- 最后登录
- 2008-4-17
- 在线时间
- 5 小时
- 注册时间
- 2007-9-26
- 阅读权限
- 20
- 帖子
- 14
- 精华
- 0
- UID
- 1466195
- 铜钱
- 0
- 元宝
- 0
- 威望
- 29
- 积分
- 16
|
发表于 2007-9-27 10:20:29
|显示全部楼层
- 2007-09-27,10:18:066 ~ {2 z8 d8 v% \9 ^+ I& R' L: e
3 w, Q& X# O, @9 W) b6 b( N. Q% N- System Repair Engineer 2.5.16.9007 r O0 w% f E4 R
- Smallfrogs (http://www.KZTechs.com)
/ v3 c* a$ K& c8 F) ?
5 k3 E6 ^4 v! S! K- Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
& U/ q: \0 y: S; S
8 O; I$ [& f/ [. ~- 以下内容被选中:
! f0 D6 U8 h7 x) [8 o4 z - 所有的启动项目(包括注册表、启动文件夹、服务等)
* ~) H$ l, _ ^. r* S - 浏览器加载项4 b6 w1 V0 M5 g9 t, s8 x1 O
- 正在运行的进程(包括进程模块信息)
& @ z9 M! S1 L$ h: e4 m( C - 文件关联) M" C. r# N$ D" v" k. A, n
- Winsock 提供者# A" F( z9 y- G4 B0 u* C. X8 J! J
- Autorun.inf
5 i7 f6 s9 D" W) J4 a - HOSTS 文件0 K# k2 i7 V" s. A# m, o0 g
- 进程特权扫描
, Q8 C6 E7 z0 c& C - ( u! z4 F6 \4 |
- ) Z1 D. @& l, }1 q, r
- 启动项目
. K! T; D( a& a/ T - 注册表) S& l) z& G) E1 w, \
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
/ \' A1 x# S$ P( u6 g3 j - <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher], \# r6 B* \7 C: _: y/ [, ]
- <KavPFW><"D:\KAV2006\KPFW32.EXE"> [Kingsoft Corporation]
; h& O1 f1 ?3 _& ? - [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]' o0 j& O. s# M3 f9 d
- <load><> [N/A]1 J! o, H" o( Q, i: j9 ~
- <run><> [N/A]. F# |7 F. C+ f9 D" f/ U
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
! l# q0 G$ t4 x0 |4 `" F - <SkyTel><SkyTel.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]6 f& ]" O- Z G' `" d4 g2 s
- <KavStart><"d:\KAV2006\KAVStart.exe" -startup> [Kingsoft Corporation]! H' }, C4 [ d5 U8 }3 h) T
- <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]/ C. ^8 G, b5 Y9 w" O. O
- <KAVTool><"F:\DubaTool_AV_Killer2.COM" noshow> [N/A]# n. M/ j9 e) L$ j- E
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]8 B" e" u) B7 u ~4 y$ n$ u e
- <shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher]4 r0 S: K8 t, \( |. o/ E( s
- <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]) F8 L9 K( w) B. n$ t- y2 y
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
% {5 u3 y# J$ M/ C6 F - <AppInit_DLLs><> [N/A]
0 R. B* H) _6 _9 G0 A - [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
G i& \; G; y, W2 b; s4 e - <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]0 g5 r1 O# b& H: O7 l
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
! T% c6 A: ?+ p - <{E3F426F6-8634-42A5-A29E-BC694A88FB7D}><> [N/A]( y5 p8 t: X: R( e& p4 [& r. V
- <{4D47B341-43DF-4563-753F-345FFA3157D4}><> [N/A]
( `. Y) A. b( C R. p - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
4 x8 U8 Y6 {: T5 t3 J! a - <zcfilorux><> [N/A]% E& v4 m. P/ y& E4 X' H& g/ X- [
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
: Z$ K0 `( t. P# A. _; s - <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
' a# G0 J5 W* o: U8 x5 r - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
2 I9 e$ l0 A' Z! O - <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]# X# _/ C# F" x* G
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]9 |( M' S+ p, e5 f' I8 A
- <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]- k7 m6 y2 B/ C; d
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]# |, f/ U) |( A) @
- <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
, b( w4 s& p5 H7 A' r6 z - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]+ C( Z) p7 |, C( Y$ K' g! H
- <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
+ ?- q ?, s/ i. G, _5 J7 O& Q - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]0 F+ e1 [: u, V& @
- <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
+ ?" {, ^+ J5 U! U - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]: G4 I% Q( P* q
- <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]! F6 v k. d0 K
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]: S5 C7 {6 w4 c
- <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
8 l) J* f5 ~, @* n/ m - 6 M' i4 J1 { L2 v. U0 Z
- ==================================
9 h/ T5 V8 ]3 @ - 启动文件夹6 z- p! v5 Q, w% }- M* g- V
- [星空极速]3 c# p+ l, o; H
- <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\星空极速.lnk --> C:\PROGRA~1\ChinaNet\VNETCL~1.EXE []><N>/ F8 m+ }5 H* _# S4 `* z4 j
( V* |% E5 L4 T& W- ==================================
; z1 v8 k6 t+ r I8 h4 T- x - 服务
; A- d" w& X# U - [Adobe LM Service / Adobe LM Service][Stopped/Manual Start]& B0 s- R' m* W6 A* W$ j2 V
- <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>7 h2 t: n0 `8 x9 n C3 l% M% t& D& w
- [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
0 A3 f. n3 g" Y# s) Q$ E - <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>7 h# v' A( Y+ v" d' Y. g
- [ATI Smart / ATI Smart][Stopped/Auto Start]3 i! _! q- _( d4 c8 ]
- <C:\WINDOWS\system32\ati2sgag.exe><>
& P* T( q% x, _1 D- b- b( X) t7 h - [Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]7 W$ J5 _4 p, }
- <"d:\KAV2006\KPfwSvc.EXE"><Kingsoft Corporation>; V# e: z$ \ A! E- q0 v* A/ V) a
- [Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
: K# a2 g7 `% K( j - <d:\KAV2006\KWatch.EXE><Kingsoft Corporation>$ `; c( w8 ^7 ]* |% \
- [Windows Media Connect Service / WMConnectCDS][Stopped/Manual Start]
% L2 o- w9 v5 K# M - <C:\Program Files\Windows Media Connect 2\wmccds.exe><Microsoft Corporation>
( v* v' \/ m" g% s7 M" l
" ^1 m2 X* L- f1 H5 H8 V- ================================== O! T3 i% D$ N4 I, z3 Q* q
- 驱动程序, O% T- [0 [4 m: w
- [ati2mtag / ati2mtag][Running/Manual Start]3 @* [6 m- p7 H' a% p( G" e9 o
- <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
/ b% X+ T7 J1 b) J: K* X - [BIOS / BIOS][Running/System Start]) A/ D! g) V' J4 v- j! u4 g% n8 N% O
- <\??\C:\WINDOWS\system32\drivers\BIOS.sys><BIOSTAR Group>
! |1 x7 ~4 W9 i+ [7 o. R) s' b - [gwiopm / gwiopm][Stopped/Manual Start]* U5 a3 E8 L S* L8 q
- <\??\D:\Windows 优化大师\gwiopm.sys><N/A>
. R1 J9 P9 \6 Y* D& [% T - [Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]* \7 H. p( P, F ^
- <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
$ K s3 l$ k" i; u. q6 c - [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
4 j& Q5 q( v% m3 } - <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>3 G; ~$ H' {" s
- [KAVBase / KAVBase][Running/Auto Start]
) O5 u: |, [1 a - <\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
! r; x2 r" U8 ]7 J: V) Q) [9 H: S% | - [KNetWch / KNetWch][Running/System Start]
- S/ D7 h8 V/ ~( m# C - <\??\d:\KAV2006\KNetWch.SYS><Kingsoft Corporation>
8 E( d2 W* T; @: ] H* j1 Q - [KWatch3 / KWatch3][Running/System Start]
$ ?/ w. h v& U - <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>0 k! F9 J1 W. M
- [npkcrypt / npkcrypt][Stopped/Auto Start]
) S8 _ C4 ]6 M1 u) e - <\??\d:\QQ\npkcrypt.sys><N/A>& l1 {! R# Z9 E1 g! K( J
- [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
4 s6 c! f8 O- o3 C. S* s - <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
0 z& T' e$ D) M& |+ \ - [Service for HDMI / RTHDMIAzAudService][Running/Manual Start]
& C/ [: f, h; | - <system32\drivers\RtHDMI.sys><Realtek Semiconductor Corp.>
( H6 X: T7 y) m* A h7 x - [Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start]
' v! e/ W& H# Y- R: X - <system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>4 F! ?3 e$ X! H8 k" X+ m! S
- [Secdrv / Secdrv][Stopped/Manual Start]
- W' |" `% ]2 b; f. {/ m - <system32\DRIVERS\secdrv.sys><N/A>
1 K4 Y- p1 p$ a7 ?- h0 y1 b - [TCP/IP Protocol Driver / Tcpip][Running/System Start]
4 H6 v" _1 r9 s" ^' m( z; K% r, D8 M - <system32\DRIVERS\tcpip.sys><Microsoft Corporation>/ @0 g% @$ D) T6 S! Y8 w2 [' @
- & G0 s, z9 o4 P: j
- ==================================+ J' v7 g+ K) x2 O" j8 I' f
- 浏览器加载项5 E0 R# H6 |3 `1 h% M! Z. h
- [Kingsoft Trojan Webshield]5 @' S' l; X: Q4 W7 T* x. \3 X' x
- {4E8A5278-C04E-4FE3-BF78-8A7CCD6EF333} <C:\Program Files\Kingsoft Antispy\IEBuddy.DLL, Kingsoft Corporation>
3 Z4 J+ j8 y4 \0 E - [IEBuddyExtControl Class]* f! o0 G$ B! _! `! O% v! h2 b
- {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft Antispy\IEBuddyExt.DLL, Kingsoft Corporation>+ H. I0 _- [8 E; C
- [EditCtrl Class]: x0 K' v, t: k8 k! H" ^, u
- {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
; I5 g+ M: p% Z: O1 j) a7 ^ - [Shockwave Flash Object]2 z* L1 Q5 l& h) C. d) Q
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
u, ~* q1 K7 w - [金山毒霸在线产品升级]
) O( d1 n7 }' q# y" b - {E847C78C-C210-4195-8799-FBF3BF89797D} <C:\WINDOWS\system32\kingsoft\KOS\KOSInit.ocx, 金山软件股份有限公司># C& A, U* v O( m f9 `
- [IEBuddyExtControl Class]* |" M1 M! p2 Z3 W
- {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft Antispy\IEBuddyExt.DLL, Kingsoft Corporation>5 D! u& m2 u# A& M% W0 T7 w# l
- [Kingsoft Trojan Webshield]3 _' k; t0 i! R7 \. O9 N
- {4E8A5278-C04E-4FE3-BF78-8A7CCD6EF333} <C:\Program Files\Kingsoft Antispy\IEBuddy.DLL, Kingsoft Corporation>, x, ]8 i2 f5 N( i1 G' r L
- [WangWangObj Class]" W L6 V6 S7 q+ r
- {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\WangWang\WangWangX4.dll, 阿里巴巴软件(上海)有限公司>0 u: M" j( G, ~ e2 B8 w
- [SearchAssistantOC]
7 l6 s! @5 D4 L! {+ h3 J7 F `" v - {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
0 J' M* ^2 f. {) o& h3 X - [Shockwave Flash Object]
* I' v$ Y: T, i - {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>! d& K& p* \. n
- [使用Web迅雷下载]
3 o# x5 U* O Q6 w% w - <d:\WebThunder\GetUrl.htm, N/A>
* P+ f' W& b$ V4 V7 Q - [使用网际快车下载]/ P( e$ f. p/ @' j5 x( R4 P
- <D:\FlashGet\jc_link.htm, N/A> O8 _/ C, m$ v9 Q
- [导出到 Microsoft Office Excel(&X)]
/ C+ j t9 }$ w# R; {+ X" G: Z - <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
2 z8 }" i/ z0 ^8 v0 K$ B% e9 C) S - [金山毒霸反钓鱼...]' X- m" f- g" f0 g- \. W3 F
- <d:\KAV2006\KAF\ShowSet.htm, N/A>
9 C- V: r6 }& H* L! W+ b: { - * E# w+ F( l3 B
- ==================================8 g. r* T6 c: J# L
- 正在运行的进程3 I- z* L& A' g5 }) R; s; E
- [PID: 640 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
! B. `; @$ A0 ^ - [PID: 696 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
H S7 k% G3 E6 A& p - [PID: 724 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
O, j2 W% b% f& m5 T - [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)], g- I% k" A# D5 k5 t
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
7 F4 }# {9 U3 \- F) q) S - [PID: 768 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
2 N: q4 u3 {: S) u/ o - [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]" O/ P5 J; {3 N+ T
- [PID: 780 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]+ p9 c m$ a6 v' d9 D" m" j
- [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]3 e/ u: t" s( R
- [PID: 928 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4155]
Z; ~* \7 u$ G2 j8 N - [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2510]
: R/ ~ \1 H* k: K" _8 f - [C:\WINDOWS\system32\atipdlxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2514]
2 y, R* y6 B( Y4 e1 Z+ F" O2 { - [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]/ X% f; X, R) d$ R7 O; w# r$ [- ?, E
- [PID: 968 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
* ]/ h" y8 S: Z2 ]+ ] - [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
1 g# Y; E; a* X, R) r - [PID: 1036 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
3 }* d- l7 F, ?, i - [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]# K5 m1 ^: Z5 E( w! n) i7 X
- [PID: 1148 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
& b1 S% w) V/ p; J: K2 }* s0 g( H - [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)], |/ t$ M2 ^$ B/ S- N
- [PID: 1232 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
4 d( [# \7 k: K5 ]& y$ s- d - [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
! L& @- k' r2 ]# u ~; F* f9 C# s9 l - [PID: 1312 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
% ^9 f/ ]1 y6 M! U - [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
* U7 t) l" E) ~; i" E4 e( H - [PID: 1592 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
- @8 l6 ]& o8 b. v! c - [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
# l; N2 s( d* X, Y - [C:\WINDOWS\system32\CNMLM52.DLL] [CANON INC., 1.70.2.2]7 z4 ?& ~& A0 F9 Q- j- B
- [C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.2175.0]1 u) M2 K6 m7 S w; C* T
- [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD52.DLL] [CANON INC., 1.70.2.2] J) y1 U( L4 m# y. R
- [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.2175.0]
$ W i) ?1 `. m0 R; P, Y - [PID: 1780 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2649 (xpsp.050406-1732)]% {0 t( B7 f; X2 o- }( C% o& A
- [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]& s# U8 c$ J9 P$ q9 Z2 Z5 o* l& I
- [D:\KAV2006\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]; v. c( I" ]4 t( R4 {# Q8 j
- [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
( t8 f; m* G9 a) Z0 B - [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
& d9 _0 G" u$ k$ R- y - [D:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241]+ ` v; s2 F3 m! R5 k5 _6 g9 d* A
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]3 N, A! t0 P4 {; q" H% }! o+ } x8 s
- [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
$ ]" |4 n5 w% Y2 ` - [PID: 1900 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]- E7 ?' C) O* ?. M% b0 q
- [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
$ B* P7 b+ j% z" G% d( T - [D:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241]+ ^4 u* z( k, H0 ~
- [PID: 2036 / Administrator][C:\Program Files\ChinaNet\VnetClient.exe] [, 2005, 11, 14, 1]" ^/ @% C* m& l' W3 V7 ]
- [C:\Program Files\ChinaNet\Communicate.dll] [0, 2005, 3, 3, 1]5 w! x- B' P8 S; [) Y0 Q
- [C:\Program Files\ChinaNet\DialModule.dll] [GDCN, 2005, 11, 15, 1]! n8 W9 a0 y, U2 p$ \
- [C:\Program Files\ChinaNet\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
$ n( w4 p9 |2 Y+ O* j; Y$ R - [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]1 o6 w6 R% B/ ]- q; C# R
- [D:\KAV2006\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
* ^/ W0 O1 Y+ h4 a) s - [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]+ c4 _+ E& S/ {
- [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]/ k5 }2 E8 s1 `$ V9 f
- [D:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241]/ z9 {9 [' |" g. B" d
- [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] [, 2004, 2, 28, 1]
2 L* D3 q% x. d - [C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX] [, 2005, 7, 27, 1]. s& ]1 ^) ^# D
- [C:\PROGRA~1\ChinaNet\sign.dll] [0, 2004, 12, 1, 1]/ A( t8 T# P. S- D( p) ]
- [C:\PROGRA~1\ChinaNet\PostPlug.dll] [, 2004, 12, 16, 2]
+ p' z+ T; f3 } - [C:\PROGRA~1\ChinaNet\ADVERT~1.OCX] [, 2005, 10, 13, 1]
; {8 J% j/ h7 n& S! }5 s" K4 H - [C:\PROGRA~1\ChinaNet\VnetBs.ocx] [, 2004, 11, 18, 1]
- s8 c" H; H) a" R# E u - [C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL] [, 2005, 11, 14, 1]8 [, e! w( K$ R2 Q. f4 F& c2 s4 [
- [C:\PROGRA~1\ChinaNet\AccountMgr.dll] [, 2005, 11, 14, 17]8 M' \* z9 W3 p: j% e9 L
- [C:\PROGRA~1\ChinaNet\VnetSkin.ocx] [GDDC, 2005, 11, 14, 1]( e8 ?+ L2 ?! m0 ^. T! T1 ]
- [C:\PROGRA~1\ChinaNet\DialogStyle.dll] [, 1, 0, 0, 1]
. ~1 L- z0 L& }% L4 y( ? - [C:\PROGRA~1\ChinaNet\Timer.ocx] [, 2005, 10, 9, 14]% v" w+ v8 \) ^& v+ Y* Q
- [C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX] [, 2005, 2, 24, 1]3 v! {6 P9 _5 Q3 L: M
- [C:\PROGRA~1\ChinaNet\NEWMES~1.DLL] [, 2005, 8, 26, 1] d' M, B4 f2 h8 I- B
- [C:\PROGRA~1\ChinaNet\PassCtrl.dll] [, 1, 0, 0, 1]2 y" _* L- W: ^( {
- [C:\WINDOWS\system32\wpcap.dll] [Politecnico di Torino, 3, 0, 0, 18]
: A2 X" `! d1 `0 M - [C:\WINDOWS\system32\pthreadVC.dll] [N/A, ]
" T0 a, p( o6 O5 D: \7 {6 G - [C:\WINDOWS\system32\packet.dll] [Politecnico di Torino, 3, 0, 0, 18] m3 \/ I' Y7 R* M4 r" @
- [C:\PROGRA~1\ChinaNet\PlugPush.dll] [, 2004, 12, 21, 1]- ?6 A% p$ I* M4 e! l3 u0 y
- [C:\PROGRA~1\ChinaNet\ALLINT~1.DLL] [, 2004, 11, 23, 1]) X5 K6 c4 [9 i1 s5 t" R5 K h! H
- [C:\PROGRA~1\ChinaNet\VNetLog.ocx] [, 2005, 10, 9, 1], p, ]: @ S) \9 s
- [C:\PROGRA~1\ChinaNet\StatNum.dll] [, 2004, 11, 18, 1]
4 u9 v& X: E B2 A8 w - [C:\PROGRA~1\ChinaNet\VNETON~1.OCX] [, 2005, 3, 2, 1]! Q+ r- [2 }* R' s8 e6 k- N$ {4 p
- [C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL] [GDCN, 2005, 10, 9, 1]
) f0 _ ^5 }) v* u0 S - [C:\PROGRA~1\ChinaNet\VnetOptLog.dll] [, 2005, 9, 13, 9]
1 c+ J' K, w o$ ]( f q/ h- Y2 Y1 S' H( R - [D:\KAV2006\KAScript.DLL] [Kingsoft Corporation, 2007, 3, 6, 75]
+ N2 N C( |8 l+ u; @ - [C:\PROGRA~1\ChinaNet\DlgSkin.ocx] [, 2005, 11, 14, 1]) k& s$ v N4 L5 Z% i! ?" t
- [C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx] [Adobe Systems, Inc., 9,0,45,0]( j- ^. ?+ l9 _; s. `: A3 r" K
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
P* P5 z2 p2 d0 ~ - [PID: 1752 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]; r# k4 ~" q$ l/ t) s7 T
- [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]) o6 e' B4 j) U8 A# a
- [PID: 1848 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]8 @6 T" y7 P1 c3 j, H$ ?) s
- [PID: 1772 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]1 C0 J" Y# z1 }: A
- [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
! y0 j1 P- ^# |! Z9 t" G& M - [PID: 2980 / Administrator][D:\Iparmor\Iparmor.exe] [luosoft.com, 2007]" }" y% i! B! l5 {9 ^: `- Y
- [D:\Iparmor\getportlistxp.dll] [, 1, 0, 0, 1]" O$ ^# U6 O* ]" k' K; s3 G+ @* L& k" z
- [D:\Iparmor\hookhookdll.dll] [N/A, ]
8 o+ @4 X0 ^: F% @" [0 s - [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
0 S9 g+ F, U l l$ A8 } - [D:\KAV2006\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]9 r5 H; n1 U) t! N6 p ]
- [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]# e6 ~) Y! H u% l
- [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]4 q9 n2 Y9 y0 t1 Y' l- ^
- [D:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241]
/ ~7 g8 ^$ U: e: o6 u - [PID: 1668 / Administrator][D:\MyIEGB\MyIE.exe] [MoreQuick, 1, 0, 0, 0]
+ H3 h3 a7 r* d% C! j - [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
2 h# V% Q+ J, T9 O' L9 J# R - [D:\KAV2006\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
5 [1 b' |2 q5 O6 v, W$ a - [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
, h4 `3 W; B7 J* M: o, }: v# W - [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]: o# ^ U% M/ v. y' O/ B) m9 E
- [D:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241]
% ]$ }# I/ W1 D4 m3 ? - [D:\KAV2006\KAScript.DLL] [Kingsoft Corporation, 2007, 3, 6, 75]% F$ {5 }! K; g& X) B
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]- ], a% ?3 [# N- i- ~
- [C:\WINDOWS\system32\SOGOUPY.IME] [Sohu.com Inc., 2, 0, 0, 1]
|5 K$ i4 r; H8 t9 O8 y @ - [C:\WINDOWS\system32\dllMergeDict.dll] [N/A, ]
5 [ D3 d1 _1 T6 o) f - [C:\Program Files\SogouInput\Plugin\SgImeWord.dll] [, 1, 0, 0, 31]% E4 Q4 P. _% e( ^* Q
- [C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx] [Adobe Systems, Inc., 9,0,45,0]
6 y0 c( V# {% A7 l - [PID: 2060 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]4 T# }! J+ }: X' S9 z, x+ h. @ e3 K
- [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]( s# \! o; r" F5 i
- [PID: 2792 / Administrator][F:\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
, @% |# H- y+ R" h1 ? - [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
3 C# R5 ^) ?& | - [D:\KAV2006\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139], J" `0 b/ a" E: @1 N: \+ x- a
- [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]/ b* o) Y' I* I" j& Y. I
- [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]/ D' \) k1 U1 y, q; A. V
- [D:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241]
0 ^8 V1 G. F: b - [F:\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
2 V' h2 j& _/ E2 n: g( {! X - % X/ _, m( u) q- w3 l
- ==================================# q! N# @1 A3 H: [6 w7 d4 h
- 文件关联
* X" [9 u o3 w$ H3 l" J: M - .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
: T; r4 _+ P' l) x2 l - .EXE OK. ["%1" %*]: d5 z! l7 C8 S7 T9 O" @" E$ Z" H+ A
- .COM OK. ["%1" %*]( [) f' o8 k; r0 N
- .PIF OK. ["%1" %*]
; o1 \1 I, C' r2 J+ e - .REG OK. [regedit.exe "%1"]
3 M; e9 Q; }) t3 j; C4 G# d - .BAT OK. ["%1" %*]
' G- T6 K% v. m8 x0 C4 E - .SCR OK. ["%1" /S]7 h5 @/ E( G$ D+ b; ]+ ? r
- .CHM OK. ["C:\WINDOWS\hh.exe" %1]
5 K) `' h: N$ i7 j- O. f$ F4 @ - .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]' S% n& y" J* \" y7 P; l6 n$ Q
- .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]# h' F. e) a K) \1 b
- .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
) A( q/ O. ^( A/ a3 H0 _- S% D0 b - .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]! K5 n! X7 C# v, k) a# G9 K+ s0 ~
- .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
( L$ d) _$ q4 w* }" ? - .LNK OK. [{00021401-0000-0000-C000-000000000046}]
+ l3 H* k0 G3 q. [0 K& H# r$ T9 f
1 _, V( u F9 O* E, ^- ==================================: p6 @! S4 ]- [
- Winsock 提供者; J0 j" w+ t5 t% B5 j
- N/A. Z! o3 q4 N: u+ J7 `+ x" e
- * v/ f/ i' b! y ?, v3 ~. Q. y
- ==================================% s8 b5 b: u& ]' s% v+ B! p
- Autorun.inf
( ?6 g0 i% Y8 V6 n7 o! d$ Z8 V7 L - N/A
n+ p/ V4 h# `; J3 L1 D - $ n+ ]: y) n7 V7 l8 w+ s
- ==================================
& `1 B3 k" C3 U0 q8 n% m - HOSTS 文件
" Z+ R) i% x) y7 N - N/A! u. {. r Q, [7 q
5 Z+ h/ v3 h- T. }- ==================================
8 X. Z8 I: i2 r0 P) E - 进程特权扫描
- w, g" U; C5 } e3 G$ A2 L- x - 特殊特权被允许: SeLoadDriverPrivilege [PID = 2036, C:\PROGRAM FILES\CHINANET\VNETCLIENT.EXE]& w1 P/ L8 U. }: _, f' i1 s
- 特殊特权被允许: SeLoadDriverPrivilege [PID = 2980, D:\IPARMOR\IPARMOR.EXE]; T4 { t' P) s. w
- 特殊特权被允许: SeLoadDriverPrivilege [PID = 1668, D:\MYIEGB\MYIE.EXE]
2 j& ?6 ]2 S6 g I3 i4 l - $ e6 Y2 i# o6 `) U6 x2 {" _) C# V
- ==================================
# W c9 Y: g0 m+ f& y8 Q& F - API HOOK; t* Z+ R% O: M" O$ K
- 入口点错误:LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: D:\KAV2006\KASocket.dll)
5 n% s% K n9 O' L7 t9 h
; d. x- A1 C- N* B. O# u- ==================================
# r6 v2 F/ G) C' t A - 隐藏进程
! ~1 q& w; S D0 U, D6 q% h) [ - N/A1 C% N3 n/ K+ h- ?" Y L
" _) S) `6 \, u3 {* W3 k- ==================================
|
|
狗仔卡
发表于 2007-9-26 13:51:47
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
