遭遇Win32.Loader.c,Trojan.PSW.Win32.GameOnline,Trojan.PSW.Win32.AskTao等1
2024-05-11 23:02:30
遭遇Win32.Loader.c,Trojan.PSW.Win32.GameOnline,Trojan.PSW.Win32.AskTao等1
endurer 原创
2007-11-22 第1版
昨天中午,一位网友说他的电脑双击打不开磁盘,运行程序时防火墙就询问是否允许该程序访问网络,让偶帮忙检查。
下载 pe_xscan 扫描 log 并分析,发现如下可疑项(进程模块部分有省略):
/===
pe_xscan 07-08-30 by Purple Endurer2007-11-21 12:56:35Windows XP Service Pack 2(5.1.2600)管理员用户组
[System Process] * 0 C:/PROGRA~1/3721/helper.dll | 2007-10-19 15:14:54 | 中文上网 | 2.5.0.1001 | helperup | 版权所有 (C) 2007 | 2.5.4.1007 | 国风因特软件(北京)有限公司 | | helperup | Helper.dll C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2007-11-1 17:10:16 | Helper Module | 3, 1, 5, 1033 | Helper Module | Copyright 2005 Yahoo! China | 3, 1, 5, 1033 | Yahoo! China | | Helper | Helper.dll C:/WINDOWS/downlo~1/CnsMin.dll | 2007-8-17 17:59:22 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.1.2 | 国风因特软件(北京)有限公司 | | CnsMin | CnsMin.dll C:/WINDOWS/system32/dh3oor0.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/55551.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/fydoor1.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/qqdoor0.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/cqdoor1.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/qhdoor1.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/mydoor1.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/zxdoor0.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/tldoor0.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/wddoor0.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/rxdoor0.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/qjdoor0.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/dadoor0.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/wgdoor0.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/wldoor0.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/csdoor1.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/wodoor1.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/mhdoor0.dll | 2004-8-4 0:52:32
C:/WINDOWS/Explorer.EXE * 1684 | 2004-8-4 0:52:32 | Microsoft(R) Windows(R) Operating System | 6.00.2900.2180 | Windows Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | explorer | EXPLORER.EXE C:/PROGRA~1/Yahoo!/ASSIST~1/assist/ypatch.dll | 2006-12-5 11:12:50 | ypatch | 3, 1, 7, 1023 | ypatch | Copyright 2005 Yahoo! China | 3, 1, 7, 1023 | Yahoo! China | | ypatch | ypatch.exe C:/Program Files/Internet Explorer/OnlO0r.dll | 2007-11-20 15:23:24 | Microsoft Windows Operating System | 6.00.2900.3028 | Microsoft Corporation Windows DLL | Copyright (C) 2001.01 | 1. 0. 0. 1 | Microsoft Corporation| ? | Windows.dll | Windows.dll C:/WINDOWS/system32/mhdoor0.dll | 2004-8-4 0:52:32 C:/WINDOWS/downlo~1/CnsMin.dll | 2007-8-17 17:59:22 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.1.2 | 国风因特软件(北京)有限公司 | | CnsMin | CnsMin.dll C:/WINDOWS/system32/wodoor1.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/55551.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/csdoor1.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/wldoor0.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/wgdoor0.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/dadoor0.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/dh3oor0.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/qjdoor0.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/rxdoor0.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/wddoor0.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/tldoor0.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/zxdoor0.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/mydoor1.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/qhdoor1.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/cqdoor1.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/fydoor1.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/qqdoor0.dll | 2004-8-4 0:52:32 C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2007-11-1 17:10:16 | Helper Module | 3, 1, 5, 1033 | Helper Module | Copyright 2005 Yahoo! China | 3, 1, 5, 1033 | Yahoo! China | | Helper | Helper.dll C:/PROGRA~1/3721/helper.dll | 2007-10-19 15:14:54 | 中文上网 | 2.5.0.1001 | helperup | 版权所有 (C) 2007 | 2.5.4.1007 | 国风因特软件(北京)有限公司 | | helperup | Helper.dll C:/PROGRA~1/3721/alrex.dll | 2007-7-2 17:27:8 | 中文上网 | 2.5.0.1001 | alrex | 版权所有 (C) 2007 | 2.5.1.1003 | 国风因特软件(北京)有限公司 | | alrex | alrex.dll C:/PROGRA~1/3721/autolive.dll | 2007-10-19 15:14:56 | 中文上网 | 2.5.0.1001 | autolvup | 版权所有 (C) 2007 | 2.5.7.1012 | 国风因特软件(北京)有限公司 | | autolvup | AutoLive.dll C:/PROGRA~1/Yahoo!/ASSIST~1/yalive.dll | 2007-11-8 16:41:28 | AutoLive Module | 3, 7, 9, 1139 | AutoLive Module | Copyright 2005 yahoo! china | 3, 7, 9, 1139 | yahoo! china | | YAlive | YAlive.dll C:/PROGRA~1/Yahoo!/ASSIST~1/Yalliveex.dll | 2006-11-15 17:48:36 | LiveEx | 3, 0, 2, 1011 | LiveEx | Copyright 2005 Yahoo! China | 3, 0, 2, 1011 | Yahoo! China | | LiveEx | LiveEx.dll C:/PROGRA~1/baidu/bar/baidubar.dll | 2007-11-7 14:40:56 | BaiduBar Module | 2, 0, 2, 158 | BaiduBar Module | Copyright 2005 | 2, 0, 2, 158 | Baidu.com, Inc. | | BaiduBar | BaiduBar.DLL C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yphtb.dll | 2006-11-15 17:50:20 | yPhtb | 3, 0, 5, 1007 | yPhtb | Copyright 2005 Yahoo! China | 3, 0, 5, 1007 | Yahoo! China | | | yPhtb.dll C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/YDRAGS~1.DLL | 2007-11-1 17:15:22 | DragSearch | 3, 0, 8, 1010 | DragSearch | Copyright 2005 yahoo! china | 3, 0, 8, 1010 | yahoo! china | | | ydragsearch.dll C:/Program Files/Common Files/fjOs0r.dll | 2007-11-12 11:33:48 | Microsoft Windows Operating System | 6.00.2900.3028 | Microsoft Corporation Windows DLL | Copyright (C) 2001.01 | 1. 0. 0. 1 | Microsoft Corporation| ? | Windows.dll | Windows.dll C:/WINDOWS/downlo~1/CnsHook.dll | 2007-6-11 16:13:14 | 中文上网 | 2.5.0.1001 | CnsHook | 版权所有 (C) 2007 | 2.5.1.6 | 国风因特软件(北京)有限公司 | | CnsHook | CnsHook.dll C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yassist.dll | 2006-11-15 17:45:58 | yAssist Module | 3, 1, 2, 1017 | Assist Module | Copyright (2005) Yahoo! China | 3, 1, 2, 1017 | Yahoo! China | Yahoo! | yAssist | yAssist.DLL C:/WINDOWS/WinSxS/x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82/gdiplus.dll | 2004-8-4 8:50:56 | Microsoft? Windows? Operating System | 5.1.3102.2180 | Microsoft GDI+ | ? Microsoft Corporation. All rights reserved. | 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | gdiplus | gdiplus C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/ywiper.dll | 2006-11-15 17:52:34 | Wiper 动态链接库 | 3, 0, 2, 1002 | Wiper 动态链接库 | Copyright 2005 Yahoo! China | 3, 0, 2, 1002 | Yahoo! China| ? | Wiper | ywiper.dll C:/WINDOWS/downlo~1/CnsMinIO.dll | 2007-8-8 13:35:32 | 中文上网 | 2.5.0.1001 | CnsMinIO | 版权所有 (C) 2007 | 2.5.0.6 | 国风因特软件(北京)有限公司 | | CnsMinIO | CnsMinIO.dll C:/WINDOWS/downlo~1/cnsio.dll | 2007-8-8 13:35:32 | 中文上网 | 2, 5, 0, 1001 | CnsIO | 版权所有 (C) 2007 | 2.5.0.4 | 国风因特软件(北京)有限公司 | | CnsIO | CnsIO.dll C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yasbar.dll | 2007-11-1 17:10:52 | IE ToolBand | 3, 4, 6, 1123 | IE ToolBand | Copyright 2006 yahoo! china | 3, 4, 6, 1123 | yahoo! china | | ToolBand | ToolBand.DLL
C:/WINDOWS/system32/Rundll32.exe * 1788 | 2004-8-4 0:52:38 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Run a DLL as an App | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | rundll | RUNDLL.EXE C:/WINDOWS/downlo~1/CnsMin.dll | 2007-8-17 17:59:22 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.1.2 | 国风因特软件(北京)有限公司 | | CnsMin | CnsMin.dll C:/WINDOWS/downlo~1/CnsMinIO.dll | 2007-8-8 13:35:32 | 中文上网 | 2.5.0.1001 | CnsMinIO | 版权所有 (C) 2007 | 2.5.0.6 | 国风因特软件(北京)有限公司 | | CnsMinIO | CnsMinIO.dll C:/WINDOWS/downlo~1/cnsio.dll | 2007-8-8 13:35:32 | 中文上网 | 2, 5, 0, 1001 | CnsIO | 版权所有 (C) 2007 | 2.5.0.4 | 国风因特软件(北京)有限公司 | | CnsIO | CnsIO.dll C:/WINDOWS/system32/55551.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/dh3oor0.dll | 2004-8-4 0:52:32 C:/WINDOWS/downlo~1/CnsMinEx.dll | 2007-6-11 16:13:16 | 中文上网 | 2.5.0.1001 | CnsMinEx | 版权所有 (C) 2007 | 2.5.0.4 | 国风因特软件(北京)有限公司 | | CnsMinEx | CnsMinEx.dll C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2007-11-1 17:10:16 | Helper Module | 3, 1, 5, 1033 | Helper Module | Copyright 2005 Yahoo! China | 3, 1, 5, 1033 | Yahoo! China | | Helper | Helper.dll C:/PROGRA~1/3721/helper.dll | 2007-10-19 15:14:54 | 中文上网 | 2.5.0.1001 | helperup | 版权所有 (C) 2007 | 2.5.4.1007 | 国风因特软件(北京)有限公司 | | helperup | Helper.dll
C:/PROGRA~1/Yahoo!/ASSIST~1/YLive.exe * 2408 | 2007-11-1 17:10:22 | YLive | 3, 2, 5, 1031 | YLive | Copyright 2005 Yahoo! China | 3, 2, 5, 1031 | Yahoo! China | | YLive | YLive.exe C:/PROGRA~1/Yahoo!/ASSIST~1/YLive.exe | 2007-11-1 17:10:22 | YLive | 3, 2, 5, 1031 | YLive | Copyright 2005 Yahoo! China | 3, 2, 5, 1031 | Yahoo! China | | YLive | YLive.exe C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2007-11-1 17:10:16 | Helper Module | 3, 1, 5, 1033 | Helper Module | Copyright 2005 Yahoo! China | 3, 1, 5, 1033 | Yahoo! China | | Helper | Helper.dll C:/WINDOWS/downlo~1/CnsMin.dll | 2007-8-17 17:59:22 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.1.2 | 国风因特软件(北京)有限公司 | | CnsMin | CnsMin.dll C:/PROGRA~1/Yahoo!/ASSIST~1/yalive.dll | 2007-11-8 16:41:28 | AutoLive Module | 3, 7, 9, 1139 | AutoLive Module | Copyright 2005 yahoo! china | 3, 7, 9, 1139 | yahoo! china | | YAlive | YAlive.dll C:/PROGRA~1/Yahoo!/ASSIST~1/Yalliveex.dll | 2006-11-15 17:48:36 | LiveEx | 3, 0, 2, 1011 | LiveEx | Copyright 2005 Yahoo! China | 3, 0, 2, 1011 | Yahoo! China | | LiveEx | LiveEx.dll C:/WINDOWS/system32/dh3oor0.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/55551.dll | 2004-8-4 0:52:32 C:/PROGRA~1/3721/helper.dll | 2007-10-19 15:14:54 | 中文上网 | 2.5.0.1001 | helperup | 版权所有 (C) 2007 | 2.5.4.1007 | 国风因特软件(北京)有限公司 | | helperup | Helper.dll C:/PROGRA~1/Yahoo!/ASSIST~1/ynotifier.dll | 2006-11-15 17:48:42 | Notifier Module | 3, 0, 2, 1002 | Notifier Module | Copyright 2004 yahoo! china | 3, 0, 2, 1002 | yahoo! china | | Notifier | Notifier.DLL
C:/PROGRA~1/Yahoo!/Assistant/yassistse.exe * 2416 | 2006-11-15 17:46:58 | Yahoo! AssistSetting | 3, 0, 4, 1005 | AssistSetting | Copyright (2005) Yahoo! China | 3, 0, 4, 1005 | Yahoo! China | | AssistSetting | AssistSe.exe C:/PROGRA~1/Yahoo!/Assistant/yassistse.exe | 2006-11-15 17:46:58 | Yahoo! AssistSetting | 3, 0, 4, 1005 | AssistSetting | Copyright (2005) Yahoo! China | 3, 0, 4, 1005 | Yahoo! China | | AssistSetting | AssistSe.exe C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2007-11-1 17:10:16 | Helper Module | 3, 1, 5, 1033 | Helper Module | Copyright 2005 Yahoo! China | 3, 1, 5, 1033 | Yahoo! China | | Helper | Helper.dll C:/WINDOWS/downlo~1/CnsMin.dll | 2007-8-17 17:59:22 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.1.2 | 国风因特软件(北京)有限公司 | | CnsMin | CnsMin.dll C:/PROGRA~1/Yahoo!/Assistant/shell/yAssecblk.dll | 2007-11-1 17:14:48 | yassecblk module | 3, 2, 1, 1029 | yassecblk | Copyright (2005) Yahoo! China | 3, 2, 1, 1029 | Yahoo! China | yahoo! | yassecblk | yassecblk.dll C:/PROGRA~1/Yahoo!/Assistant/shell/yMenuInfo.dll | 2006-11-15 17:47:4 | Yahoo MenuInfo | 3, 0, 1, 1001 | MenuInfo | Copyright (2005) Yahoo! China | 3, 0, 1, 1001 | Yahoo! China | | MenuInfo | MenuInfo.dll C:/PROGRA~1/Yahoo!/Assistant/shell/yIEAngel.dll | 2006-11-15 17:47:2 | Yahoo IEAngel | 3, 0, 2, 1002 | IEAngel | Copyright (2005) Yahoo! China | 3, 0, 2, 1002 | Yahoo! China | | IEAngel | IEAngel.dll C:/PROGRA~1/Yahoo!/Assistant/shell/yAsMenu.dll | 2006-11-15 17:46:54 | yAsMenu module | 3, 0, 1, 1002 | yAsMenu | Copyright (2005) Yahoo! China | 3, 0, 1, 1002 | Yahoo! China | Yahoo! | yAsMenu | yAsMenu.dll C:/WINDOWS/system32/dh3oor0.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/55551.dll | 2004-8-4 0:52:32
C:/WINDOWS/system32/RUNDLL32.EXE * 2444 | 2004-8-4 0:52:38 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Run a DLL as an App | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | rundll | RUNDLL.EXE C:/WINDOWS/system32/NvMcTray.dll | 2006-3-31 20:54:0 | NVIDIA Media Center Library | 6.14.10.8440 | NVIDIA Media Center Library | (C) NVIDIA Corporation. All rights reserved. | 6.14.10.8440 | NVIDIA Corporation| ? | NvMCTray | NVMCTRAY.DLL C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2007-11-1 17:10:16 | Helper Module | 3, 1, 5, 1033 | Helper Module | Copyright 2005 Yahoo! China | 3, 1, 5, 1033 | Yahoo! China | | Helper | Helper.dll C:/WINDOWS/downlo~1/CnsMin.dll | 2007-8-17 17:59:22 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.1.2 | 国风因特软件(北京)有限公司 | | CnsMin | CnsMin.dll C:/WINDOWS/system32/NVRSZHC.DLL | 2006-3-31 20:54:0 | NVIDIA Compatible Windows 2000 Display driver, Version 84.40 | 6.14.10.8440 | NVIDIA Simplified Chinese language resource library | (C) NVIDIA Corporation. All rights reserved. | 6.14.10.8440 | NVIDIA Corporation| ? | NvRsZhc | NvRsZhc.dll C:/WINDOWS/system32/dh3oor0.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/55551.dll | 2004-8-4 0:52:32
C:/WINDOWS/system32/rundll32.exe * 2560 | 2004-8-4 0:52:38 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Run a DLL as an App | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | rundll | RUNDLL.EXE C:/PROGRA~1/3721/helper.dll | 2007-10-19 15:14:54 | 中文上网 | 2.5.0.1001 | helperup | 版权所有 (C) 2007 | 2.5.4.1007 | 国风因特软件(北京)有限公司 | | helperup | Helper.dll C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2007-11-1 17:10:16 | Helper Module | 3, 1, 5, 1033 | Helper Module | Copyright 2005 Yahoo! China | 3, 1, 5, 1033 | Yahoo! China | | Helper | Helper.dll C:/WINDOWS/downlo~1/CnsMin.dll | 2007-8-17 17:59:22 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.1.2 | 国风因特软件(北京)有限公司 | | CnsMin | CnsMin.dll C:/PROGRA~1/3721/autolive.dll | 2007-10-19 15:14:56 | 中文上网 | 2.5.0.1001 | autolvup | 版权所有 (C) 2007 | 2.5.7.1012 | 国风因特软件(北京)有限公司 | | autolvup | AutoLive.dll C:/WINDOWS/system32/dh3oor0.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/55551.dll | 2004-8-4 0:52:32
C:/WINDOWS/system32/ctfmon.exe * 2660 | 2004-8-4 0:52:30 | Microsoft? Windows? Operating System | 5.1.2600.2180 | CTF Loader | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | CTFMON | CTFMON.EXE C:/PROGRA~1/3721/helper.dll | 2007-10-19 15:14:54 | 中文上网 | 2.5.0.1001 | helperup | 版权所有 (C) 2007 | 2.5.4.1007 | 国风因特软件(北京)有限公司 | | helperup | Helper.dll C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll | 2007-11-1 17:10:16 | Helper Module | 3, 1, 5, 1033 | Helper Module | Copyright 2005 Yahoo! China | 3, 1, 5, 1033 | Yahoo! China | | Helper | Helper.dll C:/WINDOWS/downlo~1/CnsMin.dll | 2007-8-17 17:59:22 | 中文上网 | 2.5.0.1001 | CnsMin | 版权所有 (C) 2007 | 2.5.1.2 | 国风因特软件(北京)有限公司 | | CnsMin | CnsMin.dll C:/WINDOWS/system32/dh3oor0.dll | 2004-8-4 0:52:32 C:/WINDOWS/system32/55551.dll | 2004-8-4 0:52:32
O2 - BHO QQCycloneHelper Class - {00000000-12C9-4305-82F9-43058F20E8D2} - C:/Program Files/Tencent/QQDownload/QQIEHelper01.dllO2 - BHO Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yphtb.dllO2 - BHO AntiFish Class - {38928D50-8A48-44C2-945F-D2F23F771410} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yangling.dllO2 - BHO DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/YDRAGS~1.DLLO2 - BHO BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:/PROGRA~1/baidu/bar/baidubar.dllO2 - BHO - {C2626E66-D21B-E628-C1DF-1DACCFA36ED2} - C:/Program Files/Common Files/fjOs0r.dllO2 - BHO CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:/WINDOWS/downlo~1/CnsHook.dllO2 - BHO assist - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yassist.dllO3 - IE工具栏: - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:/PROGRA~1/baidu/bar/baidubar.dllO3 - IE工具栏: 雅虎助手 - {406F94F0-504F-4A40-8DFD-58B0666ABEBD} - C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yasbar.dll
O4 - HKLM/../Run: [CnsMin] Rundll32.exe C:/WINDOWS/downlo~1/CnsMin.dll,Rundll32O4 - HKLM/../Run: [helper.dll] C:/WINDOWS/system32/rundll32.exe C:/PROGRA~1/3721/helper.dll,Rundll32
D:/autorun.inf/-----[AutoRun]open=xxyxyjk.exeshell/open=打开(&O)shell/open/Command=xxyxyjk.exeshell/open/Default=1shell/explore=资源管理器(&X)shell/explore/Command=xxyxyjk.exe-----/E:/autorun.inf/-----[AutoRun]open=xxyxyjk.exeshell/open=打开(&O)shell/open/Command=xxyxyjk.exeshell/open/Default=1shell/explore=资源管理器(&X)shell/explore/Command=xxyxyjk.exe-----/F:/autorun.inf/-----[autorun]open=Windows.scrshellexecute=Windows.scrshell/Auto/command=Windows.scrshell=Auto-----/
O8 - IE右键菜单附加项 : 添加到雅虎订阅(&Y) - res://C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yrss.dll/YRSSMENUEXTO8 - IE右键菜单附加项 : 雅虎搜索 - res://C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yasbar.dll/203
O9 - IE工具栏扩展按钮HKLM:Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - hxxp://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomailO9 - IE工具菜单扩展项HKLM: - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - hxxp://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomailO9 - IE工具栏扩展按钮HKLM:名品折扣 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - hxxp://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=hxxp://www.taobao.com/vertical/mall/pro.php?allyesPara=816O9 - IE工具菜单扩展项HKLM: - {59BC54A2-56B3-44a0-93E5-432D58746E26} - hxxp://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=hxxp://www.taobao.com/vertical/mall/pro.php?allyesPara=816O9 - IE工具栏扩展按钮HKLM:雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - hxxp://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassistO9 - IE工具菜单扩展项HKLM: - {5D73EE86-05F1-49ed-B850-E423120EC338} - hxxp://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassistO9 - IE工具栏扩展按钮HKLM:雅虎WIDGET - {6354ABE6-05F1-49ed-B850-E423120EC338} - hxxp://cn.widget.yahoo.com/index.htm?source=CnsO9 - IE工具菜单扩展项HKLM: - {6354ABE6-05F1-49ed-B850-E423120EC338} - hxxp://cn.widget.yahoo.com/index.htm?source=CnsO9 - IE工具栏扩展按钮HKLM:情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - hxxp://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsgO9 - IE工具菜单扩展项HKLM: - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - hxxp://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsgO9 - IE工具栏扩展按钮HKLM: - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - hxxp://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repairO9 - IE工具菜单扩展项HKLM:修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - hxxp://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repairO9 - IE工具栏扩展按钮HKLM:Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Program Files/Messenger/msmsgs.exeO9 - IE工具菜单扩展项HKLM:Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Program Files/Messenger/msmsgs.exeO9 - IE工具栏扩展按钮HKLM: - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - hxxp://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=cleanO9 - IE工具菜单扩展项HKLM:清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - hxxp://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean
O11 - IE扩展选项组:!CNS ( 中文上网) = @C:/WINDOWS/downlo~1/CnsMin.dll,-117
O23 - 服务: BdGuard (BdGuard) - system32/drivers/BDGuard.SYS | BDGUARD Dynamic Link Library | 1, 0, 12, 0 | BDGUARD Dynamic Link Library | Copyright (C) 2005 | 1, 0, 12, 0| ?| ? | BDGUARD | Bdguard.dll(引导)O23 - 服务: BIOS (BIOS) - C:/WINDOWS/system32/drivers/BIOS.sys | 2005-3-16 14:23:54 | BIOSTAR I/O driver fle | 1, 0, 0, 0 | I/O Interface driver file | Copyright (c) 2002-2003 BIOSTAR Group | 1, 0, 0, 0 | BIOSTAR Group | | I/O driver | BIOS.sys(系统)O23 - 服务: CnsMinKP (CnsMinKP) - system32/drivers/CnsMinKP.sys | 中文上网 | 2.5.0.1001 | CnsMinKPXP | 版权所有 (C) 2007 | 2.0.6.1002 | 国风因特软件(北京)有限公司| ? | CnsMinKPXP | CnsMinKpXP.sys(引导)O23 - 服务: lbofrbl (lbofrbl) - C:/WINDOWS/System32/drivers/lbofrbl.sys | 2007-11-21 9:43:0 | sys 应用程序 | 1, 0, 1, 3 | sys 应用程序 | 版权所有 (C) 2006 | 1, 0, 1, 3 | 北京三七二一科技有限公司| ? | sys | sys.exe(引导)O23 - 服务: NPF (Netgroup Packet Filter) - system32/drivers/npf.sys | WinPcap Netgroup Packet Filter Driver | 3, 1, 0, 27 | npf | Copyright ? 2005 CACE Technologies. Copyright ? 2003-2005 NetGroup, Politecnico di Torino. | 3, 1, 0, 27 | CACE Technologies | | NPF + TME | npf.sys(手动)O23 - 服务: ocgnjjqw (ocgnjjqw) - System32/DRIVERS/ocgnjjqw.sys| ? | 1.6.9.1084| ?| ? | 1.8.0.1096 | Yahoo! China Corporation| ?| ?| ?(引导)O23 - 服务: R2A (R2A) - C:/WINDOWS/system32a2.sys(禁用)O23 - 服务: yaskp (yaskp) - system32/drivers/yaskp.sys | KMD | 3, 0, 7, 1009 | KMD | Copyright (c) yahoo Corporation. | 3, 0, 7, 1009 | Copyright (C) yahoo Corporation.| ? | yaskp.sys | yaskp.sys(引导)
O24 - ShlExecHook: [A] - {4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A} = AO24 - ShlExecHook: [CnsHook Class] - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} = C:/WINDOWS/downlo~1/CnsHook.dllO24 - ShlExecHook: [PatchCom] - {E568441B-9EF3-49F8-9A67-4141AC41ADD4} = C:/PROGRA~1/Yahoo!/ASSIST~1/assist/ypatch.dllO24 - ShlExecHook: [] - {CC3596CB-D6C1-ECA1-AE51-DEEA63F6C21C} = C:/Program Files/Internet Explorer/OnlO0r.dllO24 - ShlExecHook: [F] - {3422FB0F-95EB-458A-8B56-39552017A4EF} = C:/WINDOWS/system32/mhdoor0.dllO24 - ShlExecHook: [6] - {5731EA1D-6AAF-4DE9-BDDA-7B390A75B286} = C:/WINDOWS/system32/wodoor1.dllO24 - ShlExecHook: [7] - {11DB88F9-409B-475E-8FD7-411653F6D367} = C:/WINDOWS/system32/55551.dllO24 - ShlExecHook: [C] - {32C4BAF4-0411-4000-BDFB-A6F71E669F8C} = C:/WINDOWS/system32/csdoor1.dllO24 - ShlExecHook: [3] - {E03C23BD-35B7-49C2-BBCA-6D8CEC2507E3} = C:/WINDOWS/system32/wldoor0.dllO24 - ShlExecHook: [7] - {A3C95A74-638D-4C6B-A856-4B27664A7F47} = C:/WINDOWS/system32/wgdoor0.dllO24 - ShlExecHook: [B] - {D8CC4845-441C-44F8-9053-28F2EF67655B} = C:/WINDOWS/system32/dadoor0.dllO24 - ShlExecHook: [C] - {A120A1D0-CBCC-4F9B-A183-78B27E4C1B5C} = C:/WINDOWS/system32/dh3oor0.dllO24 - ShlExecHook: [8] - {6826A3DB-EA8E-4E67-880D-53D04C7C0BD8} = C:/WINDOWS/system32/qjdoor0.dllO24 - ShlExecHook: [0] - {EDFF29C1-5A70-4460-AC1D-16DCB4B672F0} = C:/WINDOWS/system32/rxdoor0.dllO24 - ShlExecHook: [2] - {68F7767A-090C-4BBF-A015-720ACC6706E2} = C:/WINDOWS/system32/wddoor0.dllO24 - ShlExecHook: [8] - {08E909A4-B236-48DD-8BCC-90A604B93E68} = C:/WINDOWS/system32/tldoor0.dllO24 - ShlExecHook: [7] - {781FBCC1-99C7-4AE0-95F7-66EA49E86DD7} = C:/WINDOWS/system32/zxdoor0.dllO24 - ShlExecHook: [8] - {4E3FBFA4-F1CC-4B66-B333-B9F0FF4B4748} = C:/WINDOWS/system32/mydoor1.dllO24 - ShlExecHook: [D] - {ABD0935D-B35A-47BD-BA9A-81678DDE74DD} = C:/WINDOWS/system32/qhdoor1.dllO24 - ShlExecHook: [3] - {04A0CB31-FDEB-4EB8-889B-E00ED87BCE23} = C:/WINDOWS/system32/cqdoor1.dllO24 - ShlExecHook: [B] - {BD9B003B-0BE6-4528-A9D9-B8DBACAC6B9B} = C:/WINDOWS/system32/fydoor1.dllO24 - ShlExecHook: [F] - {D64AC2E4-95B1-40DD-90D9-0C60F7CA64BF} = C:/WINDOWS/system32/qqdoor0.dll===/
遭遇Win32.Loader.c,Trojan.PSW.Win32.GameOnline,Trojan.PSW.Win32.AskTao等1相关推荐
- 遭遇Win32.Loader.c,Trojan.PSW.Win32.GameOnline,Trojan.PSW.Win32.AskTao等2
遭遇Win32.Loader.c,Trojan.PSW.Win32.GameOnline,Trojan.PSW.Win32.AskTao等2 endurer 原创 2007-11-22 第1版 检查发 ...
- 又一位网友中了Viking Trojan PSW OnLineGames abo Trojan PSW SBoy b等
endurer 原创 2007-04-04 第1版 昨晚,一位网友说,他的电脑工作速度很慢,浏览网页时自动弹广告,让偶帮助检查一下. 让他先用HijackThis(可到http://endurer.y ...
- 又一位网友中了Viking,Trojan.PSW.OnLineGames.abo,Trojan.PSW.SBoy.b等
endurer 原创 2007-04-04 第1版 昨晚,一位网友说,他的电脑工作速度很慢,浏览网页时自动弹广告,让偶帮助检查一下. 让他先用HijackThis(可到http://endurer.y ...
- 利用c#实现远程注入非托管WIN32程序,并利用嵌入汇编调用非托管WIN32程序中的内部过程...
c#通过调用windows API函数,可以很轻松的完成非托管WIN32程序的注入.内存读写等操作,以下为c#实现远程注入非托管WIN32程序,并利用嵌入汇编调用非托管WIN32程序中的内部过程的源码 ...
- Unix.Trojan.DDoS_XOR-1、Linux.Trojan.Agent(Linux.BackDoor.Gates.5)木马清理
一.现象 Linux服务器被黑, 向外疯狂发包,造成网络瘫痪.nload显示100Mbit/s.(nload统计流量软件) 二.木马扫描 1.ClamAV介绍 ClamAV是一个在命令行下查毒软件,因 ...
- 遭遇Worm.Win32.Viking,Worm.Win32f.ysv,Trojan.PSW.Win32.OnlineGames等
遭遇Worm.Win32.Viking,Worm.Win32f.ysv,Trojan.PSW.Win32.OnlineGames等 endurer 原创 2007-07-30 第1版 刚才," ...
- 遭遇Trojan-Spy.Win32.Delf.uv,Trojan.PSW.Win32.XYOnline,Trojan.PSW.Win32.ZhengTu等2
遭遇Trojan-Spy.Win32.Delf.uv,Trojan.PSW.Win32.XYOnline,Trojan.PSW.Win32.ZhengTu等2 endurer 原创 2007-08-1 ...
- 遭遇Trojan-Spy Win32 Delf uv Trojan PSW Win32 XYOnline Trojan
遭遇Trojan-Spy.Win32.Delf.uv,Trojan.PSW.Win32.XYOnline,Trojan.PSW.Win32.ZhengTu等2 endurer 原创 2007-08-1 ...
- 又遇Trojan.PSW.Win32.QQPass,Trojan.PSW.Win32.GameOL等2
又遇Trojan.PSW.Win32.QQPass,Trojan.PSW.Win32.GameOL等2 endurer 原创 2008-06-16 第1版 (继1) 到 http://purpleen ...
最新文章
- 【组队学习】【32期】算法的应用
- windows防火墙支持FTP服务的设置方法
- “我太喜欢你了”——友情的表达方式?
- UNITY 手动定制inspector
- 本地打开extjs api docs 的方法
- hadoop组件及其作用
- Navicat Premium 12 安装教程 + 注册机 Navicat_Keygen_Patch_v5.0_By_DFoX_CHS [附资源]
- outlook邮箱收件服务器密码,outlook邮箱 收件服务器
- ios ping服务器
- No query specified
- Windows10快捷键合集
- Unity 涂涂乐(不使用shader)
- 计算机网络实验:CISCO IOS 路由器基本配置
- NDK - JNI官方中文资料
- 微信小程序开发过程中出现的内存泄漏问题
- 采集需要登录后的网页(重定向后cookie丢失问题)
- iOS 读书笔记-单元测试XCTest
- Golang单元测试快速上手(三) 高级技巧
- 零基础入门天池NLP赛事之——新闻文本分类(5)
- Android 炫酷的手势动画,16个超级漂亮的手机锁屏图案,炫酷到飞起,总有一款适合你...