxaamoch.dll> []
<avicapwm.dll><C:\WINDOWS\system32\avicapwm.dll> []
<dpvvoxmh.dll><C:\WINDOWS\system32\dpvvoxmh.dll> []
<lweurqhx.dll><C:\WINDOWS\system32\lweurqhx.dll> []
<wtsapi32yt2.dll><C:\WINDOWS\system32\wtsapi32yt2.dll> []
<twainyy.dll><C:\WINDOWS\system32\twainyy.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
<IFEO[360rpt.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe]
<IFEO[360Safe.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
<IFEO[360tray.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe]
<IFEO[adam.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe]
<IFEO[AgentSvr.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiArp.exe]
<IFEO[AntiArp.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe]
<IFEO[AppSvc32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe]
<IFEO[autoruns.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe]
<IFEO[avconsol.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe]
<IFEO[avgrssvc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe]
<IFEO[AvMonitor.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com]
<IFEO[avp.com]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
<IFEO[avp.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe]
<IFEO[CCenter.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe]
<IFEO[ccSvcHst.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrvAnti.exe]
<IFEO[DrvAnti.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe]
<IFEO[drwadins.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebscd.exe]
<IFEO[drwebscd.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe]
<IFEO[drwebupw.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe]
<IFEO[EGHOST.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe]
<IFEO[FileDsty.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe]
<IFEO[filemon.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe]
<IFEO[FTCleanerShell.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FYFireWall.exe]
<IFEO[FYFireWall.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe]
<IFEO[GFRing3.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFUpd.exe]
<IFEO[GFUpd.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GuardField.exe]
<IFEO[GuardField.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe]
<IFEO[HijackThis.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe]
<IFEO[IceSword.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe]
<IFEO[iparmo.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe]
<IFEO[Iparmor.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe]
<IFEO[isPwdSvc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe]
<IFEO[kabaload.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR]
<IFEO[KaScrScn.SCR]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe]
<IFEO[KASMain.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe]
<IFEO[KASTask.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe]
<IFEO[KAV32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe]
<IFEO[KAVDX.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe]
<IFEO[KAVPF.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe]
<IFEO[KAVPFW.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe]
<IFEO[KAVSetup.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe]
<IFEO[KAVStart.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe]
<IFEO[KISLnchr.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe]
<IFEO[KMailMon.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe]
<IFEO[KMFilter.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe]
<IFEO[KPFW32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe]
<IFEO[KPFW32X.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.exe]
<IFEO[KPfwSvc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe]
<IFEO[KRegEx.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.com]
<IFEO[KRepair.com]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe]
<IFEO[KsLoader.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp]
<IFEO[KVCenter.kxp]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe]
<IFEO[KvDetect.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe]
<IFEO[KvfwMcl.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp]
<IFEO[KVMonXP.kxp]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp]
<IFEO[KVMonXP_1.kxp]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe]
<IFEO[kvol.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe]
<IFEO[kvolself.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp]
<IFEO[KvReport.kxp]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp]
<IFEO[KVScan.kxp]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe]
<IFEO[KVSrvXP.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp]
<IFEO[KVStub.kxp]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe]
<IFEO[kvupload.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe]
<IFEO[kvwsc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp]
<IFEO[KvXP.kxp]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp]
<IFEO[KvXP_1.kxp]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe]
<IFEO[KWatch.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe]
<IFEO[KWatch9x.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe]
<IFEO[KWatchX.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe]
<IFEO[MagicSet.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe]
<IFEO[mcconsol.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe]
<IFEO[mmqczj.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe]
<IFEO[mmsk.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe]
<IFEO[Navapsvc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe]
<IFEO[Navapw32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe]
<IFEO[nod32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe]
<IFEO[nod32krn.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe]
<IFEO[nod32kui.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPFMntor.exe]
<IFEO[NPFMntor.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE]
<IFEO[OllyDBG.EXE]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyICE.EXE]
<IFEO[OllyICE.EXE]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe]
<IFEO[PFW.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe]
<IFEO[PFWLiveUpdate.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe]
<IFEO[procexp.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe]
<IFEO[QHSET.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe]
<IFEO[QQKav.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe]
<IFEO[Ras.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavCopy.exe]
<IFEO[RavCopy.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe]
<IFEO[RavMon.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe]
<IFEO[RavMonD.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe]
<IFEO[RavStub.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe]
<IFEO[RavTask.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavXP.exe]
<IFEO[RavXP.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RawCopy.exe]
<IFEO[RawCopy.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe]
<IFEO[RegClean.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe]
<IFEO[regedit.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe]
<IFEO[regmon.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegTool.exe]
<IFEO[RegTool.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe]
<IFEO[rfwcfg.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe]
<IFEO[rfwmain.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe]
<IFEO[rfwProxy.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe]
<IFEO[rfwsrv.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwstub.exe]
<IFEO[rfwstub.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe]
<IFEO[RsAgent.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe]
<IFEO[Rsaupd.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe]
<IFEO[runiep.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe]
<IFEO[safelive.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe]
<IFEO[scan32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe]
<IFEO[shcfg32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe]
<IFEO[SmartUp.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spiderml.exe]
<IFEO[spiderml.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spidernt.exe]
<IFEO[spidernt.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spiderui.exe]
<IFEO[spiderui.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spml_set.exe]
<IFEO[spml_set.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.EXE]
<IFEO[SREng.EXE]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sunesnk.exe]
<IFEO[sunesnk.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe]
<IFEO[symlcsvc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe]
<IFEO[SysSafe.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgar.exe]
<IFEO[taskmgar.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe]
<IFEO[TrojanDetector.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe]
<IFEO[Trojanwall.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp]
<IFEO[TrojDie.kxp]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe]
<IFEO[UIHost.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe]
<IFEO[UmxAgent.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe]
<IFEO[UmxAttachment.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe]
<IFEO[UmxCfg.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe]
<IFEO[UmxFwHlp.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe]
<IFEO[UmxPol.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.exe]
<IFEO[UpLive.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe]
<IFEO[vsstat.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe]
<IFEO[webscanx.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe]
<IFEO[WoptiClean.exe]><ntsd -d> [N/A]
==================================
驱动程序
[dtscsi / dtscsi][Running/Manual Start]
<\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[pqcxby / pqcxby][Running/Manual Start]
<\??\C:\WINDOWS\system32\pqcxby.tmp><N/A>
[HBKernel Driver / HBKernel][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\HBKernel.sys><N/A>
[dbeaf7d / dbeaf7d][Running/Manual Start]
<\??\C:\WINDOWS\system32\dbeaf7d.sys><N/A>
[apcdli / apcdli][Running/Auto Start]
<\??\C:\Program Files\Microsoft Office\SYSTEM\apcdli.sys><N/A>
==================================
浏览器加载项
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\PushWare\cpush.dll, >
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\PushWare\cpush.dll, >
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
==================================
正在运行的进程
[C:\WINDOWS\system32\dispexcb.dll] [N/A, ]
[C:\WINDOWS\system32\adsntzt.dll] [N/A, ]
[C:\WINDOWS\system32\cliconfgzx.dll] [N/A, ]
[C:\WINDOWS\system32\tscfgwmijxsj.dll] [N/A, ]
[C:\WINDOWS\system32\nwapi32dj.dll] [N/A, ]
[C:\WINDOWS\system32\bootvidgj.dll] [N/A, ]
[C:\WINDOWS\system32\slbiopfs2.dll] [N/A, ]
[C:\WINDOWS\system32\xolehlpjh.dll] [N/A, ]
[C:\WINDOWS\system32\scrruncqsj.dll] [N/A, ]
[C:\WINDOWS\system32\imgutilhx2.dll] [N/A, ]
[C:\WINDOWS\system32\zxaamoch.dll] [N/A, ]
[C:\WINDOWS\system32\certmgrkd.dll] [N/A, ]
[C:\WINDOWS\system32\comuidsg.dll] [N/A, ]
[C:\WINDOWS\system32\avicapwm.dll] [N/A, ]
[C:\WINDOWS\system32\dpvvoxmh.dll] [N/A, ]
[C:\WINDOWS\system32\lweurqhx.dll] [N/A, ]
[C:\WINDOWS\system32\wtsapi32yt2.dll] [N/A, ]
[C:\WINDOWS\system32\twainyy.dll] [N/A, ]
[C:\WINDOWS\system32\DBEAF7DC.dll] [N/A, ]
==================================
==================================
API HOOK
入口点错误:CreateServiceA (危险等级: 高, 被下面模块所HOOK: 0x001354AC)
==================================