- UID
- 36561
- 帖子
- 76992
- 积分
- 105124
- 阅读权限
- 255
- 注册时间
- 2006-11-29
- 最后登录
- 2015-6-20
- 在线时间
- 24191 小时
|
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<bgswitch><C:\WINDOWS\system32\bgswitch.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<AVP><"D:\卡巴\avp.exe"> [Kaspersky Lab]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]
<360Safetray><D:\360safe\safemon\360Tray.exe /start> [奇虎网]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<visin><C:\WINDOWS\system32\visin.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
==================================
启动文件夹
N/A
==================================
服务
[卡巴斯基反病毒6.0个人版 / AVP][Running/Auto Start]
<D:\卡巴\avp.exe -r><Kaspersky Lab>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
<system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Running/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\D:\Program Files\Tencent\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
==================================
浏览器加载项
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\360safe\safemon\safemon.dll, >
[Web反病毒统计]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\卡巴\scieplugin.dll, Kaspersky Lab>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\360safe\live.dll, 360safe.com>
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\360safe\safemon\safemon.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\SendMMS.htm, N/A>
==================================
正在运行的进程
[PID: 636 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 760 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsvA.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 784 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsvA.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 828 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsvA.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 840 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsvA.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 1000 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsvA.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 1064 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsvA.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 1160 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsvA.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 1212 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsvA.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 1276 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsvA.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 1672 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\卡巴\scrchpg.dll] [Kaspersky Lab, 6.0.2.621]
[D:\360safe\safemon\safemon.dll] [, 3, 5, 0, 1001]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsvA.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 1712 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsvA.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 1980 / Administrator][D:\卡巴\avp.exe] [Kaspersky Lab, 6.0.2.621]
[D:\卡巴\prremote.dll] [Kaspersky Lab, 6.0.2.621]
[D:\卡巴\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.42]
[D:\卡巴\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42]
[D:\卡巴\FSSync.dll] [Kaspersky Lab, 6.0.5.621]
[D:\卡巴\AVPGS.PPL] [Kaspersky Lab, 6.0.2.621]
[D:\卡巴\prloader.dll] [Kaspersky Lab, 6.0.2.621]
[D:\卡巴\prkernel.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\pxstub.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\params.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\winreg.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\avpgui.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\nfio.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\basegui.ppl] [Kaspersky Lab, 6.0.2.621]
[D:\360safe\safemon\safemon.dll] [, 3, 5, 0, 1001]
[d:\卡巴\thpimpl.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\qb.ppl] [Kaspersky Lab, 6.0.2.621]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsvA.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 2012 / Administrator][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.0.27]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsvA.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 144 / Administrator][D:\360safe\safemon\360Tray.exe] [奇虎网, 3, 5, 2, 1001]
[D:\360safe\safemon\safemon.dll] [, 3, 5, 0, 1001]
[D:\360safe\safemon\SafeKrnl.dll] [奇虎网, 3, 5, 0, 1001]
[D:\360safe\AntiAdwa.dll] [360Safe.com, 3, 5, 1, 1001]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsvA.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 200 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\360safe\safemon\safemon.dll] [, 3, 5, 0, 1001]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsvA.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 348 / SYSTEM][D:\卡巴\avp.exe] [Kaspersky Lab, 6.0.2.621]
[D:\卡巴\prremote.dll] [Kaspersky Lab, 6.0.2.621]
[D:\卡巴\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.42]
[D:\卡巴\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42]
[D:\卡巴\FSSync.dll] [Kaspersky Lab, 6.0.5.621]
[D:\卡巴\AVPGS.PPL] [Kaspersky Lab, 6.0.2.621]
[D:\卡巴\prloader.dll] [Kaspersky Lab, 6.0.2.621]
[D:\卡巴\prkernel.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\pxstub.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\params.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\winreg.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\tm.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\nfio.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\bl.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\wmihlpr.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\ndetect.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\crpthlpr.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\schedule.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\timer.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\thpimpl.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\lic60.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\l_llio.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\sfdb.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\ichk2.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\icheckersa.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\smtpprotocoller.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\httpanlz.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\hashcont.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\trafficmonitor2.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\CKAHUM.dll] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\CKAHComm.dll] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\ckahrule.dll] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\pop3protocoller.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\hccmp.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\imapprotocoller.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\iwgen.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\nntpprotocoller.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\tempfile.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\uniarc.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\minizip.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\cab.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\arj.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\rar.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\lha.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\mdb.ppl] [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]
[d:\卡巴\msoe.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\qb.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\prseqio.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\dmap.ppl] [Kaspersky Lab, 6.0.2.621]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsvA.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[d:\卡巴\inflate.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\mdmap.ppl] [Kaspersky Lab, 6.0.2.621]
[PID: 448 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsvA.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 136 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsvA.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 2240 / Administrator][C:\Program Files\Windows Media Player\wmplayer.exe] [Microsoft Corporation, 10.00.00.3802]
[D:\360safe\safemon\safemon.dll] [, 3, 5, 0, 1001]
[D:\卡巴\scrchpg.dll] [Kaspersky Lab, 6.0.2.621]
[D:\卡巴\klscav.dll] [Kaspersky Lab, 6.0.2.621]
[D:\卡巴\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42]
[D:\卡巴\prremote.dll] [Kaspersky Lab, 6.0.2.621]
[D:\卡巴\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.42]
[D:\卡巴\prloader.dll] [Kaspersky Lab, 6.0.2.621]
[D:\卡巴\prkernel.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\params.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\pxstub.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\tempfile.ppl] [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsvA.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 2736 / Administrator][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[D:\360safe\safemon\safemon.dll] [, 3, 5, 0, 1001]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsvA.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 3692 / Administrator][D:\Program Files\Tencent\QQ.exe] [TENCENT, 0, 0, 0, 0]
[D:\Program Files\Tencent\QQBaseClassInDll.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQHelperDll.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\BasicCtrlDll.dll] [Tencent, 6, 0, 200, 320]
[D:\Program Files\Tencent\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[D:\360safe\safemon\safemon.dll] [, 3, 5, 0, 1001]
[D:\Program Files\Tencent\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1]
[D:\Program Files\Tencent\RICHED20.dll] [Microsoft Corporation, 5.31.23.1218]
[D:\Program Files\Tencent\QQAPI.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[D:\Program Files\Tencent\LoginCtrl.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\npkcntc.dll] [INCA Internet Co., Ltd., 2006, 6, 27, 1]
[D:\Program Files\Tencent\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1]
[D:\Program Files\Tencent\QQRes.dll] [tencent, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQMainFrame.dll] [N/A, ]
[D:\Program Files\Tencent\CQQApplication.dll] [N/A, ]
[D:\Program Files\Tencent\NewSkin.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\HostingMgr.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\CameraDll.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\MailSummary.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQKnowledgeSearch.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQAllInOne.dll] [N/A, ]
[D:\Program Files\Tencent\GroupLive.dll] [N/A, ]
[D:\Program Files\Tencent\SCCore.dll] [TENCENT, 2, 0, 0, 1]
[D:\Program Files\Tencent\gdiplus.dll] [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\Tencent\QQSpace.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\vbscript.dll] [Microsoft Corporation, 5.6.0.7426]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[D:\Program Files\Tencent\QQGroupMng.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQSysMsgMng.dll] [N/A, ]
[D:\Program Files\Tencent\UserDefinedHead.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQPlugin.dll] [N/A, ]
[D:\Program Files\Tencent\QQConfigPlugin.dll] [, 1, 0, 0, 1]
[D:\卡巴\scrchpg.dll] [Kaspersky Lab, 6.0.2.621]
[D:\Program Files\Tencent\QRingMng.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\Program Files\Tencent\QQCustomFace.dll] [N/A, ]
[D:\Program Files\Tencent\LongConnection.dll] [tencent, 5, 0, 200, 160]
[D:\Program Files\Tencent\QQAvatar.dll] [N/A, ]
[D:\Program Files\Tencent\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[D:\Program Files\Tencent\PhoneAPI.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[D:\Program Files\Tencent\QQPet.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\BQQApplication.dll] [N/A, ]
[D:\Program Files\Tencent\CommercesMng.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[D:\Program Files\Tencent\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 271]
[D:\Program Files\Tencent\QQSceneMng.dll] [N/A, ]
[D:\Program Files\Tencent\QQPhoneHelper.dll] [腾讯科技(深圳)有限公司, 2, 1, 9, 93]
[C:\WINDOWS\system32\msadp32.acm] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\卡巴\klscav.dll] [Kaspersky Lab, 6.0.2.621]
[D:\卡巴\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42]
[D:\卡巴\prremote.dll] [Kaspersky Lab, 6.0.2.621]
[D:\卡巴\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.42]
[D:\卡巴\prloader.dll] [Kaspersky Lab, 6.0.2.621]
[D:\卡巴\prkernel.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\params.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\pxstub.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\tempfile.ppl] [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] [Macromedia, Inc., 8,0,22,0]
[D:\Program Files\Tencent\QQMagicFace.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQZip.dll] [tencent, 0, 3, 2, 4]
[D:\Program Files\Tencent\GroupConnection.dll] [Tencent, 0, 3, 3, 5]
[D:\Program Files\Tencent\QQFileTransfer.dll] [Tencent, 0, 3, 3, 5]
[D:\Program Files\Tencent\ImageOle.dll] [TODO: <Company name>, 1.0.0.1]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsvA.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 3752 / Administrator][D:\Program Files\Tencent\TIMPlatfrom.exe] [tencent, 0, 3, 1, 8]
[D:\360safe\safemon\safemon.dll] [, 3, 5, 0, 1001]
[D:\Program Files\Tencent\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsvA.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 1756 / Administrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\360safe\safemon\safemon.dll] [, 3, 5, 0, 1001]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsvA.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 2724 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsvA.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[D:\360safe\safemon\safemon.dll] [, 3, 5, 0, 1001]
[D:\卡巴\scrchpg.dll] [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\卡巴\klscav.dll] [Kaspersky Lab, 6.0.2.621]
[D:\卡巴\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42]
[D:\卡巴\prremote.dll] [Kaspersky Lab, 6.0.2.621]
[D:\卡巴\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.42]
[D:\卡巴\prloader.dll] [Kaspersky Lab, 6.0.2.621]
[D:\卡巴\prkernel.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\params.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\pxstub.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\tempfile.ppl] [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] [Macromedia, Inc., 8,0,22,0]
[d:\卡巴\nfio.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\basegui.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\thpimpl.ppl] [Kaspersky Lab, 6.0.2.621]
[d:\卡巴\FSSync.dll] [Kaspersky Lab, 6.0.5.621]
[d:\卡巴\winreg.ppl] [Kaspersky Lab, 6.0.2.621]
[PID: 2872 / Administrator][D:\sreng\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsvA.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[D:\360safe\safemon\safemon.dll] [, 3, 5, 0, 1001]
[D:\sreng\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 1980, D:\卡巴\AVP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1980, D:\卡巴\AVP.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 144, D:\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 144, D:\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 348, D:\卡巴\AVP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3692, D:\PROGRAM FILES\TENCENT\QQ.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3752, D:\PROGRAM FILES\TENCENT\TIMPLATFROM.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3752, D:\PROGRAM FILES\TENCENT\TIMPLATFROM.EXE]
==================================
API HOOK
RVA 错误: LoadLibraryA (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 错误: LoadLibraryExA (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 错误: LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 错误: LoadLibraryW (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 错误: GetProcAddress (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
入口点错误:FindWindowA (危险等级: 高, 被下面模块所HOOK: 0x00E83CCD)
入口点错误:FindWindowExA (危险等级: 高, 被下面模块所HOOK: 0x00E83E6D)
入口点错误:FindWindowExW (危险等级: 高, 被下面模块所HOOK: 0x00E83F3D)
入口点错误:FindWindowW (危险等级: 高, 被下面模块所HOOK: 0x00E83D9D)
入口点错误:SendMessageA (危险等级: 高, 被下面模块所HOOK: 0x00E8400D)
入口点错误:SendMessageW (危险等级: 高, 被下面模块所HOOK: 0x00E840DD)
==================================
隐藏进程
N/A
==================================
[/CODE] |
|