遭遇 kapjazy.dll,yhpri.dll,WinSys64.Sys,nwiztlbu.exe,myplayer.com 等1

endurer 原创
2007-09-14 第1

刚才一位网友说他的电脑中的360卫士不停的提示kapjazy.dll等程序要修改注册表,请偶帮助处理。
不过偶这几天比较忙,让他下载 pe_xscan 扫描 log 发给我看看。

在 log 中发现如下可疑项:
/===
pe_xscan 07-08-30 by Purple Endurer
2007-9-13 22:37:7
Windows XP Service Pack 2(5.1.2600)
管理员用户组

[System Process] * 0
C:/Program Files/Internet Explorer/IEXPLORE32.Dat | 2007-9-13 15:58:58
C:/Program Files/Internet Explorer/IEXPLORE32.Sys | 2007-9-13 14:45:40

C:/WINDOWS/system32/winlogon.exe * 524 | 2004-8-17 7:39:24 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Windows NT Logon Application | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | winlogon | WINLOGON.EXE
C:/WINDOWS/system32/kapjazy.dll | 2004-8-4 17:23:46

C:/WINDOWS/system32/services.exe * 572 | 2004-8-17 7:39:24 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Services and Controller app | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | services.exe | services.exe
C:/WINDOWS/system32/kapjazy.dll | 2004-8-4 17:23:46

C:/WINDOWS/system32/lsass.exe * 584 | 2004-8-17 7:39:16 | Microsoft? Windows? Operating System | 5.1.2600.2180 | LSA Shell (Export Version) | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | lsass.exe | lsass.exe
C:/WINDOWS/system32/kapjazy.dll | 2004-8-4 17:23:46

C:/WINDOWS/system32/svchost.exe * 740 | 2004-8-17 7:39:24 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | svchost.exe | svchost.exe
C:/WINDOWS/system32/kapjazy.dll | 2004-8-4 17:23:46

C:/WINDOWS/System32/svchost.exe * 876 | 2004-8-17 7:39:24 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | svchost.exe | svchost.exe
C:/WINDOWS/System32/kapjazy.dll | 2004-8-4 17:23:46
c:/windows/pchealth/helpctr/binaries/pchsvc.dll | 2004-8-17 7:39:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Microsoft PCHealth Service Holder | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | PCHSVC.DLL | PCHSVC.DLL

C:/WINDOWS/System32/svchost.exe * 1032 | 2004-8-17 7:39:24 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | svchost.exe | svchost.exe
C:/WINDOWS/System32/kapjazy.dll | 2004-8-4 17:23:46

C:/WINDOWS/Explorer.EXE * 1244 | 2004-8-17 7:39:12 | Microsoft(R) Windows(R) Operating System | 6.00.2900.2180 | Windows Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | explorer | EXPLORER.EXE
C:/WINDOWS/system32/kapjazy.dll | 2004-8-4 17:23:46
C:/Program Files/Internet Explorer/IEXPLORE32.Sys | 2007-9-13 14:45:40
C:/Program Files/Internet Explorer/IEXPLORE32.win | 2007-9-13 14:45:40
C:/WINDOWS/system32/kaqhczy.dll | 2004-8-4 17:23:58
C:/WINDOWS/system32/kvdxbma.dll | 2007-9-8 17:19:16
C:/WINDOWS/system32/kawdbzy.dll | 2004-8-4 17:21:8
C:/WINDOWS/dbhelp.dll | 2007-9-13 15:49:16
C:/Program Files/Internet Explorer/IEXPLORE32.Dat | 2007-9-13 15:58:58

C:/WINDOWS/system32/ctfmon.exe * 1296 | 2004-8-17 7:39:12 | Microsoft? Windows? Operating System | 5.1.2600.2180 | CTF Loader | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | CTFMON | CTFMON.EXE
C:/WINDOWS/system32/kapjazy.dll | 2004-8-4 17:23:46
C:/Program Files/Internet Explorer/IEXPLORE32.Sys | 2007-9-13 14:45:40
C:/WINDOWS/system32/kaqhczy.dll | 2004-8-4 17:23:58
C:/WINDOWS/system32/kvdxbma.dll | 2007-9-8 17:19:16
C:/WINDOWS/system32/kawdbzy.dll | 2004-8-4 17:21:8
C:/WINDOWS/dbhelp.dll | 2007-9-13 15:49:16
C:/Program Files/Internet Explorer/IEXPLORE32.Dat | 2007-9-13 15:58:58

C:/WINDOWS/system32/spoolsv.exe * 1508 | 2005-6-11 7:53:32 | Microsoft? Windows? Operating System | 5.1.2600.2696 | Spooler SubSystem App | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Microsoft Corporation| ? | spoolsv.exe | spoolsv.exe
C:/WINDOWS/system32/kapjazy.dll | 2004-8-4 17:23:46

c:/program files/rising/rfw/RfwMain.exe * 1708 | 2007-9-4 15:55:12 | Rising Personal FireWall 2007 | 5, 0, 0, 0 | Rising Personal FireWall Main Program | Copyright(c) 1998-2007 Beijing Rising Technology Corporation Limited | 5, 0, 0, 56 | Beijing Rising Technology Co., Ltd. | RISING | Beijing Rising Technology Co., Ltd. | rfwmain.EXE
C:/WINDOWS/system32/kapjazy.dll | 2004-8-4 17:23:46
C:/Program Files/Internet Explorer/IEXPLORE32.Sys | 2007-9-13 14:45:40
C:/WINDOWS/system32/kaqhczy.dll | 2004-8-4 17:23:58
C:/WINDOWS/system32/kvdxbma.dll | 2007-9-8 17:19:16
C:/WINDOWS/system32/kawdbzy.dll | 2004-8-4 17:21:8
C:/WINDOWS/dbhelp.dll | 2007-9-13 15:49:16
C:/Program Files/Internet Explorer/IEXPLORE32.Dat | 2007-9-13 15:58:58

D:/Program Files/360/safemon/360Tray.exe * 1192 | 2007-5-18 13:29:58 | 360Tray 应用程序 | 3, 4, 0, 1001 | 360安全卫士实时保护模块 | 版权所有 (C) 2006-2007 奇虎网 | 3, 4, 0, 1001 | 奇虎网 | | 360Tray | 360Tray.EXE
C:/WINDOWS/dbhelp.dll | 2007-9-13 15:49:16
C:/WINDOWS/system32/kapjazy.dll | 2004-8-4 17:23:46
C:/WINDOWS/system32/kawdbzy.dll | 2004-8-4 17:21:8
C:/WINDOWS/system32/kvdxbma.dll | 2007-9-8 17:19:16
C:/WINDOWS/system32/kaqhczy.dll | 2004-8-4 17:23:58
C:/Program Files/Internet Explorer/IEXPLORE32.Sys | 2007-9-13 14:45:40
C:/Program Files/Internet Explorer/IEXPLORE32.Dat | 2007-9-13 15:58:58

C:/Program Files/Rising/Rav/RsAgent.exe * 2916 | 2007-8-3 10:32:32 | RsAgent Application | 19, 0, 0, 12 | RsAgent Application | Copyright(c) 1998-2007 Beijing Rising Technology Corporation Limited | 19, 0, 0, 12 | Beijing Rising Technology Co., Ltd. | RISING | Beijing Rising Technology Co., Ltd. | RsAgent.EXE
C:/WINDOWS/system32/kapjazy.dll | 2004-8-4 17:23:46
C:/WINDOWS/dbhelp.dll | 2007-9-13 15:49:16
C:/WINDOWS/system32/kawdbzy.dll | 2004-8-4 17:21:8
C:/WINDOWS/system32/kvdxbma.dll | 2007-9-8 17:19:16
C:/WINDOWS/system32/kaqhczy.dll | 2004-8-4 17:23:58
C:/Program Files/Internet Explorer/IEXPLORE32.Sys | 2007-9-13 14:45:40
C:/Program Files/Internet Explorer/IEXPLORE32.Dat | 2007-9-13 15:58:58

C:/WINDOWS/msagent/AgentSvr.exe * 2944 | 2006-10-12 19:9:54 | Microsoft Agent Server | 2.00.0.3424 | Microsoft Agent Server | Copyright (C) Microsoft Corp. 1997-98 | 2.00.0.3424 | Microsoft Corporation | | AgentServer | AgentSvr.exe
C:/WINDOWS/system32/kaqhczy.dll | 2004-8-4 17:23:58
C:/WINDOWS/system32/kapjazy.dll | 2004-8-4 17:23:46
C:/WINDOWS/dbhelp.dll | 2007-9-13 15:49:16
C:/WINDOWS/system32/kawdbzy.dll | 2004-8-4 17:21:8
C:/WINDOWS/system32/kvdxbma.dll | 2007-9-8 17:19:16
C:/Program Files/Internet Explorer/IEXPLORE32.Sys | 2007-9-13 14:45:40
C:/Program Files/Internet Explorer/IEXPLORE32.Dat | 2007-9-13 15:58:58

C:/WINDOWS/system32/ctfmon.exe * 3948 | 2004-8-17 7:39:12 | Microsoft? Windows? Operating System | 5.1.2600.2180 | CTF Loader | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | CTFMON | CTFMON.EXE
C:/WINDOWS/system32/kaqhczy.dll | 2004-8-4 17:23:58
C:/WINDOWS/system32/kapjazy.dll | 2004-8-4 17:23:46

C:/WINDOWS/system32/conime.exe * 3780 | 2004-8-17 7:39:12 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Console IME | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | Console | CONIME.EXE
C:/WINDOWS/system32/kapjazy.dll | 2004-8-4 17:23:46
C:/Program Files/Internet Explorer/IEXPLORE32.Dat | 2007-9-13 15:58:58
C:/WINDOWS/dbhelp.dll | 2007-9-13 15:49:16
C:/WINDOWS/system32/kawdbzy.dll | 2004-8-4 17:21:8
C:/WINDOWS/system32/kvdxbma.dll | 2007-9-8 17:19:16
C:/WINDOWS/system32/kaqhczy.dll | 2004-8-4 17:23:58
C:/Program Files/Internet Explorer/IEXPLORE32.Sys | 2007-9-13 14:45:40

iexplore.exe * 2632

F2 - REG: system.ini: UserInit=userinit.exe,

O4 - HKCU/../Policies/Explorer/Run: [w] %SystemRoot%/WinRaR.exe
O4 - HKLM/../Run: [KVP] C:/WINDOWS/system32/drivers/svchost.exe

CmdProcAuto = d:/myplayer.com

O20 - AppInit_DLLs: kaqhczy.dll

O23 - 服务: New0 (New0) - C:/WINDOWS/system32/new.sys | 2005-8-4 11:27:12(自动)

O23 - 服务: NPF (Netgroup Packet Filter) - system32/drivers/npf.sys | WinPcap Netgroup Packet Filter Driver | 3, 1, 0, 27 | npf | Copyright ? 2005 CACE Technologies. Copyright ? 2003-2005 NetGroup, Politecnico di Torino. | 3, 1, 0, 27 | CACE Technologies | | NPF + TME | npf.sys(手动)

O23 - 服务: ohilxuva (ohilxuva) - System32/DRIVERS/ohilxuva.sys| ? | 1.2.3.1033| ?| ? | 1.2.3.1033 | Yahoo! China Corporation| ?| ?| ?(引导)

O23 - 服务: WS2IFSL (Windows 套接字 2 .0 Non-IFS 服务提供程序支持环境) - C:/WINDOWS/System32/drivers/ws2ifsl.sys | 2002-10-7 12:0:0 | Microsoft? Windows? Operating System | 5.1.2600.0 | Winsock2 IFS Layer | ? Microsoft Corporation. All rights reserved. | 5.1.2600.0 (xpclient.010817-1148) | Microsoft Corporation| ? | ws2ifsl.sys | ws2ifsl.sys(禁用)

O24 - ShlExecHook: [8] - {8562452F-FA36-BA4F-892A-FF5FBBAC5318} = C:/WINDOWS/system32/myhpri.dll
O24 - ShlExecHook: [1] - {1598FF45-DA60-F48A-BC43-10AC47853D51} = C:/WINDOWS/system32/rarjapi.dll
O24 - ShlExecHook: [] - {5D83AD9C-3BFC-43F5-979D-2904DBC54A8E} = C:/Program Files/Internet Explorer/PLUGINS/WinSys64.Sys
O24 - ShlExecHook: [B] - {B12BC423-3713-224D-3F55-32B35C62B11B} = C:/WINDOWS/system32/tlvpri.dll
O24 - ShlExecHook: [4] - {4F12545B-1212-1314-5679-4512ACEF8904} = C:/WINDOWS/system32/wddpri.dll
O24 - ShlExecHook: [9] - {9A65498A-7653-9801-1647-987114AB7F49} = C:/WINDOWS/system32/zxipri.dll
O24 - ShlExecHook: [8] - {84123FF1-8371-9834-9021-184518451FA8} = C:/WINDOWS/system32/qjhpri.dll
O24 - ShlExecHook: [1] - {1C87A354-ABC3-DEDE-FF33-3213FD7447C1} = C:/WINDOWS/system32/kvdxama.dll
O24 - ShlExecHook: [7] - {725AB2F3-234A-7469-2F43-E341713ABFA7} = C:/WINDOWS/system32/wggpri.dll
O24 - ShlExecHook: [2] - {2231A43A-1642-641A-64FD-146ADAB223B2} = C:/WINDOWS/system32/mxbman.dll
O24 - ShlExecHook: [] - {C5E87A05-F463-4841-B19E-DD3EC3862368} = C:/Program Files/Internet Explorer/IEXPLORE32.Sys
O24 - ShlExecHook: [] - {A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E} = C:/Program Files/Internet Explorer/IEXPLORE32.win
O24 - ShlExecHook: [2] - {2C87A354-ABC3-DEDE-FF33-3213FD7447C2} = C:/WINDOWS/system32/kvdxbma.dll
O24 - ShlExecHook: [2] - {28907901-1416-3389-9981-372178569982} = C:/WINDOWS/system32/kawdbzy.dll
O24 - ShlExecHook: [1] - {1A321487-4977-D98A-C8D5-6488257545A1} = C:/WINDOWS/system32/kapjazy.dll

O25 - InsCom: {6A202101-F04D-11cf-64CD-31FF5FE1CF20} = C:/WINDOWS/system32/nwiztlbu.exe

.vbs -
===/

恶意程序居然冒名 WinRaR.exe

CmdProcAuto = d:/myplayer.com 这个启动方式也是比较少见的。

遭遇 kapjazy.dll,yhpri.dll,WinSys64.Sys,nwiztlbu.exe,myplayer.com 等1相关推荐

  1. 遭遇PegeFile.pif,IEXPLORE32.Sys,WinSys64.Sys,NewTemp.dll,avpdj.dll等1

    遭遇PegeFile.pif,IEXPLORE32.Sys,WinSys64.Sys,NewTemp.dll,avpdj.dll等1 endurer 原创 2007-10-12 第1版 前天中午又帮两 ...

  2. 遭遇EBUIITI.SYS,QBNLWVQCIMQBOS.DLL,JSRLDZLVYUNXEO.DLL,JSRLDZLVYUNXEO.DLL等

    遭遇EBUIITI.SYS,QBNLWVQCIMQBOS.DLL,JSRLDZLVYUNXEO.DLL,JSRLDZLVYUNXEO.DLL等 endurer 原创 2007-11-08 第1版 昨天 ...

  3. 04-03/遭遇 rookit/ynqcq.sys 和 wswci.dll,xexq.dll,baidu.dll等广告程序/2版

    endurer 原创 2007-04-01 第2版 补充了Kasersky对一些可疑文件的反应 2007-04-01 第1版 前两天,一位网友的电脑的瑞星报告发现RootKit.Agent.va,文件 ...

  4. 遭遇Trojan.Alipop,microinfo.dll,gofwk.pic,game.dll,qpjmy.exe,nnaa.exe,SafeDrv.exe等1

    一位朋友的电脑最近出了问题:进入桌面后要等许久才能操作:360杀毒软件无法启动:自动弹出许多广告网页窗口:IE浏览器被劫持为hxxp://www.97796.cn/?205486:桌面上自动出现&qu ...

  5. 遭遇svchoct.exe,vonine.exe,HBKernel32.sys,ssdtti.sys,System.exe,ublhbztl.sys等2

    遭遇svchoct.exe,vonine.exe,HBKernel32.sys,ssdtti.sys,System.exe,ublhbztl.sys等2 endurer 原创 2008-10-23 第 ...

  6. 遭遇HBKernel32.sys,aliimz.sys,System.exe,koauolte.exe,cho22.tmp等2

    遭遇HBKernel32.sys,aliimz.sys,System.exe,koauolte.exe,cho22.tmp等2 (续1) 因为时间的关系,不能对病毒样本文件做测试,这里把部分文件信息发 ...

  7. 无法加载Dll”ArcGISVersion.dll”:0x8007007E

    在Win7x64位环境下,无法加载Dll"ArcGISVersion.dll":找不到指定的模块 解决方案: 打开项目的属性-生成-常规-目标平台,选择X86. 参考:http:/ ...

  8. C# 合并DLL, 合并DLL进入EXE

    原文:C# 合并DLL, 合并DLL进入EXE 使用方法非常简单 在项目属性窗口中,选择"生成事件",在"生成后事件命令行"下的文本框中输入 ilmerge / ...

  9. 无法加载 DLL“oramts.dll”: 找不到指定的模块。 (异常来自 HRESULT:0x8007007E)

    最近在做一个小项目,语言VS2005,C#,数据库Oracle9i,但是为了兼容以前数据库SqlServer2005,以便于数据库版本的切换,事务中,仍然使用 System.Transaction.T ...

  10. Intel Optane(tm) Memory Pinning 无法加载DLL“iaStorAfsServiceApi.dll“:找不到指定模块。(异常来自HRESULT:0x8007007E)

    Intel Optane™ Memory Pinning 无法加载DLL"iaStorAfsServiceApi.dll":找不到指定模块.(异常来自HRESULT:0x80070 ...

最新文章

  1. 三维点云对应关系聚合算法的性能评价
  2. linux解压实例,linux 下面压缩,解压.rar文件以及rar,unrar实例
  3. linux 没权限dev null,Linux mint cinnamon 64位找不到/dev/null
  4. cogs2109 [NOIP2015] 运输计划
  5. linux 命令行 文件管理器,CLEX - 集成命令提示符、“多才多艺”的命令行文件管理器...
  6. android返回按钮实现,Android实现返回键操作思路
  7. jqgrid 使用小记——与springboot jpa 一起使用的分页,翻页。(使用springboot jpa 原生的分页)...
  8. 顶岗实习周记java方向_java 实习周记
  9. 如果IE浏览器是IE11以下版本跳转到升级页面
  10. CCC认证有没有2019年新的具体的收费标准
  11. icode青少年编程比赛网站学生刷题进度爬虫
  12. python爬取微博用户信息_Python爬取新浪微博用户信息及内容
  13. Java 链表元素如何从键盘输入 面试 笔试高频
  14. Python下载所有XKCD漫画
  15. 计算机无法安装64位操作系统,细说64位电脑怎么安装32位系统
  16. Linux下安装配置各种软件和服务
  17. 机器学习实战ch03
  18. AntV G6 的坑之——从卡掉渣到满帧需要几步
  19. Lightbox改造——支持滚轮缩放
  20. 大数据窥探:关于大数据的15条干货思考

热门文章

  1. 亲测有效,使用postman进行并发测试
  2. 阿里巴巴矢量图标使用
  3. oracle数据库三大日志,Oracle 数据库日志和用户日志位置
  4. cad自动填写页码lisp_图框文件名称自动填写 - AutoLISP/Visual LISP 编程技术 - CAD论坛 - 明经CAD社区 - Powered by Discuz!...
  5. MPU6050姿态解算——Mahony互补滤波
  6. python xy 官网_zwPython,字王集成式python开发平台,比pythonXY更强大、更方便。
  7. 关于计算机信息管理的照片,2021年10月山东计算机科学与技术(原计算机信息管理)专业自考报名需上传电子照片...
  8. 记一次幸运的拼多多Web前端面试(一面+二面+hr面)
  9. python numpy库下载_Numpy库的下载与安装总结
  10. 数字逻辑练习题(九) 分析由四选一多路数据选择器构成的电路