- 浏览: 951287 次
文章分类
最新评论
遭遇auto.exe,winforms.dll,zinforms.dll,LYLoader.exe,LYLoadbr.exe等/1
遭遇auto.exe,winforms.dll,zinforms.dll,LYLoader.exe,LYLoadbr.exe等/1
endurer 原创
2007-10-09 第1版
中午一位网友说他的电脑不断提示 explorer.exe 出错,网速也很慢,让偶帮忙检修。
下载 pe_xscan 扫描 log 并分析,发现如下可疑项(进程模块部分有省略):
/===
pe_xscan 07-08-30 by Purple Endurer
2007-10-9 12:26:11
Windows XP Service Pack 2(5.1.2600)
管理员用户组
[System Process] * 0
C:/PROGRA~1/TENCENT/SSPlus/SPlus.dll | 2007-8-30 10:49:20 | SPlus Module | 5, 0, 1, 22 | | 腾讯科技(深圳)有限公司 版权所有 (C) 2007 | 5, 0, 1, 22 | TENCENT | | SPlus.dll | SPlus.dll
C:/WINDOWS/system32/okwmbf.dll | 2007-10-9 10:12:6
C:/WINDOWS/system32/vhhmah.dll | 2007-10-9 10:11:54
C:/WINDOWS/system32/ehqbfb.dll | 2007-10-9 10:11:36
C:/WINDOWS/system32/ahgqll.dll | 2007-10-9 10:11:30
C:/WINDOWS/system32/akoynv.dll | 2007-10-9 10:11:24
C:/WINDOWS/system32/jomxls.dll | 2007-10-9 10:10:38
C:/WINDOWS/system32/pvdzkg.dll | 2007-10-9 10:10:30
C:/WINDOWS/system32/uhdlkb.dll | 2007-10-9 10:10:30
C:/WINDOWS/system32/MsIMMs32.dll | 2007-10-9 10:4:40
C:/WINDOWS/system32/mppds.dll | 2007-10-9 10:4:38
C:/WINDOWS/system32/Kvsc3.dll | 2007-10-9 10:4:36
C:/WINDOWS/system32/DiskMan32.dll | 2007-10-9 10:4:36
C:/WINDOWS/system32/winforms.dll | 2007-10-8 14:29:10
C:/WINDOWS/system32/csrss.exe * 844 | 2004-8-17 12:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Client Server Runtime Process | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | CSRSS.Exe | CSRSS.Exe
C:/WINDOWS/system32/B2DFC677.DLL | 2007-10-9 10:4:34 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?
C:/WINDOWS/system32/winlogon.exe * 868 | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Windows NT Logon Application | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | winlogon | WINLOGON.EXE
C:/WINDOWS/system32/winforms.dll | 2007-10-8 14:29:10
C:/WINDOWS/system32/B2DFC677.DLL | 2007-10-9 10:4:34 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?
C:/WINDOWS/system32/svchost.exe * 1084 | 2004-8-17 12:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | svchost.exe | svchost.exe
C:/WINDOWS/system32/winforms.dll | 2007-10-8 14:29:10
C:/WINDOWS/system32/B2DFC677.DLL | 2007-10-9 10:4:34 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?
C:/WINDOWS/Explorer.EXE * 1984 | 2007-6-13 21:21:56 | Microsoft(R) Windows(R) Operating System | 6.00.2900.3156 | Windows Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Microsoft Corporation| ? | explorer | EXPLORER.EXE
C:/WINDOWS/system32/winforms.dll | 2007-10-8 14:29:10
C:/WINDOWS/system32/SHQMANGR.DLL | 2007-10-9 10:4:32
C:/PROGRA~1/TENCENT/SSPlus/SPlus.dll | 2007-8-30 10:49:20 | SPlus Module | 5, 0, 1, 22 | | 腾讯科技(深圳)有限公司 版权所有 (C) 2007 | 5, 0, 1, 22 | TENCENT | | SPlus.dll | SPlus.dll
C:/WINDOWS/system32/DiskMan32.dll | 2007-10-9 10:4:36
C:/WINDOWS/system32/Kvsc3.dll | 2007-10-9 10:4:36
C:/WINDOWS/system32/mppds.dll | 2007-10-9 10:4:38
C:/WINDOWS/system32/B2DFC677.DLL | 2007-10-9 10:4:34 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?
C:/WINDOWS/system32/MsIMMs32.dll | 2007-10-9 10:4:40
C:/WINDOWS/system32/fxsst.dll | 2004-8-17 20:0:0 | Microsoft(R) Windows(R) Operating System | 5.2.2600.2180 | Fax Service | ? Microsoft Corporation. All rights reserved. | 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | FXSST.DLL | FXSST.DLL
C:/WINDOWS/system32/FXSAPI.dll | 2004-8-17 20:0:0 | Microsoft? Windows? Operating System | 5.2.2600.2180 | Microsoft Fax API Support DLL | ? Microsoft Corporation. All rights reserved. | 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | FXSAPI.DLL | FXSAPI.DLL
C:/WINDOWS/system32/uhdlkb.dll | 2007-10-9 10:10:30
C:/WINDOWS/system32/pvdzkg.dll | 2007-10-9 10:10:30
C:/WINDOWS/system32/jomxls.dll | 2007-10-9 10:10:38
C:/WINDOWS/system32/akoynv.dll | 2007-10-9 10:11:24
C:/WINDOWS/system32/ahgqll.dll | 2007-10-9 10:11:30
C:/WINDOWS/system32/ehqbfb.dll | 2007-10-9 10:11:36
C:/WINDOWS/system32/vhhmah.dll | 2007-10-9 10:11:54
C:/WINDOWS/system32/okwmbf.dll | 2007-10-9 10:12:6
C:/Program Files/TENCENT/SSPlus/SAddr.dll | 2007-8-30 10:49:16 | SAddr Module | 5, 0, 1, 18 | | | 5, 0, 1, 18 | Tencent | | SAddr.dll |
C:/WINDOWS/system32/Rundll32.exe * 388 | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Run a DLL as an App | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | rundll | RUNDLL.EXE
C:/PROGRA~1/TENCENT/SSPlus/SPlus.dll | 2007-8-30 10:49:20 | SPlus Module | 5, 0, 1, 22 | | 腾讯科技(深圳)有限公司 版权所有 (C) 2007 | 5, 0, 1, 22 | TENCENT | | SPlus.dll | SPlus.dll
C:/WINDOWS/system32/winforms.dll | 2007-10-8 14:29:10
C:/WINDOWS/system32/DiskMan32.dll | 2007-10-9 10:4:36
C:/WINDOWS/system32/Kvsc3.dll | 2007-10-9 10:4:36
C:/WINDOWS/system32/B2DFC677.DLL | 2007-10-9 10:4:34 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?
C:/WINDOWS/system32/mppds.dll | 2007-10-9 10:4:38
C:/WINDOWS/system32/MsIMMs32.dll | 2007-10-9 10:4:40
C:/WINDOWS/system32/uhdlkb.dll | 2007-10-9 10:10:30
C:/WINDOWS/system32/pvdzkg.dll | 2007-10-9 10:10:30
C:/WINDOWS/system32/jomxls.dll | 2007-10-9 10:10:38
C:/WINDOWS/system32/akoynv.dll | 2007-10-9 10:11:24
C:/WINDOWS/system32/ahgqll.dll | 2007-10-9 10:11:30
C:/WINDOWS/system32/ehqbfb.dll | 2007-10-9 10:11:36
C:/WINDOWS/system32/vhhmah.dll | 2007-10-9 10:11:54
C:/WINDOWS/system32/okwmbf.dll | 2007-10-9 10:12:6
C:/WINDOWS/system32/ctfmon.exe * 816 | 2004-8-17 12:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | CTF Loader | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | CTFMON | CTFMON.EXE
C:/WINDOWS/system32/winforms.dll | 2007-10-8 14:29:10
C:/PROGRA~1/TENCENT/SSPlus/SPlus.dll | 2007-8-30 10:49:20 | SPlus Module | 5, 0, 1, 22 | | 腾讯科技(深圳)有限公司 版权所有 (C) 2007 | 5, 0, 1, 22 | TENCENT | | SPlus.dll | SPlus.dll
C:/WINDOWS/system32/Kvsc3.dll | 2007-10-9 10:4:36
C:/WINDOWS/system32/DiskMan32.dll | 2007-10-9 10:4:36
C:/WINDOWS/system32/mppds.dll | 2007-10-9 10:4:38
C:/WINDOWS/system32/MsIMMs32.dll | 2007-10-9 10:4:40
C:/WINDOWS/system32/uhdlkb.dll | 2007-10-9 10:10:30
C:/WINDOWS/system32/pvdzkg.dll | 2007-10-9 10:10:30
C:/WINDOWS/system32/jomxls.dll | 2007-10-9 10:10:38
C:/WINDOWS/system32/akoynv.dll | 2007-10-9 10:11:24
C:/WINDOWS/system32/ahgqll.dll | 2007-10-9 10:11:30
C:/WINDOWS/system32/ehqbfb.dll | 2007-10-9 10:11:36
C:/WINDOWS/system32/vhhmah.dll | 2007-10-9 10:11:54
C:/WINDOWS/system32/okwmbf.dll | 2007-10-9 10:12:6
C:/WINDOWS/system32/conime.exe * 3576 | 2004-8-17 12:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Console IME | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | Console | CONIME.EXE
C:/PROGRA~1/TENCENT/SSPlus/SPlus.dll | 2007-8-30 10:49:20 | SPlus Module | 5, 0, 1, 22 | | 腾讯科技(深圳)有限公司 版权所有 (C) 2007 | 5, 0, 1, 22 | TENCENT | | SPlus.dll | SPlus.dll
C:/WINDOWS/system32/MsIMMs32.dll | 2007-10-9 10:4:40
C:/WINDOWS/system32/mppds.dll | 2007-10-9 10:4:38
C:/WINDOWS/system32/Kvsc3.dll | 2007-10-9 10:4:36
C:/WINDOWS/system32/DiskMan32.dll | 2007-10-9 10:4:36
C:/WINDOWS/system32/winforms.dll | 2007-10-8 14:29:10
C:/WINDOWS/system32/uhdlkb.dll | 2007-10-9 10:10:30
C:/WINDOWS/system32/pvdzkg.dll | 2007-10-9 10:10:30
C:/WINDOWS/system32/jomxls.dll | 2007-10-9 10:10:38
C:/WINDOWS/system32/akoynv.dll | 2007-10-9 10:11:24
C:/WINDOWS/system32/ahgqll.dll | 2007-10-9 10:11:30
C:/WINDOWS/system32/ehqbfb.dll | 2007-10-9 10:11:36
C:/WINDOWS/system32/vhhmah.dll | 2007-10-9 10:11:54
C:/WINDOWS/system32/okwmbf.dll | 2007-10-9 10:12:6
C:/WINDOWS/IGM.exe * 3724 | 2007-10-9 10:11:30
C:/Program Files/QQDownload/QQDownload.exe * 3780 | 2007-5-18 17:4:48 | DownTools 应用程序 | 1, 3, 101, 201 | 超级旋风 | Copyright(C) 1998 - 2007 TENCENT Inc. All Rights Reserved. | 1, 3, 101, 101 | Tencent Technology (Shenzhen) Company Limited | | DownTools | DownTools.EXE
C:/WINDOWS/system32/winforms.dll | 2007-10-8 14:29:10
C:/PROGRA~1/TENCENT/SSPlus/SPlus.dll | 2007-8-30 10:49:20 | SPlus Module | 5, 0, 1, 22 | | 腾讯科技(深圳)有限公司 版权所有 (C) 2007 | 5, 0, 1, 22 | TENCENT | | SPlus.dll | SPlus.dll
C:/Program Files/QQDownload/QQDownload.dll | 2007-5-18 17:25:16 | QQDownload Module | 1, 3, 101, 201 | QQDownload Module | Copyright(C) 1998 - 2007 TENCENT Inc. All Rights Reserved. | 1, 3, 101, 101 | Tencent Technology (Shenzhen) Company Limited | | QQDownload Module | QQDownload.DLL
C:/Program Files/QQDownload/TNProxy.dll | 2007-4-29 10:40:48 | TNProxy Module | 2, 1, 101, 80 | TNProxy Module | Copyright(c) 1998-2005 Tencent Inc. All Rights Reserved | 2, 1, 101, 80 | Tencent Technology(Shenzhen) Company Limited | | TNProxy Module | TNProxy.dll
C:/WINDOWS/system32/okwmbf.dll | 2007-10-9 10:12:6
C:/WINDOWS/system32/vhhmah.dll | 2007-10-9 10:11:54
C:/WINDOWS/system32/ehqbfb.dll | 2007-10-9 10:11:36
C:/WINDOWS/system32/ahgqll.dll | 2007-10-9 10:11:30
C:/WINDOWS/system32/akoynv.dll | 2007-10-9 10:11:24
C:/WINDOWS/system32/jomxls.dll | 2007-10-9 10:10:38
C:/WINDOWS/system32/pvdzkg.dll | 2007-10-9 10:10:30
C:/WINDOWS/system32/uhdlkb.dll | 2007-10-9 10:10:30
C:/WINDOWS/system32/MsIMMs32.dll | 2007-10-9 10:4:40
C:/WINDOWS/system32/mppds.dll | 2007-10-9 10:4:38
C:/WINDOWS/system32/Kvsc3.dll | 2007-10-9 10:4:36
C:/WINDOWS/system32/DiskMan32.dll | 2007-10-9 10:4:36
R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:/Program Files/TENCENT/SSPlus/SAddr.dll
O2 - BHO Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:/Program Files/TENCENT/SSPlus/SAddr.dll
O4 - HKLM/../Run: [stup.exe] Rundll32.exe C:/PROGRA~1/TENCENT/SSPlus/SPlus.dll,Rundll32 R
O4 - HKLM/../Run: [DiskMan32] C:/WINDOWS/DiskMan32.exe
O4 - HKLM/../Run: [Kvsc3] C:/WINDOWS/Kvsc3.exe
O4 - HKLM/../Run: [AVPSrv] C:/WINDOWS/AVPSrv.exe
O4 - HKLM/../Run: [MsIMMs32] C:/WINDOWS/MsIMMs32.exe
O4 - HKLM/../Run: [mppds] C:/WINDOWS/mppds.exe
O4 - HKLM/../Run: [upxdnd] C:/WINDOWS/upxdnd.exe
O4 - HKLM/../Run: [cmdbcs] C:/WINDOWS/cmdbcs.exe
O4 - HKLM/../Run: [NVDispDrv] C:/WINDOWS/NVDispDrv.exe
O4 - HKLM/../Run: [msccrt] C:/WINDOWS/msccrt.exe
O4 - HKLM/../Run: [WinSysM] C:/WINDOWS/IGM.exe
O4 - HKLM/../Run: [MsPrint32D] C:/WINDOWS/MsPrint32D.exe
O4 - HKLM/../Run: [DbgHlp32] C:/WINDOWS/DbgHlp32.exe
O4 - HKLM/../Run: [GenProtect] C:/WINDOWS/GenProtect.exe
O4 - HKLM/../Policies/Explorer/Run: [MSDEG32] LYLoader.exe
O4 - HKLM/../Policies/Explorer/Run: [MSDWG32] LYLoadbr.exe
O4 - HKLM/../Policies/Explorer/Run: [MSDCG32 ] LYLeador.exe
O4 - HKLM/../Policies/Explorer/Run: [MSDOG32] LYLoador.exe
O4 - HKLM/../Policies/Explorer/Run: [MSDSG32] LYLoadar.exe
O4 - HKLM/../Policies/Explorer/Run: [MSDMG32] LYLoadmr.exe
O4 - HKLM/../Policies/Explorer/Run: [MSDHG32] LYLoadhr.exe
O4 - HKLM/../Policies/Explorer/Run: [MSDQG32] LYLoadqr.exe
C:/autorun.inf
/-----
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell/Auto/command=auto.exe
-----/
D:/autorun.inf
/-----
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell/Auto/command=auto.exe
-----/
O20 - AppInit_DLLs = winforms.dll
O23 - 服务: 52B851FE (52B851FE) - C:/WINDOWS/system32/34978A02.EXE -k | 2007-9-18 8:40:54 | Microsoft(R) Windows(R) Operating System| ?| ? | (C) Microsoft Corporation. All rights reserved.| ? | Microsoft Corporation| ?| ?| ?(自动)
O23 - 服务: NPF (Netgroup Packet Filter) - system32/drivers/npf.sys | WinPcap Netgroup Packet Filter Driver | 3, 1, 0, 27 | npf | Copyright ? 2005 CACE Technologies. Copyright ? 2003-2005 NetGroup, Politecnico di Torino. | 3, 1, 0, 27 | CACE Technologies | | NPF + TME | npf.sys(手动)
O24 - ShlExecHook: [4] - {AEB6717E-7E19-11d0-97EE-00C04FD91974} = winforms.dll
O24 - ShlExecHook: [5] - {AEB6717E-7E19-11d0-97EE-00C04FD91975} = zinforms.dll
O25 - InsCom: {11716107-A10D-11cf-64CD-11115FE1CF41} = C:/WINDOWS/system32/nwizzhuxians.exe
HKLM/SHOWALL 值非1
===/
相关推荐
Microsoft.ReportViewer.WinForms.dll
CefSharp.WinForms.dll下载
WeifenLuo.WinFormsUI.Docking.dll的源码+示例!支持framwork4 最新版。 没错!是WeifenLuo.WinFormsUI.Docking.dll 的源代码和示例程序! DockPanel Suite是一个国外开源项目。 项目要引用WeifenLuo.WinFormsUI....
weifenluo.WinFormsUI.Docking的c#工程源码及生成的weifenluo.WinFormsUI.Docking.dll,dll可以直接使用,也可以自己按需求修改源码,非常实用。
WeifenLuo.WinFormsUI.Docking.dll 重新编译,支持4.0了 输出选4.0,不要client那个
这是dll文件,直接引用即可 winform开发框架,可以实现像Visual Studio的窗口停靠、拖拽等功能。
有Microsoft.ReportViewer.Common,Microsoft.ReportViewer.ProcessingObjectModel, Microsoft.ReportViewer.WebForms, 以及各版本的Microsoft.ReportViewer.WinForms
1),NuGet安装方式 PM> Install-Package CefSharp.WinForms 正在尝试解析依赖项“CefSharp.Common (= 57.0.0)”。 正在尝试解析依赖项“cef.redist.x86 (= 3.2987.1601)”。 正在尝试解析依赖项“cef.redist.x64...
ookii.dialogs.winforms.1.0.0.nupkg 包,NuGet官网速度慢,特别提供下载。
\OnBarcode.BarcodeGenerator.DotnetSuite\dll\Net40
WeiFenLuo.winFormsUI.Docking.dll的使用
Microsoft.ReportViewer.WinForms.dll(版本 10.0); Microsoft.ReportViewer.DataVisualization.dll(版本 10.0)。 备注:当ReportView显示柱状图,饼图,折线图等图表时,需要用到Microsoft.ReportViewer.Data...
WeifenLuo.WinFormsUI.Docking.dll下载
附件:WeifenLuo.WinFormsUI.Docking3.1.0.rar 包含: WeifenLuo.WinFormsUI.Docking.dll, license.txt ,WeifenLuo.WinFormsUI.Docking.pdb 等三个文件。基于Net4.0; 布局控件"WeifenLuo.WinFormsUI.Docking"是一个...
各版本 Microsoft.Practices.CompositeUI.WinForms.dll 文件下载
含Microsoft.ReportViewer.ProcessingObjectModel.dll、Microsoft.ReportViewer.Common.dll、Microsoft.ReportViewer.WinForms.dll共三个DLL文件。VS2013中使用ReportViewer控件可能会报找不到相关引用的错误,使用...