感染explorer.exe,使用映像劫持,ShellExecHook…的AV杀手GRHSGIH.EXE1

最新推荐文章于 2021-03-29 13:07:36 发布
最新推荐文章于 2021-03-29 13:07:36 发布
阅读量1.8k 收藏
点赞数
文章标签: 操作系统 shell

感染explorer.exe,使用映像劫持,ShellExecHook…的AV杀手GRHSGIH.EXE1

endurer 原创
2008-01-18 第1

刚才一位朋友打电话来求助,说他电脑中了病毒,金山毒霸无法启动,无法复制/粘贴……

赶到朋友家,下载 pe_xscan 扫描 log 发现如下可疑项(进程模块部分有省略):

/===
 

pe_xscan 08-01-10 by Purple Endurer
2008-1-18 11:55:23
Windows XP Service Pack 2(5.1.2600)
管理员用户组

[System Process] * 0
  C:/WINDOWS/SYSTEM32/UTGNEHZ.DLL | 2008-1-17 11:45:26 
  C:/WINDOWS/SYSTEM32/NUYGNEF.DLL | 2008-1-17 11:44:45 
  C:/WINDOWS/SYSTEM32/UOHSOM.DLL | 2008-1-17 11:45:48 
  C:/WINDOWS/SYSTEM32/UYOM.DLL | 2008-1-17 11:44:31 
  C:/WINDOWS/SYSTEM32/GNOLNAIT.DLL | 2008-1-17 11:45:6 
  C:/WINDOWS/SYSTEM32/IJIQ.DLL | 2008-1-17 11:44:21 
  C:/WINDOWS/SYSTEM32/IJOUGIEMNAW.DLL | 2008-1-17 11:45:19 
  C:/WINDOWS/SYSTEM32/NILUW.DLL | 2008-1-17 11:45:54 
  C:/WINDOWS/SYSTEM32/NAIXUHZ.DLL | 2008-1-17 11:44:58 
  C:/WINDOWS/SYSTEM32/IQNAUHC.DLL | 2008-1-17 11:44:10 
  C:/WINDOWS/SYSTEM32/GSQQ.DLL | 2008-1-17 11:44:40 
  C:/WINDOWS/SYSTEM32/3AUHAD.DLL | 2008-1-17 11:44:6 
  C:/WINDOWS/SYSTEM32/XHQQ.DLL | 2008-1-17 11:44:52 
  C:/WINDOWS/SYSTEM32/HJXR.DLL | 2008-1-17 11:44:17 
  C:/WINDOWS/SYSTEM32/OADNEW.DLL | 2008-1-17 11:44:36 
  C:/WINDOWS/SYSTEM32/GNAIXNAUHUOYIZQQ.DLL | 2008-1-17 11:45:41 
  C:/WINDOWS/SYSTEM32/UYOMIELNUX.DLL | 2008-1-17 11:45:12 
  C:/WINDOWS/SYSTEM32/VLIHZOUHGNFE.DLL | 2008-1-17 11:44:26 
  C:/PROGRA~1/TENCENT/SSPLUS/SPLUS.DLL | 2008-1-15 11:3:50 | SPlus Module | 5, 0, 3, 11 | | 腾讯科技(深圳)有限公司 版权所有 (C) 2007 | 5, 0, 3, 11 | TENCENT | | SPlus.dll | SPlus.dll 
  C:/WINDOWS/FONTS/AVWGJMN.DLL | 2004-8-4 9:17:43 
  C:/WINDOWS/FONTS/HOOKHELP.DLL | 2008-1-9 10:46:9 
  C:/WINDOWS/FONTS/AVWLKMN.DLL | 2004-8-4 10:49:57 
  C:/WINDOWS/FONTS/KVDXSOMA.DLL | 2004-8-4 9:16:56 
  C:/WINDOWS/FONTS/AVZXOMN.DLL | 2004-8-4 10:49:53 
  C:/WINDOWS/FONTS/KVDXMMA.DLL | 2004-8-4 10:49:40 
C:/WINDOWS/SYSTEM32/WINLOGON.EXE * 1084 
  C:/WINDOWS/SYSTEM32/MANGDRIVE.DLL | 2007-1-18 10:39:24 
C:/WINDOWS/EXPLORER.EXE* 1036 | 2004-8-17 12:0:0 
  C:/WINDOWS/SYSTEM32/UTGNEHZ.DLL | 2008-1-17 11:45:26 
  C:/WINDOWS/SYSTEM32/NUYGNEF.DLL | 2008-1-17 11:44:45 
  C:/WINDOWS/SYSTEM32/UOHSOM.DLL | 2008-1-17 11:45:48 
  C:/WINDOWS/SYSTEM32/UYOM.DLL | 2008-1-17 11:44:31 
  C:/WINDOWS/SYSTEM32/GNOLNAIT.DLL | 2008-1-17 11:45:6 
  C:/WINDOWS/SYSTEM32/IJIQ.DLL | 2008-1-17 11:44:21 
  C:/WINDOWS/SYSTEM32/IJOUGIEMNAW.DLL | 2008-1-17 11:45:19 
  C:/WINDOWS/SYSTEM32/NILUW.DLL | 2008-1-17 11:45:54 
  C:/WINDOWS/SYSTEM32/NAIXUHZ.DLL | 2008-1-17 11:44:58 
  C:/WINDOWS/SYSTEM32/IQNAUHC.DLL | 2008-1-17 11:44:10 
  C:/WINDOWS/SYSTEM32/GSQQ.DLL | 2008-1-17 11:44:40 
  C:/WINDOWS/SYSTEM32/3AUHAD.DLL | 2008-1-17 11:44:6 
  C:/WINDOWS/SYSTEM32/XHQQ.DLL | 2008-1-17 11:44:52 
  C:/WINDOWS/SYSTEM32/HJXR.DLL | 2008-1-17 11:44:17 
  C:/WINDOWS/SYSTEM32/OADNEW.DLL | 2008-1-17 11:44:36 
  C:/WINDOWS/SYSTEM32/GNAIXNAUHUOYIZQQ.DLL | 2008-1-17 11:45:41 
  C:/WINDOWS/SYSTEM32/UYOMIELNUX.DLL | 2008-1-17 11:45:12 
  C:/WINDOWS/SYSTEM32/VLIHZOUHGNFE.DLL | 2008-1-17 11:44:26 
  C:/WINDOWS/FONTS/KVDXSOMA.DLL | 2004-8-4 9:16:56 
  C:/WINDOWS/FONTS/AVWLKMN.DLL | 2004-8-4 10:49:57 
  C:/WINDOWS/FONTS/AVWGJMN.DLL | 2004-8-4 9:17:43 
  C:/WINDOWS/FONTS/HOOKHELP.DLL | 2008-1-9 10:46:9 
C:/WINDOWS/SYSTEM32/DLLCACHE/EXPLORER.EXE* 1604 | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2900.2180 | Windows Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | explorer | EXPLORER.EXE 
  C:/WINDOWS/SYSTEM32/UTGNEHZ.DLL | 2008-1-17 11:45:26 
  C:/WINDOWS/SYSTEM32/NUYGNEF.DLL | 2008-1-17 11:44:45 
  C:/WINDOWS/SYSTEM32/UOHSOM.DLL | 2008-1-17 11:45:48 
  C:/WINDOWS/SYSTEM32/UYOM.DLL | 2008-1-17 11:44:31 
  C:/WINDOWS/SYSTEM32/GNOLNAIT.DLL | 2008-1-17 11:45:6 
  C:/WINDOWS/SYSTEM32/IJIQ.DLL | 2008-1-17 11:44:21 
  C:/WINDOWS/SYSTEM32/IJOUGIEMNAW.DLL | 2008-1-17 11:45:19 
  C:/WINDOWS/SYSTEM32/NILUW.DLL | 2008-1-17 11:45:54 
  C:/WINDOWS/SYSTEM32/NAIXUHZ.DLL | 2008-1-17 11:44:58 
  C:/WINDOWS/SYSTEM32/IQNAUHC.DLL | 2008-1-17 11:44:10 
  C:/WINDOWS/SYSTEM32/GSQQ.DLL | 2008-1-17 11:44:40 
  C:/WINDOWS/SYSTEM32/3AUHAD.DLL | 2008-1-17 11:44:6 
  C:/WINDOWS/SYSTEM32/XHQQ.DLL | 2008-1-17 11:44:52 
  C:/WINDOWS/SYSTEM32/HJXR.DLL | 2008-1-17 11:44:17 
  C:/WINDOWS/SYSTEM32/OADNEW.DLL | 2008-1-17 11:44:36 
  C:/WINDOWS/SYSTEM32/GNAIXNAUHUOYIZQQ.DLL | 2008-1-17 11:45:41 
  C:/WINDOWS/SYSTEM32/UYOMIELNUX.DLL | 2008-1-17 11:45:12 
  C:/WINDOWS/SYSTEM32/VLIHZOUHGNFE.DLL | 2008-1-17 11:44:26 
  C:/WINDOWS/FONTS/HOOKHELP.DLL | 2008-1-9 10:46:9 
  C:/WINDOWS/FONTS/RSJZBPM.DLL | 2004-8-4 11:24:52 
  C:/WINDOWS/FONTS/GJFHBYC.DLL | 2004-8-4 16:54:3 
  C:/WINDOWS/FONTS/GJCSDYC.DLL | 2008-1-9 16:53:59 
  C:/WINDOWS/FONTS/RARJFPI.DLL | 2004-8-4 10:50:4 
  C:/WINDOWS/FONTS/RATBUPI.DLL | 2004-8-4 16:53:24 
  C:/WINDOWS/FONTS/OKMHFZY.DLL | 2004-8-4 16:53:7 
  C:/WINDOWS/FONTS/SWRCGZC.DLL | 2004-8-4 9:17:7 
  C:/WINDOWS/FONTS/WSMSGZX.DLL | 2004-8-4 10:49:26 
  C:/WINDOWS/FONTS/KAWDJZY.DLL | 2004-8-4 10:50:0 
  C:/WINDOWS/FONTS/AVWGJMN.DLL | 2004-8-4 9:17:43 
  C:/WINDOWS/FONTS/AVWLKMN.DLL | 2004-8-4 10:49:57 
  C:/WINDOWS/FONTS/RSMYKPM.DLL | 2004-8-4 16:53:11 
  C:/WINDOWS/FONTS/KAQHMZY.DLL | 2008-1-17 10:49:32 
  C:/WINDOWS/FONTS/KVDXMMA.DLL | 2004-8-4 10:49:40 
  C:/WINDOWS/FONTS/AVZXOMN.DLL | 2004-8-4 10:49:53 
  C:/WINDOWS/FONTS/KVDXSOMA.DLL | 2004-8-4 9:16:56 
  C:/PROGRA~1/TENCENT/SSPLUS/SPLUS.DLL | 2008-1-15 11:3:50 | SPlus Module | 5, 0, 3, 11 | | 腾讯科技(深圳)有限公司 版权所有 (C) 2007 | 5, 0, 3, 11 | TENCENT | | SPlus.dll | SPlus.dll 
C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE * 1188 
  C:/WINDOWS/SYSTEM32/UTGNEHZ.DLL | 2008-1-17 11:45:26 
  C:/WINDOWS/SYSTEM32/NUYGNEF.DLL | 2008-1-17 11:44:45 
  C:/WINDOWS/SYSTEM32/UOHSOM.DLL | 2008-1-17 11:45:48 
  C:/WINDOWS/SYSTEM32/UYOM.DLL | 2008-1-17 11:44:31 
  C:/WINDOWS/SYSTEM32/GNOLNAIT.DLL | 2008-1-17 11:45:6 
  C:/WINDOWS/SYSTEM32/IJIQ.DLL | 2008-1-17 11:44:21 
  C:/WINDOWS/SYSTEM32/IJOUGIEMNAW.DLL | 2008-1-17 11:45:19 
  C:/WINDOWS/SYSTEM32/NILUW.DLL | 2008-1-17 11:45:54 
  C:/WINDOWS/SYSTEM32/NAIXUHZ.DLL | 2008-1-17 11:44:58 
  C:/WINDOWS/SYSTEM32/IQNAUHC.DLL | 2008-1-17 11:44:10 
  C:/WINDOWS/SYSTEM32/GSQQ.DLL | 2008-1-17 11:44:40 
  C:/WINDOWS/SYSTEM32/3AUHAD.DLL | 2008-1-17 11:44:6 
  C:/WINDOWS/SYSTEM32/XHQQ.DLL | 2008-1-17 11:44:52 
  C:/WINDOWS/SYSTEM32/HJXR.DLL | 2008-1-17 11:44:17 
  C:/WINDOWS/SYSTEM32/OADNEW.DLL | 2008-1-17 11:44:36 
  C:/WINDOWS/SYSTEM32/GNAIXNAUHUOYIZQQ.DLL | 2008-1-17 11:45:41 
  C:/WINDOWS/SYSTEM32/UYOMIELNUX.DLL | 2008-1-17 11:45:12 
  C:/WINDOWS/SYSTEM32/VLIHZOUHGNFE.DLL | 2008-1-17 11:44:26 
  C:/WINDOWS/FONTS/HOOKHELP.DLL | 2008-1-9 10:46:9 
  C:/WINDOWS/FONTS/AVWGJMN.DLL | 2004-8-4 9:17:43 
  C:/WINDOWS/FONTS/AVWLKMN.DLL | 2004-8-4 10:49:57 
  C:/WINDOWS/FONTS/KVDXSOMA.DLL | 2004-8-4 9:16:56 
  C:/PROGRA~1/TENCENT/SSPLUS/SPLUS.DLL | 2008-1-15 11:3:50 | SPlus Module | 5, 0, 3, 11 | | 腾讯科技(深圳)有限公司 版权所有 (C) 2007 | 5, 0, 3, 11 | TENCENT | | SPlus.dll | SPlus.dll 
C:/WINDOWS/SYSTEM32/RUNDLL32.EXE * 2968 
  C:/WINDOWS/SYSTEM32/UTGNEHZ.DLL | 2008-1-17 11:45:26 
  C:/WINDOWS/SYSTEM32/NUYGNEF.DLL | 2008-1-17 11:44:45 
  C:/WINDOWS/SYSTEM32/UOHSOM.DLL | 2008-1-17 11:45:48 
  C:/WINDOWS/SYSTEM32/UYOM.DLL | 2008-1-17 11:44:31 
  C:/WINDOWS/SYSTEM32/GNOLNAIT.DLL | 2008-1-17 11:45:6 
  C:/WINDOWS/SYSTEM32/IJIQ.DLL | 2008-1-17 11:44:21 
  C:/WINDOWS/SYSTEM32/IJOUGIEMNAW.DLL | 2008-1-17 11:45:19 
  C:/WINDOWS/SYSTEM32/NILUW.DLL | 2008-1-17 11:45:54 
  C:/WINDOWS/SYSTEM32/NAIXUHZ.DLL | 2008-1-17 11:44:58 
  C:/WINDOWS/SYSTEM32/IQNAUHC.DLL | 2008-1-17 11:44:10 
  C:/WINDOWS/SYSTEM32/GSQQ.DLL | 2008-1-17 11:44:40 
  C:/WINDOWS/SYSTEM32/3AUHAD.DLL | 2008-1-17 11:44:6 
  C:/WINDOWS/SYSTEM32/XHQQ.DLL | 2008-1-17 11:44:52 
  C:/WINDOWS/SYSTEM32/HJXR.DLL | 2008-1-17 11:44:17 
  C:/WINDOWS/SYSTEM32/OADNEW.DLL | 2008-1-17 11:44:36 
  C:/WINDOWS/SYSTEM32/GNAIXNAUHUOYIZQQ.DLL | 2008-1-17 11:45:41 
  C:/WINDOWS/SYSTEM32/UYOMIELNUX.DLL | 2008-1-17 11:45:12 
  C:/WINDOWS/SYSTEM32/VLIHZOUHGNFE.DLL | 2008-1-17 11:44:26 
  C:/PROGRA~1/TENCENT/SSPLUS/SPLUS.DLL | 2008-1-15 11:3:50 | SPlus Module | 5, 0, 3, 11 | | 腾讯科技(深圳)有限公司 版权所有 (C) 2007 | 5, 0, 3, 11 | TENCENT | | SPlus.dll | SPlus.dll 
  C:/WINDOWS/FONTS/AVWGJMN.DLL | 2004-8-4 9:17:43 
  C:/WINDOWS/FONTS/HOOKHELP.DLL | 2008-1-9 10:46:9 
  C:/WINDOWS/FONTS/AVWLKMN.DLL | 2004-8-4 10:49:57 
  C:/WINDOWS/FONTS/KVDXSOMA.DLL | 2004-8-4 9:16:56 
C:/PROGRAM FILES/COMMON FILES/SYSTEM/DULEVHS.EXE * 3468 | 2008-1-3 21:31:20 
  C:/WINDOWS/SYSTEM32/UTGNEHZ.DLL | 2008-1-17 11:45:26 
  C:/WINDOWS/SYSTEM32/NUYGNEF.DLL | 2008-1-17 11:44:45 
  C:/WINDOWS/SYSTEM32/UOHSOM.DLL | 2008-1-17 11:45:48 
  C:/WINDOWS/SYSTEM32/UYOM.DLL | 2008-1-17 11:44:31 
  C:/WINDOWS/SYSTEM32/GNOLNAIT.DLL | 2008-1-17 11:45:6 
  C:/WINDOWS/SYSTEM32/IJIQ.DLL | 2008-1-17 11:44:21 
  C:/WINDOWS/SYSTEM32/IJOUGIEMNAW.DLL | 2008-1-17 11:45:19 
  C:/WINDOWS/SYSTEM32/NILUW.DLL | 2008-1-17 11:45:54 
  C:/WINDOWS/SYSTEM32/NAIXUHZ.DLL | 2008-1-17 11:44:58 
  C:/WINDOWS/SYSTEM32/IQNAUHC.DLL | 2008-1-17 11:44:10 
  C:/WINDOWS/SYSTEM32/GSQQ.DLL | 2008-1-17 11:44:40 
  C:/WINDOWS/SYSTEM32/3AUHAD.DLL | 2008-1-17 11:44:6 
  C:/WINDOWS/SYSTEM32/XHQQ.DLL | 2008-1-17 11:44:52 
  C:/WINDOWS/SYSTEM32/HJXR.DLL | 2008-1-17 11:44:17 
  C:/WINDOWS/SYSTEM32/OADNEW.DLL | 2008-1-17 11:44:36 
  C:/WINDOWS/SYSTEM32/GNAIXNAUHUOYIZQQ.DLL | 2008-1-17 11:45:41 
  C:/WINDOWS/SYSTEM32/UYOMIELNUX.DLL | 2008-1-17 11:45:12 
  C:/WINDOWS/SYSTEM32/VLIHZOUHGNFE.DLL | 2008-1-17 11:44:26 
  C:/WINDOWS/FONTS/HOOKHELP.DLL | 2008-1-9 10:46:9 
  C:/WINDOWS/FONTS/AVWGJMN.DLL | 2004-8-4 9:17:43 
  C:/WINDOWS/FONTS/AVWLKMN.DLL | 2004-8-4 10:49:57 
  C:/WINDOWS/FONTS/KVDXSOMA.DLL | 2004-8-4 9:16:56 
C:/WINDOWS/SYSTEM32/CTFMON.EXE * 2404 
  C:/WINDOWS/SYSTEM32/UTGNEHZ.DLL | 2008-1-17 11:45:26 
  C:/WINDOWS/SYSTEM32/NUYGNEF.DLL | 2008-1-17 11:44:45 
  C:/WINDOWS/SYSTEM32/UOHSOM.DLL | 2008-1-17 11:45:48 
  C:/WINDOWS/SYSTEM32/UYOM.DLL | 2008-1-17 11:44:31 
  C:/WINDOWS/SYSTEM32/GNOLNAIT.DLL | 2008-1-17 11:45:6 
  C:/WINDOWS/SYSTEM32/IJIQ.DLL | 2008-1-17 11:44:21 
  C:/WINDOWS/SYSTEM32/IJOUGIEMNAW.DLL | 2008-1-17 11:45:19 
  C:/WINDOWS/SYSTEM32/NILUW.DLL | 2008-1-17 11:45:54 
  C:/WINDOWS/SYSTEM32/NAIXUHZ.DLL | 2008-1-17 11:44:58 
  C:/WINDOWS/SYSTEM32/IQNAUHC.DLL | 2008-1-17 11:44:10 
  C:/WINDOWS/SYSTEM32/GSQQ.DLL | 2008-1-17 11:44:40 
  C:/WINDOWS/SYSTEM32/3AUHAD.DLL | 2008-1-17 11:44:6 
  C:/WINDOWS/SYSTEM32/XHQQ.DLL | 2008-1-17 11:44:52 
  C:/WINDOWS/SYSTEM32/HJXR.DLL | 2008-1-17 11:44:17 
  C:/WINDOWS/SYSTEM32/OADNEW.DLL | 2008-1-17 11:44:36 
  C:/WINDOWS/SYSTEM32/GNAIXNAUHUOYIZQQ.DLL | 2008-1-17 11:45:41 
  C:/WINDOWS/SYSTEM32/UYOMIELNUX.DLL | 2008-1-17 11:45:12 
  C:/WINDOWS/SYSTEM32/VLIHZOUHGNFE.DLL | 2008-1-17 11:44:26 
  C:/PROGRA~1/TENCENT/SSPLUS/SPLUS.DLL | 2008-1-15 11:3:50 | SPlus Module | 5, 0, 3, 11 | | 腾讯科技(深圳)有限公司 版权所有 (C) 2007 | 5, 0, 3, 11 | TENCENT | | SPlus.dll | SPlus.dll 
  C:/WINDOWS/FONTS/AVWGJMN.DLL | 2004-8-4 9:17:43 
  C:/WINDOWS/FONTS/HOOKHELP.DLL | 2008-1-9 10:46:9 
  C:/WINDOWS/FONTS/KVDXSOMA.DLL | 2004-8-4 9:16:56 
  C:/WINDOWS/FONTS/AVWLKMN.DLL | 2004-8-4 10:49:57
 

F2 - REG: system.ini: UserInit = <C:/WINDOWS/system32/Userinit.exe>
F2 - Shell = <Explorer.exe>
F3 - REG: win.ini: load=Explorer.exe
 

O1 - Hosts: 125.67.67.183 sdch.sdo.com
O1 - Hosts: 125.67.67.183 ekey.sdo.com
O1 - Hosts: 125.67.67.183 mir2.sdo.com
O1 - Hosts: 125.67.67.183 kf.sdo.com
O1 - Hosts: 125.67.67.183 www.mir2.com.cn
O1 - Hosts: 125.67.67.183 mir2.com.cn
O1 - Hosts: 125.67.67.183 home.mir2.sdo.com
O1 - Hosts: 125.67.67.183 shandacs.allyes.com
 

O2 - BHO PPGOUCATCHER - {00000000-0000-0000-0000-E58E57C9C848} -C:/PROGRA~1/PPGOU/PPGOUI~2.DLL
O4 - HKLM/../RUN: [STUP.EXE] RUNDLL32.EXEC:/PROGRA~1/TENCENT/SSPLUS/SPLUS.DLL ,Rundll32 R 
O4 - HKLM/../RUN: [TFAKUCW]C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O4 - HKLM/../RUN: [WFRAPKX]C:/PROGRAM FILES/COMMON FILES/SYSTEM/DULEVHS.EXE
O4 - HKLM/../RUN: [WINSYSM]C:/WINDOWS/381131M.EXE
O4 - HKLM/../RUN: [UPXDND]C:/WINDOWS/UPXDND.EXE
O4 - HKLM/../RUN: [DBGHLP32]C:/WINDOWS/DBGHLP32.EXE
O4 - HKLM/../RUN: [NVDISPDRV]C:/WINDOWS/NVDISPDRV.EXE
O4 - HKLM/../RUN: [KVSC3]C:/WINDOWS/KVSC3.EXE
O4 - HKLM/../POLICIES/EXPLORER/RUN: [VISIN]C:/WINDOWS/SYSTEM32/VISIN.EXE
 

C:/autorun.inf
/-----
[AutoRun]
open=tfakucw.exe
shell/open=打开(&O)
shell/open/Command=tfakucw.exe
shell/open/Default=1
shell/explore=资源管理器(&X)
shell/explore/Command=tfakucw.exe
-----/
D:/autorun.inf
/-----
[AutoRun]
open=tfakucw.exe
shell/open=打开(&O)
shell/open/Command=tfakucw.exe
shell/open/Default=1
shell/explore=资源管理器(&X)
shell/explore/Command=tfakucw.exe
-----/
E:/autorun.inf
/-----
[AutoRun]
open=tfakucw.exe
shell/open=打开(&O)
shell/open/Command=tfakucw.exe
shell/open/Default=1
shell/explore=资源管理器(&X)
shell/explore/Command=tfakucw.exe
-----/
 

O11 - IE扩展选项组:TBH (中文搜搜) = 
 

 

O23 - 服务: MSEQSY (MSEQSY) - SYSTEM32/DRIVERS/MSACPE.SYS(自动)
O23 - 服务: PHY (PHY) -C:/WINDOWS/SYSTEM32/DRIVERS/PHY.SYS | 2008-1-17 11:24:45(手动) 
O23 - 服务: SECSVR (LENOVO FILE SERVICE) -C:/WINDOWS/SECSVR.EXE(自动)
 

O24 - SHLEXECHOOK: [E] - {E159854F-6971-3456-6941-10235412974E} =C:/WINDOWS/FONTS/HOOKHELP.DLL
O24 - SHLEXECHOOK: [INTERNET] - {00854F80-5DF9-42C3-916E-5EE7D13D09DC} = 
O24 - SHLEXECHOOK: [2] - {22FAACDE-34DA-CCD4-AB4D-DA34485A3422} =C:/WINDOWS/FONTS/RSJZBPM.DLL
O24 - SHLEXECHOOK: [2] - {2D908534-AD45-920F-AC89-4024FA9D26D2} =C:/WINDOWS/FONTS/GJFHBYC.DLL
O24 - SHLEXECHOOK: [4] - {4FA10261-B890-F432-A453-69F1023513F4} =C:/WINDOWS/FONTS/GJCSDYC.DLL
O24 - SHLEXECHOOK: [6] - {6598FF45-DA60-F48A-BC43-10AC47853D56} =C:/WINDOWS/FONTS/RARJFPI.DLL
O24 - SHLEXECHOOK: [6] - {67650011-3344-6688-4899-345FABCD1576} =C:/WINDOWS/FONTS/RATBUPI.DLL
O24 - SHLEXECHOOK: [6] - {6A57CAD1-412F-9547-713F-9641FA3FC7A6} =C:/WINDOWS/FONTS/OKMHFZY.DLL
O24 - SHLEXECHOOK: [8] - {878A7521-FA87-34AB-34C2-4893F3AD34C8} =C:/WINDOWS/FONTS/SWRCGZC.DLL
O24 - SHLEXECHOOK: [9] - {992FADFA-BCDE-ACDF-CDEF-21054865CBA9} =C:/WINDOWS/FONTS/WSMSGZX.DLL
O24 - SHLEXECHOOK: [A] - {A8907901-1416-3389-9981-37217856998A} =C:/WINDOWS/FONTS/KAWDJZY.DLL
O24 - SHLEXECHOOK: [A] - {AA1247C1-53DA-FF43-ABD3-345F323A48DA} =C:/WINDOWS/FONTS/AVWGJMN.DLL
O24 - SHLEXECHOOK: [B] - {B960356A-458E-DE24-BD50-268F589A56AB} =C:/WINDOWS/FONTS/AVWLKMN.DLL
O24 - SHLEXECHOOK: [B] - {BE32FA58-3453-FA2D-BC49-F340348ACCEB} =C:/WINDOWS/FONTS/RSMYKPM.DLL
O24 - SHLEXECHOOK: [D] - {D7D81718-1314-5200-2597-58790101807D} =C:/WINDOWS/FONTS/KAQHMZY.DLL
O24 - SHLEXECHOOK: [D] - {DC87A354-ABC3-DEDE-FF33-3213FD7447CD} =C:/WINDOWS/FONTS/KVDXMMA.DLL
O24 - SHLEXECHOOK: [F] - {F859245F-345D-BC13-AC4F-145D47DA34FF} =C:/WINDOWS/FONTS/AVZXOMN.DLL
O24 - SHLEXECHOOK: [F] - {FD561258-45F3-A451-F908-A258458226DF} =C:/WINDOWS/FONTS/KVDXSOMA.DLL
 

O26 - IFEO: 360RPT.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: 360SAFE.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: 360TRAY.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: ADAM.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: AGENTSVR.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: APPSVC32.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: ARSWP.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: AST.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: AUTORUNS.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: AVASTU3.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: AVCONSOL.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: AVGRSSVC.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: AVMONITOR.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: AVP.COM ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: AVP.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: CCENTER.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: CCSVCHST.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: EGHOST.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: FILEDSTY.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: FTCLEANERSHELL.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: FYFIREWALL.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: GHOST.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: HIJACKTHIS.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: ICESWORD.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: IPARMO.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: IPARMOR.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: IRSETUP.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: ISPWDSVC.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KABALOAD.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KASCRSCN.SCR ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KASMAIN.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KASTASK.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KAV32.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KAVDX.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KAVPF.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KAVPFW.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KAVSETUP.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KAVSTART.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KISLNCHR.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KMAILMON.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KMFILTER.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KPFW32.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KPFW32X.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KPFWSVC.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KREGEX.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KREPAIR.COM ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KSLOADER.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVCENTER.KXP ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVDETECT.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVFWMCL.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVMONXP.KXP ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVMONXP_1.KXP ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVOL.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVOLSELF.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVREPORT.KXP ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVSCAN.KXP ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVSRVXP.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVSTUB.KXP ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVUPLOAD.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVWSC.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVXP.KXP ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KVXP_1.KXP ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KWATCH.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KWATCH9X.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: KWATCHX.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: LOADDLL.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: MAGICSET.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: MCCONSOL.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: MMQCZJ.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: MMSK.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: NAVAPSVC.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: NAVAPW32.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: NOD32.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: NOD32KRN.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: NOD32KUI.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: NPFMNTOR.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: PFW.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: PFWLIVEUPDATE.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: QHSET.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: QQDOCTOR.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: QQKAV.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: QQSC.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: RAS.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: RAV.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: RAVMON.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: RAVMOND.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: RAVSTUB.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: RAVTASK.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: REGCLEAN.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: RFWCFG.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: RFWMAIN.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: RFWSRV.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: RSAGENT.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: RSAUPD.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: RSTRUI.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: RUNIEP.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: SAFELIVE.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: SCAN32.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: SHCFG32.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: SMARTUP.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: SRENG.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: SYMLCSVC.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: SYSSAFE.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: TROJANDETECTOR.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: TROJANWALL.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: TROJDIE.KXP ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: UIHOST.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: UMXAGENT.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: UMXATTACHMENT.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: UMXCFG.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: UMXFWHLP.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: UMXPOL.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: UPIEA.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: UPLIVE.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: USBCLEANER.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: VSSTAT.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: WEBSCANX.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: WOPTICLEAN.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
O26 - IFEO: ZJB.EXE ->C:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/GRHSGIH.EXE
===/

                

        

        




    

  


    

      

        

            

              
                
                  iteye_6637
                
              
            

            

                关注
              
            

        

        

          
      

      









                



	

		

			

				
					
注入Explorer.exeHook CreateProcessW (MinHook库)

				
			

			

				

					Care
				

				

					01-21
					
					3363
					
				

			

		

		

			
				
记录下学习的经历..


win10系统 被某杀毒给挂钩了.. 直接用虚拟机来操作




// dllmain.cpp : 定义 DLL 应用程序的入口点。
#include "stdafx.h"
#include 
#include "MinHook.h"
#include 

#if defined _M_X64
#pragma comment(lib, "libMinHoo

			
		

	



                

            
              



	

		

			

				
					
python中if brthon环境安装包_Python实现base64编码的图片保存到本地功能示例

				
			

			

				

					weixin_39722375的博客
				

				

					12-01
					
					4万+
					
				

			

		

		

			
				
本文实例讲述了Python实现base64编码的图片保存到本地功能。分享给大家供大家参考,具体如下:# -*- coding:utf-8 -*-#!python3import osimport base64sss ="""/9j/4AAQSkZJRgABAQEASABIAAD//gAyUHJvY2Vzc2VkIEJ5IGVCYXkgd2l0aCBJbWFnZU1hZ2ljaywgejEuMS4wL...

			
		

	



              


  
              

                


	

		

			

				
					
91.vido.ws v.php,"token" parameter not in video info for unknown reason;

					
热门推荐

				
			

			

				

					weixin_35307279的博客
				

				

					03-29
					
					93万+
					
				

			

		

		

			
				
youtube-dl -v --dump-pages https://www.youtube.com/watch?v=USg3NR76XpQ output[debug] System config: [][debug] User config: [u'--add-metadata', u'--user-agent', u'Mozilla/5.0 (X11; Ubuntu; Linux x86_64...

			
		

	





	

		

			

				
					
Linux内核配置选项 参考(2)

				
			

			

				

					swrd
				

				

					01-21
					
					2868
					
				

			

		

		

			
				
--- Mouse interface
08.15.01、[ ] Provide legacy /dev/psaux device
(1024) Horizontal screen resolution
(768) Vertical screen resolution
08.15.02、 Joystick interface 手柄接口。在linux下用手柄?游戏太少了。偶也不是游戏迷。咔嚓

			
		

	



		

			
		



	

		

			

				
					
最近流行的一些木马群的查杀方法

				
			

			

				

					海蓝之家
				

				

					10-11
					
					3444
					
				

			

		

		

			
				
                                                                                                     (发在卡卡的一个帖子转到这里来,方便大家查阅)            最近通过木马下载器下载的木马群日益猖獗,写过一些分析,但比较零散,现在总结一下最近流行的一些木马群的

			
		

	





	

		

			

				
					
不怕死就上这些网站

				
			

			

				

					临时工 Temporary's Space 
				

				

					08-14
					
					11万+
					
				

			

		

		

			
				
 1. hxxp:///www.dj3344.com 打开后,重启时你的主页就变成它的,并通过QQ向他人传播,现在正飙行,奇坏无比!2. hxxp:///www.qq168.net 打开后,重启时你的主页就变成它的,并通过QQ向他人传播,而且传波病毒,还狠些!现在正在飙行!3. hxxp:///www.777888.com  4. hxxp:///WWW.5dsoft.com  5. hx

			
		

	





	

		

			

				
					
XP系统文件:explorer.exe下载!

				
			

			

				

					01-22
				

			

		

		

			
				
XP系统开机后桌面图标、任务栏不能显示,鼠标右键没反应,应该就是缺少系统文件explorer.exe!下载后直接解压出来,把里面的explorer.exe文件剪切到C:\Windows目录下,打开任务管理器(Ctrl+Alt+Del)-文件-新建任务...

			
		

	





	

		

			

				
					
Explorer.exe全版本.zip

				
			

			

				

					10-12
				

			

		

		

			
				
"Explorer.exe"是Windows操作系统中的一个关键进程,它被称为资源管理器,负责用户界面的管理和交互。这个压缩包“Explorer.exe全版本.zip”可能包含了不同Windows版本下的Explorer.exe文件,这些文件反映了该程序在...

			
		

	





	

		

			

				
					
感染explorer.exe,使用映像劫持,ShellExecHook…的AV杀手GRHSGIH.EXE2

				
			

			

				

					Purpleendurer@CSDN
				

				

					01-20
					
					1362
					
				

			

		

		

			
				
感染explorer.exe,使用映像劫持,ShellExecHook…的AV杀手GRHSGIH.EXE2endurer 原创2008-01-20 第1版从pe_xscan 的 log上看,这个AV杀手使用的招术与使用映像劫持,ARP欺骗,autorun.inf等技术的AV杀手mgemtjk.exe,sb.exe,qodwjay.exe,smsovct.exe等1http://blog

			
		

	





	

		

			

				
					
windows10的explorer.exe系统文件包

					
最新发布

				
			

			

				

					03-06
				

			

		

		

			
				
explorer.exe

			
		

	





	

		

			

				
					
如何对数据进行Base64编码(转载)

				
			

			

				

					64M便当的专栏
				

				

					08-22
					
					1740
					
				

			

		

		

			
				
                            浅谈Base64编码来源:CSTC 作者:朱岩 我打赌当你见到Base64这个词的时候你会觉得在哪里见过,因为在你能够上网看到这篇文章的时候你已经在后台使用它了。如果您对二进制数有所了解,你就可以开始读它了。打开一封Email,查看其原始信息(您可以通过收取、导出该邮件用文本编辑器查看)。你会看到类似这样的一个效果: Date: Thu, 2

			
		

	





	

		

			

				
					
感染explorer.exe,使用映像劫持,ShellExecHook…的AV杀手GRHSGIH.EXE3

				
			

			

				

					caobihole
				

				

					01-22
					
					805
					
				

			

		

		

			
				

感染explorer.exe,使用映像劫持,ShellExecHook…的AV杀手GRHSGIH.EXE3
endurer 原创2008-01-22 第1版
部分恶意程序文件信息,瑞星的反应比Kaspersky要出色……
文件说明符 : C:/WINDOWS/LotusHlp.exe属性 : A---获取文件版本信息大小失败!创建时间 : 1999-1-18 11:59:12修改时间 :...

			
		

	





	

		

			

				
					
HMI-11-[Qt 布局]:底部信息的实现

				
			

			

				

					DreamLife
				

				

					09-25
					
					1431
					
				

			

		

		

			
				
基于Qt的汽车仪表模拟


程序体验地址:https://pan.baidu.com/s/1rQFZx5JIud8lWdjMHl0tpg

目前版本还没有成功把字体打包的程序中,为了更好的效果体验,请先安装文件中的两个字体

效果图如下







在下方的显示信息主要要左侧的显示信息,中间的档位信息和右侧的总公里数。剩下的信息可以在后面丰富







目前显示内容极少,实现简单

...

			
		

	





	

		

			

				
					
Meterpreter命令详解

				
			

			

				

					子曰小玖的博客
				

				

					08-08
					
					1万+
					
				

			

		

		

			
				
0x01初识Meterpreter

1.1.什么是Meterpreter

 Meterpreter是Metasploit框架中的一个扩展模块,作为溢出成功以后的攻击载荷使用,攻击载荷在溢出攻击成功以后给我们返回一个控制通道。使用它作为攻击载荷能够获得目标系统的一个Meterpreter shell的链接。Meterpreter shell作为渗透模块有很多有用的功能,比如添加一个用户、隐藏一...

			
		

	





	

		

			

				
					
重启资源管理器=结束资源管理器explorer.exe与启动资源管理器explorer.exe的源代码

				
			

			

				

					03-19
				

			

		

		

			
				
重新启动资源管理器则通常需要使用CreateProcess或者ShellExecute等API来创建新的explorer.exe进程。  文件列表中的"ReplaceFolder.h"、"Functions.h"、"Resource.h"、"Functions.cpp"、"ReplaceFolder.clw"、...

			
		

	





	

		

			

				
					
httpClient post对长参数接口的测试

				
			

			

				

					zq24zq的博客
				

				

					12-14
					
					32万+
					
				

			

		

		

			
				
//测试方法 对于参数特别长的如base64解析过的图片

public static void main(String[] args) throws Exception {
            String url = "localhost:8081/teach/teached/user/setInfor.ht";
            Map map = new HashMap(

			
		

	





	

		

			

				
					
winyyy.sys,hcpidesk.sys,mtlrd.sys,uldfhjfh.sys,servets.exe等1

				
			

			

				

					Purpleendurer@CSDN
				

				

					11-19
					
					7907
					
				

			

		

		

			
				
 winyyy.sys,hcpidesk.sys,mtlrd.sys,uldfhjfh.sys,servets.exe等1 endurer 原创2009-11-19 第1版 一位朋友的电脑最近开机速度很慢,而且有QQ提示框说“您的QQ号已经被系统选取为【10周年庆典】的二等奖获得者”  很多程序运行不了,请偶帮忙检修。用 pe_xscan 扫描 log 并分

			
		

	





	

		

			

				
					
WPF 提示"该密钥文件可能受密码保护。若要更正此问题,请尝试再次导入证书,或手动将证书安装到具有以下密钥容器名称的强名称"的解决方法

				
			

			

				

					田发江的专栏
				

				

					02-12
					
					6172
					
				

			

		

		

			
				
1.打开Visual Studio 命令提示(2010): 开始->Microsoft Visual Studio 2010->Visual Studio Tools->Visual Studio 命令提示(2010)
2.用cd命令定位到当前密钥文件xxxx.pfx的目录 cd /d 
例如: cd /d "C:\administrator\My Documents\Visual Studi

			
		

	



              




          




        



    





    



      

      

        
      

      





	

		评论	
	

	
	




  

    

      添加红包
      
    

    

      

        
        

          
          
        

        
请填写红包祝福语或标题

      

      

        
        

          
          
        

        
红包个数最小为10个

      

      

        
        

          
          
        

        
红包金额最低5元

      

      

        
        

          当前余额3.43前往充值 >
        

      

      

        

          需支付:10.00

        
        
      

    

  





  

    
    
  

  

    
    
  








  

    

      

        

          

            
            
成就一亿技术人!

          

          

        

        

          

          

            领取后你会自动成为博主和红包主的粉丝
            规则
          

        

      

      

        

          

            
              
            
            

              
hope_wisdom
 发出的红包
            

          

        

        

          

          

          

        

      

    

    

  



      
      

      
实付

      
使用余额支付

      

        

          

            
            点击重新获取
          

        

        
扫码支付

      

      

        
          
            
          
          
        
      

      

        
        钱包余额
          0
          

            
            

              

                
抵扣说明:

                
 1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
 2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

              

            

          

      

      余额充值