昨天才提醒,今天就有网友点击QQ信息中的网址,中Worm.Viking.pk/Worm.Win32.Viking.jg了

最新推荐文章于 2022-12-05 16:19:15 发布
最新推荐文章于 2022-12-05 16:19:15 发布
阅读量1.4w 收藏
点赞数
分类专栏: 系统安全 文章标签: qq microsoft c windows system service
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/Purpleendurer/article/details/1535711
版权

endurer 原创

2007-03-20 第1版 

昨天才提醒大家小心QQ信息中的网址会传播维金/Viking等病毒:

小心QQ信息中的网址传播维金Worm.Win32.Viking.ix/Worm.Viking.pg
http://endurer.bokee.com/6171794.html
http://blog.csdn.net/Purpleendurer/archive/2007/03/19/1534201.aspx
http://blog.sina.com.cn/u/49926d91010007zy
http://blog.i0778.com/?1314/action_viewspace_itemid_2795.html

想不到今天就有一位网友中标了。N多病毒,偶都不愿打包了。

 pe_xscan  和 HijackThis 的log中也只包含了其中的一部分而已。

先把pe_xscan  和 HijackThis 的log。明天再细述。

pe_xscan 07-03-17 by Purple Endurer
2007-3-20 17:0:26
Windows XP Service Pack 1(5.1.2600)
管理员用户组
[System Process] * 0
    C:/Documents and Settings/Administrator/Local Settings/Temporary Internet Files/Content.IE5/HZBCNCMU/3[1].exe | 2007-3-20 16:47:34
    C:/Program Files/Internet Explorer/PLUGINS/SystemKb.sys | 2007-3-18 8:24:20
    C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
    C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/LgSy0.dll | 2003-3-15 0:0:0
    C:/WINDOWS/System32/Qqzos.dll | 2003-3-15 0:0:0
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/LgSy1.dll | 2003-3-15 0:0:0
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Rav30.dll | 2003-3-15 0:0:0
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Msxo0.dll | 2003-3-15 0:0:0
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/LgSy0r.dll | 2003-3-15 0:0:0
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Gjzo0.dll | 2003-3-15 0:0:0
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Rav20.dll | 2003-3-15 0:0:0
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Wmzo0.dll | 2003-3-15 0:0:0
C:/WINDOWS/system32/svchost.exe * 840 | 2003-3-15 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.0 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.0 (xpclient.010817-1148) | Microsoft Corporation| ? | svchost.exe | svchost.exe
    C:/WINDOWS/System32/cdnns.dll | 2007-3-20 10:47:16 | CNNIC cdnns | 2, 0, 0, 0 | cdnns | Copyright ? 2005 | 2, 0, 0, 0 | CNNIC |  | cdnns | cdnns.dll
C:/WINDOWS/Explorer.exe * 1396 | 2003-3-15 0:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2800.1106 | Windows Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2800.1106 (xpsp1.020828-1920) | Microsoft Corporation| ? | explorer | EXPLORER.EXE
    C:/Program Files/Common Files/Microsoft Shared/MSINFO/NewInfo.rxk | 2007-3-20 15:16:42
    C:/Program Files/Internet Explorer/PLUGINS/SystemKb.sys | 2007-3-18 8:24:20
    C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
    C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
    C:/Program Files/Internet Explorer/IEXPLORE.win | 2007-3-20 15:9:36
    C:/WINDOWS/System32/ntd11.dll | 2007-3-19 14:16:54 |  | 1.0.0.0 |  |  | 1.1.1.150 |  |  |  |
    C:/WINDOWS/System32/cdnns.dll | 2007-3-20 10:47:16 | CNNIC cdnns | 2, 0, 0, 0 | cdnns | Copyright ? 2005 | 2, 0, 0, 0 | CNNIC |  | cdnns | cdnns.dll

    C:/Program Files/Thunder Network/Thunder/ComDlls/XunLeiBHO_006.dll | 2006-11-24 0:42:22 | XunLeiBHO Module | 5, 0, 0, 3 | XunLeiBHO | Copyright 2004-2006 | 5, 0, 0, 3 | Thunder Networking Technologies,LTD |  | XunLeiBHO | XunLeiBHO.dll
    C:/Program Files/Thunder Network/Thunder/ComDlls/ThunderAgent_005.dll | 2006-11-6 16:56:50 | ThunderAgent Module | 1, 0, 0, 11 | ThunderAgent Module | Copyright 2005-2006 | 1, 0, 0, 11 | Thunder Networking Technologies,LTD |  | ThunderAgent | ThunderAgent.DLL
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/LgSy0.dll | 2003-3-15 0:0:0
    C:/WINDOWS/System32/Qqzos.dll | 2003-3-15 0:0:0
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/LgSy1.dll | 2003-3-15 0:0:0
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Rav30.dll | 2003-3-15 0:0:0
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Msxo0.dll | 2003-3-15 0:0:0
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Rav20.dll | 2003-3-15 0:0:0
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Gjzo0.dll | 2003-3-15 0:0:0
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/LgSy0r.dll | 2003-3-15 0:0:0
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Wmzo0.dll | 2003-3-15 0:0:0
    C:/PROGRA~1/一起搜/tbu08947/tbhelper.dll | 2007-3-19 14:35:16 | IE Toolbar | 3.0.1.0 | IE Toolbar Helper Module | Copyright ? 2001-2007. All rights reserved. | 3, 0, 1, 56 |  |  | tbhelper | tbhelper.dll

C:/WINDOWS/System32/conime.exe * 1876 | 2003-3-15 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.1106 | Console IME | ? Microsoft Corporation. All rights reserved. | 5.1.2600.1106 (xpsp1.020828-1920) | Microsoft Corporation| ? | Console | CONIME.EXE
    C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
    C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
    C:/Program Files/Internet Explorer/PLUGINS/SystemKb.sys | 2007-3-18 8:24:20
C:/WINDOWS/System32/ctfmon.exe * 1940 | 2003-3-15 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.1106 | CTF Loader | ? Microsoft Corporation. All rights reserved. | 5.1.2600.1106 (xpsp1.020828-1920) | Microsoft Corporation| ? | CTFMON | CTFMON.EXE
    C:/Program Files/Internet Explorer/PLUGINS/SystemKb.sys | 2007-3-18 8:24:20
    C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
    C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
C:/WINDOWS/servicer.exe * 952 | 2003-3-15 0:0:0
    C:/WINDOWS/servicer.exe | 2003-3-15 0:0:0
    C:/WINDOWS/System32/Qqzos.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/byetmr.exe * 1696 | 2007-3-20 16:48:52 | Microsoft(R) Windows(R) Operating System | 5.1.2600.0 | Windows Calculator application file | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.0 (xpclient.010817-1148) | Microsoft Corporation| ? | CALC | CALC.EXE
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/byetmr.exe | 2007-3-20 16:48:52 | Microsoft(R) Windows(R) Operating System | 5.1.2600.0 | Windows Calculator application file | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.0 (xpclient.010817-1148) | Microsoft Corporation| ? | CALC | CALC.EXE
    C:/Program Files/Internet Explorer/PLUGINS/SystemKb.sys | 2007-3-18 8:24:20
    C:/WINDOWS/System32/cdnns.dll | 2007-3-20 10:47:16 | CNNIC cdnns | 2, 0, 0, 0 | cdnns | Copyright ? 2005 | 2, 0, 0, 0 | CNNIC |  | cdnns | cdnns.dll
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/packet.dll | 2007-3-20 16:48:52 | WinPcap low level packet library | 3, 1, 0, 27 | Packet | Copyright ? 1999-2005 NetGroup, Politecnico di Torino. Copyright ? 2005 CACE Technologies | 3, 1, 0, 27 | CACE Technologies |  | Packet | Packet.dll
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/WanPacket.dll | 2007-3-20 16:48:52 | WinPcap low level NetMon wrapper library | 3, 1, 0, 27 | WanPacket | Copyright ? 2005 CACE Technologies. Copyright ? 2003-2005 NetGroup, Politecnico di Torino. | 3, 1, 0, 27 | CACE Technologies |  | WanPacket | WanPacket.dll
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/NPPTools.dll | 2007-3-20 16:48:52 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | NPP Tools Helper DLL | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | NPPTools.DLL | NPPTools.DLL
    C:/WINDOWS/System32/npp/ndisnpp.dll | 2003-3-15 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.1106 | Network Monitor NDIS Network Packet Provider | ? Microsoft Corporation. All rights reserved. | 5.1.2600.1106 (xpsp1.020828-1920) | Microsoft Corporation| ? | NDISNPP.DLL | NDISNPP.DLL
    C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
    C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/sl.exe * 1908 | 2007-3-20 16:49:2
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/sl.exe | 2007-3-20 16:49:2
    C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
    C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
C:/WINDOWS/System32/SVCH0ST.EXE * 1128 | 2003-3-15 0:0:0
    C:/WINDOWS/System32/SVCH0ST.EXE | 2003-3-15 0:0:0
    C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
    C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
C:/Program Files/Internet Explorer/IEXPLORE.EXE * 240 | 2003-3-15 8:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2800.1106 | Internet Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2800.1106 (xpsp1.020828-1920) | Microsoft Corporation| ? | iexplore | IEXPLORE.EXE
    C:/WINDOWS/System32/cdnns.dll | 2007-3-20 10:47:16 | CNNIC cdnns | 2, 0, 0, 0 | cdnns | Copyright ? 2005 | 2, 0, 0, 0 | CNNIC |  | cdnns | cdnns.dll
    C:/Program Files/Common Files/System/ado/msado15.dll | 2003-3-15 8:0:0 | Microsoft Data Access Components | 2.71.9030.0 | Microsoft Data Access - ActiveX Data Objects | Copyright ? Microsoft Corp. 1993-2001 | 2.71.9030.0 | Microsoft Corporation | Windows(TM) is a trademark of Microsoft Corporation.  Microsoft? is a registered trademark of Microsoft Corporation | ADO15 | msado15.dll
    C:/Program Files/Common Files/Microsoft Shared/MSINFO/NewInfo.rxk | 2007-3-20 15:16:42
    C:/Program Files/Internet Explorer/PLUGINS/SystemKb.sys | 2007-3-18 8:24:20
    C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
    C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
    C:/Program Files/Internet Explorer/IEXPLORE.win | 2007-3-20 15:9:36
C:/WINDOWS/System32/ctfmon.exe * 308 | 2003-3-15 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.1106 | CTF Loader | ? Microsoft Corporation. All rights reserved. | 5.1.2600.1106 (xpsp1.020828-1920) | Microsoft Corporation| ? | CTFMON | CTFMON.EXE
    C:/Program Files/Common Files/Microsoft Shared/MSINFO/NewInfo.rxk | 2007-3-20 15:16:42
C:/WINDOWS/Logo1_.exe * 740 | 2007-3-20 16:56:50
    C:/WINDOWS/Logo1_.exe | 2007-3-20 16:56:50
    C:/Program Files/Internet Explorer/PLUGINS/SystemKb.sys | 2007-3-18 8:24:20
    C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
    C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/~I7PRUGI1VAC.CoM * 988 | 2007-3-20 16:57:0
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/~I7PRUGI1VAC.CoM | 2007-3-20 16:57:0
    C:/Program Files/Common Files/Microsoft Shared/MSINFO/NewInfo.rxk | 2007-3-20 15:16:42
C:/WINDOWS/system32/notepad.exe * 1236 | 2003-3-15 0:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.0 | 记事本 | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.0 (xpclient.010817-1148) | Microsoft Corporation| ? | Notepad | NOTEPAD.EXE
    C:/Program Files/Internet Explorer/PLUGINS/SystemKb.sys | 2007-3-18 8:24:20
    C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
    C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Wmzo0.dll | 2003-3-15 0:0:0
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/LgSy0r.dll | 2003-3-15 0:0:0
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Gjzo0.dll | 2003-3-15 0:0:0
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Rav20.dll | 2003-3-15 0:0:0
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Msxo0.dll | 2003-3-15 0:0:0
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Rav30.dll | 2003-3-15 0:0:0
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/LgSy1.dll | 2003-3-15 0:0:0
    C:/WINDOWS/System32/Qqzos.dll | 2003-3-15 0:0:0
    C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/LgSy0.dll | 2003-3-15 0:0:0

R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:/PROGRA~1/一起搜/tbu08947/tbhelper.dll
F2 - REG:system.ini: Shell=Explorer.exe realshed.exe
F2 - REG:system.ini: UserInit=C:/WINDOWS/system32/userinit.exe,rundll32.exe C:/WINDOWS/System32/winsys16_070319.dll start

O2 - BHO CAdLogic Object - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:/Program Files/Common Files/CPUSH/cpush.dll
O2 - BHO Cbho Object - {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} - C:/PROGRA~1/CNNIC/Cdn/cdndrag.dll
O2 - BHO Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:/Documents and Settings/All Users/Application Data/Microsoft/PCTools/pctools.dll
O2 - BHO C:/Documents and Settings/All Users/Application Data/Microsoft/PCTools/pctools.dll - {5B02EBA1-EFDD-477D-A37F-05383165C9C0} -
O2 - BHO CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:/PROGRA~1/CNNIC/Cdn/cdnforie.dll
O2 - BHO IEExt Class - {634539A8-7FA8-45E2-8DC3-253AF98548A1} - C:/WINDOWS/system/MFS0FT.DLL
O2 - BHO 实用搜索 - {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} - C:/Program Files/superutilbar/superutilbar.dll
O2 - BHO HrefRedirect Class - {74BC093A-540E-4340-897B-4653A8EB2F47} - C:/WINDOWS/System32/mslink/mslink.dll
O2 - BHO SysShellKernel Class - {E04B27AA-3973-4D68-8F42-B7C2FC8C6CF7} - C:/WINDOWS/System32/SysShellKernel.dll
O2 - BHO WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:/PROGRA~1/CNNIC/Cdn/wmhlpr.dll
O2 - BHO TBSB04694 Class - {F943309C-4AF4-4D85-8064-FD20184B99EA} - C:/PROGRA~1/一起搜/tbu08947/cneqiso.dll

O3 - IE工具栏: 实用搜索工具条2.0 - {03465FF5-00AE-411a-9C34-960ED566EC03} - C:/Program Files/superutilbar/superutilbar.dll
O3 - IE工具栏:  - {5558D3F3-87EB-4335-BE71-C6E8E468D166} - C:/Program Files/一起搜/tbu08947/cneqiso.dll


O4 - HKCR/../Run: [ST0RMSetEx] C:/WINDOWS/System32/rundll32.exe C:/WINDOWS/system/AV1CAP.dll,Run
O4 - HKCR/../Run: [svc] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/byetmr.exe
O4 - HKCR/../Run: [ravshell] C:/WINDOWS/System32/SVCH0ST.EXE
O4 - HKCR/../Run: [uv4vmwwc0] C:/WINDOWS/servicea.exe
O4 - HKCR/../Run: [miie7b7y1t51my] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/winlog0n.exe
O4 - HKCR/../Run: [r9k5] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/iexpl0re.exe
O4 - HKCR/../Run: [hvygr0xm] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Servere.exe
O4 - HKCR/../Run: [v55rkqmt6qgx4] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/crasos.exe
O4 - HKCR/../Run: [c7kx] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/rundl132.exe
O4 - HKCR/../Run: [e5dms3e6] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/c0nime.exe
O4 - HKCR/../Run: [1hg1t6] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/iexp1ore.exe
O4 - HKCR/../Run: [2969suv11ri9] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/cftmon.exe
O4 - HKLM/../Run: [System] C:/Program Files/Common Files/System/Updaterun.exe
O4 - HKLM/../Run: [CdnCtr] C:/Program Files/CNNIC/Cdn/cdnup.exe
O4 - HKLM/../Run: [load] C:/WINDOWS/uninstall/rundl132.exe
O4 - HKLM/../Run: [wtsttrs] C:/WINDOWS/wtsttrs.exe
O4 - HKLM/../Run: [cmdbgcs] C:/WINDOWS/cmdbgcs.exe
O4 - HKLM/../Run: [mppds] C:/WINDOWS/mppds.exe
O4 - HKLM/../Run: [msccrt] C:/WINDOWS/msccrt.exe
O4 - HKLM/../Run: [mhs3] C:/WINDOWS/mhs3.exe
O4 - HKLM/../Run: [cmdbcs] C:/WINDOWS/cmdbcs.exe
O4 - HKLM/../Run: [upxdnd] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/TIMPLATF0RM.exe
O4 - HKLM/../Run: [wgs3] C:/WINDOWS/wgs3.exe
O4 - HKLM/../Run: [wsttrs] C:/WINDOWS/wsttrs.exe
O4 - HKLM/../Run: [FYNEWS] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/sl.exe

O4 - Global Startup: WanSo.lnk ->

O8 - IE右键菜单附加项 : 访问通用网址 - C:/Program Files/CNNIC/Cdn/cnnic.htm

O21 - SSODL - nvwi(Windows nvwi Theme) - {D0A6302C-859C-471E-9082-6B865C0ACAA2} = C:/PROGRA~1/muvh/nvwi.dll

O23 - 服务: 7A04BC6 (7A04BC6) - C:/WINDOWS/System32/7A04BC6.EXE -service | 2007-3-20 14:59:36 | Microsoft(R) Windows(R) Operating System | 5.2.3790.1830 | ASN.2 Runtime APIs | (C) Microsoft Corporation. All rights reserved. | 5.2.3790.1830 | Microsoft Corporation| ?| ?| ?(自动)

O23 - 服务: bcjhjgfi (bcjhjgfi) - system32/drivers/bcjhjgfi.sys(引导)

O23 - 服务: bkvtszv () - C:/WINDOWS/System32/svchost.exe -k netsvcs -> C:/PROGRA~1/COMMON~1/okvtyzv/okvtyzv.dll | 2007-3-20 10:50:36 |  | 2, 8, 0, 1 |  |  | 2, 8, 0, 1 |   |  |  | (自动)

O23 - 服务: cdnprot (cdnprot) - system32/drivers/cdnprot.sys | 中文上网官方版 | 2, 4, 0, 27 | Driver Device | Copyright (c) . All rights reserved. | 2.4.0.27 | 中国互联网络信息中心(CNNIC)| ? | cdnprot.sys | cdnprot.sys(引导)

O23 - 服务: cdntran (cdntran) - system32/drivers/cdntran.sys | CNNIC cdntran | 2, 6, 0, 0 | cdntran | Copyright ? 2005 | 2, 6, 0, 0 | CNNIC |  | cdntran | cdntran.sys(自动)

O23 - 服务: D0622BED (D0622BED) - C:/WINDOWS/System32/D0622BED.EXE -service | 2007-3-20 15:1:2 | Microsoft(R) Windows(R) Operating System | 5.2.3790.1830 | ASN.2 Runtime APIs | (C) Microsoft Corporation. All rights reserved. | 5.2.3790.1830 | Microsoft Corporation| ?| ?| ?(自动)

O23 - 服务: MOBILL (Windows Install Helper) - C:/WINDOWS/SYSTEM32/RUNDLL2000.EXE C:/WINDOWS/SYSTEM32/WBEM/OZCJI.DLL,Export 1087(自动)

O23 - 服务: Navoct () - C:/WINDOWS/System32/svchost.exe -k netsvcs -> C:/Program Files/iesnap/navoct.dll | 2007-3-12 10:28:46 | NAVOCT | 1, 0, 1, 1 | NAVOCT Module | Copyright 2006 | 1, 0, 1, 1 |   |  | NAVOCT | NAVOCT.DLL(自动)

O23 - 服务: Net Event (Net Event) - C:/WINDOWS/system32/netevent.exe | 2007-3-20 10:46:44(自动)

O23 - 服务: NPF (Netgroup Packet Filter) - System32/DRIVERS/npf.sys | WinPcap Netgroup Packet Filter Driver | 3, 1, 0, 27 | npf | Copyright ? 2005 CACE Technologies. Copyright ? 2003-2005 NetGroup, Politecnico di Torino. | 3, 1, 0, 27 | CACE Technologies |  | NPF + TME  | npf.sys(手动)

O23 - 服务: pxyk (Std pxyk Service) - C:/WINDOWS/System32/rundll32.exe C:/PROGRA~1/hptc/usdp.dll,Service -s(自动)

O23 - 服务: REM0TEREGISTRY (REM0TE REGISTRY) - C:/WINDOWS/system/REM0REG.EXE | 2007-3-20 10:45:38(自动)

O23 - 服务: WebPrint (WebPrint) - c:/windows/system32/webprint.exe | 2007-3-20 15:7:20 | Microsoft Web Printer | 5.2600.2180 | Microsoft Web Printer | C) Microsoft Corporation. All rights reserved. | 5.2600.2180 | Microsoft Corporation| ? | WEBPNT | WEBPNT.EXE(自动)

O23 - 服务: Windows Login (Windows Login) - C:/WINDOWS/System32/mslogin.exe | 2007-3-20 10:46:38(自动)

O24 - [] - {A6011F8F-A7F8-49AA-9ADA-49127D43138F} = C:/Program Files/Common Files/Microsoft Shared/MSINFO/NewInfo.rxk
O24 - [] - {754FB7D8-B8FE-4810-B363-A788CD060F1F} = C:/Program Files/Internet Explorer/PLUGINS/SystemKb.sys
O24 - [] - {99F1D023-7CEB-4586-80F7-BB1A98DB7602} = C:/Program Files/Internet Explorer/IEXPLORE.Sys
O24 - [] - {FEB94F5A-69F3-4645-8C2B-9E71D270AF2E} = C:/Program Files/Internet Explorer/IEXPLORE.Dat
O24 - [] - {923509F1-45CB-4EC0-BDE0-1DED35B8FD60} = C:/Program Files/Internet Explorer/IEXPLORE.win

***************************

Logfile of HijackThis v1.99.1
Scan saved at 18:20:11, on 2007-3-20
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINDOWS/System32/SVCH0ST.EXE

R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:/PROGRA~1/一起搜/tbu08947/tbhelper.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe realshed.exe
F2 - REG:system.ini: UserInit=C:/WINDOWS/system32/userinit.exe,rundll32.exe C:/WINDOWS/System32/winsys16_070319.dll start
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:/Program Files/Common Files/CPUSH/cpush.dll
O2 - BHO: CNNIC 网络工具Drag - {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} - C:/PROGRA~1/CNNIC/Cdn/cdndrag.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:/Documents and Settings/All Users/Application Data/Microsoft/PCTools/pctools.dll
O2 - BHO: (no name) - {5B02EBA1-EFDD-477D-A37F-05383165C9C0} - (no file)
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:/PROGRA~1/CNNIC/Cdn/cdnforie.dll
O2 - BHO: IEExt Class - {634539A8-7FA8-45E2-8DC3-253AF98548A1} - C:/WINDOWS/system/MFS0FT.DLL
O2 - BHO: 实用搜索 - {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} - C:/Program Files/superutilbar/superutilbar.dll
O2 - BHO: mslogin linker - {74BC093A-540E-4340-897B-4653A8EB2F47} - C:/WINDOWS/System32/mslink/mslink.dll
O2 - BHO: SysShellKernel - {E04B27AA-3973-4D68-8F42-B7C2FC8C6CF7} - C:/WINDOWS/System32/SysShellKernel.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:/PROGRA~1/CNNIC/Cdn/wmhlpr.dll
O2 - BHO: TBSB04694 - {F943309C-4AF4-4D85-8064-FD20184B99EA} - C:/PROGRA~1/一起搜/tbu08947/cneqiso.dll (file missing)
O3 - Toolbar: 实用搜索工具条2.0 - {03465FF5-00AE-411a-9C34-960ED566EC03} - C:/Program Files/superutilbar/superutilbar.dll
O3 - Toolbar: 一起搜 - {5558D3F3-87EB-4335-BE71-C6E8E468D166} - C:/Program Files/一起搜/tbu08947/cneqiso.dll (file missing)
O4 - HKLM/../Run: [System] C:/Program Files/Common Files/System/Updaterun.exe
O4 - HKLM/../Run: [CdnCtr] C:/Program Files/CNNIC/Cdn/cdnup.exe
O4 - HKLM/../Run: [load] C:/WINDOWS/uninstall/rundl132.exe
O4 - HKLM/../Run: [wtsttrs] C:/WINDOWS/wtsttrs.exe
O4 - HKLM/../Run: [cmdbgcs] C:/WINDOWS/cmdbgcs.exe
O4 - HKLM/../Run: [mppds] C:/WINDOWS/mppds.exe
O4 - HKLM/../Run: [msccrt] C:/WINDOWS/msccrt.exe
O4 - HKLM/../Run: [mhs3] C:/WINDOWS/mhs3.exe
O4 - HKLM/../Run: [cmdbcs] C:/WINDOWS/cmdbcs.exe
O4 - HKLM/../Run: [upxdnd] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/TIMPLATF0RM.exe
O4 - HKLM/../Run: [wgs3] C:/WINDOWS/wgs3.exe
O4 - HKLM/../Run: [wsttrs] C:/WINDOWS/wsttrs.exe
O4 - HKLM/../Run: [FYNEWS] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/sl.exe
O4 - HKLM/../Run: [spoel] C:/Program Files/Internet Explorer/spoel.exe
O4 - HKCU/../Run: [ST0RMSetEx] C:/WINDOWS/System32/rundll32.exe C:/WINDOWS/system/AV1CAP.dll,Run
O4 - HKCU/../Run: [svc] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/byetmr.exe
O4 - HKCU/../Run: [ravshell] C:/WINDOWS/System32/SVCH0ST.EXE
O4 - HKCU/../Run: [uv4vmwwc0] C:/WINDOWS/servicea.exe
O4 - HKCU/../Run: [miie7b7y1t51my] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/winlog0n.exe
O4 - HKCU/../Run: [r9k5] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/iexpl0re.exe
O4 - HKCU/../Run: [hvygr0xm] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Servere.exe
O4 - HKCU/../Run: [v55rkqmt6qgx4] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/crasos.exe
O4 - HKCU/../Run: [c7kx] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/rundl132.exe
O4 - HKCU/../Run: [e5dms3e6] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/c0nime.exe
O4 - HKCU/../Run: [1hg1t6] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/iexp1ore.exe
O4 - HKCU/../Run: [2969suv11ri9] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/cftmon.exe
O4 - Global Startup: WanSo.lnk = ?

O8 - Extra context menu item: 访问通用网址 - C:/Program Files/CNNIC/Cdn/cnnic.htm
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:/Program Files/Thunder Network/Thunder/Thunder.exe
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:/PROGRA~1/CNNIC/Cdn/cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:/PROGRA~1/CNNIC/Cdn/cdnforie.dll
O10 - Unknown file in Winsock LSP: c:/windows/system32/cdnns.dll
O11 - Options group: [CDNCLIENT]  中文上网
O21 - SSODL: nvwi - {D0A6302C-859C-471E-9082-6B865C0ACAA2} - C:/PROGRA~1/muvh/nvwi.dll
O23 - Service: 7A04BC6 - Unknown owner - C:/WINDOWS/System32/7A04BC6.EXE (file missing)
O23 - Service: D0622BED - Unknown owner - C:/WINDOWS/System32/D0622BED.EXE (file missing)
O23 - Service: sdhcvs (edfscv) - Unknown owner - C:/WINDOWS/System32/fgdfsdf.exe (file missing)
O23 - Service: KXAgent Service (KXAgentService) - SmartDove - C:/Program Files/LLJAgent/KXAgentS.exe

O23 - Service: Net Event - Unknown owner - C:/WINDOWS/system32/netevent.exe
O23 - Service: REM0TE REGISTRY (REM0TEREGISTRY) - Unknown owner - C:/WINDOWS/system/REM0REG.EXE

O23 - Service: Messaging (Remote Procedure) - Unknown owner - C:/WINDOWS/system32/explorcr.exe

O23 - Service: Service Transaction Provisioning (Transaction_Service) - Unknown owner - C:/WINDOWS/System32/explorer.exe
O23 - Service: Windows Login - Unknown owner - C:/WINDOWS/System32/mslogin.exe
O23 - Service: Windows Management Instrumentation Driver (WMID) - Unknown owner - C:/WINDOWS/System32/wmid.exe

 

紫郢剑侠
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论
专栏目录
收藏网址
u011569805的专栏
11-05 79万+
It will be read and overwritten.      DO NOT EDIT! --> Bookmarks Bookmarks     书签栏             桌面支持心         从 IE 导入                     桌面支持心             入职                    
常见列表
u013039658的博客
08-05 4754
id_list = [ '2Arubu', '2Aynsj', '2By14l', '2Bz00f', '2C2YwV', '2D3QBI', '2DryFG', '2f5pV1', '2f8mwg', '2fahYF', '2FcsKV', '2feYl7', '2FFC1s', '...
某音直播协议实现技术探讨
南天的专栏
06-09 9510
第一步:XG算法实现 此算法的实现稍微复杂,不在此篇做讲解,有了xg算法才能进入直播间、进行互动等。 第二步:查找进入API 通过抓包可以看到,进入某个直播的API如下 https://webcast3-normal-c-hl.amemv.com/webcast/room/enter/ URL是一些基本的设备参数信息,抓包即可看到。 上代码 import requests sid_guard = 'xxx' room_id = '6836.........
cxf异常之 Could not load extension class org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl.
高新富的博客
11-12 4005
1.异常描述 log4j:WARN No appenders could be found for logger (org.springframework.test.context.junit4.SpringJUnit4ClassRunner). log4j:WARN Please initialize the log4j system properly. log4j:WARN See http:...
ConstraintLayout约束布局
shenglong0210的博客
05-17 12万+
ConstraintLayout约束布局 目录 前言 为什么用ConstraintLayout 如何使用ConstraintLayout 添加依赖 相对定位 角度定位 边距 居和偏移 尺寸约束 链 辅助工具 Optimizer Barrier Group Placeholder Guideline 总结 前言 ConstraintLayout是Google在API9的时候推出的新...
JVM学习心得
edwer93的博客
12-05 2万+
线程共享:定义一个变量或者一个方法,多线程都可以同时访问、修改这个方法或者变量线程隔离:就是数据不能被多个线程同时访问,某些数据只属于一个线程运行时数据区分为:方法区,堆,虚拟机栈、本地方法栈、程序计数器。线程共享区域:方法区、堆、线程隔离区域:虚拟机栈、本地方法栈、程序计数器[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-b42ArFw3-1670228302118)(…/img/image-20220803131355189.png)]类加载:JDK编译java文件后的cl
net.worm.win32.kido专杀工具
06-25
2、从系统注册表项删除如下所示"%System%\<rnd>.dll": [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "netsvcs" 3、重新启动计算机。 4、删除蠕虫文件(位置取决于恶意程序如何侵入计算机) 。 ...
Termite-Beta1.0跳板机_WORM_SameSame_termite_Termite.exe_
10-02
Termite .....same as worm..... Penetrate server
Net-Worm.Win32.Kido.ih 专杀工具
06-07
微软网站上不去 说明毒了,可以用此工具杀一下
delphi Email-Worm.Win32.Canbis
05-02
delphi Email-Worm.Win32.Canbis
安全相关-病毒防治-瑞星威金Worm.Viking病毒专杀工具 v1.6.zip
09-15
网络-计算机-安全相关
深度学习模型压缩方法(1)-----综述
微信号:Custom-Software
04-30 1488
展开 1.研究背景 对模型预测精度无明显影响 压缩模型的参数数量、深度来降低模型空间复杂度 全连接层参数多,模型大小由全连接层主导 不显著提高训练时间复杂度,降低预测时间复杂度(计算量) 卷积层计算量大,计算代价由卷积操作主导 2.方法 2.1.更精细模型的设计 Aggregated Residual Transformations for Deep Neural Netwo...
P2P 之 UDP穿透NAT的原理与实现(附源代码)
zqf_office的专栏
05-08 1139
论坛上经常有对P2P原理的讨论,但是讨论归讨论,很少有实质的东西产生(源代码)。呵呵,在这里我就用自己实现的一个源代码来说明UDP穿越NAT的原理。 首先先介绍一些基本概念:     NAT(Network Address Translators),网络地址转换:网络地址转换是在IP地址日益缺乏的情况下产生的,它的主要目的就是为了能够地址重用。NAT分为两大类,基本的NAT和NAPT(Netw
单链表上的直接插入排序
07-16 5111
void InsertSort(List* lst) { Node *unsorted, *sorted, *p, *q; if (lst->First != NULL) { /*判断空链表*/ sorted = lst->First; // sorted首先 指向第一个结
base64在html页面显示图片的方式
hanpenghu的博客
04-01 4万+
<img src='data:image/png;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAIBAQEBAQIBAQECAgICAgQDAgICAgUEBAMEBgUGBgYF BgYGBwkIBgcJBwYGCAsICQoKCgoKBggLDAsKDAkKCgr/2wBDAQICAgICAgUDAwUKBwYHCgoKCgoK CgoKCgoKCgo...
cxjky.com forum.php,webshell/xiao.php.txt at master · tennc/webshell · GitHub
热门推荐
weixin_29054399的博客
03-11 18万+
eval(gzuncompress(base64_decode("eJzsvfl3G8eROP6z/J7/h9GYK4AmiIP3IVDiTUq8RJA6qceHY0BABDDQAOAhW/u/MNpNvLJ2I0qkLoq6SJsUZVEUSUmOnnP4WCeO1slGzsd2rDjvW9XHTA8wACnFye7nky9tkUAf1dXV1dXV1dXViqap2rCmJFUtHU2M2Ku...
HTML教程
qq_66274152的博客
10-08 14万+
HTML教程
Python_2018-11-27_机器视觉——百度人脸识别
DONG_LIN_2019的博客
11-27 13万+
# python3.4 # json模块 传递数据 # requests url模块 # base64 编码数据 import json import requests import base64 # def get_token(): host = "https://aip.baidubce.com/oauth/2.0/token?grant_type=client_credent...
JAX-WS规范(SOAP)的CXF开发客户端运行报错
qq_35225231的博客
10-22 994
10:10:16,371  INFO DefaultTestContextBootstrapper:258 - Loaded default TestExecutionListener class names from location [META-INF/spring.factories]: [org.springframework.test.context.web.ServletTestExe
Worm.wantjob.57345 “求职信”手工清除的方法
最新发布
05-11
Worm.wantjob.57345 是一种恶意软件,它会通过电子邮件或其他方式传播,尝试感染您的计算机。如果您的计算机已经感染了这种恶意软件,您可以采取以下步骤手动清除它: 1. 关闭所有正在运行的程序和文件,并断开与...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

紫郢剑侠

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值