Pe_xscan 08-08-01 by Purple endurer
2008-12-19 9:32:16
Windows XP Service Pack 2 (5.1.2600)
MSIE: 6.0.2900.2180
Administrator user group
Normal Mode
[System process] * 0
C:/Windows/system32/wd1_3.dll | 9:57:48
C:/Windows/system32/apvejpul. dll | 1:10:18
C:/Windows/system32/gzyqdzkz. dll | 9:57:42
C:/Windows/system32/svchost.exe * 1072 | MICROSOFT? Windows? Operating System | 5.1.2600.2180 | generic host process for Win32 services |? Microsoft Corporation. All Rights Reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation |? | Svchost.exe
C:/Windows/system32/alitao32.dll
C:/Windows/system32/wd1_3.dll | 9:57:48
O2-BHO-{5a041f13-a111-12a4-b0cf-f99818aa68a5} = C:/Windows/system32/artlbbdll. dll
O2-BHO-{5a041f13-a111-12b0-b0cf-f99818aa68a5} = C:/Windows/system32/armoyudll. dll | 1:10:19
O4-HKLM/../run: [hbservice32] system.exe
O4-HKLM/../run: [weiai] C:/Windows/system32/weiai.exe
O4-HKLM/../run: [startwd] rundll32.exec:/Windows/system32/wd1_3.dll, hook
O4-HKLM/../policies/Explorer/run: [dlnbjjbdfb] C:/Windows/system/llwzjy081217.exe
O4-HKLM/../policies/Explorer/run: [nwiz] alitao32.exe
O4-HKLM/../policies/Explorer/run: [dlncjjcdfc] C:/Windows/system/llwzjy081219.exe
C:/autorun. inf
/-----
[Autorun]
Opentracing weiai.exe
Shell/open = open (& O)
Shell/Open/commandingweiai.exe
Shell/Open/default = 1
Shell/volume E = Resource Manager (& X)
Shell/cmde/commandingweiai.exe
-----/
D:/autorun. inf
/-----
[Autorun]
Opentracing weiai.exe
Shell/open = open (& O)
Shell/Open/commandingweiai.exe
Shell/Open/default = 1
Shell/volume E = Resource Manager (& X)
Shell/cmde/commandingweiai.exe
-----/
O20-appinit_dlls = craoe. DLL, woodken. DLL, lenyuns. DLL, zesttns. DLL, meyotme. DLL, delnice. DLL, qanhllao. DLL, zongxim. DLL, kandawf. DLL, cenvta. DLL, xsisco. DLL, fliecods. DLL, kodens. DLL, rexljeh. DLL, cahtos. DLL, cenbezn. DLL, jonzyan. DLL, jolinen. DLL, xuntxn. DLL, hbwow. DLL, hbqqsg. DLL, hbqqxx. DLL
O21-ssodl-gzyqdzkz. dll (5)-{71a78cd4-e470-4a18-8457-e0e0283dd507} = C:/Windows/system32/apvejpul. dll | 1:10:18
O21-ssodl-apvejpul. dll (5)-{71a78cd4-e470-4a18-8457-e0e0283dd507} = C:/Windows/system32/apvejpul. dll | 1:10:18
O23-service: aliimz ()-system32/Drivers/aliimz. sys (manual)
O23-service: b770ca 2 (b770ca 2)-C:/Windows/system32/b770ca 2. sys | 9:57:36 (manual)
O23-service: hbkernel32 (hbkernel32 driver)-system32/Drivers/hbkernel32.sys (pilot)
O23-service: j9gqht (j9gqht)-system32/Drivers/j9gqht. sys (pilot)
O23-service: protector-system32/Drivers/protector. sys | 4:12:46 (system)
O23-service: protectora (protectora)-C:/Windows/system32/Drivers/protectora. sys | 4:12:46 (system)
O24-shlexechook: [4]-{BA7EDF54-8408-4B21-B351-7B447B344BA4} = ba7edf54. dll
O24-shlexechook: [5]-{5a041f13-a111-12b0-b0cf-f99818aa68a5} = C:/Windows/system32/armoyudll. dll | 1:10:19
O24-shlexechook: [7]-{71a78cd4-e470-4a18-8457-e0e0283dd507} = C:/Windows/system32/gzyqdzkz. dll | 9:57:42
O24-shlexechook: [5]-{5a041f13-a111-12a4-b0cf-f99818aa68a5} = C:/Windows/system32/artlbbdll. dll
O24-shlexechook: [5]-{5a041f13-a111-12a5-b0cf-f99818aa68a5} = C:/Windows/system32/archibidll. dll | 1:10:10
O26-ifeo: 360hotfix.exe-> ntsd-d
O26-ifeo: 360rpt.exe-> ntsd-d
O26-ifeo: 360safe.exe-> ntsd-d
O26-ifeo: 360safebox.exe-> ntsd-d
O26-ifeo: 360tray.exe-> ntsd-d
O26-ifeo: adam.exe-> ntsd-d
O26-ifeo: agentsvr.exe-> ntsd-d
O26-ifeo: antiarp.exe-> ntsd-d
O26-ifeo: Prepare vc32.exe-> ntsd-d
O26-ifeo: arvmon.exe-> ntsd-d
O26-ifeo: auto.exe-> C:/Windows/system32/svchost.exe
O26-ifeo: autoguarder.exe-> ntsd-d
O26-ifeo: autorun.exe-> C:/Windows/system32/svchost.exe
O26-ifeo: autoruns.exe-> ntsd-d
O26-ifeo: avgrssvc.exe-> ntsd-d
O26-ifeo: avmonitor.exe-> ntsd-d
O26-ifeo: avp.com-> ntsd-d
O26-ifeo: avp.exe-> ntsd-d
O26-ifeo: ccenter.exe-> ntsd-d
O26-ifeo: ccsvchst.exe-> ntsd-d
O26-ifeo: cross.exe-> C:/Windows/system32/svchost.exe
O26-ifeo: enc98.exe-> C:/Windows/system32/svchost.exe
O26-ifeo: filedsty.exe-> ntsd-d
O26-ifeo: findt2005.exe-> ntsd-d
O26-ifeo: ftcleanershell.exe-> ntsd-d
O26-ifeo: guangd.exe-> C:/Windows/system32/svchost.exe
O26-ifeo: hijackthis.exe-> ntsd-d
O26-ifeo: icesword.exe-> ntsd-d
O26-ifeo: iparmo.exe-> ntsd-d
O26-ifeo: iparmor.exe-> ntsd-d
O26-ifeo: ishelp.exe-> ntsd-d
O26-ifeo: ispwdsvc.exe-> ntsd-d
O26-ifeo: kabaload.exe-> ntsd-d
O26-ifeo: kascrscn. scr-> ntsd-d
O26-ifeo: kasmain.exe-> ntsd-d
O26-ifeo: kastask.exe-> ntsd-d
O26-ifeo: kav32.exe-> ntsd-d
O26-ifeo: kavdx.exe-> ntsd-d
O26-ifeo: kavpfw.exe-> ntsd-d
O26-ifeo: kavsetup.exe-> ntsd-d
O26-ifeo: kavstart.exe-> ntsd-d
O26-ifeo: killhidepid.exe-> ntsd-d
O26-ifeo: kislnchr.exe-> ntsd-d
O26-ifeo: kmailmon.exe-> ntsd-d
O26-ifeo: kmfilter.exe-> ntsd-d
O26-ifeo: kpfw32.exe-> ntsd-d
O26-ifeo: kpfw32x.exe-> ntsd-d
O26-ifeo: kpfwsvc.exe-> ntsd-d
O26-ifeo: kregex.exe-> ntsd-d
O26-ifeo: krepair. com-> ntsd-d
O26-ifeo: ksloader.exe-> ntsd-d
O26-ifeo: kvcenter. KXP-> ntsd-d
O26-ifeo: kvdetect.exe-> ntsd-d
O26-ifeo: kvfw.exe-> ntsd-d
O26-ifeo: kvfwmcl.exe-> ntsd-d
O26-ifeo: kvmonxp. KXP-> ntsd-d
O26-ifeo: kvmonxp_1.kxp-> ntsd-d
O26-ifeo: kvol.exe-> ntsd-d
O26-ifeo: kvolself.exe-> ntsd-d
O26-ifeo: kvreport. KXP-> ntsd-d
O26-ifeo: kvscan. KXP-> ntsd-d
O26-ifeo: kvsrvxp.exe-> ntsd-d
O26-ifeo: kvstub. KXP-> ntsd-d
O26-ifeo: kvupload.exe-> ntsd-d
O26-ifeo: kvwsc.exe-> ntsd-d
O26-ifeo: kvxp. KXP-> ntsd-d
O26-ifeo: kvxp_1.kxp-> ntsd-d
O26-ifeo: kwatch.exe-> ntsd-d
O26-ifeo: kwatch9x.exe-> ntsd-d
O26-ifeo: kwatchx.exe-> ntsd-d
O26-ifeo: loaddll.exe-> ntsd-d
O26-ifeo: magicset.exe-> ntsd-d
O26-ifeo: mcconsol.exe-> ntsd-d
O26-ifeo: mmqczj.exe-> ntsd-d
O26-ifeo: mmsk.exe-> ntsd-d
O26-ifeo: navsetup.exe-> ntsd-d
O26-ifeo: nod32krn.exe-> ntsd-d
O26-ifeo: nod32kui.exe-> ntsd-d
O26-ifeo: pfw.exe-> ntsd-d
O26-ifeo: pfwliveupdate.exe-> ntsd-d
O26-ifeo: qhset.exe-> ntsd-d
O26-ifeo: qqdoctor.exe-> ntsd-d
O26-ifeo: ras.exe-> ntsd-d
O26-ifeo: rav.exe-> ntsd-d
O26-ifeo: ravcopy.exe-> ntsd-d
O26-ifeo: ravmon.exe-> ntsd-d
O26-ifeo: ravmond.exe-> ntsd-d
O26-ifeo: ravstore.exe-> ntsd-d
O26-ifeo: ravstub.exe-> ntsd-d
O26-ifeo: ravt08.exe-> ntsd-d
O26-ifeo: ravtask.exe-> ntsd-d
O26-ifeo: regclean.exe-> ntsd-d
O26-ifeo: rfw.exe .exe-> ntsd-d
O26-ifeo: rfwmain.exe-> ntsd-d
O26-ifeo: rfwolusr.exe-> ntsd-d
O26-ifeo: rfwproxy.exe-> ntsd-d
O26-ifeo: rfwsrv.exe-> ntsd-d
O26-ifeo: rsagent.exe-> ntsd-d
O26-ifeo: rsaupd.exe-> ntsd-d
O26-ifeo: rstray.exe-> ntsd-d
O26-ifeo: runiep.exe-> ntsd-d
O26-ifeo: safebank.exe-> ntsd-d
O26-ifeo: safeboxtray.exe-> ntsd-d
O26-ifeo: safelive.exe-> ntsd-d
O26-ifeo: scan32.exe-> ntsd-d
O26-ifeo: sdgames.exe-> C:/Windows/system32/svchost.exe
O26-ifeo: shda-32.exe-> ntsd-d
O26-ifeo: shuiniu.exe-> C:/Windows/system32/svchost.exe
O26-ifeo: smartassistant.exe-> ntsd-d
O26-ifeo: smartup.exe-> ntsd-d
O26-ifeo: sos.exe-> C:/Windows/system32/svchost.exe
O26-ifeo: sreng.exe-> ntsd-d
O26-ifeo: srengps.exe-> ntsd-d
O26-ifeo: svch0st.exe-> C:/Windows/system32/svchost.exe
O26-ifeo: symlcsvc.exe-> ntsd-d
O26-ifeo: syscheck.exe-> ntsd-d
O26-ifeo: syscheck2.exe-> ntsd-d
O26-ifeo: syssafe.exe-> ntsd-d
O26-ifeo: systom.exe-> C:/Windows/system32/svchost.exe
O26-ifeo: taskmgr.exe-> C:/Windows/system32/svchost.exe
O26-ifeo: TNT. exe-> C:/Windows/system32/svchost.exe
O26-ifeo: toolsup.exe-> ntsd-d
O26-ifeo: trojandetector.exe-> ntsd-d
O26-ifeo: trojanwall.exe-> ntsd-d
O26-ifeo: trojdie. KXP-> ntsd-d
O26-ifeo: txomou. exe-> C:/Windows/system32/svchost.exe
O26-ifeo: ua80.exe-> C:/Windows/system32/svchost.exe
O26-ifeo: ufo.exe-> C:/Windows/system32/svchost.exe
O26-ifeo: uihost.exe-> ntsd-d
O26-ifeo: umxagent.exe-> ntsd-d
O26-ifeo: umxattachment.exe-> ntsd-d
O26-ifeo: umxw..exe-> ntsd-d
O26-ifeo: umxfwhlp.exe-> ntsd-d
O26-ifeo: umxpol.exe-> ntsd-d
O26-ifeo: uplive.exe-> ntsd-d
O26-ifeo: wopticlean.exe-> ntsd-d
O26-ifeo: xp.exe-> C:/Windows/system32/svchost.exe
O26-ifeo: zxsweep.exe-> ntsd-d
O26-ifeo: Repair Tool .exe-> ntsd-d
The HKLM/showall value is not 1.