反病毒dlq.exe/cedafb.dll/dat1.tmp/mpwdcapi.dll/dbi100.dll等

于 2008-06-03 21:45:00 发布
阅读量154 收藏
点赞数
文章标签: 操作系统 网络 shell
HKLM/Software/Microsoft/Windows/CurrentVersion/Explorer/ShellExecuteHooks
+ cedafb.dll c:/windows/system32/cedafb.dll
+ dat1.tmp c:/documents and settings/shi/local settings/temp/dat1.tmp
+ mpwdcapi.dll c:/windows/system32/mpwdcapi.dll
+ oohxcbyt.dll c:/windows/system32/oohxcbyt.dll
+ yzztfmsn.dll c:/windows/system32/yzztfmsn.dll
+ zxptejpg.dll c:/windows/system32/zxptejpg.dll
+ zyzxfime.dll c:/windows/system32/zyzxfime.dll
HKLM/Software/Microsoft/Windows/CurrentVersion/Explorer/Browser Helper Objects
+ {35694105-5108-9405-3695-954187462153} c:/windows/system32/mpwdcapi.dll
+ {4B1AEF69-DDAE-FDAD-DCAB-698F026ABDB4} c:/windows/system32/oohxcbyt.dll
+ {6490415F-65F8-B5C5-D8BA-9405FB120546} c:/windows/system32/yzztfmsn.dll
+ {6A59145F-315D-BC23-AC1F-145DF81A34A6} c:/windows/system32/zyzxfime.dll
+ {91698482-6555-3666-1222-954784129019} c:/windows/system32/zxptejpg.dll
HKLM/Software/Microsoft/Windows NT/CurrentVersion/Image File Execution Options
这个下面有一堆安全软件被image到c:/windows/system32/svchost.exe
HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Windows/Appinit_Dlls
+ dbi100.dll c:/windows/system32/dbi100.dll
+ dbi100.dll c:/windows/system32/dbi100.dll
+ SysWoWa8.dll File not found: SysWoWa8.dll
HKLM/System/CurrentControlSet/Services
+ seictrl 控制系统安全设置和配置。 c:/windows/system32/dbi100.dll

启动项目
注册表
[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run]
<WinShell><"C:/WINDOWS/system32/Rundll32.exe" "C:/WINDOWS/system32/shell32.dll",Control_RunDLL "C:/DOCUME~1/shi/LOCALS~1/Temp/dat1.tmp"> [N/A]
[HKEY_LOCAL_MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Windows]
<AppInit_DLLs><dbi100.dll,dbi100.dll SysWoWa8.dll> []
[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/ShellExecuteHooks]
<{7FA4A83B-F99A-4bfc-A8E2-6A62B05D2C82}><C:/DOCUME~1/shi/LOCALS~1/Temp/dat1.tmp> []
<{4B1AEF69-DDAE-FDAD-DCAB-698F026ABDB4}><C:/WINDOWS/system32/oohxcbyt.dll> []
<{6490415F-65F8-B5C5-D8BA-9405FB120546}><C:/WINDOWS/system32/yzztfmsn.dll> []
<{91698482-6555-3666-1222-954784129019}><C:/WINDOWS/system32/zxptejpg.dll> []
<{35694105-5108-9405-3695-954187462153}><C:/WINDOWS/system32/mpwdcapi.dll> []
<{84143967-B645-4BFF-B873-DA1DC886E9A7}><C:/WINDOWS/system32/cedafb.dll> []
<{6A59145F-315D-BC23-AC1F-145DF81A34A6}><C:/WINDOWS/system32/zyzxfime.dll> []
==================================
Winsock 提供者
NVIDIA App Filter over [MSAFD Tcpip [TCP/IP]]
C:/WINDOWS/system32/nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [MSAFD Tcpip [UDP/IP]]
C:/WINDOWS/system32/nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [MSAFD Tcpip [RAW/IP]]
C:/WINDOWS/system32/nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [RSVP UDP Service Provider]
C:/WINDOWS/system32/nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [RSVP TCP Service Provider]
C:/WINDOWS/system32/nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [MSAFD NetBIOS [/Device/NetBT_Tcpip_{2DD0ECF1-7550-48C2-87E4-BDA1FB26A021}] SEQPACKET 0]
C:/WINDOWS/system32/nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [MSAFD NetBIOS [/Device/NetBT_Tcpip_{2DD0ECF1-7550-48C2-87E4-BDA1FB26A021}] DATAGRAM 0]
C:/WINDOWS/system32/nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [MSAFD NetBIOS [/Device/NetBT_Tcpip_{EB95D8C3-E2B4-40AB-B416-24413D82E921}] SEQPACKET 1]
C:/WINDOWS/system32/nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [MSAFD NetBIOS [/Device/NetBT_Tcpip_{EB95D8C3-E2B4-40AB-B416-24413D82E921}] DATAGRAM 1]
C:/WINDOWS/system32/nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [MSAFD NetBIOS [/Device/NetBT_Tcpip_{5C1B339F-B0A5-4044-93D7-38E4D600A8C1}] SEQPACKET 2]
C:/WINDOWS/system32/nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [MSAFD NetBIOS [/Device/NetBT_Tcpip_{5C1B339F-B0A5-4044-93D7-38E4D600A8C1}] DATAGRAM 2]
C:/WINDOWS/system32/nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [MSAFD NetBIOS [/Device/NetBT_Tcpip_{F8D2AD17-4C21-42B9-B95E-A0A9659A636B}] SEQPACKET 3]
C:/WINDOWS/system32/nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [MSAFD NetBIOS [/Device/NetBT_Tcpip_{F8D2AD17-4C21-42B9-B95E-A0A9659A636B}] DATAGRAM 3]
C:/WINDOWS/system32/nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [MSAFD NetBIOS [/Device/NetBT_Tcpip_{F4B6FA4D-5849-4AB2-A48E-A1B44173C465}] SEQPACKET 4]
C:/WINDOWS/system32/nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [MSAFD NetBIOS [/Device/NetBT_Tcpip_{F4B6FA4D-5849-4AB2-A48E-A1B44173C465}] DATAGRAM 4]
C:/WINDOWS/system32/nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter
C:/WINDOWS/system32/nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)


C:/WINDOWS/system32/SysWoWa8.dll
C:/WINDOWS/TEMP/Pandrv.sys
C:/WINDOWS/system32/drivers/secdrv.sys
C:/DOCUME~1/shi/LOCALS~1/Temp/dat1.tmp
C:/WINDOWS/system32/cedafb.dll
C:/RECYCLER/S-1-5-21-1645522239-1647877149-839522115-1003/Dc11.tmp

2004-08-09 06:39 15,198 axptajpg.exe
2004-08-09 06:40 16,245 azzxaime.exe
2008-05-12 06:39 222,208 cedafb.dll
2008-05-11 22:33 18,432 dbi100.dll
2008-06-03 21:38 0 dir.txt
2004-08-09 06:40 520 fxzxbime.sys
2004-08-09 06:39 520 fzptbjpg.sys
2008-05-12 06:41 215,040 hfrdzx.dll
2004-08-09 06:38 16,318 jbhxabyt.exe
2008-05-12 06:40 215,040 jdsaex.dll
2004-08-09 06:39 536,072 mpwdcapi.dll
2004-08-08 22:33 536,584 oohxcbyt.dll
2004-08-09 06:39 16,140 siwdaapi.exe
2008-05-12 06:40 215,040 sjhrdh.dll
2004-08-09 06:38 1,040 smhxbbyt.sys
2004-08-09 06:39 520 spwdbapi.sys
2004-08-09 06:38 520 xfztbmsn.sys
2004-08-09 06:38 535,048 yzztfmsn.dll
2004-08-09 06:38 16,045 zaztamsn.exe
2004-08-09 06:39 534,536 zxptejpg.dll
2004-08-09 06:40 536,584 zyzxfime.dll

dlq.exe
iteye_887
关注
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值