遭遇 gjlbj.vya / Trojan.Win32.Agent.kle 等1
endurer 原创
2008-05-13 第1版
一位网友说他的电脑中的AntiVir不停的报告发现病毒,请偶帮忙检修。
下载 pe_xscan 扫描 log 并 分析,发现如下可疑项(进程模块有省略):
/===
pe_xscan 08-05-09 by Purple Endurer
2008-5-13 11:46:55
Windows XP Service Pack 2(5.1.2600)
MSIE:6.0.2900.2180
管理员用户组
正常模式
[System Process] * 0
C:/WINDOWS/system32/fdzzb.fqz | 1630-6-3 16:33:38
C:/WINDOWS/system32/fvjbv.dll | 2008-4-18 13:37:32 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Advanced Windows 32 Base API | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | advapi32.dll | advapi32.dll
C:/WINDOWS/system32/fhhlr.dll | 2008-4-18 14:56:5 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3119 | Windows NT BASE API Client DLL | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301) | Microsoft Corporation| ? | kernel32 | kernel32
C:/WINDOWS/system32/dgxvl.dll | 2004-8-17 4:0:0
C:/WINDOWS/system32/vypnd.dll | 2008-4-18 13:41:42 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Advanced Windows 32 Base API | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | advapi32.dll | advapi32.dll
C:/WINDOWS/system32/hkbzp.dll | 2008-4-18 14:56:5 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3119 | Windows NT BASE API Client DLL | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301) | Microsoft Corporation| ? | kernel32 | kernel32
C:/WINDOWS/system32/gjlbj.vya | 2008-1-9 8:59:13
C:/WINDOWS/system32/ybdtb.dll | 2008-4-18 13:41:41 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Advanced Windows 32 Base API | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | advapi32.dll | advapi32.dll
C:/WINDOWS/system32/knpfn.dll | 2008-4-18 14:41:12 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3119 | Windows NT BASE API Client DLL | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301) | Microsoft Corporation| ? | kernel32 | kernel32
C:/WINDOWS/system32/fpkltop.dll | 2004-8-17 4:0:0
C:/WINDOWS/system32/xhcdlgh.dll | 2008-4-25 1:5:42 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Advanced Windows 32 Base API | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | advapi32.dll | advapi32.dll
C:/WINDOWS/system32/jtopxst.dll | 2008-4-25 1:5:43 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3119 | Windows NT BASE API Client DLL | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301) | Microsoft Corporation| ? | kernel32 | kernel32
C:/WINDOWS/system32/fhrkmik.dll | 2004-8-17 4:0:0
C:/WINDOWS/system32/xzjceac.dll | 2008-4-29 15:53:50 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Advanced Windows 32 Base API | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | advapi32.dll | advapi32.dll
C:/WINDOWS/system32/jlvoqmo.dll | 2008-4-29 15:53:52 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3119 | Windows NT BASE API Client DLL | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301) | Microsoft Corporation| ? | kernel32 | kernel32
C:/WINDOWS/System32/BoBoTurbo/BoBoTurbo.exe * 1456 | 2007-10-11 10:6:54 | BoBo P2P多媒体网络点播/广播/直播系统 加速器 | 1, 4, 0, 0 | BoBo P2P多媒体网络点播/广播/直播系统 加速器 | Copyright (C) 2005-2007 | 1, 4, 1011, 2 | 广州易播信息科技有限公司 | | BoBoTurbo | BoBoTurbo.EXE
C:/WINDOWS/Explorer.EXE* 336 | 2004-8-17 4:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2900.3156 | Windows Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Microsoft Corporation| ? | explorer | EXPLORER.EXE
C:/WINDOWS/system32/gjlbj.vya | 2008-1-9 8:59:13
C:/WINDOWS/system32/fdzzb.fqz | 1630-6-3 16:33:38
C:/WINDOWS/system32/dgxvl.dll | 2004-8-17 4:0:0
C:/WINDOWS/system32/fpkltop.dll | 2004-8-17 4:0:0
C:/WINDOWS/system32/fhrkmik.dll | 2004-8-17 4:0:0
C:/WINDOWS/system32/QTVYP.dll | 2004-8-17 4:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3119 | Windows NT BASE API Client DLL | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301) | Microsoft Corporation| ? | kernel32 | kernel32
C:/WINDOWS/system32/CmdLineExt03.dll | 2006-10-6 3:27:12
D:/Program Files/Avira/AntiVir PersonalEdition Classic/avgnt.exe* 580 | 2008-4-18 15:6:43 | AntiVir Workstation | 8.00.00.07 | Antivirus System Tray Tool | Copyright ? 2008 Avira GmbH. All rights reserved. | 8.00.00.07 | Avira GmbH | AntiVir? is a registered trademark of Avira GmbH, Germany. | avsystray.exe | avgnt.exe
C:/WINDOWS/system32/gjlbj.vya | 2008-1-9 8:59:13
C:/WINDOWS/system32/ybdtb.dll | 2008-4-18 13:41:41 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Advanced Windows 32 Base API | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | advapi32.dll | advapi32.dll
C:/WINDOWS/system32/knpfn.dll | 2008-4-18 14:41:12 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3119 | Windows NT BASE API Client DLL | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301) | Microsoft Corporation| ? | kernel32 | kernel32
C:/WINDOWS/system32/fhrkmik.dll | 2004-8-17 4:0:0
C:/WINDOWS/system32/xzjceac.dll | 2008-4-29 15:53:50 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Advanced Windows 32 Base API | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | advapi32.dll | advapi32.dll
C:/WINDOWS/system32/jlvoqmo.dll | 2008-4-29 15:53:52 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3119 | Windows NT BASE API Client DLL | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301) | Microsoft Corporation| ? | kernel32 | kernel32
C:/WINDOWS/system32/fpkltop.dll | 2004-8-17 4:0:0
C:/WINDOWS/system32/xhcdlgh.dll | 2008-4-25 1:5:42 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Advanced Windows 32 Base API | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | advapi32.dll | advapi32.dll
C:/WINDOWS/system32/jtopxst.dll | 2008-4-25 1:5:43 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3119 | Windows NT BASE API Client DLL | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301) | Microsoft Corporation| ? | kernel32 | kernel32
C:/WINDOWS/system32/dgxvl.dll | 2004-8-17 4:0:0
C:/WINDOWS/system32/vypnd.dll | 2008-4-18 13:41:42 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Advanced Windows 32 Base API | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | advapi32.dll | advapi32.dll
C:/WINDOWS/system32/hkbzp.dll | 2008-4-18 14:56:5 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3119 | Windows NT BASE API Client DLL | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301) | Microsoft Corporation| ? | kernel32 | kernel32
C:/WINDOWS/system32/fdzzb.fqz | 1630-6-3 16:33:38
C:/WINDOWS/system32/fvjbv.dll | 2008-4-18 13:37:32 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Advanced Windows 32 Base API | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | advapi32.dll | advapi32.dll
C:/WINDOWS/system32/fhhlr.dll | 2008-4-18 14:56:5 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3119 | Windows NT BASE API Client DLL | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301) | Microsoft Corporation| ? | kernel32 | kernel32
C:/WINDOWS/System32/ctfmon.exe* 724 | 2004-8-17 4:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | CTF Loader | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | CTFMON | CTFMON.EXE
C:/WINDOWS/system32/fhrkmik.dll | 2004-8-17 4:0:0
C:/WINDOWS/system32/xzjceac.dll | 2008-4-29 15:53:50 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Advanced Windows 32 Base API | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | advapi32.dll | advapi32.dll
C:/WINDOWS/system32/jlvoqmo.dll | 2008-4-29 15:53:52 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3119 | Windows NT BASE API Client DLL | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301) | Microsoft Corporation| ? | kernel32 | kernel32
C:/WINDOWS/system32/fpkltop.dll | 2004-8-17 4:0:0
C:/WINDOWS/system32/xhcdlgh.dll | 2008-4-25 1:5:42 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Advanced Windows 32 Base API | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | advapi32.dll | advapi32.dll
C:/WINDOWS/system32/jtopxst.dll | 2008-4-25 1:5:43 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3119 | Windows NT BASE API Client DLL | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301) | Microsoft Corporation| ? | kernel32 | kernel32
C:/WINDOWS/system32/dgxvl.dll | 2004-8-17 4:0:0
C:/WINDOWS/system32/vypnd.dll | 2008-4-18 13:41:42 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Advanced Windows 32 Base API | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | advapi32.dll | advapi32.dll
C:/WINDOWS/system32/hkbzp.dll | 2008-4-18 14:56:5 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3119 | Windows NT BASE API Client DLL | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301) | Microsoft Corporation| ? | kernel32 | kernel32
C:/WINDOWS/system32/fdzzb.fqz | 1630-6-3 16:33:38
C:/WINDOWS/system32/fvjbv.dll | 2008-4-18 13:37:32 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Advanced Windows 32 Base API | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | advapi32.dll | advapi32.dll
C:/WINDOWS/system32/fhhlr.dll | 2008-4-18 14:56:5 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3119 | Windows NT BASE API Client DLL | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301) | Microsoft Corporation| ? | kernel32 | kernel32
C:/WINDOWS/system32/gjlbj.vya | 2008-1-9 8:59:13
C:/WINDOWS/system32/ybdtb.dll | 2008-4-18 13:41:41 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Advanced Windows 32 Base API | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | advapi32.dll | advapi32.dll
C:/WINDOWS/system32/knpfn.dll | 2008-4-18 14:41:12 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3119 | Windows NT BASE API Client DLL | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301) | Microsoft Corporation| ? | kernel32 | kernel32
C:/WINDOWS/System32/rundll32.exe* 1512 | 2004-8-17 4:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Run a DLL as an App | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | rundll | RUNDLL.EXE
C:/WINDOWS/system32/QTVYP.dll | 2004-8-17 4:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3119 | Windows NT BASE API Client DLL | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301) | Microsoft Corporation| ? | kernel32 | kernel32
C:/WINDOWS/system32/fhrkmik.dll | 2004-8-17 4:0:0
C:/WINDOWS/system32/xzjceac.dll | 2008-4-29 15:53:50 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Advanced Windows 32 Base API | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | advapi32.dll | advapi32.dll
C:/WINDOWS/system32/jlvoqmo.dll | 2008-4-29 15:53:52 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3119 | Windows NT BASE API Client DLL | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301) | Microsoft Corporation| ? | kernel32 | kernel32
C:/WINDOWS/system32/fpkltop.dll | 2004-8-17 4:0:0
C:/WINDOWS/system32/xhcdlgh.dll | 2008-4-25 1:5:42 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Advanced Windows 32 Base API | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | advapi32.dll | advapi32.dll
C:/WINDOWS/system32/jtopxst.dll | 2008-4-25 1:5:43 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3119 | Windows NT BASE API Client DLL | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301) | Microsoft Corporation| ? | kernel32 | kernel32
C:/WINDOWS/system32/dgxvl.dll | 2004-8-17 4:0:0
C:/WINDOWS/system32/vypnd.dll | 2008-4-18 13:41:42 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Advanced Windows 32 Base API | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | advapi32.dll | advapi32.dll
C:/WINDOWS/system32/hkbzp.dll | 2008-4-18 14:56:5 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3119 | Windows NT BASE API Client DLL | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301) | Microsoft Corporation| ? | kernel32 | kernel32
C:/WINDOWS/system32/fdzzb.fqz | 1630-6-3 16:33:38
C:/WINDOWS/system32/fvjbv.dll | 2008-4-18 13:37:32 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Advanced Windows 32 Base API | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | advapi32.dll | advapi32.dll
C:/WINDOWS/system32/fhhlr.dll | 2008-4-18 14:56:5 | Microsoft(R) Windows(R) Operating System | 5.1.2600.3119 | Windows NT BASE API Client DLL | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301) | Microsoft Corporation| ? | kernel32 | kernel32
C:/WINDOWS/system32/gjlbj.vya | 2008-1-9 8:59:13
O22 - SharedTaskScheduler: () - {851D962F-A63E-51E9-63FB-0C941DA62FB8} = C:/WINDOWS/system32/QTVNP.dll
O22 - SharedTaskScheduler: () - {62EA63FC-730B-2EB6-30C8-D961EA730C95} = C:/WINDOWS/system32/YACUW.dll
O22 - SharedTaskScheduler: () - {2FB730C9-40D8-FB83-0D95-A63EB740C952} = C:/WINDOWS/system32/WZBTV.dll
O22 - SharedTaskScheduler: () - {D962EA73-EB74-962F-B740-41DA52EB740D} = C:/WINDOWS/system32/NPSUM.dll
O22 - SharedTaskScheduler: () - {FB830C95-0D95-B840-D961-63FB740D962F} = C:/WINDOWS/system32/BDGXA.dll
O22 - SharedTaskScheduler: () - {EA73FB74-FB84-A73F-C841-51EA62FB841D} = C:/WINDOWS/system32/MORTL.dll
O22 - SharedTaskScheduler: () - {FB74FC85-0C95-B740-C952-62FB730C952E} = C:/WINDOWS/system32/NPRUL.dll
O22 - SharedTaskScheduler: () - {C851D962-DA63-851E-A63F-30C941D962FB} = C:/WINDOWS/system32/CEHJB.dll
O22 - SharedTaskScheduler: () - {C850D962-DA62-851D-A63E-30C841D962FB} = C:/WINDOWS/system32/WYBSV.dll
O22 - SharedTaskScheduler: () - {730C841D-851E-30C9-51EA-EB74FC851EA7} = C:/WINDOWS/system32/DFIKC.dll
O22 - SharedTaskScheduler: () - {63FB730C-740D-3FB8-40D9-DA63EB740D96} = C:/WINDOWS/system32/KNPRJ.dll
O22 - SharedTaskScheduler: () - {1EA62FB8-3FC7-EA72-FC84-952DA63FC851} = C:/WINDOWS/system32/HKMEG.dll
O22 - SharedTaskScheduler: () - {B740C851-C952-740D-952E-2FB830C951EA} = C:/WINDOWS/system32/VXACU.dll
O22 - SharedTaskScheduler: () - {D962EA63-EA73-962E-B730-40D951EA730C} = C:/WINDOWS/system32/JLOQI.dll
O22 - SharedTaskScheduler: () - {41D952EA-62EA-1DA5-2FB7-C840C952EB74} = C:/WINDOWS/system32/EHJBD.dll
O22 - SharedTaskScheduler: () - {EA63EB74-FB84-A63F-B841-51EA62FB841D} = C:/WINDOWS/system32/MOQTK.dll
O22 - SharedTaskScheduler: () - {0D951EA7-2EB6-D961-EB73-841C952EB740} = C:/WINDOWS/system32/CFHZB.dll
O22 - SharedTaskScheduler: () - {A63FB740-B841-63FC-841D-1EA72FB840D9} = C:/WINDOWS/system32/EGJLD.dll
O22 - SharedTaskScheduler: () - {62FB730C-740D-2FB8-40D9-DA63EB740D96} = C:/WINDOWS/system32/IKNPH.dll
O22 - SharedTaskScheduler: () - {52EA62FB-63FB-2EA6-3FC7-C951DA63FC85} = C:/WINDOWS/system32/TWYQS.dll
O22 - SharedTaskScheduler: () - {1EA62FB8-3FC7-EA72-FC84-952DA63FC841} = C:/WINDOWS/system32/ZCEWY.dll
O22 - SharedTaskScheduler: () - {40C841DA-51E9-0C94-1EA6-B74FC851EA73} = C:/WINDOWS/system32/KMOGI.dll
O22 - SharedTaskScheduler: () - {FC850D96-1DA6-C851-DA63-730C841DA63F} = C:/WINDOWS/system32/PSUXO.dll
O22 - SharedTaskScheduler: () - {EA62EB74-FB83-A63E-B840-51E962FB841D} = C:/WINDOWS/system32/MOQIK.dll
O22 - SharedTaskScheduler: () - {FC840D96-1DA5-C850-DA62-730B841DA63F} = C:/WINDOWS/system32/DGIAC.dll
O22 - SharedTaskScheduler: () - {C851D962-DA62-851E-A63F-30C840D962FB} = C:/WINDOWS/system32/SUXZR.dll
O22 - SharedTaskScheduler: () - {EB73FC85-0C94-B74F-C951-62FA730C952E} = C:/WINDOWS/system32/ORTLN.dll
O22 - SharedTaskScheduler: () - {841D952E-962F-41DA-62FB-FC850D962FB8} = C:/WINDOWS/system32/MORTL.dll
O22 - SharedTaskScheduler: () - {D961EA63-EA72-962E-B73F-40D851EA730C} = C:/WINDOWS/system32/DFIZC.dll
O22 - SharedTaskScheduler: () - {EB74FC85-0C95-B740-C952-62FB730C952E} = C:/WINDOWS/system32/QTVYP.dll
O22 - SharedTaskScheduler: () - {EA73FB84-FC85-A730-C851-52EB63FC851E} = C:/WINDOWS/system32/GILNF.dll
O22 - SharedTaskScheduler: () - {1DA62EB7-2FB8-DA63-FB84-851E962EB740} = C:/WINDOWS/system32/JLOQI.dll
O22 - SharedTaskScheduler: () - {EA72FB84-FC84-A73F-C850-52EA63FC851E} = C:/WINDOWS/system32/OQTKN.dll
O22 - SharedTaskScheduler: () - {740D851E-952E-40D9-52EB-FB840C952EA7} = C:/WINDOWS/system32/XACFW.dll
O22 - SharedTaskScheduler: () - {63FC740D-841D-3FC8-41DA-EA73FB841DA6} = C:/WINDOWS/system32/MPRUL.dll
O22 - SharedTaskScheduler: () - {C851D962-DA63-851E-A63F-30C941DA63FC} = C:/WINDOWS/system32/GILNF.dll
O22 - SharedTaskScheduler: () - {3FC740D9-41D9-FC84-1DA5-A73FB740D962} = C:/WINDOWS/system32/ZBEVY.dll
O22 - SharedTaskScheduler: () - {B841C951-D952-841D-962E-3FB830C952EB} = C:/WINDOWS/system32/BEGJA.dll
O22 - SharedTaskScheduler: () - {2EB63FC8-30C8-EB73-0C94-962EA63FC851} = C:/WINDOWS/system32/ACFWZ.dll
O22 - SharedTaskScheduler: () - {52EA63FB-73FB-2EB6-30C8-D951DA63FC85} = C:/WINDOWS/system32/BEGYA.dll
O22 - SharedTaskScheduler: () - {B840C851-C952-840D-952E-2FB830C952EB} = C:/WINDOWS/system32/FIKME.dll
O22 - SharedTaskScheduler: () - {3FC840C9-40D9-FC84-1D96-A63FB740D962} = C:/WINDOWS/system32/RTWYQ.dll
O22 - SharedTaskScheduler: () - {0C941DA6-1EA6-C951-EA72-740C851EA63F} = C:/WINDOWS/system32/YADUX.dll
O22 - SharedTaskScheduler: () - {0C951DA6-1EA7-C952-EA73-740D851EA63F} = C:/WINDOWS/system32/MORTL.dll
O22 - SharedTaskScheduler: () - {40D951DA-51EA-0D95-2EA7-B740C851EA73} = C:/WINDOWS/system32/YADFX.dll
O22 - SharedTaskScheduler: () - {3FC740C9-40D8-FC84-1D95-A63EB740D962} = C:/WINDOWS/system32/PRULO.dll
O22 - SharedTaskScheduler: () - {30C941DA-51EA-0C95-1EA7-B740C841DA63} = C:/WINDOWS/system32/TWYBS.dll
O22 - SharedTaskScheduler: () - {0D961EA7-2EB7-D962-EB74-841D952EB740} = C:/WINDOWS/system32/WZBEV.dll
O22 - SharedTaskScheduler: () - {30C841DA-51E9-0C94-1EA6-B74FC841DA63} = C:/WINDOWS/system32/DGIAC.dll
O22 - SharedTaskScheduler: () - {841C952E-962E-41D9-62FA-FC840D962FB8} = C:/WINDOWS/system32/OQTKN.dll
O22 - SharedTaskScheduler: () - {1EA72FB8-3FC8-EA73-FC85-952EA63FC841} = C:/WINDOWS/system32/XACFW.dll
O22 - SharedTaskScheduler: () - {730B841D-851D-30C8-51E9-EB73FC851EA7} = C:/WINDOWS/system32/XZCTW.dll
O22 - SharedTaskScheduler: () - {952EA63F-A730-52EB-730C-0D961EA730C8} = C:/WINDOWS/system32/PRUWO.dll
O22 - SharedTaskScheduler: () - {41DA52EA-62EB-1DA6-2FB7-C841C952EB74} = C:/WINDOWS/system32/QTVYP.dll
O22 - SharedTaskScheduler: () - {62FA730C-740C-2FB7-40D8-DA62EB740D96} = C:/WINDOWS/system32/WYBSV.dll
O22 - SharedTaskScheduler: () - {B740C851-C952-740D-952E-2FB830C851EA} = C:/WINDOWS/system32/TVYAS.dll
O23 - 服务: BoBoTurbo (BoBoTurbo) - C:/WINDOWS/system32/boboturbo/boboturbo.exe | 2007-10-11 10:6:54 | BoBo P2P多媒体网络点播/广播/直播系统 加速器 | 1, 4, 0, 0 | BoBo P2P多媒体网络点播/广播/直播系统 加速器 | Copyright (C) 2005-2007 | 1, 4, 1011, 2 | 广州易播信息科技有限公司 | | BoBoTurbo | BoBoTurbo.EXE(自动)
===/
(未完待续)