遭遇 kapjazy.dll,yhpri.dll,WinSys64.Sys,nwiztlbu.exe,myplayer.com 等1
遭遇 kapjazy.dll,yhpri.dll,WinSys64.Sys,nwiztlbu.exe,myplayer.com 等1
endurer 原创
2007-09-14 第1版
刚才一位网友说他的电脑中的360卫士不停的提示kapjazy.dll等程序要修改注册表,请偶帮助处理。
不过偶这几天比较忙,让他下载 pe_xscan 扫描 log 发给我看看。
在 log 中发现如下可疑项:
/===
pe_xscan 07-08-30 by Purple Endurer
2007-9-13 22:37:7
Windows XP Service Pack 2(5.1.2600)
管理员用户组
[System Process] * 0
C:/Program Files/Internet Explorer/IEXPLORE32.Dat | 2007-9-13 15:58:58
C:/Program Files/Internet Explorer/IEXPLORE32.Sys | 2007-9-13 14:45:40
C:/WINDOWS/system32/winlogon.exe * 524 | 2004-8-17 7:39:24 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Windows NT Logon Application | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | winlogon | WINLOGON.EXE
C:/WINDOWS/system32/kapjazy.dll | 2004-8-4 17:23:46
C:/WINDOWS/system32/services.exe * 572 | 2004-8-17 7:39:24 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Services and Controller app | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | services.exe | services.exe
C:/WINDOWS/system32/kapjazy.dll | 2004-8-4 17:23:46
C:/WINDOWS/system32/lsass.exe * 584 | 2004-8-17 7:39:16 | Microsoft? Windows? Operating System | 5.1.2600.2180 | LSA Shell (Export Version) | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | lsass.exe | lsass.exe
C:/WINDOWS/system32/kapjazy.dll | 2004-8-4 17:23:46
C:/WINDOWS/system32/svchost.exe * 740 | 2004-8-17 7:39:24 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | svchost.exe | svchost.exe
C:/WINDOWS/system32/kapjazy.dll | 2004-8-4 17:23:46
C:/WINDOWS/System32/svchost.exe * 876 | 2004-8-17 7:39:24 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | svchost.exe | svchost.exe
C:/WINDOWS/System32/kapjazy.dll | 2004-8-4 17:23:46
c:/windows/pchealth/helpctr/binaries/pchsvc.dll | 2004-8-17 7:39:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Microsoft PCHealth Service Holder | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | PCHSVC.DLL | PCHSVC.DLL
C:/WINDOWS/System32/svchost.exe * 1032 | 2004-8-17 7:39:24 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | svchost.exe | svchost.exe
C:/WINDOWS/System32/kapjazy.dll | 2004-8-4 17:23:46
C:/WINDOWS/Explorer.EXE * 1244 | 2004-8-17 7:39:12 | Microsoft(R) Windows(R) Operating System | 6.00.2900.2180 | Windows Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | explorer | EXPLORER.EXE
C:/WINDOWS/system32/kapjazy.dll | 2004-8-4 17:23:46
C:/Program Files/Internet Explorer/IEXPLORE32.Sys | 2007-9-13 14:45:40
C:/Program Files/Internet Explorer/IEXPLORE32.win | 2007-9-13 14:45:40
C:/WINDOWS/system32/kaqhczy.dll | 2004-8-4 17:23:58
C:/WINDOWS/system32/kvdxbma.dll | 2007-9-8 17:19:16
C:/WINDOWS/system32/kawdbzy.dll | 2004-8-4 17:21:8
C:/WINDOWS/dbhelp.dll | 2007-9-13 15:49:16
C:/Program Files/Internet Explorer/IEXPLORE32.Dat | 2007-9-13 15:58:58
C:/WINDOWS/system32/ctfmon.exe * 1296 | 2004-8-17 7:39:12 | Microsoft? Windows? Operating System | 5.1.2600.2180 | CTF Loader | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | CTFMON | CTFMON.EXE
C:/WINDOWS/system32/kapjazy.dll | 2004-8-4 17:23:46
C:/Program Files/Internet Explorer/IEXPLORE32.Sys | 2007-9-13 14:45:40
C:/WINDOWS/system32/kaqhczy.dll | 2004-8-4 17:23:58
C:/WINDOWS/system32/kvdxbma.dll | 2007-9-8 17:19:16
C:/WINDOWS/system32/kawdbzy.dll | 2004-8-4 17:21:8
C:/WINDOWS/dbhelp.dll | 2007-9-13 15:49:16
C:/Program Files/Internet Explorer/IEXPLORE32.Dat | 2007-9-13 15:58:58
C:/WINDOWS/system32/spoolsv.exe * 1508 | 2005-6-11 7:53:32 | Microsoft? Windows? Operating System | 5.1.2600.2696 | Spooler SubSystem App | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Microsoft Corporation| ? | spoolsv.exe | spoolsv.exe
C:/WINDOWS/system32/kapjazy.dll | 2004-8-4 17:23:46
c:/program files/rising/rfw/RfwMain.exe * 1708 | 2007-9-4 15:55:12 | Rising Personal FireWall 2007 | 5, 0, 0, 0 | Rising Personal FireWall Main Program | Copyright(c) 1998-2007 Beijing Rising Technology Corporation Limited | 5, 0, 0, 56 | Beijing Rising Technology Co., Ltd. | RISING | Beijing Rising Technology Co., Ltd. | rfwmain.EXE
C:/WINDOWS/system32/kapjazy.dll | 2004-8-4 17:23:46
C:/Program Files/Internet Explorer/IEXPLORE32.Sys | 2007-9-13 14:45:40
C:/WINDOWS/system32/kaqhczy.dll | 2004-8-4 17:23:58
C:/WINDOWS/system32/kvdxbma.dll | 2007-9-8 17:19:16
C:/WINDOWS/system32/kawdbzy.dll | 2004-8-4 17:21:8
C:/WINDOWS/dbhelp.dll | 2007-9-13 15:49:16
C:/Program Files/Internet Explorer/IEXPLORE32.Dat | 2007-9-13 15:58:58
D:/Program Files/360/safemon/360Tray.exe * 1192 | 2007-5-18 13:29:58 | 360Tray 应用程序 | 3, 4, 0, 1001 | 360安全卫士实时保护模块 | 版权所有 (C) 2006-2007 奇虎网 | 3, 4, 0, 1001 | 奇虎网 | | 360Tray | 360Tray.EXE
C:/WINDOWS/dbhelp.dll | 2007-9-13 15:49:16
C:/WINDOWS/system32/kapjazy.dll | 2004-8-4 17:23:46
C:/WINDOWS/system32/kawdbzy.dll | 2004-8-4 17:21:8
C:/WINDOWS/system32/kvdxbma.dll | 2007-9-8 17:19:16
C:/WINDOWS/system32/kaqhczy.dll | 2004-8-4 17:23:58
C:/Program Files/Internet Explorer/IEXPLORE32.Sys | 2007-9-13 14:45:40
C:/Program Files/Internet Explorer/IEXPLORE32.Dat | 2007-9-13 15:58:58
C:/Program Files/Rising/Rav/RsAgent.exe * 2916 | 2007-8-3 10:32:32 | RsAgent Application | 19, 0, 0, 12 | RsAgent Application | Copyright(c) 1998-2007 Beijing Rising Technology Corporation Limited | 19, 0, 0, 12 | Beijing Rising Technology Co., Ltd. | RISING | Beijing Rising Technology Co., Ltd. | RsAgent.EXE
C:/WINDOWS/system32/kapjazy.dll | 2004-8-4 17:23:46
C:/WINDOWS/dbhelp.dll | 2007-9-13 15:49:16
C:/WINDOWS/system32/kawdbzy.dll | 2004-8-4 17:21:8
C:/WINDOWS/system32/kvdxbma.dll | 2007-9-8 17:19:16
C:/WINDOWS/system32/kaqhczy.dll | 2004-8-4 17:23:58
C:/Program Files/Internet Explorer/IEXPLORE32.Sys | 2007-9-13 14:45:40
C:/Program Files/Internet Explorer/IEXPLORE32.Dat | 2007-9-13 15:58:58
C:/WINDOWS/msagent/AgentSvr.exe * 2944 | 2006-10-12 19:9:54 | Microsoft Agent Server | 2.00.0.3424 | Microsoft Agent Server | Copyright (C) Microsoft Corp. 1997-98 | 2.00.0.3424 | Microsoft Corporation | | AgentServer | AgentSvr.exe
C:/WINDOWS/system32/kaqhczy.dll | 2004-8-4 17:23:58
C:/WINDOWS/system32/kapjazy.dll | 2004-8-4 17:23:46
C:/WINDOWS/dbhelp.dll | 2007-9-13 15:49:16
C:/WINDOWS/system32/kawdbzy.dll | 2004-8-4 17:21:8
C:/WINDOWS/system32/kvdxbma.dll | 2007-9-8 17:19:16
C:/Program Files/Internet Explorer/IEXPLORE32.Sys | 2007-9-13 14:45:40
C:/Program Files/Internet Explorer/IEXPLORE32.Dat | 2007-9-13 15:58:58
C:/WINDOWS/system32/ctfmon.exe * 3948 | 2004-8-17 7:39:12 | Microsoft? Windows? Operating System | 5.1.2600.2180 | CTF Loader | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | CTFMON | CTFMON.EXE
C:/WINDOWS/system32/kaqhczy.dll | 2004-8-4 17:23:58
C:/WINDOWS/system32/kapjazy.dll | 2004-8-4 17:23:46
C:/WINDOWS/system32/conime.exe * 3780 | 2004-8-17 7:39:12 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Console IME | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | Console | CONIME.EXE
C:/WINDOWS/system32/kapjazy.dll | 2004-8-4 17:23:46
C:/Program Files/Internet Explorer/IEXPLORE32.Dat | 2007-9-13 15:58:58
C:/WINDOWS/dbhelp.dll | 2007-9-13 15:49:16
C:/WINDOWS/system32/kawdbzy.dll | 2004-8-4 17:21:8
C:/WINDOWS/system32/kvdxbma.dll | 2007-9-8 17:19:16
C:/WINDOWS/system32/kaqhczy.dll | 2004-8-4 17:23:58
C:/Program Files/Internet Explorer/IEXPLORE32.Sys | 2007-9-13 14:45:40
iexplore.exe * 2632
F2 - REG: system.ini: UserInit=userinit.exe,
O4 - HKCU/../Policies/Explorer/Run: [w] %SystemRoot%/WinRaR.exe
O4 - HKLM/../Run: [KVP] C:/WINDOWS/system32/drivers/svchost.exe
CmdProcAuto = d:/myplayer.com
O20 - AppInit_DLLs: kaqhczy.dll
O23 - 服务: New0 (New0) - C:/WINDOWS/system32/new.sys | 2005-8-4 11:27:12(自动)
O23 - 服务: NPF (Netgroup Packet Filter) - system32/drivers/npf.sys | WinPcap Netgroup Packet Filter Driver | 3, 1, 0, 27 | npf | Copyright ? 2005 CACE Technologies. Copyright ? 2003-2005 NetGroup, Politecnico di Torino. | 3, 1, 0, 27 | CACE Technologies | | NPF + TME | npf.sys(手动)
O23 - 服务: ohilxuva (ohilxuva) - System32/DRIVERS/ohilxuva.sys| ? | 1.2.3.1033| ?| ? | 1.2.3.1033 | Yahoo! China Corporation| ?| ?| ?(引导)
O23 - 服务: WS2IFSL (Windows 套接字 2 .0 Non-IFS 服务提供程序支持环境) - C:/WINDOWS/System32/drivers/ws2ifsl.sys | 2002-10-7 12:0:0 | Microsoft? Windows? Operating System | 5.1.2600.0 | Winsock2 IFS Layer | ? Microsoft Corporation. All rights reserved. | 5.1.2600.0 (xpclient.010817-1148) | Microsoft Corporation| ? | ws2ifsl.sys | ws2ifsl.sys(禁用)
O24 - ShlExecHook: [8] - {8562452F-FA36-BA4F-892A-FF5FBBAC5318} = C:/WINDOWS/system32/myhpri.dll
O24 - ShlExecHook: [1] - {1598FF45-DA60-F48A-BC43-10AC47853D51} = C:/WINDOWS/system32/rarjapi.dll
O24 - ShlExecHook: [] - {5D83AD9C-3BFC-43F5-979D-2904DBC54A8E} = C:/Program Files/Internet Explorer/PLUGINS/WinSys64.Sys
O24 - ShlExecHook: [B] - {B12BC423-3713-224D-3F55-32B35C62B11B} = C:/WINDOWS/system32/tlvpri.dll
O24 - ShlExecHook: [4] - {4F12545B-1212-1314-5679-4512ACEF8904} = C:/WINDOWS/system32/wddpri.dll
O24 - ShlExecHook: [9] - {9A65498A-7653-9801-1647-987114AB7F49} = C:/WINDOWS/system32/zxipri.dll
O24 - ShlExecHook: [8] - {84123FF1-8371-9834-9021-184518451FA8} = C:/WINDOWS/system32/qjhpri.dll
O24 - ShlExecHook: [1] - {1C87A354-ABC3-DEDE-FF33-3213FD7447C1} = C:/WINDOWS/system32/kvdxama.dll
O24 - ShlExecHook: [7] - {725AB2F3-234A-7469-2F43-E341713ABFA7} = C:/WINDOWS/system32/wggpri.dll
O24 - ShlExecHook: [2] - {2231A43A-1642-641A-64FD-146ADAB223B2} = C:/WINDOWS/system32/mxbman.dll
O24 - ShlExecHook: [] - {C5E87A05-F463-4841-B19E-DD3EC3862368} = C:/Program Files/Internet Explorer/IEXPLORE32.Sys
O24 - ShlExecHook: [] - {A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E} = C:/Program Files/Internet Explorer/IEXPLORE32.win
O24 - ShlExecHook: [2] - {2C87A354-ABC3-DEDE-FF33-3213FD7447C2} = C:/WINDOWS/system32/kvdxbma.dll
O24 - ShlExecHook: [2] - {28907901-1416-3389-9981-372178569982} = C:/WINDOWS/system32/kawdbzy.dll
O24 - ShlExecHook: [1] - {1A321487-4977-D98A-C8D5-6488257545A1} = C:/WINDOWS/system32/kapjazy.dll
O25 - InsCom: {6A202101-F04D-11cf-64CD-31FF5FE1CF20} = C:/WINDOWS/system32/nwiztlbu.exe
.vbs -
===/
恶意程序居然冒名 WinRaR.exe
CmdProcAuto = d:/myplayer.com 这个启动方式也是比较少见的。
遭遇 kapjazy.dll,yhpri.dll,WinSys64.Sys,nwiztlbu.exe,myplayer.com 等1相关推荐
- 遭遇PegeFile.pif,IEXPLORE32.Sys,WinSys64.Sys,NewTemp.dll,avpdj.dll等1
遭遇PegeFile.pif,IEXPLORE32.Sys,WinSys64.Sys,NewTemp.dll,avpdj.dll等1 endurer 原创 2007-10-12 第1版 前天中午又帮两 ...
- 遭遇EBUIITI.SYS,QBNLWVQCIMQBOS.DLL,JSRLDZLVYUNXEO.DLL,JSRLDZLVYUNXEO.DLL等
遭遇EBUIITI.SYS,QBNLWVQCIMQBOS.DLL,JSRLDZLVYUNXEO.DLL,JSRLDZLVYUNXEO.DLL等 endurer 原创 2007-11-08 第1版 昨天 ...
- 04-03/遭遇 rookit/ynqcq.sys 和 wswci.dll,xexq.dll,baidu.dll等广告程序/2版
endurer 原创 2007-04-01 第2版 补充了Kasersky对一些可疑文件的反应 2007-04-01 第1版 前两天,一位网友的电脑的瑞星报告发现RootKit.Agent.va,文件 ...
- 遭遇Trojan.Alipop,microinfo.dll,gofwk.pic,game.dll,qpjmy.exe,nnaa.exe,SafeDrv.exe等1
一位朋友的电脑最近出了问题:进入桌面后要等许久才能操作:360杀毒软件无法启动:自动弹出许多广告网页窗口:IE浏览器被劫持为hxxp://www.97796.cn/?205486:桌面上自动出现&qu ...
- 遭遇svchoct.exe,vonine.exe,HBKernel32.sys,ssdtti.sys,System.exe,ublhbztl.sys等2
遭遇svchoct.exe,vonine.exe,HBKernel32.sys,ssdtti.sys,System.exe,ublhbztl.sys等2 endurer 原创 2008-10-23 第 ...
- 遭遇HBKernel32.sys,aliimz.sys,System.exe,koauolte.exe,cho22.tmp等2
遭遇HBKernel32.sys,aliimz.sys,System.exe,koauolte.exe,cho22.tmp等2 (续1) 因为时间的关系,不能对病毒样本文件做测试,这里把部分文件信息发 ...
- 无法加载Dll”ArcGISVersion.dll”:0x8007007E
在Win7x64位环境下,无法加载Dll"ArcGISVersion.dll":找不到指定的模块 解决方案: 打开项目的属性-生成-常规-目标平台,选择X86. 参考:http:/ ...
- C# 合并DLL, 合并DLL进入EXE
原文:C# 合并DLL, 合并DLL进入EXE 使用方法非常简单 在项目属性窗口中,选择"生成事件",在"生成后事件命令行"下的文本框中输入 ilmerge / ...
- 无法加载 DLL“oramts.dll”: 找不到指定的模块。 (异常来自 HRESULT:0x8007007E)
最近在做一个小项目,语言VS2005,C#,数据库Oracle9i,但是为了兼容以前数据库SqlServer2005,以便于数据库版本的切换,事务中,仍然使用 System.Transaction.T ...
- Intel Optane(tm) Memory Pinning 无法加载DLL“iaStorAfsServiceApi.dll“:找不到指定模块。(异常来自HRESULT:0x8007007E)
Intel Optane™ Memory Pinning 无法加载DLL"iaStorAfsServiceApi.dll":找不到指定模块.(异常来自HRESULT:0x80070 ...
最新文章
- 三维点云对应关系聚合算法的性能评价
- linux解压实例,linux 下面压缩,解压.rar文件以及rar,unrar实例
- linux 没权限dev null,Linux mint cinnamon 64位找不到/dev/null
- cogs2109 [NOIP2015] 运输计划
- linux 命令行 文件管理器,CLEX - 集成命令提示符、“多才多艺”的命令行文件管理器...
- android返回按钮实现,Android实现返回键操作思路
- jqgrid 使用小记——与springboot jpa 一起使用的分页,翻页。(使用springboot jpa 原生的分页)...
- 顶岗实习周记java方向_java 实习周记
- 如果IE浏览器是IE11以下版本跳转到升级页面
- CCC认证有没有2019年新的具体的收费标准
- icode青少年编程比赛网站学生刷题进度爬虫
- python爬取微博用户信息_Python爬取新浪微博用户信息及内容
- Java 链表元素如何从键盘输入 面试 笔试高频
- Python下载所有XKCD漫画
- 计算机无法安装64位操作系统,细说64位电脑怎么安装32位系统
- Linux下安装配置各种软件和服务
- 机器学习实战ch03
- AntV G6 的坑之——从卡掉渣到满帧需要几步
- Lightbox改造——支持滚轮缩放
- 大数据窥探:关于大数据的15条干货思考
热门文章
- 亲测有效,使用postman进行并发测试
- 阿里巴巴矢量图标使用
- oracle数据库三大日志,Oracle 数据库日志和用户日志位置
- cad自动填写页码lisp_图框文件名称自动填写 - AutoLISP/Visual LISP 编程技术 - CAD论坛 - 明经CAD社区 - Powered by Discuz!...
- MPU6050姿态解算——Mahony互补滤波
- python xy 官网_zwPython,字王集成式python开发平台,比pythonXY更强大、更方便。
- 关于计算机信息管理的照片,2021年10月山东计算机科学与技术(原计算机信息管理)专业自考报名需上传电子照片...
- 记一次幸运的拼多多Web前端面试(一面+二面+hr面)
- python numpy库下载_Numpy库的下载与安装总结
- 数字逻辑练习题(九) 分析由四选一多路数据选择器构成的电路