遭遇secuers32.exe,Internet.exe,Explore.exe,pig.vbs,HBKernel.sys,ssqexd.sys等1

最新推荐文章于 2021-10-28 13:54:04 发布
最新推荐文章于 2021-10-28 13:54:04 发布
阅读量2.7k 收藏
点赞数
分类专栏: 系统维护 文章标签: 360 c microsoft windows system 工具
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/Purpleendurer/article/details/2893109
版权

遭遇secuers32.exe,Internet.exe,Explore.exe,pig.vbs,HBKernel.sys,ssqexd.sys等1

 

endurer 原创
2008-09-06 第1

 

  一位朋友说他的电脑开机后提示ctfmon.exe出错,未能进入桌面,黑屏无显示,进入安全模式也一样。请偶帮忙检修。

 

  使用带命令提示符的安全模式启动,还可以登录,运行pe_xscan扫描 log 并分析,发现如下可疑项:

 

/===
pe_xscan 08-07-01 by Purple Endurer 
2008-9-6 10:55:35 
Windows XP Service Pack 2(5.1.2600) 
MSIE:7.0.5730.13 
管理员用户组 
安全模式


C:/WINDOWS/System32/debug.exe * 260 | 2002-10-7 4:0:0


F2 - REG: system.ini: UserInit = <C:/WINDOWS/system32/Userinit.exe,C:/Program Files/Common Files/System/secuers32.exe


O1 - Hosts: 219.235.3.16    search.114.vnet.cn
O1 - Hosts: 219.235.3.16    keyword.vnet.cn
O1 - Hosts: 219.235.3.16    www.360safe.com
O1 - Hosts: 219.235.3.16    www.k369.com
O1 - Hosts: 219.235.3.16    www.5566.net
O1 - Hosts: 219.235.3.16    360safe.com
O1 - Hosts: 202.165.102.243    update.360safe.com
O1 - Hosts: 219.235.3.16    dl.360safe.com
O1 - Hosts: 219.235.3.16    down.360safe.com
O1 - Hosts: 219.235.3.16    bbs.360safe.com
O1 - Hosts: 219.235.3.16    kaba.360safe.com
O1 - Hosts: 219.235.3.16    baike.360safe.com
O1 - Hosts: 219.235.3.16    www.360.cn
O1 - Hosts: 219.235.3.16    360.cn
O1 - Hosts: 219.235.3.16    wopti.360.cn
O1 - Hosts: 202.165.102.243    update.360.cn
O1 - Hosts: 219.235.3.16    dl.360.cn
O1 - Hosts: 219.235.3.16    down.360.cn
O1 - Hosts: 219.235.3.16    bbs.360.cn
O1 - Hosts: 219.235.3.16    kaba.360.cn
O1 - Hosts: 219.235.3.16    baike.360.cn
O1 - Hosts: 219.235.3.16    360.qihoo.com
O1 - Hosts: 219.235.3.16    360safe.qihoo.com
O1 - Hosts: 219.235.3.16    forum.ikaka.com
O1 - Hosts: 219.235.3.16    www.ikaka.com
O1 - Hosts: 202.165.102.243 update.ikaka.com
O1 - Hosts: 219.235.3.16    forum.jiangmin.com
O1 - Hosts: 202.165.102.243 update.jiangmin.com
O1 - Hosts: 202.165.102.243 update.rising.com.cn
O1 - Hosts: 219.235.3.16    online.rising.com.cn
O1 - Hosts: 202.165.102.243 center.rising.com.cn
O1 - Hosts: 219.235.3.16    up.duba.net
O1 - Hosts: 219.235.3.16    vi.duba.net
O1 - Hosts: 219.235.3.16    shadu.baidu.com
O1 - Hosts: 219.235.3.16    du.baidu.com
O1 - Hosts: 219.235.3.16    security.symantec.com
O1 - Hosts: 219.235.3.16    shadu.duba.net
O1 - Hosts: 219.235.3.16    bbs.duba.net
O1 - Hosts: 219.235.3.16    www.duba.net
O1 - Hosts: 219.235.3.16    online.jiangmin.com
O1 - Hosts: 219.235.3.16    cn.mcafee.com
O1 - Hosts: 219.235.3.16    www.ahn.com.cn
O1 - Hosts: 219.235.3.16    www.kaspersky.com.cn
O1 - Hosts: 219.235.3.16    www.pcav.cn
O1 - Hosts: 219.235.3.16    www.luosoft.com
O1 - Hosts: 219.235.3.16    www.im286.com
O1 - Hosts: 219.235.3.16    bbs.htmlman.net
O1 - Hosts: 202.165.102.243 download.rising.com.cn
O1 - Hosts: 202.165.102.243 rsup08.rising.com.cn
O1 - Hosts: 219.235.3.16    10000.286er.com
O1 - Hosts: 219.235.3.16    im286.net
O1 - Hosts: 219.235.3.16    ju.qihoo.com
O1 - Hosts: 219.235.3.16    bbs.chinaz.com
O1 - Hosts: 219.235.3.16    www.qihoo.com
O1 - Hosts: 202.165.102.243 dnl-cn1.kaspersky-labs.com
O1 - Hosts: 202.165.102.243 dnl-cn2.kaspersky-labs.com
O1 - Hosts: 202.165.102.243 dnl-cn3.kaspersky-labs.com
O1 - Hosts: 202.165.102.243 dnl-cn4.kaspersky-labs.com
O1 - Hosts: 202.165.102.243 dnl-cn5.kaspersky-labs.com
O1 - Hosts: 202.165.102.243 dnl-cn6.kaspersky-labs.com
O1 - Hosts: 202.165.102.243 dnl-cn7.kaspersky-labs.com
O1 - Hosts: 202.165.102.243 dnl-cn8.kaspersky-labs.com
O1 - Hosts: 202.165.102.243 dnl-cn9.kaspersky-labs.com
O1 - Hosts: 202.165.102.243 dnl-cn10.kaspersky-labs.com
O1 - Hosts: 202.165.102.243 dnl-cn11.kaspersky-labs.com
O1 - Hosts: 202.165.102.243 dnl-cn12.kaspersky-labs.com
O1 - Hosts: 202.165.102.243 dnl-cn13.kaspersky-labs.com
O1 - Hosts: 202.165.102.243 dnl-cn14.kaspersky-labs.com
O1 - Hosts: 202.165.102.243 dnl-cn15.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-eu1.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-eu2.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-eu3.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-eu4.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-eu5.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-eu6.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-eu7.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-eu8.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-eu9.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-eu10.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-eu11.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-eu12.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-eu13.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-eu14.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-eu15.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-us1.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-us2.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-us3.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-us4.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-us5.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-us6.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-us7.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-us8.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-us9.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-us10.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-us11.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-us12.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-us13.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-us14.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-us15.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-ru1.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-ru2.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-ru3.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-ru4.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-ru5.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-ru6.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-ru7.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-ru8.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-ru9.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-ru10.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-ru11.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-ru12.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-ru13.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-ru14.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-ru15.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-jp1.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-jp2.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-jp3.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-jp4.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-jp5.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-jp6.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-jp7.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-jp8.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-jp9.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-jp10.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-jp11.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-jp12.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-jp13.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-jp14.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-jp15.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-kr1.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-kr2.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-kr3.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-kr4.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-kr5.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-kr6.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-kr7.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-kr8.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-kr9.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-kr10.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-kr11.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-kr12.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-kr13.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-kr14.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-kr15.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-cd1.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-cd2.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-cd3.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-cd4.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-cd5.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-cd6.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-cd7.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-cd8.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-cd9.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-cd10.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-cd11.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-cd12.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-cd13.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-cd14.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    dnl-cd15.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    downloads1.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    downloads2.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    downloads3.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    downloads4.kaspersky-labs.com
O1 - Hosts: 202.165.102.243    downloads5.kaspersky-labs.com
O1 - Hosts: 219.235.3.16       rss.360safe.com
O1 - Hosts: 219.235.3.16       x.360safe.com
O1 - Hosts: 219.235.3.16       d.360safe.com
O1 - Hosts: 219.235.3.16       updatem.360safe.com
O1 - Hosts: 219.235.3.16       softm.360safe.com
O1 - Hosts: 219.235.3.16       zhuansha.duba.net
O1 - Hosts: 219.235.3.16       buy.duba.net
O1 - Hosts: 219.235.3.16       kad.www.duba.net
O1 - Hosts: 219.235.3.16       cu001.www.duba.net
O1 - Hosts: 219.235.3.16       cu002.www.duba.net
O1 - Hosts: 219.235.3.16       cu003.www.duba.net
O1 - Hosts: 219.235.3.16       cu004.www.duba.net
O1 - Hosts: 219.235.3.16       cu005.www.duba.net
O1 - Hosts: 219.235.3.16       cu010.www.duba.net
O1 - Hosts: 219.235.3.16       client.download.duba.net
O1 - Hosts: 219.235.3.16       test.591jx.com
O1 - Hosts: 219.235.3.16       a.topxxxx.cn
O1 - Hosts: 219.235.3.16       picon.chinaren.com
O1 - Hosts: 219.235.3.16       www.5566.net


O2 - BHO CAdLogic Object - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} = C:/Program Files/Common Files/PushWare/cpush1.dll | 2008-9-3 14:38:33| ? | 1.1.0.3| ?| ? | 1.1.0.3| ?| ? | softpush.dll | softpush.dll 
O2 - BHO 网站排名工具条BHO - {489873CE-F3E1-44A3-8E89-04BE26BE4446} = C:/Program Files/zzToolBar/Toolbar_bho.dll | 2008-7-25 11:22:50 | 网站排名工具条 BHO | V02 | 网站排名工具条 BHO | Copyright 2007 | V02 | www.chinarank.org.cn | | Toolbar_bho | Toolbar_bho.DLL 
O4 - HKLM/../Run: [360try] C:/DOCUME~1/rd/LOCALS~1/Temp/Internet.exe
O4 - HKLM/../Run: [HBService]  explore.exe
O4 - HKLM/../RunOnce: [91t4q] %systemroot%/system32/Rundll32.exe %systemroot%/system32/91t4q.dll ,DllUnregisterServer 
O4 - HKLM/../Policies/Explorer/Run: [kcien12]  kncer12.exe
O4 - Startup: 腾讯QQ.lnk -> C:/Program Files/Internet Explorer/Explore.exe
O4 - Global Startup: svchost.exe -> Invalid lnk file


C:/autorun.inf
/-----
[autorun]
open=jzllw.exe
shellexecute=jzllw.exe
shell/Auto/command=jzllw.exe
shell=Auto
-----/
D:/autorun.inf
/-----
[autorun]
open=jzllw.exe
shellexecute=jzllw.exe
shell/Auto/command=jzllw.exe
shell=Auto
-----/ 


O20 - AppInit_DLLs = mcromv.dll,wllame.dll,candayl.dll,eskisl.dll,comboaus.dll,thermaltinc.dll,cxpop.dll,lensch.dll,johandy.dll,catower.dll,qxfel.dll 

O21 - SSODL - dpvvoxmh.dll(9) - {2876D76C-CAAA-4313-AF97-8D1D9A2A1087} = C:/WINDOWS/system32/dpvvoxmh.dll | 2008-9-5 12:48:9 
O21 - SSODL - kbdgrms.dll(7) - {E560642D-A32D-432c-9E7E-9A135CC37E0F} = C:/WINDOWS/system32/kbdgrms.dll | 2008-9-5 16:6:8 
O21 - SSODL - xolehlpjh.dll(8) - {F0930A2F-D971-4828-8209-B7DFD266ED44} = C:/WINDOWS/system32/xolehlpjh.dll | 2008-9-5 12:48:26 
O21 - SSODL - dispexcb.dll(D) - {76D44356-B494-443a-BEDC-AA68DE4255E6} = C:/WINDOWS/system32/dispexcb.dll | 2008-9-5 16:6:25 
O21 - SSODL - vhvyjunk.dll(9) - {21BE5FDF-D4CB-4850-AD99-21E68B50BF3F} = C:/WINDOWS/system32/cbcatdih.dll | 2008-9-5 16:6:38 
O21 - SSODL - lweurqhx.dll(5) - {71A78CD4-E470-4a18-8457-E0E0283DD507} = C:/WINDOWS/system32/lweurqhx.dll | 2008-9-5 12:49:15 
O21 - SSODL - slbiopfs2.dll(B) - {EB9660D8-E1CD-4ff0-B4A9-00CD907F928A} = C:/WINDOWS/system32/slbiopfs2.dll | 2008-9-5 12:49:33 
O21 - SSODL - cliconfgzx.dll(B) - {7A6DF30E-D0F2-446f-B4F0-BF4232D60E07} = C:/WINDOWS/system32/cliconfgzx.dll | 2008-9-5 16:7:29 
O21 - SSODL - bootvidgj.dll(8) - {D3112B69-A745-4805-874E-ABD480EA1299} = C:/WINDOWS/system32/bootvidgj.dll | 2008-9-5 13:8:51 
O21 - SSODL - mstimewd.dll(B) - {65056902-6E7B-4bd7-95BA-688DB5FA5BEB} = C:/WINDOWS/system32/mstimewd.dll | 2008-9-5 13:9:3 
O21 - SSODL - tnczucpf.dll(9) - {21BE5FDF-D4CB-4850-AD99-21E68B50BF3F} = C:/WINDOWS/system32/cbcatdih.dll | 2008-9-5 16:6:38 
O21 - SSODL - cbcatdih.dll(9) - {21BE5FDF-D4CB-4850-AD99-21E68B50BF3F} = C:/WINDOWS/system32/cbcatdih.dll | 2008-9-5 16:6:38 
O21 - SSODL - inetresdxc.dll(8) - {BB4E3499-0132-4d3f-849A-2BE1B26D84E1} = C:/WINDOWS/system32/inetresdxc.dll | 2008-9-5 16:6:51 
O23 - 服务: Apcdli () - C:/Program Files/Microsoft Office/SYSTEM/apcdli.sys (自动) 

O23 - 服务: HBKernel (HBKernel Driver) -  system32/DRIVERS/HBKernel.sys (引导) 
O23 - 服务: mrs5gz7 (mrs5gz7) -  System32/DRIVERS/mrs5gz7.sys (引导) 
O23 - 服务: msiffei () -  System32/Drivers/msiffei.sys | 2008-9-5 7:19:44(手动) 
O23 - 服务: Nessery (Nessery) - C:/WINDOWS/system32/Nessery.sys (手动) 
O23 - 服务: uapkel (uapkel) - C:/WINDOWS/system32/svchost.exe -k uapkel| 2002-10-7 4:0:0 -> C:/WINDOWS/System32/ppgaad.dll | 2002-10-7 4:0:0(自动) 
O23 - 服务: ULSStorage (ULSStorage) - C:/WINDOWS/system32/2973a.exe (自动) 
O23 - 服务: WbWin () - C:/WINDOWS/System32/svchost.exe -k netsvcs | 2002-10-7 4:0:0 -> C:/WINDOWS/avtapit.dll(自动) 
O23 - 服务: Windows (Windows) - C:/WINDOWS/Windows.exe | 2008-8-19 10:3:50(自动) 
O23 - 服务: yapkelqz (yapkelqz) - C:/WINDOWS/system32/drivers/ppgaad.sys (自动) 
O23 - 服务: ylhizu (ylhizu) - C:/WINDOWS/system32/svchost.exe -k ylhizu| 2002-10-7 4:0:0 -> C:/WINDOWS/System32/ssqexd.dll| 2002-10-7 4:0:0(自动) 
O23 - 服务: ylhizukh (ylhizukh) - C:/WINDOWS/system32/drivers/ssqexd.sys | 2002-10-7 4:0:0(自动) 
O24 - ShlExecHook: [7] - {2876D76C-CAAA-4313-AF97-8D1D9A2A1087} = C:/WINDOWS/system32/dpvvoxmh.dll | 2008-9-5 12:48:9 
O24 - ShlExecHook: [F] - {E560642D-A32D-432c-9E7E-9A135CC37E0F} = C:/WINDOWS/system32/kbdgrms.dll | 2008-9-5 16:6:8 
O24 - ShlExecHook: [4] - {F0930A2F-D971-4828-8209-B7DFD266ED44} = C:/WINDOWS/system32/xolehlpjh.dll | 2008-9-5 12:48:26 
O24 - ShlExecHook: [6] - {76D44356-B494-443a-BEDC-AA68DE4255E6} = C:/WINDOWS/system32/dispexcb.dll | 2008-9-5 16:6:25 
O24 - ShlExecHook: [F] - {21BE5FDF-D4CB-4850-AD99-21E68B50BF3F} = C:/WINDOWS/system32/cbcatdih.dll | 2008-9-5 16:6:38 
O24 - ShlExecHook: [C] - {C629FF4F-ACDB-5C90-A098-FACB3456A26C} = C:/WINDOWS/Fonts/lopdfeab.dll | 2004-8-8 16:6:43 
O24 - ShlExecHook: [7] - {71A78CD4-E470-4a18-8457-E0E0283DD507} = C:/WINDOWS/system32/lweurqhx.dll | 2008-9-5 12:49:15 
O24 - ShlExecHook: [C] - {7ADC2AB1-5C6A-4178-82DA-94863354AF7C} =  7ADC2AB1.dll
O24 - ShlExecHook: [A] - {EB9660D8-E1CD-4ff0-B4A9-00CD907F928A} = C:/WINDOWS/system32/slbiopfs2.dll | 2008-9-5 12:49:33 
O24 - ShlExecHook: [7] - {7A6DF30E-D0F2-446f-B4F0-BF4232D60E07} = C:/WINDOWS/system32/cliconfgzx.dll | 2008-9-5 16:7:29 
O24 - ShlExecHook: [MICROSOFT] - {0B846B26-BFE6-4E8E-A948-1DB17B77B483} = C:/WINDOWS/system32/tdfhex.dll | 2008-9-4 6:22:24 
O24 - ShlExecHook: [9] - {D3112B69-A745-4805-874E-ABD480EA1299} = C:/WINDOWS/system32/bootvidgj.dll | 2008-9-5 13:8:51 
O24 - ShlExecHook: [B] - {65056902-6E7B-4bd7-95BA-688DB5FA5BEB} = C:/WINDOWS/system32/mstimewd.dll | 2008-9-5 13:9:3 
O24 - ShlExecHook: [7] - {CF8850CD-885D-4380-9E1B-8C987F011437} =  CF8850CD.dll
O24 - ShlExecHook: [F] - {4BF9CBA3-8DEE-41A1-8BDB-FC28D30E949F} =  4BF9CBA3.dll
O24 - ShlExecHook: [1] - {BB4E3499-0132-4d3f-849A-2BE1B26D84E1} = C:/WINDOWS/system32/inetresdxc.dll | 2008-9-5 16:6:51 
O24 - ShlExecHook: [B] - {369774CA-7CB4-4A3F-A9A9-77D6BC53CB3B} =  369774CA.dll
O25 - InsCom: {H8I22RB03-AB-B70-7-11d2-9CBD-0O00FS7AH6-9E2121BHJLK} = C:/WINDOWS/Tasks/pig.vbs

O27 - DeskCom: 1(name) - hxxp://www.fe**i*zh*u*s*o*.cn/index.htm#my_1000 -> .
HKLM/SHOWALL    值非1

===/
  最可怕的就是开机启动项(HijackThis/pe_xscan的O4组)中的QQ快捷方式:腾讯QQ.lnk 被恶意修改指向 C:/Program Files/Internet Explorer/Explore.exe

 

  另外DeskCom(pe_xscan的O27组)也被恶意程序使用了,指向hxxp://www.fe**i*zh*u*s*o*.cn/index.htm#my_1000

(未完待续)

紫郢剑侠
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论
专栏目录
Shell-Right-Menu.rar_explore.exe_shell menu_外壳扩展
09-20
"Shell-Right-Menu.rar_explore.exe_shell menu_外壳扩展"这个项目,就是专门针对这一技术的一个实例。 标题中的"explore.exe"是指Windows资源管理器的主进程,它是用户与文件系统交互的主要界面。"shell menu"则...
ES6-learning-字符串的扩展
maqinyao5566的博客
07-20 380
1.字符的Unicode表示法(\uxxxx)-xxxx表示字符的Unicode码点 “\u0062” 2.codePoineAt把对应字符变为对应码点 测试一个字符由一个字节还是由四个字节组成   function is32Bit(c){ return c.codePointAt(c)>0xFFFF; } 3.String.fromCodePoint() ES5提供Strin...
APP启动时报java.lang.UnsatisfiedLinkError: Couldn't load xxxx.so from loader dalvik.system.PathClassLoad
scry5566的专栏
07-13 7184
安卓开发中经常会碰到如下这个问题: APP启动的时候报下面这个错误,导致崩溃: java.lang.UnsatisfiedLinkError: Couldn't load xxxx.so from loader dalvik.system.PathClassLoader[DexPathList[[zip file "/data/app/com.xx.xx.xx-2.apk"],nati
mysql源码安装
热门推荐
zengzehui的专栏
10-03 68万+
1、安装依赖            在安装mysql之前需要安装的依赖有make、bison、gcc-c++、cmake、ncurses            以上下载地址如下:             make编译器下载地址:http://www.gnu.org/software/make/             bison下载地址:http://www.gnu.org/softwar
web-explore.zip_IeEmbed_JDIC_JDIC.jar_ieembed.exe
最新发布
09-14
1. **IeEmbed**: IeEmbed.exe 是一个用于在非IE浏览器或者非Windows环境中嵌入Internet Explorer组件的程序。它允许开发者在他们的应用程序中使用IE浏览器引擎来显示网页内容。这种技术常用于创建自定义的Web浏览...
VSCODE TF.exe
08-03
针对没有安装vs使用,及安装的非英语版的vs使用。 Team Explorer, TF.exe, Visual Studio Team Services 解压后添加到path即可使用,已经删除相关的多语言包
wince5.0 explorer.exe
06-14
Windows CE 5.0 的 Explorer.exe 支持多种文件系统,包括 FAT16、FAT32 和 NTFS,这些文件系统在嵌入式设备中广泛使用。此外,它还支持对硬件设备的直接访问,如存储卡、USB 设备等,使得数据交换变得简单快捷。在...
打开视频文件夹出现explore.exe错误故障的解决方法
05-18
打开视频文件夹出现explore.exe错误故障的解决方法 打开视频文件夹出现explore.exe错误故障的解决方法 打开视频文件夹出现explore.exe错误故障的解决方法
css简单的一些基础知识
weixin_30553065的博客
03-18 108
css层叠样式表(英文全称:Cascading Style Sheets)是一种用来表现HTML(标准通用标记语言的一个应用)或XML(标准通用标记语言的一个子集)等文件样式的计算机语言。CSS不仅可以静态地修饰网页,还可以配合各种脚本语言动态地对网页各元素进行格式化 文本样式 内部引用<p style="color:red;font-size:50px;">xxxxxxxxxx&...
beep.sys/Trojan.NtRootKit.1192,msplugplay 1005.sys/BackDoor.Pigeon.13201等2
Purpleendurer@CSDN
06-25 2194
beep.sys/Trojan.NtRootKit.1192,msplugplay 1005.sys/BackDoor.Pigeon.13201等2endurer 原创2008-06-25 第1版(续1)先修正电脑日期,然后下载 DrWeb CureIt!扫描。同时下载 bat_do、FileInfo 提取文件信息,打包备份,延时删除。接着下载 瑞星卡卡安全助手清理恶意程序
xxxxxxxxxxxxxxxx
咚咕噜--技术人生
07-14 7万+
xxxxxxxxxxxx 
瑞星杀软的信息中心带Trojan.DL.VBS.Agent.cns?
Purpleendurer@CSDN
06-03 2401
endurer 原创2007-06-03 第1版电脑开机进入桌面后,瑞星自动开始扫描,随即报告 C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/124161561552.tmp  感染 Trojan.DL.VBS.Agent.cns经检查,打开其它网站的网页,没有问题,但只要打开瑞星杀毒程序就会报毒。仔细一看瑞星杀软的信息中心,发现居然是:毒软件2007版--信息中心
Trojan.PSW.Win32.GameOL,Trojan.Win32.Undef,Trojan.DL.Win32.Undef等1
caobihole
09-11 107
Trojan.PSW.Win32.GameOL,Trojan.Win32.Undef,Trojan.DL.Win32.Undef等1 endurer 原创2008-09-11 第1版 今天一位朋友的电脑最近反应很慢,请偶帮忙检修。 打开任务管理器,发现一个名为kcodn32.exe的陌生进程,终止了。 用pe_xscan 扫描 log 分析,发现如下可疑项: /===pe_xscan 08...
pe_xscan 新增加对一个较少见的启动项的扫描,DIY了INI文件读取部分
Purpleendurer@CSDN
06-25 1336
这个新增的 启动项 是在 瑞星卡卡安全助手 里发现的发现Windows  提供的INI文件操作API读取到的数据有时不完整,于是自已写了一个INI文件读取分析的代码  
xxxxxxxxxxxxxxxxxxxxx
dirword的专栏
09-15 2万+
不以工作为重,到处找茬: “会议记录你来做,然后我改。” 之前好几次改的面目全非,谁敢做。 项目要开始了,不准你做项目里用的技术准备,做新技术准备。项目开始了,给你半天看看,然后周末加班, 没有任何补偿和串休。 “工作时间唠闲嗑不可以,但可以上网干别的。” 人家自己可以聊
来都来了,你确定不看看,使用python中的科学计算库Numpy操作数组,你一定能学废(图文并茂版)
但行好事,莫问前程
10-28 510
Numpy操作数组Numpy库Numpy库的介绍Numpy库的安装:python中数组与列表对比列表:数组:数组的创建使用array方法创建数组注意:ndmin,dtype参数的使用使用arange方法创建数组使用random(随机数)方法创建数组其它方式创建数组数组对象的属性数组的切片与索引改变数组的维度数组的转置Numpy聚合函数 Numpy库 Numpy库的介绍 NumPy(Numerical Python) 是科学计算基础库,提供大量科学计算相关功能,比如数据 统计,随机数生成等。其提供最核心类型
IEEE 802.1 AS标准:TSN的时间敏感网络同步技术
IEEE 802.1 AS是IEEE(Institute of Electrical and Electronics Engineers)制定的一项标准,专为本地和广域网络(Local and Metropolitan Area Networks, LANs/MANs)中的时间敏感应用提供定时和同步功能。...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

紫郢剑侠

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值