HEUR:Trojan.Win32.Generic (Kaspersky), Generic.Malware.SP!CPkg.D36B1CA8 (B) (Emsisoft), Generic.Malware.SP!CPkg.D36B1CA8 (AdAware), Trojan.Win32.Hideproc.FD, GenericAutorunWorm.YR (Lavasoft MAS)Behaviour: Trojan, Worm, WormAutorun, Malware
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: cc96fb3b88b1ca9542d3d4693dc003bb
SHA1: 1e9340a3c8cc62b0cd4194ba2610fe461f51c63b
SHA256: 19d9ea1c8621144593abc7d04bc44ce5e86504849ead5e83ae333cb28fa6bab4
SSDeep: 1536:eQeKcnrJXSWLv5z2 KWa44yP8GvpdXneQBgU:eQHcnrJXSUBz2 KWaCP8ineHU
Size: 84280 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: PackerUPXCompresorGratuitowwwupxsourceforgenet, UPolyXv05_v6
Company: no certificate found
Created at: 1992-06-20 01:22:17
Analyzed on: WindowsXPESX SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
| Behaviour | Description |
|---|---|
| WormAutorun | A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Generic's file once a user opens a drive's folder in Windows Explorer. |
Process activity
The Generic creates the following process(es):
mscorsvw.exe:1912
%original file name%.exe:1612
The Generic injects its code into the following process(es):
explorer.exe:1044
Explorer.EXE:840
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:1612 makes changes in the file system.
The Generic creates and/or writes to the following file(s):
%System%\moytxkmtdn\smss.exe (601 bytes)
%System%\kufybnxndp\explorer.exe (601 bytes)
Registry activity
The process mscorsvw.exe:1912 makes changes in the system registry.
The Generic creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\State]
"AccumulatedWaitIdleTime" = "2340000"
The process %original file name%.exe:1612 makes changes in the system registry.
The Generic creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "42 75 73 61 DE C5 A2 ED 9F 1E 6D 87 4D 4C 80 04"
Dropped PE files
| MD5 | File path |
|---|---|
| 3be6ce93a4f2dc6554877d337aca7c81 | c:\Program Files\Common Files\BOSC.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Generic's file once a user opens a drive's folder in Windows Explorer.
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
mscorsvw.exe:1912
%original file name%.exe:1612 - Delete the original Generic file.
- Delete or disinfect the following files created/modified by the Generic:
%System%\moytxkmtdn\smss.exe (601 bytes)
%System%\kufybnxndp\explorer.exe (601 bytes) - Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| UPX0 | 4096 | 278528 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
| UPX1 | 282624 | 53248 | 52736 | 5.4542 | 48d1c9e5b0f4e80a2201fac556b127bd |
| .rsrc | 335872 | 24576 | 24576 | 2.71573 | 427dc1ef0392bcf053459077e17d9dff |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 1
3a3f5dc72f51256ec896493593066dc8
Network Activity
URLs
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
Map
The Generic connects to the servers at the folowing location(s):
Strings from Dumps
explorer.exe_1044:
`.rsrc
`.rsrc
kernel32.dll
kernel32.dll
ntdll.dll
ntdll.dll
PSAPI.dll
PSAPI.dll
safeboxTray.exe
safeboxTray.exe
360Safe.exe
360Safe.exe
360safebox.exe
360safebox.exe
360tray.exe
360tray.exe
ravcopy.exe
ravcopy.exe
AvastU3.exe
AvastU3.exe
ScanU3.exe
ScanU3.exe
AvU3Launcher.exe
AvU3Launcher.exe
QQPCMgr.exe
QQPCMgr.exe
runiep.exe
runiep.exe
rfwmain.exe
rfwmain.exe
rfwsrv.exe
rfwsrv.exe
KAVPF.exe
KAVPF.exe
KPFW32.exe
KPFW32.exe
nod32kui.exe
nod32kui.exe
nod32.exe
nod32.exe
Navapsvc.exe
Navapsvc.exe
SelfUpdate.exe
SelfUpdate.exe
QQPCRTP.exe
QQPCRTP.exe
Navapw32.exe
Navapw32.exe
avconsol.exe
avconsol.exe
webscanx.exe
webscanx.exe
NPFMntor.exe
NPFMntor.exe
vsstat.exe
vsstat.exe
zjb.exe
zjb.exe
KPfwSvc.exe
KPfwSvc.exe
QQDoctorMain.exe
QQDoctorMain.exe
RavTask.exe
RavTask.exe
atpup.exe
atpup.exe
mmsk.exe
mmsk.exe
WoptiClean.exe
WoptiClean.exe
QQKav.exe
QQKav.exe
EGHOST.exe
EGHOST.exe
QQDoctor.exe
QQDoctor.exe
RegClean.exe
RegClean.exe
FYFireWall.exe
FYFireWall.exe
iparmo.exe
iparmo.exe
adam.exe
adam.exe
KWSMain.exe
KWSMain.exe
IceSword.exe
IceSword.exe
360rpt.exe
360rpt.exe
AgentSvr.exe
AgentSvr.exe
AppSvc32.exe
AppSvc32.exe
autoruns.exe
autoruns.exe
avgrssvc.exe
avgrssvc.exe
DSMain.exe
DSMain.exe
360sd.exe
360sd.exe
kwstray.exe
kwstray.exe
knsd.exe
knsd.exe
AvMonitor.exe
AvMonitor.exe
CCenter.exe
CCenter.exe
ccSvcHst.exe
ccSvcHst.exe
FileDsty.exe
FileDsty.exe
FTCleanerShell.exe
FTCleanerShell.exe
HijackThis.exe
HijackThis.exe
Iparmor.exe
Iparmor.exe
isPwdSvc.exe
isPwdSvc.exe
KSWebShield.exe
KSWebShield.exe
kabaload.exe
kabaload.exe
KaScrScn.SCR
KaScrScn.SCR
KASMain.exe
KASMain.exe
KASTask.exe
KASTask.exe
AntiU.exe
AntiU.exe
KAV32.exe
KAV32.exe
KAVDX.exe
KAVDX.exe
KAVPFW.exe
KAVPFW.exe
KAVSetup.exe
KAVSetup.exe
ArSwp2.exe
ArSwp2.exe
KISLnchr.exe
KISLnchr.exe
KMailMon.exe
KMailMon.exe
KMFilter.exe
KMFilter.exe
KPFW32X.exe
KPFW32X.exe
KPFWSvc.exe
KPFWSvc.exe
KRegEx.exe
KRegEx.exe
KsLoader.exe
KsLoader.exe
KVCenter.kxp
KVCenter.kxp
ArSwp3.exe
ArSwp3.exe
KvDetect.exe
KvDetect.exe
KvfwMcl.exe
KvfwMcl.exe
KVMonXP.kxp
KVMonXP.kxp
KVMonXP_1.kxp
KVMonXP_1.kxp
kvol.exe
kvol.exe
kvolself.exe
kvolself.exe
KVScan.kxp
KVScan.kxp
KVSrvXP.exe
KVSrvXP.exe
KVStub.kxp
KVStub.kxp
kvupload.exe
kvupload.exe
kvwsc.exe
kvwsc.exe
KvXP.kxp
KvXP.kxp
KvXP_1.kxp
KvXP_1.kxp
KWatch.exe
KWatch.exe
KWatch9x.exe
KWatch9x.exe
KWatchX.exe
KWatchX.exe
loaddll.exe
loaddll.exe
MagicSet.exe
MagicSet.exe
PFW.exe
PFW.exe
mcconsol.exe
mcconsol.exe
QQPCTray.exe
QQPCTray.exe
nod32krn.exe
nod32krn.exe
PFWLiveUpdate.exe
PFWLiveUpdate.exe
QHSET.exe
QHSET.exe
RavStub.exe
RavStub.exe
Ras.exe
Ras.exe
rfwcfg.exe
rfwcfg.exe
RfwMain.exe
RfwMain.exe
RsAgent.exe
RsAgent.exe
Rsaupd.exe
Rsaupd.exe
safelive.exe
safelive.exe
knsdave.exe
knsdave.exe
irsetup.exe
irsetup.exe
scan32.exe
scan32.exe
shcfg32.exe
shcfg32.exe
SmartUp.exe
SmartUp.exe
SREng.EXE
SREng.EXE
symlcsvc.exe
symlcsvc.exe
SysSafe.exe
SysSafe.exe
TrojanDetector.exe
TrojanDetector.exe
Trojanwall.exe
Trojanwall.exe
KWSUpd.exe
KWSUpd.exe
UIHost.exe
UIHost.exe
UmxAgent.exe
UmxAgent.exe
UmxAttachment.exe
UmxAttachment.exe
360sdrun.exe
360sdrun.exe
UmxCfg.exe
UmxCfg.exe
UmxFwHlp.exe
UmxFwHlp.exe
UmxPol.exe
UmxPol.exe
UpLive.exe
UpLive.exe
upiea.exe
upiea.exe
AST.exe
AST.exe
ArSwp.exe
ArSwp.exe
USBCleaner.exe
USBCleaner.exe
rstrui.exe
rstrui.exe
KvReport.kxp
KvReport.kxp
QQSC.exe
QQSC.exe
ghost.exe
ghost.exe
KRepair.com
KRepair.com
SREngPS.EXE
SREngPS.EXE
XDelBox.exe
XDelBox.exe
kpfw32.exe
kpfw32.exe
kavstart.exe
kavstart.exe
knsdtray.exe
knsdtray.exe
kpfwsvc.exe
kpfwsvc.exe
kmailmon.exe
kmailmon.exe
kissvc.exe
kissvc.exe
appdllman.exe
appdllman.exe
~.exe
~.exe
sos.exe
sos.exe
UFO.exe
UFO.exe
TNT.Exe
TNT.Exe
niu.exe
niu.exe
XP.exe
XP.exe
Wsyscheck.exe
Wsyscheck.exe
TxoMoU.Exe
TxoMoU.Exe
AoYun.exe
AoYun.exe
auto.exe
auto.exe
AutoRun.exe
AutoRun.exe
av.exe
av.exe
zxsweep.exe
zxsweep.exe
cross.exe
cross.exe
Discovery.exe
Discovery.exe
guangd.exe
guangd.exe
kernelwind32.exe
kernelwind32.exe
logogo.exe
logogo.exe
kwatch.exe
kwatch.exe
QQDoctorRtp.exe
QQDoctorRtp.exe
NAVSetup.exe
NAVSetup.exe
pagefile.exe
pagefile.exe
pagefile.pif
pagefile.pif
rfwProxy.exe
rfwProxy.exe
SDGames.exe
SDGames.exe
servet.exe
servet.exe
KAVStart.exe
KAVStart.exe
mmqczj.exe
mmqczj.exe
TrojDie.kxp
TrojDie.kxp
RavMonD.exe
RavMonD.exe
Rav.exe
Rav.exe
RavMon.exe
RavMon.exe
RsTray.exe
RsTray.exe
ScanFrm.exe
ScanFrm.exe
rsnetsvr.exe
rsnetsvr.exe
arswp2.exe
arswp2.exe
arswp3.exe
arswp3.exe
zhudongfangyu.exe
zhudongfangyu.exe
799d.exe
799d.exe
stormii.exe
stormii.exe
tmp.exe
tmp.exe
jisu.exe
jisu.exe
filmst.exe
filmst.exe
qheart.exe
qheart.exe
qsetup.exe
qsetup.exe
sxgame.exe
sxgame.exe
wbapp.exe
wbapp.exe
pfserver.exe
pfserver.exe
QQPCSmashFile.exe
QQPCSmashFile.exe
avp.com
avp.com
avp.exe
avp.exe
iq123.com
iq123.com
yijidh.com
yijidh.com
250dh.cn
250dh.cn
223.la
223.la
kuku123.com
kuku123.com
930930.com
930930.com
9123.com
9123.com
hao123e.com
hao123e.com
020.com
020.com
youxi777.com
youxi777.com
1616.net
1616.net
1188.com
1188.com
urldh.com
urldh.com
daohang.la
daohang.la
pp55.com
pp55.com
9605.com
9605.com
05505.cn
05505.cn
7055.net
7055.net
0056.com
0056.com
6655.com
6655.com
1166.com
1166.com
5kip.com
5kip.com
114xia.com
114xia.com
265dh.com
265dh.com
3567.com
3567.com
6565.cn
6565.cn
666t.com
666t.com
9223.com
9223.com
dduu.com
dduu.com
hao123.cn
hao123.cn
5snow.com
5snow.com
2523.com
2523.com
5599.net
5599.net
tt98.com
tt98.com
zhaodao123.com
zhaodao123.com
kuhao123.com
kuhao123.com
5151la.net
5151la.net
6h.com.cn
6h.com.cn
zeibi.com
zeibi.com
6e8e.com
6e8e.com
th123.com
th123.com
9991.com
9991.com
hao123ol.com
hao123ol.com
wu123.com
wu123.com
t220.cn
t220.cn
ttver.net
ttver.net
188HI.com
188HI.com
go2000.com
go2000.com
5igb.com
5igb.com
bb2000.net
bb2000.net
9wa.com
9wa.com
qq5.com
qq5.com
365j.com
365j.com
7345.com
7345.com
2760.com
2760.com
361la.com
361la.com
haojs.com
haojs.com
5zd.com
5zd.com
i8866.com
i8866.com
100wz.com
100wz.com
114hi.com
114hi.com
234.la
234.la
657.com
657.com
339.la
339.la
365wz.net
365wz.net
7792.com
7792.com
9495.com
9495.com
dazuimao.com
dazuimao.com
71314.com
71314.com
265.com
265.com
gouwo.com
gouwo.com
huai456.com
huai456.com
ku256.com
ku256.com
my180.com
my180.com
2522.cn
2522.cn
405.cn
405.cn
44244.com
44244.com
111dh.com
111dh.com
115ku.com
115ku.com
13387.com
13387.com
163yes.com
163yes.com
256s.com
256s.com
2676.com
2676.com
3355.net
3355.net
365lo.com
365lo.com
4168.com
4168.com
4545.cn
4545.cn
4688.com
4688.com
566.net
566.net
5666.net
5666.net
5733.com
5733.com
6461.cn
6461.cn
7356.com
7356.com
800186.com
800186.com
85851.com
85851.com
asp51.com
asp51.com
361dh.com
361dh.com
5566.net
5566.net
yulinweb.com
yulinweb.com
6296.com.cn
6296.com.cn
mianfeia.com
mianfeia.com
ai1234.com
ai1234.com
k369.com
k369.com
msncn.com
msncn.com
ss256.com
ss256.com
min513.com
min513.com
88-888.com
88-888.com
lggg.cn
lggg.cn
7771.cn
7771.cn
leeboo.com
leeboo.com
jjol.cn
jjol.cn
5566.com
5566.com
9166.net
9166.net
hao253.com
hao253.com
7b.com.cn
7b.com.cn
haoei.com
haoei.com
77114.com
77114.com
21310.cn
21310.cn
weiduomei.net
weiduomei.net
kk3000.cn
kk3000.cn
7241.cn
7241.cn
44384.com
44384.com
daohang1234.com
daohang1234.com
131.cc
131.cc
223224.com
223224.com
537.com
537.com
9348.cn
9348.cn
bju123.cn
bju123.cn
i4455.com
i4455.com
jia123.com
jia123.com
0666.com.cn
0666.com.cn
553.la
553.la
5566.org
5566.org
37021.com
37021.com
88488.com
88488.com
99986.net
99986.net
37021.net
37021.net
k986.com
k986.com
cc62.com
cc62.com
5518.cn
5518.cn
55620.com
55620.com
52416.com
52416.com
7357.cn
7357.cn
8c8c.net
8c8c.net
9999q.com
9999q.com
123shi123.com
123shi123.com
yl234.cn
yl234.cn
3322.com
3322.com
hao222.com
hao222.com
6313.com
6313.com
f127.com
f127.com
5599cn.cn
5599cn.cn
99499.com
99499.com
2548.cn
2548.cn
133.net
133.net
ie30.com
ie30.com
8751.com
8751.com
haidaowan.net
haidaowan.net
160dh.com
160dh.com
114115.com
114115.com
1322.cn
1322.cn
hh361.com
hh361.com
2800.cc
2800.cc
52daohang.com
52daohang.com
186.me
186.me
diyidh.com
diyidh.com
zaodezhu.com
zaodezhu.com
7832.com
7832.com
3073.com
3073.com
2058.cc
2058.cc
3456.cc
3456.cc
7771.com
7771.com
q6789.com
q6789.com
7k.cc
7k.cc
dianzi88.com
dianzi88.com
7802.com
7802.com
xinbut.com
xinbut.com
59688.com
59688.com
gjj.cc
gjj.cc
youla.com
youla.com
ok1616.com
ok1616.com
i2345.cn
i2345.cn
gg8000.com
gg8000.com
daohang12345.cn
daohang12345.cn
inina.cn
inina.cn
dowei.com
dowei.com
1515.net
1515.net
41119.cn
41119.cn
21230.cn
21230.cn
97youku.com
97youku.com
fast35.net
fast35.net
m32.cn
m32.cn
tom155.cn
tom155.cn
668yo.com
668yo.com
online.cq.cn
online.cq.cn
shagua.cn
shagua.cn
007247.cn
007247.cn
603467.cn
603467.cn
197326.cn
197326.cn
wwwoj.cn
wwwoj.cn
xp22.cn
xp22.cn
84022.cn
84022.cn
520593.cn
520593.cn
448789.cn
448789.cn
141321.cn
141321.cn
36gggg.cn
36gggg.cn
427842.cn
427842.cn
niubihao123.cn
niubihao123.cn
ovooo.cn
ovooo.cn
rtys520.net
rtys520.net
rtxzw.com
rtxzw.com
uurenti.cc
uurenti.cc
bo.dy288.com
bo.dy288.com
renti11.com
renti11.com
123.cd
123.cd
336655.com
336655.com
9978.net
9978.net
520.com
520.com
6l.cn
6l.cn
420.cn
420.cn
v989.com
v989.com
16551.com
16551.com
2tvv.com
2tvv.com
m4455.com
m4455.com
mylovewebs.com
mylovewebs.com
5987.net
5987.net
7999.com
7999.com
caipopo.com
caipopo.com
wndhw.com
wndhw.com
henku123.com
henku123.com
qu123.com
qu123.com
94176.com
94176.com
u526.com
u526.com
haokan123.com
haokan123.com
uusee.net
uusee.net
9733.com
9733.com
qnrwz.com
qnrwz.com
999w.com
999w.com
h935.com
h935.com
33250.com
33250.com
tz911.net
tz911.net
639e.com
639e.com
920xx.cn
920xx.cn
13393.com
13393.com
tncdh.com
tncdh.com
sou185.com
sou185.com
3566.cc
3566.cc
580so.com
580so.com
2001.cc
2001.cc
hnhao123.com
hnhao123.com
zz5.net.cn
zz5.net.cn
abc123.name
abc123.name
ekan123.com
ekan123.com
1266.cc
1266.cc
hao123.cc
hao123.cc
126.cc
126.cc
ie1788.com
ie1788.com
58daohang.com
58daohang.com
6dh.com
6dh.com
991.cn
991.cn
114la.me
114la.me
1133.cc
1133.cc
ads8.com
ads8.com
haoz.com
haoz.com
jsing.net
jsing.net
123.sogou.com
123.sogou.com
3321.com
3321.com
1155.cc
1155.cc
hao123.com
hao123.com
hao123.net
hao123.net
6700.cn
6700.cn
168.com
168.com
uu881.com
uu881.com
6264.cn
6264.cn
606600.com
606600.com
2345.com
2345.com
5607.cn
5607.cn
1111116.com
1111116.com
v7799.com
v7799.com
ie7.com.cn
ie7.com.cn
365t.cc
365t.cc
89679.com
89679.com
35029.com
35029.com
8d9a.cn
8d9a.cn
400zm.com
400zm.com
58816.com
58816.com
727dh.cn
727dh.cn
hao123w.com
hao123w.com
114td.com
114td.com
28101.cn
28101.cn
03336.cn
03336.cn
79001.cn
79001.cn
133132.com
133132.com
3434.com.cn
3434.com.cn
828dh.cn
828dh.cn
64500.cn
64500.cn
22q.cc
22q.cc
jj77.com
jj77.com
vvyy.net
vvyy.net
ie567.com
ie567.com
5d5e.com
5d5e.com
212dh.cn
212dh.cn
911g.cn
911g.cn
1616.la
1616.la
tomatolei.com
tomatolei.com
96nn.com
96nn.com
5543.com
5543.com
2288.org
2288.org
3322.org
3322.org
9966.org
9966.org
8800.org
8800.org
8866.org
8866.org
7766.org
7766.org
22409.com
22409.com
se-se.info
se-se.info
26043.com
26043.com
34414.com
34414.com
gaoav1.info
gaoav1.info
0558114.com
0558114.com
3333dh.cn
3333dh.cn
zjialin.com
zjialin.com
22dao.com
22dao.com
soupay.com
soupay.com
langlangdoor.com
langlangdoor.com
99cu.com
99cu.com
5555dh.cn
5555dh.cn
wang123.net
wang123.net
haaoo123.com
haaoo123.com
3645.com
3645.com
hao123q.com
hao123q.com
tvsooo.com
tvsooo.com
gaituba.com
gaituba.com
45566.net
45566.net
2298.cn
2298.cn
iexx.com
iexx.com
dh115.com
dh115.com
97sp.cn
97sp.cn
39r.cn
39r.cn
f8f8.cn
f8f8.cn
391kk.cn
391kk.cn
266.cc
266.cc
jysoso.net
jysoso.net
wg510.cn
wg510.cn
114d.org
114d.org
ie3721.com
ie3721.com
2142.cn
2142.cn
go2000.cc
go2000.cc
go2000.cn
go2000.cn
99521.com
99521.com
yeooo.com
yeooo.com
haha123.com
haha123.com
hao.360.cn
hao.360.cn
07707.cn
07707.cn
yy2000.net
yy2000.net
1111118.com
1111118.com
26281.com
26281.com
960dh.cn
960dh.cn
300.cc
300.cc
163333333.com.cn
163333333.com.cn
kz300.cn
kz300.cn
i3525.cn
i3525.cn
67881.net
67881.net
t2t2.net
t2t2.net
mm4000.cn
mm4000.cn
669dh.cn
669dh.cn
k58n.com
k58n.com
haoha123.com
haoha123.com
ab99.com
ab99.com
i2255.com
i2255.com
054.cc
054.cc
fffggqq.cn
fffggqq.cn
k2345.net
k2345.net
vv33.com
vv33.com
tuku6.com
tuku6.com
mmpp654.com
mmpp654.com
228dh.cn
228dh.cn
seibb.com
seibb.com
14164.com
14164.com
552dh.cn
552dh.cn
hao969.com
hao969.com
lalamao.com
lalamao.com
21225.cn
21225.cn
5k5.net
5k5.net
65630.cn
65630.cn
at46.cn
at46.cn
98928.cn
98928.cn
ads.eorezo.com
ads.eorezo.com
661dh.cn
661dh.cn
6320.com
6320.com
henbianjie.com
henbianjie.com
xiushe.com
xiushe.com
5mqxmq.com
5mqxmq.com
989228.com
989228.com
i8844.cn
i8844.cn
g1476.cn
g1476.cn
4j4j.cn
4j4j.cn
1777zzw5.com
1777zzw5.com
989228.cn
989228.cn
henbucuo.com
henbucuo.com
886dh.cn
886dh.cn
2255.net
2255.net
160yes.com
160yes.com
u8s.cn
u8s.cn
16711.com
16711.com
626dh.cn
626dh.cn
rfwow.cn
rfwow.cn
baiyici.cn
baiyici.cn
lalamao.cn
lalamao.cn
136s.com
136s.com
huhuyy.cn
huhuyy.cn
8diq.com
8diq.com
d2fs.cn
d2fs.cn
0229.com
0229.com
yy4000.com
yy4000.com
9934.cn
9934.cn
3883.net
3883.net
151dh.com
151dh.com
26dh.cn
26dh.cn
kkwwxx.com
kkwwxx.com
t67.net
t67.net
29dao.cn
29dao.cn
58ju.com
58ju.com
dnc8.net
dnc8.net
yl177.com.cn
yl177.com.cn
xj.cn
xj.cn
950990.cn
950990.cn
114.com.cn
114.com.cn
xxxip.cn
xxxip.cn
3628.com
3628.com
265.cc
265.cc
26.la
26.la
5654.com
5654.com
zg115.com
zg115.com
969dh.cn
969dh.cn
111555.com.cn
111555.com.cn
pic.jinti.com
pic.jinti.com
kk8000.com
kk8000.com
wokaokao.cn
wokaokao.cn
duoxxppmmkoo.com
duoxxppmmkoo.com
kanlink.cn
kanlink.cn
91youa.com
91youa.com
shinia.cn
shinia.cn
pp9pp9.cn
pp9pp9.cn
ma80.com
ma80.com
556dh.cn
556dh.cn
bu4.cn
bu4.cn
8555.com
8555.com
e23.la
e23.la
flash678.cn
flash678.cn
yy4000.cn
yy4000.cn
wo333.com
wo333.com
mv700.com
mv700.com
xcwhgx.cn
xcwhgx.cn
3s11.cn
3s11.cn
sp16888.com
sp16888.com
k7k7.com
k7k7.com
zzw5.com
zzw5.com
okdianying.com
okdianying.com
789bb.com
789bb.com
antuoo.com
antuoo.com
so06.com
so06.com
665532.cn
665532.cn
7f7f.com
7f7f.com
k261.com
k261.com
fanbaidu.org.cn
fanbaidu.org.cn
iu888.cn
iu888.cn
977k.com
977k.com
93w.com
93w.com
68566.com.cn
68566.com.cn
zhidao163.cn
zhidao163.cn
it958.cn
it958.cn
lx8000.cn
lx8000.cn
sc.cn
sc.cn
ucuc.cc
ucuc.cc
kkdowns.com
kkdowns.com
189189.com
189189.com
0002.com
0002.com
4737.cn
4737.cn
226dh.cn
226dh.cn
bb115.cn
bb115.cn
06000.cn
06000.cn
u87.cn
u87.cn
sohao123.com
sohao123.com
k887.com
k887.com
hao602.com
hao602.com
t7t7.net
t7t7.net
ku4000.cn
ku4000.cn
v6677.cn
v6677.cn
hong666.com
hong666.com
4000a.com
4000a.com
kk4000.cn
kk4000.cn
7767.com
7767.com
11227.cn
11227.cn
u9u9.net
u9u9.net
28113.cn
28113.cn
rr55.com
rr55.com
a4000.cn
a4000.cn
yunfujkw.cn
yunfujkw.cn
886.com
886.com
2800.cer.cn
2800.cer.cn
zyyu.com
zyyu.com
49la.com
49la.com
hi3000.cn
hi3000.cn
sogouliulanqi.com
sogouliulanqi.com
888ge.com
888ge.com
00333.cn
00333.cn
29wz.com
29wz.com
soso126.com
soso126.com
180wan.com
180wan.com
kan888.com
kan888.com
4929.cn
4929.cn
v2233.com
v2233.com
m345.cn
m345.cn
tt265.net
tt265.net
18ttt.com
18ttt.com
153.cc
153.cc
00664.cn
00664.cn
gugogo.com
gugogo.com
kk4000.com
kk4000.com
185b.com
185b.com
uuent.com
uuent.com
6666dh.cn
6666dh.cn
25dao.com
25dao.com
shangla.com
shangla.com
77177.cn
77177.cn
haoq123.com
haoq123.com
baiduo.org
baiduo.org
lejiu.net
lejiu.net
dianxin.cn
dianxin.cn
u7758.com
u7758.com
dao234.com
dao234.com
85692.com
85692.com
xiaosb.com
xiaosb.com
soso313.cn
soso313.cn
939dh.com
939dh.com
85952.com
85952.com
31346.com
31346.com
71528.com
71528.com
788dh.com
788dh.com
91695.com
91695.com
5566x.com
5566x.com
131u.com
131u.com
1149.cn
1149.cn
9281.net
9281.net
my115.net
my115.net
4119.cn
4119.cn
9m1.net
9m1.net
dh818.com
dh818.com
iehwz.com
iehwz.com
wa200.com
wa200.com
hao234.cc
hao234.cc
6781.com
6781.com
652dh.com
652dh.com
16811.com
16811.com
zhongshu.net
zhongshu.net
992k.com
992k.com
71628.com
71628.com
6701.com
6701.com
diyou.net
diyou.net
iehao123.com
iehao123.com
laidao123.com
laidao123.com
yinfen.net
yinfen.net
wz4321.com
wz4321.com
shangqu.info
shangqu.info
5121.net
5121.net
668g.com
668g.com
51150.com
51150.com
53ff.com
53ff.com
dada123.com
dada123.com
you2000.com
you2000.com
884599.cn
884599.cn
kuaijiong.com
kuaijiong.com
398.cn
398.cn
32387.com
32387.com
82vv.com
82vv.com
09tao.com
09tao.com
977dh.com
977dh.com
598.net
598.net
211dh.com
211dh.com
9365.info
9365.info
wblive.com
wblive.com
e722.com
e722.com
v232.com
v232.com
7400.net
7400.net
62106.com
62106.com
ll4xi.com
ll4xi.com
3932.com
3932.com
puZeng.com
puZeng.com
97199.com
97199.com
447.cc
447.cc
0749.com
0749.com
6656.net
6656.net
niebai.com
niebai.com
447.com
447.com
uuchina.net
uuchina.net
hao123cn.info
hao123cn.info
dao666.com
dao666.com
9813.org
9813.org
91kk.com
91kk.com
freedh.info
freedh.info
yidaba.com
yidaba.com
161111111.com
161111111.com
009dh.com
009dh.com
qsxx.cn
qsxx.cn
geyuan.net
geyuan.net
8t8.net
8t8.net
xorg.pl
xorg.pl
bij.pl
bij.pl
qqnz.com
qqnz.com
srpkw.com
srpkw.com
gggdu.com
gggdu.com
baiduo.com
baiduo.com
wys99.com
wys99.com
leilei.cc
leilei.cc
3633.net
3633.net
fjta.com
fjta.com
so11.cn
so11.cn
522dh.com
522dh.com
9249.com
9249.com
3110.cn
3110.cn
300cc.com
300cc.com
7669.cn
7669.cn
5c6.com
5c6.com
7993.cn
7993.cn
8336.cn
8336.cn
03m.net
03m.net
ou33.com
ou33.com
bv0.net
bv0.net
163333333.cn
163333333.cn
45575.com
45575.com
2637.cn
2637.cn
skyhouse.com.cn
skyhouse.com.cn
98453.com
98453.com
65642.net
65642.net
776la.com
776la.com
256.CC
256.CC
114king.cn
114king.cn
yyyqq.com
yyyqq.com
huhu123.com
huhu123.com
gyyx.cn
gyyx.cn
2888.me
2888.me
4444dh.cn
4444dh.cn
191pk.com
191pk.com
118.com
118.com
57xswz.com
57xswz.com
how18.cn
how18.cn
sohu12333333.com
sohu12333333.com
xz26.com
xz26.com
654v.com
654v.com
280580.cn
280580.cn
fjgqw.com
fjgqw.com
49558.cn
49558.cn
pp8000.cn
pp8000.cn
265it.com
265it.com
soolaa.com
soolaa.com
9899.cn
9899.cn
18143.com
18143.com
haoxyz.com
haoxyz.com
4555.net
4555.net
10du.net
10du.net
528988.com
528988.com
wahahaha123.com
wahahaha123.com
c256.cn
c256.cn
chinaih.com
chinaih.com
mnv.cn
mnv.cn
633dh.com
633dh.com
ncjxx.com
ncjxx.com
51721.net
51721.net
556w.com
556w.com
114cc.net
114cc.net
5go.com.cn
5go.com.cn
pp4000.com
pp4000.com
8844.com
8844.com
dd335.cn
dd335.cn
qu163.net
qu163.net
itwenba.cn
itwenba.cn
dou2game.cn
dou2game.cn
h220.com
h220.com
neng123.com
neng123.com
pleoc.cn
pleoc.cn
6006.cc
6006.cc
987654.com
987654.com
39903.com
39903.com
ddoowwnn.cn
ddoowwnn.cn
788111.com
788111.com
zhidao001.com
zhidao001.com
5hao123.com
5hao123.com
978.la
978.la
135968.cn
135968.cn
bb112.com
bb112.com
r220.cn
r220.cn
365kong.com
365kong.com
woainame.cn
woainame.cn
okgouwu.cn
okgouwu.cn
hao006.com
hao006.com
jipinla.com
jipinla.com
99467.com
99467.com
wawamm.cn
wawamm.cn
qian14.cn
qian14.cn
ip27.cn
ip27.cn
56dh.cn
56dh.cn
2966.com
2966.com
game333.net
game333.net
kukuwz.com
kukuwz.com
1-xiu.cn
1-xiu.cn
92hao123.com
92hao123.com
lian9.cn
lian9.cn
222q.cn
222q.cn
jj98.com
jj98.com
73vv.com
73vv.com
mubanw.com
mubanw.com
t262.com
t262.com
x1258.cn
x1258.cn
weishi66.cn
weishi66.cn
hao990.com
hao990.com
68la.com
68la.com
sowang123.cn
sowang123.cn
3929.cn
3929.cn
5665.cn
5665.cn
81sf.com
81sf.com
kz123.cn
kz123.cn
qq806.cn
qq806.cn
ffwyt.com
ffwyt.com
cmd.exe
cmd.exe
netsh.exe
netsh.exe
conime.exe
conime.exe
regedit.exe
regedit.exe
wscript.exe
wscript.exe
regsvr32.exe
regsvr32.exe
rundll32.exe
rundll32.exe
wmiprvse.exe
wmiprvse.exe
ipconfig.exe
ipconfig.exe
kpscc.sys
kpscc.sys
\\.\MYFL
\\.\MYFL
\smss.exe
\smss.exe
\explorer.exe
\explorer.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Software\Microsoft\Windows\CurrentVersion\Policies\Associations
Software\Microsoft\Windows\CurrentVersion\Policies\Associations
SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
c:\RECYCLER\winlogon.exe
c:\RECYCLER\winlogon.exe
RavExt.dll
RavExt.dll
bsmain.exe
bsmain.exe
Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel\{871C5380-42A0-1069-A2EA-08002B30309D}
Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel\{871C5380-42A0-1069-A2EA-08002B30309D}
Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu\{871C5380-42A0-1069-A2EA-08002B30309D}
Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu\{871C5380-42A0-1069-A2EA-08002B30309D}
5.lnk
5.lnk
3.lnk
3.lnk
2009.lnk
2009.lnk
2010.lnk
2010.lnk
@shdoclc.dll,-881
@shdoclc.dll,-881
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}
@shdoclc.dll,-880
@shdoclc.dll,-880
iexplore.exe hXXp://VVV.sfc007.com/?Activex
iexplore.exe hXXp://VVV.sfc007.com/?Activex
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\shell\OpenHomePage\Command
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\shell\OpenHomePage\Command
rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl,,0
rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl,,0
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\shell\
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\shell\
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\shell\OpenHomePage
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\shell\OpenHomePage
@shdoclc.dll,-10241
@shdoclc.dll,-10241
{871C5380-42A0-1069-A2EA-08002B30309D}
{871C5380-42A0-1069-A2EA-08002B30309D}
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\Shellex\ContextMenuHandlers\ieframe
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\Shellex\ContextMenuHandlers\ieframe
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\ShellFolder\Attributes
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\ShellFolder\Attributes
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\shell
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\shell
%SystemRoot%\system32\shdocvw.dll
%SystemRoot%\system32\shdocvw.dll
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\InProcServer32
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\InProcServer32
shdoclc.dll,-190
shdoclc.dll,-190
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\DefaultIcon
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\DefaultIcon
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\InfoTip
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\InfoTip
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\LocalizedString
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\LocalizedString
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{F986CC17-37C0-4585-B7D9-15F2161F0584}\InProcServer32
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{F986CC17-37C0-4585-B7D9-15F2161F0584}\InProcServer32
Intennet Exploner.lnk
Intennet Exploner.lnk
A.url
A.url
C.url
C.url
BOSC.dll
BOSC.dll
autorun.inf
autorun.inf
}.exe
}.exe
46.com
46.com
1155.com
1155.com
114la.com
114la.com
My Documamts.exe
My Documamts.exe
hXXp://VVV.dh008.com/?ie
hXXp://VVV.dh008.com/?ie
hXXp://VVV.dh008.com/index.html?ie
hXXp://VVV.dh008.com/index.html?ie
winlogon.exe
winlogon.exe
%Program Files%\Internet Explorer\iexplore.exe
%Program Files%\Internet Explorer\iexplore.exe
&.url
&.url
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
C:\VSPS
C:\VSPS
C:\VSPS\VSPS.exe
C:\VSPS\VSPS.exe
boot.ini
boot.ini
svchost.exe
svchost.exe
explorer.exe hXXp://VVV.dh008.com/?TJ-
explorer.exe hXXp://VVV.dh008.com/?TJ-
explorer.exe hXXp://VVV.dh008.com/index.html?TJ-
explorer.exe hXXp://VVV.dh008.com/index.html?TJ-
reg.exe
reg.exe
Shareds.dll
Shareds.dll
q9q.dll
q9q.dll
TaskTray.dll
TaskTray.dll
Q888.dll
Q888.dll
LoginCtrl.dll
LoginCtrl.dll
x0x.dll
x0x.dll
mp.dll
mp.dll
xlooo.dll
xlooo.dll
TaskManager.dll
TaskManager.dll
explorer.exe
explorer.exe
.idata
.idata
.edata
.edata
P.reloc
P.reloc
P.rsrc
P.rsrc
taskmgr.exe
taskmgr.exe
user32.dll
user32.dll
GetKeyboardType
GetKeyboardType
advapi32.dll
advapi32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
SetWindowsHookExA
SetWindowsHookExA
IMAGEHLP.DLL
IMAGEHLP.DLL
nthide.dll
nthide.dll
KWindows
KWindows
c:\VSPS\VSPS.exe
c:\VSPS\VSPS.exe
c:\VSPS\
c:\VSPS\
hXXp://VVV.dh008.com/?Dll
hXXp://VVV.dh008.com/?Dll
hXXp://VVV.dh008.com/index.html?Dll
hXXp://VVV.dh008.com/index.html?Dll
WinExec
WinExec
Q08.dll
Q08.dll
4G4U4^4j4q4
4G4U4^4j4q4
= =$=(=,=8=
= =$=(=,=8=
UrlMon
UrlMon
Q09.dll
Q09.dll
xlo.dll
xlo.dll
xln.dll
xln.dll
IEXPLORE.EXE
IEXPLORE.EXE
%Program Files%\Internet Explorer\IEXPLORE.EXE
%Program Files%\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
URL=hXXp://VVV.sfc007.com/
URL=hXXp://VVV.sfc007.com/
URL=hXXp://VVV.sfc007.com/taobao.htm
URL=hXXp://VVV.sfc007.com/taobao.htm
URL=hXXp://VVV.vol777.com/?Dll
URL=hXXp://VVV.vol777.com/?Dll
.text
.text
h.rdata
h.rdata
H.data
H.data
.reloc
.reloc
PID is:%d
PID is:%d
MyPspaddress is: X
MyPspaddress is: X
NTOSKRNL.EXE
NTOSKRNL.EXE
GetWindowsDirectoryA
GetWindowsDirectoryA
RegOpenKeyA
RegOpenKeyA
RegDeleteKeyA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyExA
RegCreateKeyA
RegCreateKeyA
.rdata
.rdata
: :$:(:,:0:4:8
: :$:(:,:0:4:8
; ;$;(;,;0;4;8;
; ;$;(;,;0;4;8;
$=(=,=8=
$=(=,=8=
pfl/r.Sc
pfl/r.Sc
URL=A
URL=A
%X'?0U
%X'?0U
.LjR=W
.LjR=W
.Jbjx=
.Jbjx=
KERNEL32.DLL
KERNEL32.DLL
oleaut32.dll
oleaut32.dll
shell32.dll
shell32.dll
>..\..\..\..\..\..\Program Files\Internet Explorer\IEXPLORE.EXE"%Program Files%\Internet Explorer
>..\..\..\..\..\..\Program Files\Internet Explorer\IEXPLORE.EXE"%Program Files%\Internet Explorer
hXXp://VVV.sfc007.com/?94`
hXXp://VVV.sfc007.com/?94`
hXXp://VVV.sfc007.com/?94
hXXp://VVV.sfc007.com/?94
explorer.exe_1044_rwx_00401000_00050000:
kernel32.dll
kernel32.dll
ntdll.dll
ntdll.dll
PSAPI.dll
PSAPI.dll
safeboxTray.exe
safeboxTray.exe
360Safe.exe
360Safe.exe
360safebox.exe
360safebox.exe
360tray.exe
360tray.exe
ravcopy.exe
ravcopy.exe
AvastU3.exe
AvastU3.exe
ScanU3.exe
ScanU3.exe
AvU3Launcher.exe
AvU3Launcher.exe
QQPCMgr.exe
QQPCMgr.exe
runiep.exe
runiep.exe
rfwmain.exe
rfwmain.exe
rfwsrv.exe
rfwsrv.exe
KAVPF.exe
KAVPF.exe
KPFW32.exe
KPFW32.exe
nod32kui.exe
nod32kui.exe
nod32.exe
nod32.exe
Navapsvc.exe
Navapsvc.exe
SelfUpdate.exe
SelfUpdate.exe
QQPCRTP.exe
QQPCRTP.exe
Navapw32.exe
Navapw32.exe
avconsol.exe
avconsol.exe
webscanx.exe
webscanx.exe
NPFMntor.exe
NPFMntor.exe
vsstat.exe
vsstat.exe
zjb.exe
zjb.exe
KPfwSvc.exe
KPfwSvc.exe
QQDoctorMain.exe
QQDoctorMain.exe
RavTask.exe
RavTask.exe
atpup.exe
atpup.exe
mmsk.exe
mmsk.exe
WoptiClean.exe
WoptiClean.exe
QQKav.exe
QQKav.exe
EGHOST.exe
EGHOST.exe
QQDoctor.exe
QQDoctor.exe
RegClean.exe
RegClean.exe
FYFireWall.exe
FYFireWall.exe
iparmo.exe
iparmo.exe
adam.exe
adam.exe
KWSMain.exe
KWSMain.exe
IceSword.exe
IceSword.exe
360rpt.exe
360rpt.exe
AgentSvr.exe
AgentSvr.exe
AppSvc32.exe
AppSvc32.exe
autoruns.exe
autoruns.exe
avgrssvc.exe
avgrssvc.exe
DSMain.exe
DSMain.exe
360sd.exe
360sd.exe
kwstray.exe
kwstray.exe
knsd.exe
knsd.exe
AvMonitor.exe
AvMonitor.exe
CCenter.exe
CCenter.exe
ccSvcHst.exe
ccSvcHst.exe
FileDsty.exe
FileDsty.exe
FTCleanerShell.exe
FTCleanerShell.exe
HijackThis.exe
HijackThis.exe
Iparmor.exe
Iparmor.exe
isPwdSvc.exe
isPwdSvc.exe
KSWebShield.exe
KSWebShield.exe
kabaload.exe
kabaload.exe
KaScrScn.SCR
KaScrScn.SCR
KASMain.exe
KASMain.exe
KASTask.exe
KASTask.exe
AntiU.exe
AntiU.exe
KAV32.exe
KAV32.exe
KAVDX.exe
KAVDX.exe
KAVPFW.exe
KAVPFW.exe
KAVSetup.exe
KAVSetup.exe
ArSwp2.exe
ArSwp2.exe
KISLnchr.exe
KISLnchr.exe
KMailMon.exe
KMailMon.exe
KMFilter.exe
KMFilter.exe
KPFW32X.exe
KPFW32X.exe
KPFWSvc.exe
KPFWSvc.exe
KRegEx.exe
KRegEx.exe
KsLoader.exe
KsLoader.exe
KVCenter.kxp
KVCenter.kxp
ArSwp3.exe
ArSwp3.exe
KvDetect.exe
KvDetect.exe
KvfwMcl.exe
KvfwMcl.exe
KVMonXP.kxp
KVMonXP.kxp
KVMonXP_1.kxp
KVMonXP_1.kxp
kvol.exe
kvol.exe
kvolself.exe
kvolself.exe
KVScan.kxp
KVScan.kxp
KVSrvXP.exe
KVSrvXP.exe
KVStub.kxp
KVStub.kxp
kvupload.exe
kvupload.exe
kvwsc.exe
kvwsc.exe
KvXP.kxp
KvXP.kxp
KvXP_1.kxp
KvXP_1.kxp
KWatch.exe
KWatch.exe
KWatch9x.exe
KWatch9x.exe
KWatchX.exe
KWatchX.exe
loaddll.exe
loaddll.exe
MagicSet.exe
MagicSet.exe
PFW.exe
PFW.exe
mcconsol.exe
mcconsol.exe
QQPCTray.exe
QQPCTray.exe
nod32krn.exe
nod32krn.exe
PFWLiveUpdate.exe
PFWLiveUpdate.exe
QHSET.exe
QHSET.exe
RavStub.exe
RavStub.exe
Ras.exe
Ras.exe
rfwcfg.exe
rfwcfg.exe
RfwMain.exe
RfwMain.exe
RsAgent.exe
RsAgent.exe
Rsaupd.exe
Rsaupd.exe
safelive.exe
safelive.exe
knsdave.exe
knsdave.exe
irsetup.exe
irsetup.exe
scan32.exe
scan32.exe
shcfg32.exe
shcfg32.exe
SmartUp.exe
SmartUp.exe
SREng.EXE
SREng.EXE
symlcsvc.exe
symlcsvc.exe
SysSafe.exe
SysSafe.exe
TrojanDetector.exe
TrojanDetector.exe
Trojanwall.exe
Trojanwall.exe
KWSUpd.exe
KWSUpd.exe
UIHost.exe
UIHost.exe
UmxAgent.exe
UmxAgent.exe
UmxAttachment.exe
UmxAttachment.exe
360sdrun.exe
360sdrun.exe
UmxCfg.exe
UmxCfg.exe
UmxFwHlp.exe
UmxFwHlp.exe
UmxPol.exe
UmxPol.exe
UpLive.exe
UpLive.exe
upiea.exe
upiea.exe
AST.exe
AST.exe
ArSwp.exe
ArSwp.exe
USBCleaner.exe
USBCleaner.exe
rstrui.exe
rstrui.exe
KvReport.kxp
KvReport.kxp
QQSC.exe
QQSC.exe
ghost.exe
ghost.exe
KRepair.com
KRepair.com
SREngPS.EXE
SREngPS.EXE
XDelBox.exe
XDelBox.exe
kpfw32.exe
kpfw32.exe
kavstart.exe
kavstart.exe
knsdtray.exe
knsdtray.exe
kpfwsvc.exe
kpfwsvc.exe
kmailmon.exe
kmailmon.exe
kissvc.exe
kissvc.exe
appdllman.exe
appdllman.exe
~.exe
~.exe
sos.exe
sos.exe
UFO.exe
UFO.exe
TNT.Exe
TNT.Exe
niu.exe
niu.exe
XP.exe
XP.exe
Wsyscheck.exe
Wsyscheck.exe
TxoMoU.Exe
TxoMoU.Exe
AoYun.exe
AoYun.exe
auto.exe
auto.exe
AutoRun.exe
AutoRun.exe
av.exe
av.exe
zxsweep.exe
zxsweep.exe
cross.exe
cross.exe
Discovery.exe
Discovery.exe
guangd.exe
guangd.exe
kernelwind32.exe
kernelwind32.exe
logogo.exe
logogo.exe
kwatch.exe
kwatch.exe
QQDoctorRtp.exe
QQDoctorRtp.exe
NAVSetup.exe
NAVSetup.exe
pagefile.exe
pagefile.exe
pagefile.pif
pagefile.pif
rfwProxy.exe
rfwProxy.exe
SDGames.exe
SDGames.exe
servet.exe
servet.exe
KAVStart.exe
KAVStart.exe
mmqczj.exe
mmqczj.exe
TrojDie.kxp
TrojDie.kxp
RavMonD.exe
RavMonD.exe
Rav.exe
Rav.exe
RavMon.exe
RavMon.exe
RsTray.exe
RsTray.exe
ScanFrm.exe
ScanFrm.exe
rsnetsvr.exe
rsnetsvr.exe
arswp2.exe
arswp2.exe
arswp3.exe
arswp3.exe
zhudongfangyu.exe
zhudongfangyu.exe
799d.exe
799d.exe
stormii.exe
stormii.exe
tmp.exe
tmp.exe
jisu.exe
jisu.exe
filmst.exe
filmst.exe
qheart.exe
qheart.exe
qsetup.exe
qsetup.exe
sxgame.exe
sxgame.exe
wbapp.exe
wbapp.exe
pfserver.exe
pfserver.exe
QQPCSmashFile.exe
QQPCSmashFile.exe
avp.com
avp.com
avp.exe
avp.exe
iq123.com
iq123.com
yijidh.com
yijidh.com
250dh.cn
250dh.cn
223.la
223.la
kuku123.com
kuku123.com
930930.com
930930.com
9123.com
9123.com
hao123e.com
hao123e.com
020.com
020.com
youxi777.com
youxi777.com
1616.net
1616.net
1188.com
1188.com
urldh.com
urldh.com
daohang.la
daohang.la
pp55.com
pp55.com
9605.com
9605.com
05505.cn
05505.cn
7055.net
7055.net
0056.com
0056.com
6655.com
6655.com
1166.com
1166.com
5kip.com
5kip.com
114xia.com
114xia.com
265dh.com
265dh.com
3567.com
3567.com
6565.cn
6565.cn
666t.com
666t.com
9223.com
9223.com
dduu.com
dduu.com
hao123.cn
hao123.cn
5snow.com
5snow.com
2523.com
2523.com
5599.net
5599.net
tt98.com
tt98.com
zhaodao123.com
zhaodao123.com
kuhao123.com
kuhao123.com
5151la.net
5151la.net
6h.com.cn
6h.com.cn
zeibi.com
zeibi.com
6e8e.com
6e8e.com
th123.com
th123.com
9991.com
9991.com
hao123ol.com
hao123ol.com
wu123.com
wu123.com
t220.cn
t220.cn
ttver.net
ttver.net
188HI.com
188HI.com
go2000.com
go2000.com
5igb.com
5igb.com
bb2000.net
bb2000.net
9wa.com
9wa.com
qq5.com
qq5.com
365j.com
365j.com
7345.com
7345.com
2760.com
2760.com
361la.com
361la.com
haojs.com
haojs.com
5zd.com
5zd.com
i8866.com
i8866.com
100wz.com
100wz.com
114hi.com
114hi.com
234.la
234.la
657.com
657.com
339.la
339.la
365wz.net
365wz.net
7792.com
7792.com
9495.com
9495.com
dazuimao.com
dazuimao.com
71314.com
71314.com
265.com
265.com
gouwo.com
gouwo.com
huai456.com
huai456.com
ku256.com
ku256.com
my180.com
my180.com
2522.cn
2522.cn
405.cn
405.cn
44244.com
44244.com
111dh.com
111dh.com
115ku.com
115ku.com
13387.com
13387.com
163yes.com
163yes.com
256s.com
256s.com
2676.com
2676.com
3355.net
3355.net
365lo.com
365lo.com
4168.com
4168.com
4545.cn
4545.cn
4688.com
4688.com
566.net
566.net
5666.net
5666.net
5733.com
5733.com
6461.cn
6461.cn
7356.com
7356.com
800186.com
800186.com
85851.com
85851.com
asp51.com
asp51.com
361dh.com
361dh.com
5566.net
5566.net
yulinweb.com
yulinweb.com
6296.com.cn
6296.com.cn
mianfeia.com
mianfeia.com
ai1234.com
ai1234.com
k369.com
k369.com
msncn.com
msncn.com
ss256.com
ss256.com
min513.com
min513.com
88-888.com
88-888.com
lggg.cn
lggg.cn
7771.cn
7771.cn
leeboo.com
leeboo.com
jjol.cn
jjol.cn
5566.com
5566.com
9166.net
9166.net
hao253.com
hao253.com
7b.com.cn
7b.com.cn
haoei.com
haoei.com
77114.com
77114.com
21310.cn
21310.cn
weiduomei.net
weiduomei.net
kk3000.cn
kk3000.cn
7241.cn
7241.cn
44384.com
44384.com
daohang1234.com
daohang1234.com
131.cc
131.cc
223224.com
223224.com
537.com
537.com
9348.cn
9348.cn
bju123.cn
bju123.cn
i4455.com
i4455.com
jia123.com
jia123.com
0666.com.cn
0666.com.cn
553.la
553.la
5566.org
5566.org
37021.com
37021.com
88488.com
88488.com
99986.net
99986.net
37021.net
37021.net
k986.com
k986.com
cc62.com
cc62.com
5518.cn
5518.cn
55620.com
55620.com
52416.com
52416.com
7357.cn
7357.cn
8c8c.net
8c8c.net
9999q.com
9999q.com
123shi123.com
123shi123.com
yl234.cn
yl234.cn
3322.com
3322.com
hao222.com
hao222.com
6313.com
6313.com
f127.com
f127.com
5599cn.cn
5599cn.cn
99499.com
99499.com
2548.cn
2548.cn
133.net
133.net
ie30.com
ie30.com
8751.com
8751.com
haidaowan.net
haidaowan.net
160dh.com
160dh.com
114115.com
114115.com
1322.cn
1322.cn
hh361.com
hh361.com
2800.cc
2800.cc
52daohang.com
52daohang.com
186.me
186.me
diyidh.com
diyidh.com
zaodezhu.com
zaodezhu.com
7832.com
7832.com
3073.com
3073.com
2058.cc
2058.cc
3456.cc
3456.cc
7771.com
7771.com
q6789.com
q6789.com
7k.cc
7k.cc
dianzi88.com
dianzi88.com
7802.com
7802.com
xinbut.com
xinbut.com
59688.com
59688.com
gjj.cc
gjj.cc
youla.com
youla.com
ok1616.com
ok1616.com
i2345.cn
i2345.cn
gg8000.com
gg8000.com
daohang12345.cn
daohang12345.cn
inina.cn
inina.cn
dowei.com
dowei.com
1515.net
1515.net
41119.cn
41119.cn
21230.cn
21230.cn
97youku.com
97youku.com
fast35.net
fast35.net
m32.cn
m32.cn
tom155.cn
tom155.cn
668yo.com
668yo.com
online.cq.cn
online.cq.cn
shagua.cn
shagua.cn
007247.cn
007247.cn
603467.cn
603467.cn
197326.cn
197326.cn
wwwoj.cn
wwwoj.cn
xp22.cn
xp22.cn
84022.cn
84022.cn
520593.cn
520593.cn
448789.cn
448789.cn
141321.cn
141321.cn
36gggg.cn
36gggg.cn
427842.cn
427842.cn
niubihao123.cn
niubihao123.cn
ovooo.cn
ovooo.cn
rtys520.net
rtys520.net
rtxzw.com
rtxzw.com
uurenti.cc
uurenti.cc
bo.dy288.com
bo.dy288.com
renti11.com
renti11.com
123.cd
123.cd
336655.com
336655.com
9978.net
9978.net
520.com
520.com
6l.cn
6l.cn
420.cn
420.cn
v989.com
v989.com
16551.com
16551.com
2tvv.com
2tvv.com
m4455.com
m4455.com
mylovewebs.com
mylovewebs.com
5987.net
5987.net
7999.com
7999.com
caipopo.com
caipopo.com
wndhw.com
wndhw.com
henku123.com
henku123.com
qu123.com
qu123.com
94176.com
94176.com
u526.com
u526.com
haokan123.com
haokan123.com
uusee.net
uusee.net
9733.com
9733.com
qnrwz.com
qnrwz.com
999w.com
999w.com
h935.com
h935.com
33250.com
33250.com
tz911.net
tz911.net
639e.com
639e.com
920xx.cn
920xx.cn
13393.com
13393.com
tncdh.com
tncdh.com
sou185.com
sou185.com
3566.cc
3566.cc
580so.com
580so.com
2001.cc
2001.cc
hnhao123.com
hnhao123.com
zz5.net.cn
zz5.net.cn
abc123.name
abc123.name
ekan123.com
ekan123.com
1266.cc
1266.cc
hao123.cc
hao123.cc
126.cc
126.cc
ie1788.com
ie1788.com
58daohang.com
58daohang.com
6dh.com
6dh.com
991.cn
991.cn
114la.me
114la.me
1133.cc
1133.cc
ads8.com
ads8.com
haoz.com
haoz.com
jsing.net
jsing.net
123.sogou.com
123.sogou.com
3321.com
3321.com
1155.cc
1155.cc
hao123.com
hao123.com
hao123.net
hao123.net
6700.cn
6700.cn
168.com
168.com
uu881.com
uu881.com
6264.cn
6264.cn
606600.com
606600.com
2345.com
2345.com
5607.cn
5607.cn
1111116.com
1111116.com
v7799.com
v7799.com
ie7.com.cn
ie7.com.cn
365t.cc
365t.cc
89679.com
89679.com
35029.com
35029.com
8d9a.cn
8d9a.cn
400zm.com
400zm.com
58816.com
58816.com
727dh.cn
727dh.cn
hao123w.com
hao123w.com
114td.com
114td.com
28101.cn
28101.cn
03336.cn
03336.cn
79001.cn
79001.cn
133132.com
133132.com
3434.com.cn
3434.com.cn
828dh.cn
828dh.cn
64500.cn
64500.cn
22q.cc
22q.cc
jj77.com
jj77.com
vvyy.net
vvyy.net
ie567.com
ie567.com
5d5e.com
5d5e.com
212dh.cn
212dh.cn
911g.cn
911g.cn
1616.la
1616.la
tomatolei.com
tomatolei.com
96nn.com
96nn.com
5543.com
5543.com
2288.org
2288.org
3322.org
3322.org
9966.org
9966.org
8800.org
8800.org
8866.org
8866.org
7766.org
7766.org
22409.com
22409.com
se-se.info
se-se.info
26043.com
26043.com
34414.com
34414.com
gaoav1.info
gaoav1.info
0558114.com
0558114.com
3333dh.cn
3333dh.cn
zjialin.com
zjialin.com
22dao.com
22dao.com
soupay.com
soupay.com
langlangdoor.com
langlangdoor.com
99cu.com
99cu.com
5555dh.cn
5555dh.cn
wang123.net
wang123.net
haaoo123.com
haaoo123.com
3645.com
3645.com
hao123q.com
hao123q.com
tvsooo.com
tvsooo.com
gaituba.com
gaituba.com
45566.net
45566.net
2298.cn
2298.cn
iexx.com
iexx.com
dh115.com
dh115.com
97sp.cn
97sp.cn
39r.cn
39r.cn
f8f8.cn
f8f8.cn
391kk.cn
391kk.cn
266.cc
266.cc
jysoso.net
jysoso.net
wg510.cn
wg510.cn
114d.org
114d.org
ie3721.com
ie3721.com
2142.cn
2142.cn
go2000.cc
go2000.cc
go2000.cn
go2000.cn
99521.com
99521.com
yeooo.com
yeooo.com
haha123.com
haha123.com
hao.360.cn
hao.360.cn
07707.cn
07707.cn
yy2000.net
yy2000.net
1111118.com
1111118.com
26281.com
26281.com
960dh.cn
960dh.cn
300.cc
300.cc
163333333.com.cn
163333333.com.cn
kz300.cn
kz300.cn
i3525.cn
i3525.cn
67881.net
67881.net
t2t2.net
t2t2.net
mm4000.cn
mm4000.cn
669dh.cn
669dh.cn
k58n.com
k58n.com
haoha123.com
haoha123.com
ab99.com
ab99.com
i2255.com
i2255.com
054.cc
054.cc
fffggqq.cn
fffggqq.cn
k2345.net
k2345.net
vv33.com
vv33.com
tuku6.com
tuku6.com
mmpp654.com
mmpp654.com
228dh.cn
228dh.cn
seibb.com
seibb.com
14164.com
14164.com
552dh.cn
552dh.cn
hao969.com
hao969.com
lalamao.com
lalamao.com
21225.cn
21225.cn
5k5.net
5k5.net
65630.cn
65630.cn
at46.cn
at46.cn
98928.cn
98928.cn
ads.eorezo.com
ads.eorezo.com
661dh.cn
661dh.cn
6320.com
6320.com
henbianjie.com
henbianjie.com
xiushe.com
xiushe.com
5mqxmq.com
5mqxmq.com
989228.com
989228.com
i8844.cn
i8844.cn
g1476.cn
g1476.cn
4j4j.cn
4j4j.cn
1777zzw5.com
1777zzw5.com
989228.cn
989228.cn
henbucuo.com
henbucuo.com
886dh.cn
886dh.cn
2255.net
2255.net
160yes.com
160yes.com
u8s.cn
u8s.cn
16711.com
16711.com
626dh.cn
626dh.cn
rfwow.cn
rfwow.cn
baiyici.cn
baiyici.cn
lalamao.cn
lalamao.cn
136s.com
136s.com
huhuyy.cn
huhuyy.cn
8diq.com
8diq.com
d2fs.cn
d2fs.cn
0229.com
0229.com
yy4000.com
yy4000.com
9934.cn
9934.cn
3883.net
3883.net
151dh.com
151dh.com
26dh.cn
26dh.cn
kkwwxx.com
kkwwxx.com
t67.net
t67.net
29dao.cn
29dao.cn
58ju.com
58ju.com
dnc8.net
dnc8.net
yl177.com.cn
yl177.com.cn
xj.cn
xj.cn
950990.cn
950990.cn
114.com.cn
114.com.cn
xxxip.cn
xxxip.cn
3628.com
3628.com
265.cc
265.cc
26.la
26.la
5654.com
5654.com
zg115.com
zg115.com
969dh.cn
969dh.cn
111555.com.cn
111555.com.cn
pic.jinti.com
pic.jinti.com
kk8000.com
kk8000.com
wokaokao.cn
wokaokao.cn
duoxxppmmkoo.com
duoxxppmmkoo.com
kanlink.cn
kanlink.cn
91youa.com
91youa.com
shinia.cn
shinia.cn
pp9pp9.cn
pp9pp9.cn
ma80.com
ma80.com
556dh.cn
556dh.cn
bu4.cn
bu4.cn
8555.com
8555.com
e23.la
e23.la
flash678.cn
flash678.cn
yy4000.cn
yy4000.cn
wo333.com
wo333.com
mv700.com
mv700.com
xcwhgx.cn
xcwhgx.cn
3s11.cn
3s11.cn
sp16888.com
sp16888.com
k7k7.com
k7k7.com
zzw5.com
zzw5.com
okdianying.com
okdianying.com
789bb.com
789bb.com
antuoo.com
antuoo.com
so06.com
so06.com
665532.cn
665532.cn
7f7f.com
7f7f.com
k261.com
k261.com
fanbaidu.org.cn
fanbaidu.org.cn
iu888.cn
iu888.cn
977k.com
977k.com
93w.com
93w.com
68566.com.cn
68566.com.cn
zhidao163.cn
zhidao163.cn
it958.cn
it958.cn
lx8000.cn
lx8000.cn
sc.cn
sc.cn
ucuc.cc
ucuc.cc
kkdowns.com
kkdowns.com
189189.com
189189.com
0002.com
0002.com
4737.cn
4737.cn
226dh.cn
226dh.cn
bb115.cn
bb115.cn
06000.cn
06000.cn
u87.cn
u87.cn
sohao123.com
sohao123.com
k887.com
k887.com
hao602.com
hao602.com
t7t7.net
t7t7.net
ku4000.cn
ku4000.cn
v6677.cn
v6677.cn
hong666.com
hong666.com
4000a.com
4000a.com
kk4000.cn
kk4000.cn
7767.com
7767.com
11227.cn
11227.cn
u9u9.net
u9u9.net
28113.cn
28113.cn
rr55.com
rr55.com
a4000.cn
a4000.cn
yunfujkw.cn
yunfujkw.cn
886.com
886.com
2800.cer.cn
2800.cer.cn
zyyu.com
zyyu.com
49la.com
49la.com
hi3000.cn
hi3000.cn
sogouliulanqi.com
sogouliulanqi.com
888ge.com
888ge.com
00333.cn
00333.cn
29wz.com
29wz.com
soso126.com
soso126.com
180wan.com
180wan.com
kan888.com
kan888.com
4929.cn
4929.cn
v2233.com
v2233.com
m345.cn
m345.cn
tt265.net
tt265.net
18ttt.com
18ttt.com
153.cc
153.cc
00664.cn
00664.cn
gugogo.com
gugogo.com
kk4000.com
kk4000.com
185b.com
185b.com
uuent.com
uuent.com
6666dh.cn
6666dh.cn
25dao.com
25dao.com
shangla.com
shangla.com
77177.cn
77177.cn
haoq123.com
haoq123.com
baiduo.org
baiduo.org
lejiu.net
lejiu.net
dianxin.cn
dianxin.cn
u7758.com
u7758.com
dao234.com
dao234.com
85692.com
85692.com
xiaosb.com
xiaosb.com
soso313.cn
soso313.cn
939dh.com
939dh.com
85952.com
85952.com
31346.com
31346.com
71528.com
71528.com
788dh.com
788dh.com
91695.com
91695.com
5566x.com
5566x.com
131u.com
131u.com
1149.cn
1149.cn
9281.net
9281.net
my115.net
my115.net
4119.cn
4119.cn
9m1.net
9m1.net
dh818.com
dh818.com
iehwz.com
iehwz.com
wa200.com
wa200.com
hao234.cc
hao234.cc
6781.com
6781.com
652dh.com
652dh.com
16811.com
16811.com
zhongshu.net
zhongshu.net
992k.com
992k.com
71628.com
71628.com
6701.com
6701.com
diyou.net
diyou.net
iehao123.com
iehao123.com
laidao123.com
laidao123.com
yinfen.net
yinfen.net
wz4321.com
wz4321.com
shangqu.info
shangqu.info
5121.net
5121.net
668g.com
668g.com
51150.com
51150.com
53ff.com
53ff.com
dada123.com
dada123.com
you2000.com
you2000.com
884599.cn
884599.cn
kuaijiong.com
kuaijiong.com
398.cn
398.cn
32387.com
32387.com
82vv.com
82vv.com
09tao.com
09tao.com
977dh.com
977dh.com
598.net
598.net
211dh.com
211dh.com
9365.info
9365.info
wblive.com
wblive.com
e722.com
e722.com
v232.com
v232.com
7400.net
7400.net
62106.com
62106.com
ll4xi.com
ll4xi.com
3932.com
3932.com
puZeng.com
puZeng.com
97199.com
97199.com
447.cc
447.cc
0749.com
0749.com
6656.net
6656.net
niebai.com
niebai.com
447.com
447.com
uuchina.net
uuchina.net
hao123cn.info
hao123cn.info
dao666.com
dao666.com
9813.org
9813.org
91kk.com
91kk.com
freedh.info
freedh.info
yidaba.com
yidaba.com
161111111.com
161111111.com
009dh.com
009dh.com
qsxx.cn
qsxx.cn
geyuan.net
geyuan.net
8t8.net
8t8.net
xorg.pl
xorg.pl
bij.pl
bij.pl
qqnz.com
qqnz.com
srpkw.com
srpkw.com
gggdu.com
gggdu.com
baiduo.com
baiduo.com
wys99.com
wys99.com
leilei.cc
leilei.cc
3633.net
3633.net
fjta.com
fjta.com
so11.cn
so11.cn
522dh.com
522dh.com
9249.com
9249.com
3110.cn
3110.cn
300cc.com
300cc.com
7669.cn
7669.cn
5c6.com
5c6.com
7993.cn
7993.cn
8336.cn
8336.cn
03m.net
03m.net
ou33.com
ou33.com
bv0.net
bv0.net
163333333.cn
163333333.cn
45575.com
45575.com
2637.cn
2637.cn
skyhouse.com.cn
skyhouse.com.cn
98453.com
98453.com
65642.net
65642.net
776la.com
776la.com
256.CC
256.CC
114king.cn
114king.cn
yyyqq.com
yyyqq.com
huhu123.com
huhu123.com
gyyx.cn
gyyx.cn
2888.me
2888.me
4444dh.cn
4444dh.cn
191pk.com
191pk.com
118.com
118.com
57xswz.com
57xswz.com
how18.cn
how18.cn
sohu12333333.com
sohu12333333.com
xz26.com
xz26.com
654v.com
654v.com
280580.cn
280580.cn
fjgqw.com
fjgqw.com
49558.cn
49558.cn
pp8000.cn
pp8000.cn
265it.com
265it.com
soolaa.com
soolaa.com
9899.cn
9899.cn
18143.com
18143.com
haoxyz.com
haoxyz.com
4555.net
4555.net
10du.net
10du.net
528988.com
528988.com
wahahaha123.com
wahahaha123.com
c256.cn
c256.cn
chinaih.com
chinaih.com
mnv.cn
mnv.cn
633dh.com
633dh.com
ncjxx.com
ncjxx.com
51721.net
51721.net
556w.com
556w.com
114cc.net
114cc.net
5go.com.cn
5go.com.cn
pp4000.com
pp4000.com
8844.com
8844.com
dd335.cn
dd335.cn
qu163.net
qu163.net
itwenba.cn
itwenba.cn
dou2game.cn
dou2game.cn
h220.com
h220.com
neng123.com
neng123.com
pleoc.cn
pleoc.cn
6006.cc
6006.cc
987654.com
987654.com
39903.com
39903.com
ddoowwnn.cn
ddoowwnn.cn
788111.com
788111.com
zhidao001.com
zhidao001.com
5hao123.com
5hao123.com
978.la
978.la
135968.cn
135968.cn
bb112.com
bb112.com
r220.cn
r220.cn
365kong.com
365kong.com
woainame.cn
woainame.cn
okgouwu.cn
okgouwu.cn
hao006.com
hao006.com
jipinla.com
jipinla.com
99467.com
99467.com
wawamm.cn
wawamm.cn
qian14.cn
qian14.cn
ip27.cn
ip27.cn
56dh.cn
56dh.cn
2966.com
2966.com
game333.net
game333.net
kukuwz.com
kukuwz.com
1-xiu.cn
1-xiu.cn
92hao123.com
92hao123.com
lian9.cn
lian9.cn
222q.cn
222q.cn
jj98.com
jj98.com
73vv.com
73vv.com
mubanw.com
mubanw.com
t262.com
t262.com
x1258.cn
x1258.cn
weishi66.cn
weishi66.cn
hao990.com
hao990.com
68la.com
68la.com
sowang123.cn
sowang123.cn
3929.cn
3929.cn
5665.cn
5665.cn
81sf.com
81sf.com
kz123.cn
kz123.cn
qq806.cn
qq806.cn
ffwyt.com
ffwyt.com
cmd.exe
cmd.exe
netsh.exe
netsh.exe
conime.exe
conime.exe
regedit.exe
regedit.exe
wscript.exe
wscript.exe
regsvr32.exe
regsvr32.exe
rundll32.exe
rundll32.exe
wmiprvse.exe
wmiprvse.exe
ipconfig.exe
ipconfig.exe
kpscc.sys
kpscc.sys
\\.\MYFL
\\.\MYFL
\smss.exe
\smss.exe
\explorer.exe
\explorer.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Software\Microsoft\Windows\CurrentVersion\Policies\Associations
Software\Microsoft\Windows\CurrentVersion\Policies\Associations
SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
c:\RECYCLER\winlogon.exe
c:\RECYCLER\winlogon.exe
RavExt.dll
RavExt.dll
bsmain.exe
bsmain.exe
Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel\{871C5380-42A0-1069-A2EA-08002B30309D}
Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel\{871C5380-42A0-1069-A2EA-08002B30309D}
Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu\{871C5380-42A0-1069-A2EA-08002B30309D}
Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu\{871C5380-42A0-1069-A2EA-08002B30309D}
5.lnk
5.lnk
3.lnk
3.lnk
2009.lnk
2009.lnk
2010.lnk
2010.lnk
@shdoclc.dll,-881
@shdoclc.dll,-881
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}
@shdoclc.dll,-880
@shdoclc.dll,-880
iexplore.exe hXXp://VVV.sfc007.com/?Activex
iexplore.exe hXXp://VVV.sfc007.com/?Activex
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\shell\OpenHomePage\Command
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\shell\OpenHomePage\Command
rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl,,0
rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl,,0
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\shell\
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\shell\
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\shell\OpenHomePage
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\shell\OpenHomePage
@shdoclc.dll,-10241
@shdoclc.dll,-10241
{871C5380-42A0-1069-A2EA-08002B30309D}
{871C5380-42A0-1069-A2EA-08002B30309D}
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\Shellex\ContextMenuHandlers\ieframe
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\Shellex\ContextMenuHandlers\ieframe
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\ShellFolder\Attributes
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\ShellFolder\Attributes
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\shell
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\shell
%SystemRoot%\system32\shdocvw.dll
%SystemRoot%\system32\shdocvw.dll
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\InProcServer32
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\InProcServer32
shdoclc.dll,-190
shdoclc.dll,-190
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\DefaultIcon
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\DefaultIcon
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\InfoTip
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\InfoTip
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\LocalizedString
SOFTWARE\Classes\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}\LocalizedString
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{F986CC17-37C0-4585-B7D9-15F2161F0584}\InProcServer32
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{F986CC17-37C0-4585-B7D9-15F2161F0584}\InProcServer32
Intennet Exploner.lnk
Intennet Exploner.lnk
A.url
A.url
C.url
C.url
BOSC.dll
BOSC.dll
autorun.inf
autorun.inf
}.exe
}.exe
46.com
46.com
1155.com
1155.com
114la.com
114la.com
My Documamts.exe
My Documamts.exe
hXXp://VVV.dh008.com/?ie
hXXp://VVV.dh008.com/?ie
hXXp://VVV.dh008.com/index.html?ie
hXXp://VVV.dh008.com/index.html?ie
winlogon.exe
winlogon.exe
%Program Files%\Internet Explorer\iexplore.exe
%Program Files%\Internet Explorer\iexplore.exe
&.url
&.url
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
C:\VSPS
C:\VSPS
C:\VSPS\VSPS.exe
C:\VSPS\VSPS.exe
boot.ini
boot.ini
svchost.exe
svchost.exe
explorer.exe hXXp://VVV.dh008.com/?TJ-
explorer.exe hXXp://VVV.dh008.com/?TJ-
explorer.exe hXXp://VVV.dh008.com/index.html?TJ-
explorer.exe hXXp://VVV.dh008.com/index.html?TJ-
reg.exe
reg.exe
Shareds.dll
Shareds.dll
q9q.dll
q9q.dll
TaskTray.dll
TaskTray.dll
Q888.dll
Q888.dll
LoginCtrl.dll
LoginCtrl.dll
x0x.dll
x0x.dll
mp.dll
mp.dll
xlooo.dll
xlooo.dll
TaskManager.dll
TaskManager.dll
explorer.exe
explorer.exe
.idata
.idata
.edata
.edata
P.reloc
P.reloc
P.rsrc
P.rsrc
taskmgr.exe
taskmgr.exe
user32.dll
user32.dll
GetKeyboardType
GetKeyboardType
advapi32.dll
advapi32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
SetWindowsHookExA
SetWindowsHookExA
IMAGEHLP.DLL
IMAGEHLP.DLL
nthide.dll
nthide.dll
KWindows
KWindows
c:\VSPS\VSPS.exe
c:\VSPS\VSPS.exe
c:\VSPS\
c:\VSPS\
hXXp://VVV.dh008.com/?Dll
hXXp://VVV.dh008.com/?Dll
hXXp://VVV.dh008.com/index.html?Dll
hXXp://VVV.dh008.com/index.html?Dll
WinExec
WinExec
Q08.dll
Q08.dll
4G4U4^4j4q4
4G4U4^4j4q4
= =$=(=,=8=
= =$=(=,=8=
UrlMon
UrlMon
Q09.dll
Q09.dll
xlo.dll
xlo.dll
xln.dll
xln.dll
IEXPLORE.EXE
IEXPLORE.EXE
%Program Files%\Internet Explorer\IEXPLORE.EXE
%Program Files%\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
URL=hXXp://VVV.sfc007.com/
URL=hXXp://VVV.sfc007.com/
URL=hXXp://VVV.sfc007.com/taobao.htm
URL=hXXp://VVV.sfc007.com/taobao.htm
URL=hXXp://VVV.vol777.com/?Dll
URL=hXXp://VVV.vol777.com/?Dll
.text
.text
h.rdata
h.rdata
H.data
H.data
.reloc
.reloc
PID is:%d
PID is:%d
MyPspaddress is: X
MyPspaddress is: X
NTOSKRNL.EXE
NTOSKRNL.EXE
GetWindowsDirectoryA
GetWindowsDirectoryA
RegOpenKeyA
RegOpenKeyA
RegDeleteKeyA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyExA
RegCreateKeyA
RegCreateKeyA
.rdata
.rdata
: :$:(:,:0:4:8
: :$:(:,:0:4:8
; ;$;(;,;0;4;8;
; ;$;(;,;0;4;8;
$=(=,=8=
$=(=,=8=
>..\..\..\..\..\..\Program Files\Internet Explorer\IEXPLORE.EXE"%Program Files%\Internet Explorer
>..\..\..\..\..\..\Program Files\Internet Explorer\IEXPLORE.EXE"%Program Files%\Internet Explorer
hXXp://VVV.sfc007.com/?94`
hXXp://VVV.sfc007.com/?94`
hXXp://VVV.sfc007.com/?94
hXXp://VVV.sfc007.com/?94
Explorer.EXE_840_rwx_5CB71000_00001000:
[MSG ]
[MSG ]
[SeiConstructChain] %s!%-20s 0x%p ->
[SeiConstructChain] %s!%-20s 0x%p ->
[SeiConstructChain] %s!#%d 0x%p ->
[SeiConstructChain] %s!#%d 0x%p ->
[SeiGetPatchAddress] Dll "%S" not yet loaded for memory patching.
[SeiGetPatchAddress] Dll "%S" not yet loaded for memory patching.
[SeiApplyPatch] NtProtectVirtualMemory failed 0x%X.
[SeiApplyPatch] NtProtectVirtualMemory failed 0x%X.
[SeiApplyPatch] Unknown patch opcode 0x%X.
[SeiApplyPatch] Unknown patch opcode 0x%X.
[SeiApplyPatch] NtFlushInstructionCache failed w/ status 0x%X.
[SeiApplyPatch] NtFlushInstructionCache failed w/ status 0x%X.
[SeiResolveAPIs] There is no "%s!%s" !
[SeiResolveAPIs] There is no "%s!%s" !
[SeiResolveAPIs] There is no "%s!#%d" !
[SeiResolveAPIs] There is no "%s!#%d" !
[SeiResolveAPIs] Resolved "%s!%s" to 0x%p
[SeiResolveAPIs] Resolved "%s!%s" to 0x%p
[SeiResolveAPIs] Resolved "%s!#%d" to 0x%p
[SeiResolveAPIs] Resolved "%s!#%d" to 0x%p
[SeiResolveAPIs] Failed to convert string "%s" to UNICODE.
[SeiResolveAPIs] Failed to convert string "%s" to UNICODE.
[SeiIsExcluded] Module "%s" mixed inclusion/exclusion for API "%s!%s". Included.
[SeiIsExcluded] Module "%s" mixed inclusion/exclusion for API "%s!%s". Included.
[SeiIsExcluded] Module "%s" mixed inclusion/exclusion for API "%s!#%d". Included.
[SeiIsExcluded] Module "%s" mixed inclusion/exclusion for API "%s!#%d". Included.
[SeiIsExcluded] module "%s" excluded for shim %S, API "%s!%s", because it is in the exclude list (MODE: ES).
[SeiIsExcluded] module "%s" excluded for shim %S, API "%s!%s", because it is in the exclude list (MODE: ES).
[SeiIsExcluded] module "%s" excluded for shim %S, API "%s!#%d", because it is in the exclude list (MODE: ES).
[SeiIsExcluded] module "%s" excluded for shim %S, API "%s!#%d", because it is in the exclude list (MODE: ES).
[SeiIsExcluded] module "%s" excluded for shim %S, API "%s!%s", because it is in System32.
[SeiIsExcluded] module "%s" excluded for shim %S, API "%s!%s", because it is in System32.
[SeiIsExcluded] module "%s" excluded for shim %S, API "%s!#%d", because it is in System32.
[SeiIsExcluded] module "%s" excluded for shim %S, API "%s!#%d", because it is in System32.
[SeiIsExcluded] module "%s" excluded for shim %S, API "%s!%s", because it is not in the include list (MODE: EA).
[SeiIsExcluded] module "%s" excluded for shim %S, API "%s!%s", because it is not in the include list (MODE: EA).
[SeiIsExcluded] module "%s" excluded for shim %S, API "%s!#%d", because it is not in the include list (MODE: EA).
[SeiIsExcluded] module "%s" excluded for shim %S, API "%s!#%d", because it is not in the include list (MODE: EA).
[SeiIsExcluded] Module "%s" excluded for shim %S, API "%s!%s", because it is in the exclude list (MODE: IA).
[SeiIsExcluded] Module "%s" excluded for shim %S, API "%s!%s", because it is in the exclude list (MODE: IA).
[SeiIsExcluded] Module "%s" excluded for shim %S, API "%s!#%d", because it is in the exclude list (MODE: IA).
[SeiIsExcluded] Module "%s" excluded for shim %S, API "%s!#%d", because it is in the exclude list (MODE: IA).
[SeiHookImports] Failed 0x%X to change protection to PAGE_READWRITE. Addr 0x%p
[SeiHookImports] Failed 0x%X to change protection to PAGE_READWRITE. Addr 0x%p
[SeiHookImports] Failed to change back the protection
[SeiHookImports] Failed to change back the protection
[SeiHookImports] Hooking API "%s!%s" for DLL "%s"
[SeiHookImports] Hooking API "%s!%s" for DLL "%s"
[SeiHookImports] Hooking API "%s!#%d" for DLL "%s"
[SeiHookImports] Hooking API "%s!#%d" for DLL "%s"
[SeiHookImports] Hooking module 0x%p "%s"
[SeiHookImports] Hooking module 0x%p "%s"
[SeiHookImports] Cannot convert "%S" to ANSI
[SeiHookImports] Cannot convert "%S" to ANSI
[SeiBuildGlobalInclList] Failed to allocate %d bytes
[SeiBuildGlobalInclList] Failed to allocate %d bytes
[SeiBuildGlobalInclList] 0x%X Cannot convert UNICODE "%S" to ANSI
[SeiBuildGlobalInclList] 0x%X Cannot convert UNICODE "%S" to ANSI
[SeiBuildGlobalInclList] EXE name used in the global exclusion list!
[SeiBuildGlobalInclList] EXE name used in the global exclusion list!
[SeiBuildInclExclListForShim] Failed to allocate %d bytes
[SeiBuildInclExclListForShim] Failed to allocate %d bytes
[SeiBuildInclExclListForShim] 0x%X Cannot convert UNICODE "%S" to ANSI
[SeiBuildInclExclListForShim] 0x%X Cannot convert UNICODE "%S" to ANSI
[SeiBuildInclExclListForShim] EXE name resolved to "%S".
[SeiBuildInclExclListForShim] EXE name resolved to "%S".
[SeiCopyGlobalInclList] (2) Failed to allocate %d bytes
[SeiCopyGlobalInclList] (2) Failed to allocate %d bytes
[SeiCopyGlobalInclList] (1) Failed to allocate %d bytes
[SeiCopyGlobalInclList] (1) Failed to allocate %d bytes
[SeiBuildInclListWithOneModule] Failed to allocate %d bytes
[SeiBuildInclListWithOneModule] Failed to allocate %d bytes
verifier.dll
verifier.dll
ntdll.dll
ntdll.dll
kernel32.dll
kernel32.dll