首页 > 其他分享 >遭遇修改系统时间、使用映像劫持的xibgptd.exe,netdde32.exe等2

遭遇修改系统时间、使用映像劫持的xibgptd.exe,netdde32.exe等2

时间:2022-11-30 17:32:35浏览次数:34  
标签:Files netdde32 exe exeO26 IFEO xibgptd Program Microsoft


遭遇修改系统时间、使用映像劫持的xibgptd.exe,netdde32.exe等2

endurer 原创
2007-08-10 第1

(续log)

O9 - IE工具栏扩展按钮HKLM:中文上网 - {B012491E-8FA4-4851-AA9B-22E33784FBAD} - C:/Program Files/OCINS/config.exe
O9 - IE工具菜单扩展项HKLM:中文上网 - {B012491E-8FA4-4851-AA9B-22E33784FBAD} - C:/Program Files/OCINS/config.exe

O20 - AppInit_DLLs: jzgpri.dll

O23 - 服务: AEA6EAEC (AEA6EAEC) - C:/WINDOWS/system32/2DD519ED.EXE -p | 2007-8-10 8:7:20 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?(自动)
O23 - 服务: EagleNT (EagleNT) - C:/WINDOWS/system32/drivers/EagleNT.sys(手动)
O23 - 服务: he1p (he1p) - C:/WINDOWS/system32/he1p.exe -service | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | IExplorer | 版权所有(C) 2007 | 1, 0, 0, 1 | Microsoft Corporation |  | IExplorer | IExplorer.exe(自动)
O23 - 服务: qgqelbr (qgqelbr) - C:/WINDOWS/System32/drivers/qgqelbr.sys | 2007-4-7 14:13:22 |  sys 应用程序 | 1, 0, 1, 3 | sys 应用程序 | 版权所有 (C) 2006 | 1, 0, 1, 3 | 北京三七二一科技有限公司| ? | sys | sys.exe(引导)
O23 - 服务: RemoteDbg (Remote Debug Service) - C:/WINDOWS/system32/rundll32.exe RemoteDbg.dll,input(自动)
O23 - 服务: svchost (svchost) - C:/WINDOWS/system32/dllcache/svchost.exe -g | 2007-8-10 8:4:14 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?(自动)
O23 - 服务: SVCSVR (SVCSVR) - C:/WINDOWS/svrsvc.exe | 2004-8-17 12:0:0(自动)
O23 - 服务: TesSafe (TesSafe) - C:/WINDOWS/system32/TesSafe.sys | 2007-7-5 13:39:28(手动)
O23 - 服务: WinDHCPsvc (Windows DHCP Service) - C:/WINDOWS/system32/rundll32.exe windhcp.ocx,input(自动)

O24 - ShlExecHook: [] - {16B05AF4-16B0-9E38-F49E-5AF49E38D27C} = C:/WINDOWS/system32/JQXELW.dll
O24 - ShlExecHook: [] - {32311A42-AC1B-158F-FD32-5674345F23A3} = C:/WINDOWS/system32/dhcpri.dll
O24 - ShlExecHook: [] - {525AB2F3-234A-7469-2F43-E341713ABFA5} = C:/WINDOWS/system32/wgepri.dll
O24 - ShlExecHook: [] - {4562452F-FA36-BA4F-892A-FF5FBBAC5314} = C:/WINDOWS/system32/mydpri.dll
O24 - ShlExecHook: [] - {759AFD5B-159F-ACD8-954C-ACD545FA6587} = C:/WINDOWS/system32/jzgpri.dll

O26 - IFEO: 360rpt.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: 360Safe.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: 360tray.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: adam.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: AgentSvr.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: AppSvc32.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: ArSwp.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: AST.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: autoruns.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: avconsol.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: avgrssvc.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: AvMonitor.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: avp.com -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: avp.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: CCenter.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: ccSvcHst.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: EGHOST.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: Explorer.exe -> C:/WINDOWS/system32/netdde32.exe
O26 - IFEO: FileDsty.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: FTCleanerShell.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: FYFireWall.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: HijackThis.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: IceSword.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: iparmo.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: Iparmor.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: isPwdSvc.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: kabaload.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KaScrScn.SCR -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KASMain.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KASTask.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KAV32.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KAVDX.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KAVPF.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KAVPFW.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KAVSetup.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KAVStart.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KISLnchr.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KMailMon.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KMFilter.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KPFW32.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KPFW32X.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KPfwSvc.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KRegEx.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KRepair.com -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KsLoader.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KVCenter.kxp -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KvDetect.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KvfwMcl.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KVMonXP.kxp -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KVMonXP_1.kxp -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: kvol.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: kvolself.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KvReport.kxp -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KVScan.kxp -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KVSrvXP.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KVStub.kxp -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: kvupload.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: kvwsc.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KvXP.kxp -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KvXP_1.kxp -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KWatch.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KWatch9x.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: KWatchX.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: loaddll.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: MagicSet.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: mcconsol.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: mmqczj.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: mmsk.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: Navapsvc.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: Navapw32.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: nod32.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: nod32krn.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: nod32kui.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: NPFMntor.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: PFW.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: PFWLiveUpdate.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: QHSET.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: QQDoctor.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: QQKav.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: QQLiveUpdate.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: QQSC.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: QQUpdateCenter.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: Ras.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: Rav.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: RavMon.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: RavMonD.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: RavStub.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: RavTask.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: RegClean.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: rfwcfg.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: rfwmain.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: rfwsrv.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: RsAgent.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: Rsaupd.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: rstrui.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: runiep.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: safelive.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: scan32.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: shcfg32.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: SmartUp.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: SREng.EXE -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: symlcsvc.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: SysSafe.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: Timwp.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: TrojanDetector.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: Trojanwall.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: TrojDie.kxp -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: UIHost.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: UmxAgent.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: UmxAttachment.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: UmxCfg.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: UmxFwHlp.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: UmxPol.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: upiea.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: UpLive.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: USBCleaner.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: vsstat.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: webscanx.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe
O26 - IFEO: WoptiClean.exe -> C:/Program Files/Common Files/Microsoft Shared/xibgptd.exe

HKLM/SHOWALL    值非1
===/

系统时间被修改为 2005-10-19 了。
使用映像劫持阻止杀毒软件启动。
修改了hosts文件阻止杀毒软件升级。
使用 IE插件(O2)、系统服务(O23)、Shell Exec Hook (O24)和 autorun.inf (O4)等来激活恶意程序。 

标签:Files,netdde32,exe,exeO26,IFEO,xibgptd,Program,Microsoft
From: https://blog.51cto.com/endurer/5900031

相关文章

  • 遭遇修改系统时间、使用映像劫持的xibgptd.exe,netdde32.exe等3
    遭遇修改系统时间、使用映像劫持的xibgptd.exe,netdde32.exe等3endurer原创2007-08-13第1版文件说明符:C:/WINDOWS/netdde32.exe属性:-SH-获取文件版本信息大小失败!......
  • 一个据说可以让瑞星ravmond.exe崩溃的网站
    一个据说可以让瑞星ravmond.exe崩溃的网站endurer原创2007-08-16第1版一位呢称为raulronaldo说有一个网站,多刷新两次,然后设置瑞星不显示病毒提示对话框,瑞星会报ravmond......
  • 解决Explorer.exe频繁占用大量的CPU
    前言不止从何时开始,本人电脑系统的Windows资源管理器(Explorer.exe)频繁占用大量cpu资源,导致系统卡顿。最开始觉得是系统文件损坏或者驱动文件的问题,但用sfc/scannow检测......
  • 定时器:ScheduledExecutorService
    方式二:ScheduledExecutorServiceScheduledExecutorService定时器ScheduledExecutorService是jdk1.5中引入了并发包,目的是为了弥补Timer的缺陷,ScheduledExecutorServic......
  • Executors:线程池的工具类处理线程
    Executors:线程池的工具类处理线程Executors得到线程池对象的常用方法Executors:线程池的工具类通过调用方法返回不同类型的线程池对象。Executors的底层其实也是基于线......
  • Windows服务(C#)显式运行exe程序
    转载于:https://cognize.me/windowsservice/一般来讲,用C#运行某个.exe程序,我们都会这样写:Process.Start("xxx.exe")其中,“xxx.exe”表示我们要运行的exe的路径,Process.......
  • Initializing ExecutorService 'getCrawler1'
    程序执行一直卡在:InitializingExecutorService  去掉idea的断点   ......
  • Svcutil.exe详解
    补充:以下命令为客户端生成代理svcutilnet.tcp://192.168.0.100:3333/ChatService/language:C#/out:proxy.cs/config:app.config以下命令为客户端生成异步代理(设置IsOneW......
  • Java的ExecutorService的shutdownNow()方法并不能保证一定会结束线程的解决办法
    这几天使用ExecutorService的时候遇到了在Task内部进行读取文件操作而导致死循环的问题,当我试图调用shutdownNow()方法的时候,发现并不是像我预想的一样会理解结束线程。我......
  • docker exec -it xxxx bash 报错
    1、报错信息rpcerror:code=2desc=ociruntimeerror:execfailed:container_linux.go:235:startingcontainerprocesscaused"exec:\"bash\":executablefile......

赞助商

阅读排行

网站主页关于我们联系我们网站地图

本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。

Copyright © 2020-2023 IPS99 版权所有 IPS99