遭遇secuers32.exe,Internet.exe,Explore.exe,pig.vbs,HBKernel.sys,ssqexd.sys等1
2024-05-15 13:40:18
遭遇secuers32.exe,Internet.exe,Explore.exe,pig.vbs,HBKernel.sys,ssqexd.sys等1
endurer 原创
2008-09-06 第1版
一位朋友说他的电脑开机后提示ctfmon.exe出错,未能进入桌面,黑屏无显示,进入安全模式也一样。请偶帮忙检修。
使用带命令提示符的安全模式启动,还可以登录,运行pe_xscan扫描 log 并分析,发现如下可疑项:
/===pe_xscan 08-07-01 by Purple Endurer 2008-9-6 10:55:35 Windows XP Service Pack 2(5.1.2600) MSIE:7.0.5730.13 管理员用户组 安全模式 C:/WINDOWS/System32/debug.exe * 260 | 2002-10-7 4:0:0 F2 - REG: system.ini: UserInit = <C:/WINDOWS/system32/Userinit.exe,C:/Program Files/Common Files/System/secuers32.exe> O1 - Hosts: 219.235.3.16 search.114.vnet.cnO1 - Hosts: 219.235.3.16 keyword.vnet.cnO1 - Hosts: 219.235.3.16 www.360safe.comO1 - Hosts: 219.235.3.16 www.k369.comO1 - Hosts: 219.235.3.16 www.5566.netO1 - Hosts: 219.235.3.16 360safe.comO1 - Hosts: 202.165.102.243 update.360safe.comO1 - Hosts: 219.235.3.16 dl.360safe.comO1 - Hosts: 219.235.3.16 down.360safe.comO1 - Hosts: 219.235.3.16 bbs.360safe.comO1 - Hosts: 219.235.3.16 kaba.360safe.comO1 - Hosts: 219.235.3.16 baike.360safe.comO1 - Hosts: 219.235.3.16 www.360.cnO1 - Hosts: 219.235.3.16 360.cnO1 - Hosts: 219.235.3.16 wopti.360.cnO1 - Hosts: 202.165.102.243 update.360.cnO1 - Hosts: 219.235.3.16 dl.360.cnO1 - Hosts: 219.235.3.16 down.360.cnO1 - Hosts: 219.235.3.16 bbs.360.cnO1 - Hosts: 219.235.3.16 kaba.360.cnO1 - Hosts: 219.235.3.16 baike.360.cnO1 - Hosts: 219.235.3.16 360.qihoo.comO1 - Hosts: 219.235.3.16 360safe.qihoo.comO1 - Hosts: 219.235.3.16 forum.ikaka.comO1 - Hosts: 219.235.3.16 www.ikaka.comO1 - Hosts: 202.165.102.243 update.ikaka.comO1 - Hosts: 219.235.3.16 forum.jiangmin.comO1 - Hosts: 202.165.102.243 update.jiangmin.comO1 - Hosts: 202.165.102.243 update.rising.com.cnO1 - Hosts: 219.235.3.16 online.rising.com.cnO1 - Hosts: 202.165.102.243 center.rising.com.cnO1 - Hosts: 219.235.3.16 up.duba.netO1 - Hosts: 219.235.3.16 vi.duba.netO1 - Hosts: 219.235.3.16 shadu.baidu.comO1 - Hosts: 219.235.3.16 du.baidu.comO1 - Hosts: 219.235.3.16 security.symantec.comO1 - Hosts: 219.235.3.16 shadu.duba.netO1 - Hosts: 219.235.3.16 bbs.duba.netO1 - Hosts: 219.235.3.16 www.duba.netO1 - Hosts: 219.235.3.16 online.jiangmin.comO1 - Hosts: 219.235.3.16 cn.mcafee.comO1 - Hosts: 219.235.3.16 www.ahn.com.cnO1 - Hosts: 219.235.3.16 www.kaspersky.com.cnO1 - Hosts: 219.235.3.16 www.pcav.cnO1 - Hosts: 219.235.3.16 www.luosoft.comO1 - Hosts: 219.235.3.16 www.im286.comO1 - Hosts: 219.235.3.16 bbs.htmlman.netO1 - Hosts: 202.165.102.243 download.rising.com.cnO1 - Hosts: 202.165.102.243 rsup08.rising.com.cnO1 - Hosts: 219.235.3.16 10000.286er.comO1 - Hosts: 219.235.3.16 im286.netO1 - Hosts: 219.235.3.16 ju.qihoo.comO1 - Hosts: 219.235.3.16 bbs.chinaz.comO1 - Hosts: 219.235.3.16 www.qihoo.comO1 - Hosts: 202.165.102.243 dnl-cn1.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cn2.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cn3.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cn4.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cn5.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cn6.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cn7.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cn8.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cn9.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cn10.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cn11.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cn12.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cn13.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cn14.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cn15.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-eu1.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-eu2.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-eu3.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-eu4.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-eu5.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-eu6.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-eu7.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-eu8.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-eu9.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-eu10.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-eu11.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-eu12.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-eu13.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-eu14.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-eu15.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-us1.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-us2.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-us3.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-us4.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-us5.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-us6.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-us7.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-us8.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-us9.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-us10.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-us11.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-us12.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-us13.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-us14.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-us15.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-ru1.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-ru2.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-ru3.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-ru4.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-ru5.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-ru6.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-ru7.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-ru8.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-ru9.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-ru10.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-ru11.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-ru12.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-ru13.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-ru14.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-ru15.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-jp1.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-jp2.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-jp3.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-jp4.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-jp5.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-jp6.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-jp7.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-jp8.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-jp9.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-jp10.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-jp11.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-jp12.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-jp13.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-jp14.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-jp15.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-kr1.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-kr2.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-kr3.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-kr4.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-kr5.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-kr6.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-kr7.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-kr8.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-kr9.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-kr10.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-kr11.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-kr12.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-kr13.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-kr14.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-kr15.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cd1.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cd2.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cd3.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cd4.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cd5.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cd6.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cd7.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cd8.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cd9.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cd10.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cd11.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cd12.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cd13.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cd14.kaspersky-labs.comO1 - Hosts: 202.165.102.243 dnl-cd15.kaspersky-labs.comO1 - Hosts: 202.165.102.243 downloads1.kaspersky-labs.comO1 - Hosts: 202.165.102.243 downloads2.kaspersky-labs.comO1 - Hosts: 202.165.102.243 downloads3.kaspersky-labs.comO1 - Hosts: 202.165.102.243 downloads4.kaspersky-labs.comO1 - Hosts: 202.165.102.243 downloads5.kaspersky-labs.comO1 - Hosts: 219.235.3.16 rss.360safe.comO1 - Hosts: 219.235.3.16 x.360safe.comO1 - Hosts: 219.235.3.16 d.360safe.comO1 - Hosts: 219.235.3.16 updatem.360safe.comO1 - Hosts: 219.235.3.16 softm.360safe.comO1 - Hosts: 219.235.3.16 zhuansha.duba.netO1 - Hosts: 219.235.3.16 buy.duba.netO1 - Hosts: 219.235.3.16 kad.www.duba.netO1 - Hosts: 219.235.3.16 cu001.www.duba.netO1 - Hosts: 219.235.3.16 cu002.www.duba.netO1 - Hosts: 219.235.3.16 cu003.www.duba.netO1 - Hosts: 219.235.3.16 cu004.www.duba.netO1 - Hosts: 219.235.3.16 cu005.www.duba.netO1 - Hosts: 219.235.3.16 cu010.www.duba.netO1 - Hosts: 219.235.3.16 client.download.duba.netO1 - Hosts: 219.235.3.16 test.591jx.comO1 - Hosts: 219.235.3.16 a.topxxxx.cnO1 - Hosts: 219.235.3.16 picon.chinaren.comO1 - Hosts: 219.235.3.16 www.5566.net O2 - BHO CAdLogic Object - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} = C:/Program Files/Common Files/PushWare/cpush1.dll | 2008-9-3 14:38:33| ? | 1.1.0.3| ?| ? | 1.1.0.3| ?| ? | softpush.dll | softpush.dll O2 - BHO 网站排名工具条BHO - {489873CE-F3E1-44A3-8E89-04BE26BE4446} = C:/Program Files/zzToolBar/Toolbar_bho.dll | 2008-7-25 11:22:50 | 网站排名工具条 BHO | V02 | 网站排名工具条 BHO | Copyright 2007 | V02 | www.chinarank.org.cn | | Toolbar_bho | Toolbar_bho.DLL O4 - HKLM/../Run: [360try] C:/DOCUME~1/rd/LOCALS~1/Temp/Internet.exeO4 - HKLM/../Run: [HBService] explore.exeO4 - HKLM/../RunOnce: [91t4q] %systemroot%/system32/Rundll32.exe %systemroot%/system32/91t4q.dll ,DllUnregisterServer O4 - HKLM/../Policies/Explorer/Run: [kcien12] kncer12.exeO4 - Startup: 腾讯QQ.lnk -> C:/Program Files/Internet Explorer/Explore.exeO4 - Global Startup: svchost.exe -> Invalid lnk file C:/autorun.inf/-----[autorun]open=jzllw.exeshellexecute=jzllw.exeshell/Auto/command=jzllw.exeshell=Auto-----/D:/autorun.inf/-----[autorun]open=jzllw.exeshellexecute=jzllw.exeshell/Auto/command=jzllw.exeshell=Auto-----/ O20 - AppInit_DLLs = mcromv.dll,wllame.dll,candayl.dll,eskisl.dll,comboaus.dll,thermaltinc.dll,cxpop.dll,lensch.dll,johandy.dll,catower.dll,qxfel.dll O21 - SSODL - dpvvoxmh.dll(9) - {2876D76C-CAAA-4313-AF97-8D1D9A2A1087} = C:/WINDOWS/system32/dpvvoxmh.dll | 2008-9-5 12:48:9 O21 - SSODL - kbdgrms.dll(7) - {E560642D-A32D-432c-9E7E-9A135CC37E0F} = C:/WINDOWS/system32/kbdgrms.dll | 2008-9-5 16:6:8 O21 - SSODL - xolehlpjh.dll(8) - {F0930A2F-D971-4828-8209-B7DFD266ED44} = C:/WINDOWS/system32/xolehlpjh.dll | 2008-9-5 12:48:26 O21 - SSODL - dispexcb.dll(D) - {76D44356-B494-443a-BEDC-AA68DE4255E6} = C:/WINDOWS/system32/dispexcb.dll | 2008-9-5 16:6:25 O21 - SSODL - vhvyjunk.dll(9) - {21BE5FDF-D4CB-4850-AD99-21E68B50BF3F} = C:/WINDOWS/system32/cbcatdih.dll | 2008-9-5 16:6:38 O21 - SSODL - lweurqhx.dll(5) - {71A78CD4-E470-4a18-8457-E0E0283DD507} = C:/WINDOWS/system32/lweurqhx.dll | 2008-9-5 12:49:15 O21 - SSODL - slbiopfs2.dll(B) - {EB9660D8-E1CD-4ff0-B4A9-00CD907F928A} = C:/WINDOWS/system32/slbiopfs2.dll | 2008-9-5 12:49:33 O21 - SSODL - cliconfgzx.dll(B) - {7A6DF30E-D0F2-446f-B4F0-BF4232D60E07} = C:/WINDOWS/system32/cliconfgzx.dll | 2008-9-5 16:7:29 O21 - SSODL - bootvidgj.dll(8) - {D3112B69-A745-4805-874E-ABD480EA1299} = C:/WINDOWS/system32/bootvidgj.dll | 2008-9-5 13:8:51 O21 - SSODL - mstimewd.dll(B) - {65056902-6E7B-4bd7-95BA-688DB5FA5BEB} = C:/WINDOWS/system32/mstimewd.dll | 2008-9-5 13:9:3 O21 - SSODL - tnczucpf.dll(9) - {21BE5FDF-D4CB-4850-AD99-21E68B50BF3F} = C:/WINDOWS/system32/cbcatdih.dll | 2008-9-5 16:6:38 O21 - SSODL - cbcatdih.dll(9) - {21BE5FDF-D4CB-4850-AD99-21E68B50BF3F} = C:/WINDOWS/system32/cbcatdih.dll | 2008-9-5 16:6:38 O21 - SSODL - inetresdxc.dll(8) - {BB4E3499-0132-4d3f-849A-2BE1B26D84E1} = C:/WINDOWS/system32/inetresdxc.dll | 2008-9-5 16:6:51 O23 - 服务: Apcdli () - C:/Program Files/Microsoft Office/SYSTEM/apcdli.sys (自动) O23 - 服务: HBKernel (HBKernel Driver) - system32/DRIVERS/HBKernel.sys (引导) O23 - 服务: mrs5gz7 (mrs5gz7) - System32/DRIVERS/mrs5gz7.sys (引导) O23 - 服务: msiffei () - System32/Drivers/msiffei.sys | 2008-9-5 7:19:44(手动) O23 - 服务: Nessery (Nessery) - C:/WINDOWS/system32/Nessery.sys (手动) O23 - 服务: uapkel (uapkel) - C:/WINDOWS/system32/svchost.exe -k uapkel| 2002-10-7 4:0:0 -> C:/WINDOWS/System32/ppgaad.dll | 2002-10-7 4:0:0(自动) O23 - 服务: ULSStorage (ULSStorage) - C:/WINDOWS/system32/2973a.exe (自动) O23 - 服务: WbWin () - C:/WINDOWS/System32/svchost.exe -k netsvcs | 2002-10-7 4:0:0 -> C:/WINDOWS/avtapit.dll(自动) O23 - 服务: Windows (Windows) - C:/WINDOWS/Windows.exe | 2008-8-19 10:3:50(自动) O23 - 服务: yapkelqz (yapkelqz) - C:/WINDOWS/system32/drivers/ppgaad.sys (自动) O23 - 服务: ylhizu (ylhizu) - C:/WINDOWS/system32/svchost.exe -k ylhizu| 2002-10-7 4:0:0 -> C:/WINDOWS/System32/ssqexd.dll| 2002-10-7 4:0:0(自动) O23 - 服务: ylhizukh (ylhizukh) - C:/WINDOWS/system32/drivers/ssqexd.sys | 2002-10-7 4:0:0(自动) O24 - ShlExecHook: [7] - {2876D76C-CAAA-4313-AF97-8D1D9A2A1087} = C:/WINDOWS/system32/dpvvoxmh.dll | 2008-9-5 12:48:9 O24 - ShlExecHook: [F] - {E560642D-A32D-432c-9E7E-9A135CC37E0F} = C:/WINDOWS/system32/kbdgrms.dll | 2008-9-5 16:6:8 O24 - ShlExecHook: [4] - {F0930A2F-D971-4828-8209-B7DFD266ED44} = C:/WINDOWS/system32/xolehlpjh.dll | 2008-9-5 12:48:26 O24 - ShlExecHook: [6] - {76D44356-B494-443a-BEDC-AA68DE4255E6} = C:/WINDOWS/system32/dispexcb.dll | 2008-9-5 16:6:25 O24 - ShlExecHook: [F] - {21BE5FDF-D4CB-4850-AD99-21E68B50BF3F} = C:/WINDOWS/system32/cbcatdih.dll | 2008-9-5 16:6:38 O24 - ShlExecHook: [C] - {C629FF4F-ACDB-5C90-A098-FACB3456A26C} = C:/WINDOWS/Fonts/lopdfeab.dll | 2004-8-8 16:6:43 O24 - ShlExecHook: [7] - {71A78CD4-E470-4a18-8457-E0E0283DD507} = C:/WINDOWS/system32/lweurqhx.dll | 2008-9-5 12:49:15 O24 - ShlExecHook: [C] - {7ADC2AB1-5C6A-4178-82DA-94863354AF7C} = 7ADC2AB1.dllO24 - ShlExecHook: [A] - {EB9660D8-E1CD-4ff0-B4A9-00CD907F928A} = C:/WINDOWS/system32/slbiopfs2.dll | 2008-9-5 12:49:33 O24 - ShlExecHook: [7] - {7A6DF30E-D0F2-446f-B4F0-BF4232D60E07} = C:/WINDOWS/system32/cliconfgzx.dll | 2008-9-5 16:7:29 O24 - ShlExecHook: [MICROSOFT] - {0B846B26-BFE6-4E8E-A948-1DB17B77B483} = C:/WINDOWS/system32/tdfhex.dll | 2008-9-4 6:22:24 O24 - ShlExecHook: [9] - {D3112B69-A745-4805-874E-ABD480EA1299} = C:/WINDOWS/system32/bootvidgj.dll | 2008-9-5 13:8:51 O24 - ShlExecHook: [B] - {65056902-6E7B-4bd7-95BA-688DB5FA5BEB} = C:/WINDOWS/system32/mstimewd.dll | 2008-9-5 13:9:3 O24 - ShlExecHook: [7] - {CF8850CD-885D-4380-9E1B-8C987F011437} = CF8850CD.dllO24 - ShlExecHook: [F] - {4BF9CBA3-8DEE-41A1-8BDB-FC28D30E949F} = 4BF9CBA3.dllO24 - ShlExecHook: [1] - {BB4E3499-0132-4d3f-849A-2BE1B26D84E1} = C:/WINDOWS/system32/inetresdxc.dll | 2008-9-5 16:6:51 O24 - ShlExecHook: [B] - {369774CA-7CB4-4A3F-A9A9-77D6BC53CB3B} = 369774CA.dllO25 - InsCom: {H8I22RB03-AB-B70-7-11d2-9CBD-0O00FS7AH6-9E2121BHJLK} = C:/WINDOWS/Tasks/pig.vbs O27 - DeskCom: 1(name) - hxxp://www.fe**i*zh*u*s*o*.cn/index.htm#my_1000 -> .HKLM/SHOWALL 值非1
===/
最可怕的就是开机启动项(HijackThis/pe_xscan的O4组)中的QQ快捷方式:腾讯QQ.lnk 被恶意修改指向 C:/Program Files/Internet Explorer/Explore.exe
另外DeskCom(pe_xscan的O27组)也被恶意程序使用了,指向hxxp://www.fe**i*zh*u*s*o*.cn/index.htm#my_1000
(未完待续)
遭遇secuers32.exe,Internet.exe,Explore.exe,pig.vbs,HBKernel.sys,ssqexd.sys等1相关推荐
- 遭遇kav32.exe,scvhost.exe,NXD.exe,WINMSCABC.IME,extext74296t.exe等1
遭遇kav32.exe,scvhost.exe,NXD.exe,extext74296t.exe等1 endurer 原创 2009-11-10 第1版 昨天一位同事的电脑中了病毒,瑞星监控小伞图标消 ...
- 怎样用调用资源管理器explore.exe打开指定的文件夹
怎样用调用资源管理器explore.exe打开指定的文件夹 VCL组件开发及应用 http://www.delphi2007.net/DelphiVCL/html/delphi_20061225173 ...
- 遭遇HBKernel32.sys,aliimz.sys,System.exe,koauolte.exe,cho22.tmp等2
遭遇HBKernel32.sys,aliimz.sys,System.exe,koauolte.exe,cho22.tmp等2 (续1) 因为时间的关系,不能对病毒样本文件做测试,这里把部分文件信息发 ...
- 按“Win+E”键出现【找不到应用程序】或【explore.exe找不到】的解决方法
Win+R一波三折 重装系统后Win+E(打开资源管理器的快捷键)就打不开了,感觉是这系统不纯净导致的-- 找了很多方法都不管用(重新下载explore,运行啥命令什么的--),一波三折,昨天好不容易 ...
- 按“window+E”键出现【找不到应用程序】或【explore.exe找不到】的解决方法
按"window+E"键出现[找不到应用程序]或[explore.exe找不到]的解决方法 问题描述 按"win+e键"无法打开此电脑 解决步骤 步骤1 按&q ...
- 遭遇svchoct.exe,vonine.exe,HBKernel32.sys,ssdtti.sys,System.exe,ublhbztl.sys等2
遭遇svchoct.exe,vonine.exe,HBKernel32.sys,ssdtti.sys,System.exe,ublhbztl.sys等2 endurer 原创 2008-10-23 第 ...
- 遭遇Trojan DL Multi wfg sss exe SCVHOST EXE autorun inf 等
分享一下我老师大神的人工智能教程.零基础!通俗易懂!风趣幽默!还带黄段子!希望你也加入到我们人工智能的队伍中来!https://blog.csdn.net/jiangjunshow endurer 原 ...
- 遭遇难缠的病毒群ntldr.exe和c0nime.exe等,可杀
据当事人说中毒后就上不了网了,我没有确认.每个硬盘分区下都有 Autorun.inf和ntldr.exe,C:/Windows/System/目录 下有 c0nime.exe(那是数字0不是字母o)等 ...
- 遭遇Trojan.DL.Multi.wfg(sss.exe、SCVHOST.EXE、autorun.inf)等
endurer 原创 2006-12-23 第2版 补充修订 2006-12-22 第1版 昨天下午,一位朋友的电脑接入U盘后弹出错误信息框,提示找不到A盘什么的,关了又调出来.让我帮忙看看. 用Wi ...
最新文章
- Announcing the Updated NGINX and NGINX Plus Plug‑In for New Relic (Version 2)
- 关于appcan自动升级功能
- torch 多进程队列 问题
- python基础包括什么-Python基础题
- maven web项目不能创建src/main/java等文件夹的问题
- 初一级练习题(2019.3.8)
- Nature Reviews Cancer综述:长非编码RNA在肿瘤转移中的作用
- Asp.net(C#)中备份还原SQL Server数据库实现
- 【KMP】KMP 字符串匹配算法
- Python之面向对象 私有属性和私有方法
- WINDOWS下内存泄漏检测工具VLD(Visual Leak Detector)的使用
- 笔记本电脑亮度调节键失灵了,该怎么解决?
- Untiy InputSystem(一) 新旧API对比
- Java常见面试题(2)
- TargetSdkVersion升级到30后,安卓11手机上,apk解析失败
- Dockers(六)- Docker镜像使用
- 计算机系统实验六:程序的链接
- Hadoop实战应用
- 数据库常用的操作命令
- 计算机毕业设计SSM大学生心理健康管理系统【附源码数据库】