昨天才提醒,今天就有网友点击QQ信息中的网址,中Worm Viking pk/Worm Win32 Viking jg了
endurer 原创
2007-03-20 第1版
昨天才提醒大家小心QQ信息中的网址会传播维金/Viking等病毒:
小心QQ信息中的网址传播维金Worm.Win32.Viking.ix/Worm.Viking.pg
http://endurer.bokee.com/6171794.html
http://blog.csdn.net/Purpleendurer/archive/2007/03/19/1534201.aspx
http://blog.sina.com.cn/u/49926d91010007zy
http://blog.i0778.com/?1314/action_viewspace_itemid_2795.html
想不到今天就有一位网友中标了。N多病毒,偶都不愿打包了。
pe_xscan 和 HijackThis 的log中也只包含了其中的一部分而已。
先把pe_xscan 和 HijackThis 的log。明天再细述。
pe_xscan 07-03-17 by Purple Endurer
2007-3-20 17:0:26
Windows XP Service Pack 1(5.1.2600)
管理员用户组
[System Process] * 0
C:/Documents and Settings/Administrator/Local Settings/Temporary Internet Files/Content.IE5/HZBCNCMU/3[1].exe | 2007-3-20 16:47:34
C:/Program Files/Internet Explorer/PLUGINS/SystemKb.sys | 2007-3-18 8:24:20
C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/LgSy0.dll | 2003-3-15 0:0:0
C:/WINDOWS/System32/Qqzos.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/LgSy1.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Rav30.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Msxo0.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/LgSy0r.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Gjzo0.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Rav20.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Wmzo0.dll | 2003-3-15 0:0:0
C:/WINDOWS/system32/svchost.exe * 840 | 2003-3-15 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.0 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.0 (xpclient.010817-1148) | Microsoft Corporation| ? | svchost.exe | svchost.exe
C:/WINDOWS/System32/cdnns.dll | 2007-3-20 10:47:16 | CNNIC cdnns | 2, 0, 0, 0 | cdnns | Copyright ? 2005 | 2, 0, 0, 0 | CNNIC | | cdnns | cdnns.dll
C:/WINDOWS/Explorer.exe * 1396 | 2003-3-15 0:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2800.1106 | Windows Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2800.1106 (xpsp1.020828-1920) | Microsoft Corporation| ? | explorer | EXPLORER.EXE
C:/Program Files/Common Files/Microsoft Shared/MSINFO/NewInfo.rxk | 2007-3-20 15:16:42
C:/Program Files/Internet Explorer/PLUGINS/SystemKb.sys | 2007-3-18 8:24:20
C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
C:/Program Files/Internet Explorer/IEXPLORE.win | 2007-3-20 15:9:36
C:/WINDOWS/System32/ntd11.dll | 2007-3-19 14:16:54 | | 1.0.0.0 | | | 1.1.1.150 | | | |
C:/WINDOWS/System32/cdnns.dll | 2007-3-20 10:47:16 | CNNIC cdnns | 2, 0, 0, 0 | cdnns | Copyright ? 2005 | 2, 0, 0, 0 | CNNIC | | cdnns | cdnns.dll
C:/Program Files/Thunder Network/Thunder/ComDlls/XunLeiBHO_006.dll | 2006-11-24 0:42:22 | XunLeiBHO Module | 5, 0, 0, 3 | XunLeiBHO | Copyright 2004-2006 | 5, 0, 0, 3 | Thunder Networking Technologies,LTD | | XunLeiBHO | XunLeiBHO.dll
C:/Program Files/Thunder Network/Thunder/ComDlls/ThunderAgent_005.dll | 2006-11-6 16:56:50 | ThunderAgent Module | 1, 0, 0, 11 | ThunderAgent Module | Copyright 2005-2006 | 1, 0, 0, 11 | Thunder Networking Technologies,LTD | | ThunderAgent | ThunderAgent.DLL
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/LgSy0.dll | 2003-3-15 0:0:0
C:/WINDOWS/System32/Qqzos.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/LgSy1.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Rav30.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Msxo0.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Rav20.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Gjzo0.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/LgSy0r.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Wmzo0.dll | 2003-3-15 0:0:0
C:/PROGRA~1/一起搜/tbu08947/tbhelper.dll | 2007-3-19 14:35:16 | IE Toolbar | 3.0.1.0 | IE Toolbar Helper Module | Copyright ? 2001-2007. All rights reserved. | 3, 0, 1, 56 | | | tbhelper | tbhelper.dll
C:/WINDOWS/System32/conime.exe * 1876 | 2003-3-15 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.1106 | Console IME | ? Microsoft Corporation. All rights reserved. | 5.1.2600.1106 (xpsp1.020828-1920) | Microsoft Corporation| ? | Console | CONIME.EXE
C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
C:/Program Files/Internet Explorer/PLUGINS/SystemKb.sys | 2007-3-18 8:24:20
C:/WINDOWS/System32/ctfmon.exe * 1940 | 2003-3-15 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.1106 | CTF Loader | ? Microsoft Corporation. All rights reserved. | 5.1.2600.1106 (xpsp1.020828-1920) | Microsoft Corporation| ? | CTFMON | CTFMON.EXE
C:/Program Files/Internet Explorer/PLUGINS/SystemKb.sys | 2007-3-18 8:24:20
C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
C:/WINDOWS/servicer.exe * 952 | 2003-3-15 0:0:0
C:/WINDOWS/servicer.exe | 2003-3-15 0:0:0
C:/WINDOWS/System32/Qqzos.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/byetmr.exe * 1696 | 2007-3-20 16:48:52 | Microsoft(R) Windows(R) Operating System | 5.1.2600.0 | Windows Calculator application file | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.0 (xpclient.010817-1148) | Microsoft Corporation| ? | CALC | CALC.EXE
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/byetmr.exe | 2007-3-20 16:48:52 | Microsoft(R) Windows(R) Operating System | 5.1.2600.0 | Windows Calculator application file | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.0 (xpclient.010817-1148) | Microsoft Corporation| ? | CALC | CALC.EXE
C:/Program Files/Internet Explorer/PLUGINS/SystemKb.sys | 2007-3-18 8:24:20
C:/WINDOWS/System32/cdnns.dll | 2007-3-20 10:47:16 | CNNIC cdnns | 2, 0, 0, 0 | cdnns | Copyright ? 2005 | 2, 0, 0, 0 | CNNIC | | cdnns | cdnns.dll
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/packet.dll | 2007-3-20 16:48:52 | WinPcap low level packet library | 3, 1, 0, 27 | Packet | Copyright ? 1999-2005 NetGroup, Politecnico di Torino. Copyright ? 2005 CACE Technologies | 3, 1, 0, 27 | CACE Technologies | | Packet | Packet.dll
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/WanPacket.dll | 2007-3-20 16:48:52 | WinPcap low level NetMon wrapper library | 3, 1, 0, 27 | WanPacket | Copyright ? 2005 CACE Technologies. Copyright ? 2003-2005 NetGroup, Politecnico di Torino. | 3, 1, 0, 27 | CACE Technologies | | WanPacket | WanPacket.dll
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/NPPTools.dll | 2007-3-20 16:48:52 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | NPP Tools Helper DLL | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | NPPTools.DLL | NPPTools.DLL
C:/WINDOWS/System32/npp/ndisnpp.dll | 2003-3-15 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.1106 | Network Monitor NDIS Network Packet Provider | ? Microsoft Corporation. All rights reserved. | 5.1.2600.1106 (xpsp1.020828-1920) | Microsoft Corporation| ? | NDISNPP.DLL | NDISNPP.DLL
C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/sl.exe * 1908 | 2007-3-20 16:49:2
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/sl.exe | 2007-3-20 16:49:2
C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
C:/WINDOWS/System32/SVCH0ST.EXE * 1128 | 2003-3-15 0:0:0
C:/WINDOWS/System32/SVCH0ST.EXE | 2003-3-15 0:0:0
C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
C:/Program Files/Internet Explorer/IEXPLORE.EXE * 240 | 2003-3-15 8:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2800.1106 | Internet Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2800.1106 (xpsp1.020828-1920) | Microsoft Corporation| ? | iexplore | IEXPLORE.EXE
C:/WINDOWS/System32/cdnns.dll | 2007-3-20 10:47:16 | CNNIC cdnns | 2, 0, 0, 0 | cdnns | Copyright ? 2005 | 2, 0, 0, 0 | CNNIC | | cdnns | cdnns.dll
C:/Program Files/Common Files/System/ado/msado15.dll | 2003-3-15 8:0:0 | Microsoft Data Access Components | 2.71.9030.0 | Microsoft Data Access - ActiveX Data Objects | Copyright ? Microsoft Corp. 1993-2001 | 2.71.9030.0 | Microsoft Corporation | Windows(TM) is a trademark of Microsoft Corporation. Microsoft? is a registered trademark of Microsoft Corporation | ADO15 | msado15.dll
C:/Program Files/Common Files/Microsoft Shared/MSINFO/NewInfo.rxk | 2007-3-20 15:16:42
C:/Program Files/Internet Explorer/PLUGINS/SystemKb.sys | 2007-3-18 8:24:20
C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
C:/Program Files/Internet Explorer/IEXPLORE.win | 2007-3-20 15:9:36
C:/WINDOWS/System32/ctfmon.exe * 308 | 2003-3-15 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.1106 | CTF Loader | ? Microsoft Corporation. All rights reserved. | 5.1.2600.1106 (xpsp1.020828-1920) | Microsoft Corporation| ? | CTFMON | CTFMON.EXE
C:/Program Files/Common Files/Microsoft Shared/MSINFO/NewInfo.rxk | 2007-3-20 15:16:42
C:/WINDOWS/Logo1_.exe * 740 | 2007-3-20 16:56:50
C:/WINDOWS/Logo1_.exe | 2007-3-20 16:56:50
C:/Program Files/Internet Explorer/PLUGINS/SystemKb.sys | 2007-3-18 8:24:20
C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/~I7PRUGI1VAC.CoM * 988 | 2007-3-20 16:57:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/~I7PRUGI1VAC.CoM | 2007-3-20 16:57:0
C:/Program Files/Common Files/Microsoft Shared/MSINFO/NewInfo.rxk | 2007-3-20 15:16:42
C:/WINDOWS/system32/notepad.exe * 1236 | 2003-3-15 0:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.0 | 记事本 | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.0 (xpclient.010817-1148) | Microsoft Corporation| ? | Notepad | NOTEPAD.EXE
C:/Program Files/Internet Explorer/PLUGINS/SystemKb.sys | 2007-3-18 8:24:20
C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Wmzo0.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/LgSy0r.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Gjzo0.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Rav20.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Msxo0.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Rav30.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/LgSy1.dll | 2003-3-15 0:0:0
C:/WINDOWS/System32/Qqzos.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/LgSy0.dll | 2003-3-15 0:0:0
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:/PROGRA~1/一起搜/tbu08947/tbhelper.dll
F2 - REG:system.ini: Shell=Explorer.exe realshed.exe
F2 - REG:system.ini: UserInit=C:/WINDOWS/system32/userinit.exe,rundll32.exe C:/WINDOWS/System32/winsys16_070319.dll start
O2 - BHO CAdLogic Object - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:/Program Files/Common Files/CPUSH/cpush.dll
O2 - BHO Cbho Object - {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} - C:/PROGRA~1/CNNIC/Cdn/cdndrag.dll
O2 - BHO Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:/Documents and Settings/All Users/Application Data/Microsoft/PCTools/pctools.dll
O2 - BHO C:/Documents and Settings/All Users/Application Data/Microsoft/PCTools/pctools.dll - {5B02EBA1-EFDD-477D-A37F-05383165C9C0} -
O2 - BHO CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:/PROGRA~1/CNNIC/Cdn/cdnforie.dll
O2 - BHO IEExt Class - {634539A8-7FA8-45E2-8DC3-253AF98548A1} - C:/WINDOWS/system/MFS0FT.DLL
O2 - BHO 实用搜索 - {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} - C:/Program Files/superutilbar/superutilbar.dll
O2 - BHO HrefRedirect Class - {74BC093A-540E-4340-897B-4653A8EB2F47} - C:/WINDOWS/System32/mslink/mslink.dll
O2 - BHO SysShellKernel Class - {E04B27AA-3973-4D68-8F42-B7C2FC8C6CF7} - C:/WINDOWS/System32/SysShellKernel.dll
O2 - BHO WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:/PROGRA~1/CNNIC/Cdn/wmhlpr.dll
O2 - BHO TBSB04694 Class - {F943309C-4AF4-4D85-8064-FD20184B99EA} - C:/PROGRA~1/一起搜/tbu08947/cneqiso.dll
O3 - IE工具栏: 实用搜索工具条2.0 - {03465FF5-00AE-411a-9C34-960ED566EC03} - C:/Program Files/superutilbar/superutilbar.dll
O3 - IE工具栏: - {5558D3F3-87EB-4335-BE71-C6E8E468D166} - C:/Program Files/一起搜/tbu08947/cneqiso.dll
O4 - HKCR/../Run: [ST0RMSetEx] C:/WINDOWS/System32/rundll32.exe C:/WINDOWS/system/AV1CAP.dll,Run
O4 - HKCR/../Run: [svc] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/byetmr.exe
O4 - HKCR/../Run: [ravshell] C:/WINDOWS/System32/SVCH0ST.EXE
O4 - HKCR/../Run: [uv4vmwwc0] C:/WINDOWS/servicea.exe
O4 - HKCR/../Run: [miie7b7y1t51my] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/winlog0n.exe
O4 - HKCR/../Run: [r9k5] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/iexpl0re.exe
O4 - HKCR/../Run: [hvygr0xm] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Servere.exe
O4 - HKCR/../Run: [v55rkqmt6qgx4] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/crasos.exe
O4 - HKCR/../Run: [c7kx] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/rundl132.exe
O4 - HKCR/../Run: [e5dms3e6] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/c0nime.exe
O4 - HKCR/../Run: [1hg1t6] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/iexp1ore.exe
O4 - HKCR/../Run: [2969suv11ri9] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/cftmon.exe
O4 - HKLM/../Run: [System] C:/Program Files/Common Files/System/Updaterun.exe
O4 - HKLM/../Run: [CdnCtr] C:/Program Files/CNNIC/Cdn/cdnup.exe
O4 - HKLM/../Run: [load] C:/WINDOWS/uninstall/rundl132.exe
O4 - HKLM/../Run: [wtsttrs] C:/WINDOWS/wtsttrs.exe
O4 - HKLM/../Run: [cmdbgcs] C:/WINDOWS/cmdbgcs.exe
O4 - HKLM/../Run: [mppds] C:/WINDOWS/mppds.exe
O4 - HKLM/../Run: [msccrt] C:/WINDOWS/msccrt.exe
O4 - HKLM/../Run: [mhs3] C:/WINDOWS/mhs3.exe
O4 - HKLM/../Run: [cmdbcs] C:/WINDOWS/cmdbcs.exe
O4 - HKLM/../Run: [upxdnd] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/TIMPLATF0RM.exe
O4 - HKLM/../Run: [wgs3] C:/WINDOWS/wgs3.exe
O4 - HKLM/../Run: [wsttrs] C:/WINDOWS/wsttrs.exe
O4 - HKLM/../Run: [FYNEWS] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/sl.exe
O4 - Global Startup: WanSo.lnk ->
O8 - IE右键菜单附加项 : 访问通用网址 - C:/Program Files/CNNIC/Cdn/cnnic.htm
O21 - SSODL - nvwi(Windows nvwi Theme) - {D0A6302C-859C-471E-9082-6B865C0ACAA2} = C:/PROGRA~1/muvh/nvwi.dll
O23 - 服务: 7A04BC6 (7A04BC6) - C:/WINDOWS/System32/7A04BC6.EXE -service | 2007-3-20 14:59:36 | Microsoft(R) Windows(R) Operating System | 5.2.3790.1830 | ASN.2 Runtime APIs | (C) Microsoft Corporation. All rights reserved. | 5.2.3790.1830 | Microsoft Corporation| ?| ?| ?(自动)
O23 - 服务: bcjhjgfi (bcjhjgfi) - system32/drivers/bcjhjgfi.sys(引导)
O23 - 服务: bkvtszv () - C:/WINDOWS/System32/svchost.exe -k netsvcs -> C:/PROGRA~1/COMMON~1/okvtyzv/okvtyzv.dll | 2007-3-20 10:50:36 | | 2, 8, 0, 1 | | | 2, 8, 0, 1 | | | | (自动)
O23 - 服务: cdnprot (cdnprot) - system32/drivers/cdnprot.sys | 中文上网官方版 | 2, 4, 0, 27 | Driver Device | Copyright (c) . All rights reserved. | 2.4.0.27 | 中国互联网络信息中心(CNNIC)| ? | cdnprot.sys | cdnprot.sys(引导)
O23 - 服务: cdntran (cdntran) - system32/drivers/cdntran.sys | CNNIC cdntran | 2, 6, 0, 0 | cdntran | Copyright ? 2005 | 2, 6, 0, 0 | CNNIC | | cdntran | cdntran.sys(自动)
O23 - 服务: D0622BED (D0622BED) - C:/WINDOWS/System32/D0622BED.EXE -service | 2007-3-20 15:1:2 | Microsoft(R) Windows(R) Operating System | 5.2.3790.1830 | ASN.2 Runtime APIs | (C) Microsoft Corporation. All rights reserved. | 5.2.3790.1830 | Microsoft Corporation| ?| ?| ?(自动)
O23 - 服务: MOBILL (Windows Install Helper) - C:/WINDOWS/SYSTEM32/RUNDLL2000.EXE C:/WINDOWS/SYSTEM32/WBEM/OZCJI.DLL,Export 1087(自动)
O23 - 服务: Navoct () - C:/WINDOWS/System32/svchost.exe -k netsvcs -> C:/Program Files/iesnap/navoct.dll | 2007-3-12 10:28:46 | NAVOCT | 1, 0, 1, 1 | NAVOCT Module | Copyright 2006 | 1, 0, 1, 1 | | | NAVOCT | NAVOCT.DLL(自动)
O23 - 服务: Net Event (Net Event) - C:/WINDOWS/system32/netevent.exe | 2007-3-20 10:46:44(自动)
O23 - 服务: NPF (Netgroup Packet Filter) - System32/DRIVERS/npf.sys | WinPcap Netgroup Packet Filter Driver | 3, 1, 0, 27 | npf | Copyright ? 2005 CACE Technologies. Copyright ? 2003-2005 NetGroup, Politecnico di Torino. | 3, 1, 0, 27 | CACE Technologies | | NPF + TME | npf.sys(手动)
O23 - 服务: pxyk (Std pxyk Service) - C:/WINDOWS/System32/rundll32.exe C:/PROGRA~1/hptc/usdp.dll,Service -s(自动)
O23 - 服务: REM0TEREGISTRY (REM0TE REGISTRY) - C:/WINDOWS/system/REM0REG.EXE | 2007-3-20 10:45:38(自动)
O23 - 服务: WebPrint (WebPrint) - c:/windows/system32/webprint.exe | 2007-3-20 15:7:20 | Microsoft Web Printer | 5.2600.2180 | Microsoft Web Printer | C) Microsoft Corporation. All rights reserved. | 5.2600.2180 | Microsoft Corporation| ? | WEBPNT | WEBPNT.EXE(自动)
O23 - 服务: Windows Login (Windows Login) - C:/WINDOWS/System32/mslogin.exe | 2007-3-20 10:46:38(自动)
O24 - [] - {A6011F8F-A7F8-49AA-9ADA-49127D43138F} = C:/Program Files/Common Files/Microsoft Shared/MSINFO/NewInfo.rxk
O24 - [] - {754FB7D8-B8FE-4810-B363-A788CD060F1F} = C:/Program Files/Internet Explorer/PLUGINS/SystemKb.sys
O24 - [] - {99F1D023-7CEB-4586-80F7-BB1A98DB7602} = C:/Program Files/Internet Explorer/IEXPLORE.Sys
O24 - [] - {FEB94F5A-69F3-4645-8C2B-9E71D270AF2E} = C:/Program Files/Internet Explorer/IEXPLORE.Dat
O24 - [] - {923509F1-45CB-4EC0-BDE0-1DED35B8FD60} = C:/Program Files/Internet Explorer/IEXPLORE.win
***************************
Logfile of HijackThis v1.99.1
Scan saved at 18:20:11, on 2007-3-20
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:/WINDOWS/System32/SVCH0ST.EXE
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:/PROGRA~1/一起搜/tbu08947/tbhelper.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe realshed.exe
F2 - REG:system.ini: UserInit=C:/WINDOWS/system32/userinit.exe,rundll32.exe C:/WINDOWS/System32/winsys16_070319.dll start
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:/Program Files/Common Files/CPUSH/cpush.dll
O2 - BHO: CNNIC 网络工具Drag - {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} - C:/PROGRA~1/CNNIC/Cdn/cdndrag.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:/Documents and Settings/All Users/Application Data/Microsoft/PCTools/pctools.dll
O2 - BHO: (no name) - {5B02EBA1-EFDD-477D-A37F-05383165C9C0} - (no file)
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:/PROGRA~1/CNNIC/Cdn/cdnforie.dll
O2 - BHO: IEExt Class - {634539A8-7FA8-45E2-8DC3-253AF98548A1} - C:/WINDOWS/system/MFS0FT.DLL
O2 - BHO: 实用搜索 - {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} - C:/Program Files/superutilbar/superutilbar.dll
O2 - BHO: mslogin linker - {74BC093A-540E-4340-897B-4653A8EB2F47} - C:/WINDOWS/System32/mslink/mslink.dll
O2 - BHO: SysShellKernel - {E04B27AA-3973-4D68-8F42-B7C2FC8C6CF7} - C:/WINDOWS/System32/SysShellKernel.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:/PROGRA~1/CNNIC/Cdn/wmhlpr.dll
O2 - BHO: TBSB04694 - {F943309C-4AF4-4D85-8064-FD20184B99EA} - C:/PROGRA~1/一起搜/tbu08947/cneqiso.dll (file missing)
O3 - Toolbar: 实用搜索工具条2.0 - {03465FF5-00AE-411a-9C34-960ED566EC03} - C:/Program Files/superutilbar/superutilbar.dll
O3 - Toolbar: 一起搜 - {5558D3F3-87EB-4335-BE71-C6E8E468D166} - C:/Program Files/一起搜/tbu08947/cneqiso.dll (file missing)
O4 - HKLM/../Run: [System] C:/Program Files/Common Files/System/Updaterun.exe
O4 - HKLM/../Run: [CdnCtr] C:/Program Files/CNNIC/Cdn/cdnup.exe
O4 - HKLM/../Run: [load] C:/WINDOWS/uninstall/rundl132.exe
O4 - HKLM/../Run: [wtsttrs] C:/WINDOWS/wtsttrs.exe
O4 - HKLM/../Run: [cmdbgcs] C:/WINDOWS/cmdbgcs.exe
O4 - HKLM/../Run: [mppds] C:/WINDOWS/mppds.exe
O4 - HKLM/../Run: [msccrt] C:/WINDOWS/msccrt.exe
O4 - HKLM/../Run: [mhs3] C:/WINDOWS/mhs3.exe
O4 - HKLM/../Run: [cmdbcs] C:/WINDOWS/cmdbcs.exe
O4 - HKLM/../Run: [upxdnd] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/TIMPLATF0RM.exe
O4 - HKLM/../Run: [wgs3] C:/WINDOWS/wgs3.exe
O4 - HKLM/../Run: [wsttrs] C:/WINDOWS/wsttrs.exe
O4 - HKLM/../Run: [FYNEWS] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/sl.exe
O4 - HKLM/../Run: [spoel] C:/Program Files/Internet Explorer/spoel.exe
O4 - HKCU/../Run: [ST0RMSetEx] C:/WINDOWS/System32/rundll32.exe C:/WINDOWS/system/AV1CAP.dll,Run
O4 - HKCU/../Run: [svc] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/byetmr.exe
O4 - HKCU/../Run: [ravshell] C:/WINDOWS/System32/SVCH0ST.EXE
O4 - HKCU/../Run: [uv4vmwwc0] C:/WINDOWS/servicea.exe
O4 - HKCU/../Run: [miie7b7y1t51my] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/winlog0n.exe
O4 - HKCU/../Run: [r9k5] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/iexpl0re.exe
O4 - HKCU/../Run: [hvygr0xm] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Servere.exe
O4 - HKCU/../Run: [v55rkqmt6qgx4] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/crasos.exe
O4 - HKCU/../Run: [c7kx] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/rundl132.exe
O4 - HKCU/../Run: [e5dms3e6] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/c0nime.exe
O4 - HKCU/../Run: [1hg1t6] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/iexp1ore.exe
O4 - HKCU/../Run: [2969suv11ri9] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/cftmon.exe
O4 - Global Startup: WanSo.lnk = ?
O8 - Extra context menu item: 访问通用网址 - C:/Program Files/CNNIC/Cdn/cnnic.htm
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:/Program Files/Thunder Network/Thunder/Thunder.exe
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:/PROGRA~1/CNNIC/Cdn/cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:/PROGRA~1/CNNIC/Cdn/cdnforie.dll
O10 - Unknown file in Winsock LSP: c:/windows/system32/cdnns.dll
O11 - Options group: [CDNCLIENT] 中文上网
O21 - SSODL: nvwi - {D0A6302C-859C-471E-9082-6B865C0ACAA2} - C:/PROGRA~1/muvh/nvwi.dll
O23 - Service: 7A04BC6 - Unknown owner - C:/WINDOWS/System32/7A04BC6.EXE (file missing)
O23 - Service: D0622BED - Unknown owner - C:/WINDOWS/System32/D0622BED.EXE (file missing)
O23 - Service: sdhcvs (edfscv) - Unknown owner - C:/WINDOWS/System32/fgdfsdf.exe (file missing)
O23 - Service: KXAgent Service (KXAgentService) - SmartDove - C:/Program Files/LLJAgent/KXAgentS.exe
O23 - Service: Net Event - Unknown owner - C:/WINDOWS/system32/netevent.exe
O23 - Service: REM0TE REGISTRY (REM0TEREGISTRY) - Unknown owner - C:/WINDOWS/system/REM0REG.EXE
O23 - Service: Messaging (Remote Procedure) - Unknown owner - C:/WINDOWS/system32/explorcr.exe
O23 - Service: Service Transaction Provisioning (Transaction_Service) - Unknown owner - C:/WINDOWS/System32/explorer.exe
O23 - Service: Windows Login - Unknown owner - C:/WINDOWS/System32/mslogin.exe
O23 - Service: Windows Management Instrumentation Driver (WMID) - Unknown owner - C:/WINDOWS/System32/wmid.exe
再分享一下我老师大神的人工智能教程吧。零基础!通俗易懂!风趣幽默!还带黄段子!希望你也加入到我们人工智能的队伍中来!https://blog.csdn.net/jiangjunshow
昨天才提醒,今天就有网友点击QQ信息中的网址,中Worm Viking pk/Worm Win32 Viking jg了相关推荐
- 熟人之间的匿名社交还有什么玩法?“偷偷”加入@提醒和阅后即焚私信功能,让定向信息流动更顺畅
Leon • 20:39 / 14 熟人之间的匿名社交还有什么玩法?"偷偷"加入@提醒和阅后即焚私信功能,让定向信息流动更顺畅 虽然Secret和秘密受到很多非议和指责,但是我还是 ...
- 请领导过目文件怎么说_领导说“辛苦了”怎么回才显情商高?网友回复笑死
工作中遇到领导说"辛苦了",该怎么回复? 一般人会说"没事,应该的",但也有人"不一般",非要别出心裁凸显"情商高",还 ...
- IT人才才懂的段子,网友们一脸懵|程序猿:哈哈哈哈
嗨嗨嗨, 这里是汐仔 又是新的一天,努力搬砖之前,汐仔给你们放松放松大脑吧 1."搞IT太辛苦了想换一行怎么办?" "敲一下Enter键" 2..一程序员去面试 ...
- 据说只有高端机器才配运行K8S,网友:1G内存的渣渣跑起来了!
记得之前使用Minikube安装K8S的时候,给分3G内存都嫌小!最近发现一个K8S的经量级实现K3S,最低0.5G内存就能运行起来,安装方便,和K8S用起来区别不大.推荐给大家,希望更多没高端机器的 ...
- 【Turtle表白系列】你为什么还单身 ?因为昨天才遇见你。(爱心升级版本来袭)
导语 "因为你,我愿意成为一个更好的人,不想成为你的包袱,因此发奋努力, 只是为了想要证明我足以与你相配." --<侧耳倾听> 哈喽哈喽!我是木木子啦~ 之前写过一期表 ...
- 遇到百度网址安全中心提醒您该页面可能存在钓鱼欺诈信息的处理解决办法
2018年8月份初正值炎热酷暑的夏天,我们sine安全公司接到新客户的安全反映,说是他们公司网站首页标题被黑客篡改成赌博的内容,导致网站在百度搜索里红色风险提示,百度快照搜索关键词显示:百度网址安全中 ...
- 才云 Caicloud 开源 Nirvana:让 API 从对框架的依赖中涅槃重生
来自 | 才云 Caicloud(Caicloud2015)内容 | 郭维 社区开发者 自 2009 年开源以来,Go 作为一种强大.高效.简洁.易上手的编程语言,在帮助阅读.调试和维护大型软件系统上 ...
- 微信qq邮箱提醒 服务器繁忙,微信设置密码失败,QQ无法绑定,邮箱服务器繁忙...
满意答案 nthetm 2016.09.29 采纳率:52% 等级:8 已帮助:261人 QQ邮箱发邮件老是显示系统繁忙的原因及解决方法如下: 1.同一时间操作QQ邮箱的人员太多导致系统繁忙,可 ...
- 华为android提醒怎么关,华为荣耀7i未读信息提醒指示灯该怎么关闭
华为荣耀7i未读信息提醒指示灯该怎么关闭 来源:www.18183.com作者:皮卡时间:2015-12-25 华为荣耀7i未读信息指示灯该怎么关闭呢?和市面上大多数的安卓手机一样,华为荣耀7i也设置 ...
最新文章
- windows10 安装 mysql8.0.12 详解
- ZOJ 2913 Bus Pass (近期的最远BFS HDU2377)
- vue前端 html,Vue.js v-html
- 图解观察托管程序线程
- 006 Android之Activity
- Spark _04集群搭建及测试
- 【gRPC】ProtoBuf 语言快速学习指南
- fastclick select 闪退 bug
- React-Native 按钮点击几种效果进行对比
- 2d游戏引擎_8年,从2D到3D,我的学习之路
- Java开发中常用的设计模式-单例模式
- 【通信4.0 重新发明通信网】读后感
- 浅析如何让Spring 来管理Action的配置方法
- avast 8.0.1483 许可文件(杀毒软件免费激活)
- 【Web】lighttpd基础
- 程序动态分析工具调研
- 设计模式(二)--策略模式
- 阿里云-邮件推送 配置 购买域名 配置域名
- 企业级计算机储存容量,家用NAS与企业级NAS功能大比拼
- Breeze's MapHack 1.0 正式版发布【修正版发布】