|
作者: abc121 [abc121] 论坛用户 | 登录 |
StartupList report, 2005-10-17, 19:45:25 StartupList version: 1.52.2 Started from : D:\hijackthis\HijackThis.EXE Detected: Windows 2000 SP4 (WinNT 5.00.2195) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\DRIVERS\CDANTSRV.EXE C:\WINNT\system32\svchost.exe D:\KV2005\KV2005\KVSrvXP.exe C:\WINNT\system32\nvsvc32.exe C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE D:\KV2005\KV2005\KVMonXP.kxp C:\WINNT\system32\internat.exe C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNet.exe C:\Program Files\Tencent\QQ\QQ.exe C:\Program Files\Tencent\QQ\QQ.exe C:\Program Files\Tencent\QQ\TIMPlatform.exe C:\Program Files\KVFW\kvfw.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\hijackthis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\「开始」菜单\程序\启动] Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINNT\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synchronization Manager = mobsync.exe /logon AVWeb = KvMonXP = D:\KV2005\KV2005\KVMonXP.kxp /auto NvCplDaemon = RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup nwiz = nwiz.exe /install NvMediaCenter = RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Internat.exe = internat.exe KVFW = C:\Program Files\KVFW\kvfw.exe -silent KvXP = D:\KV2005\KV2005\KvXP.kxp /ScanBoot -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices SVC Service = svc32.pif -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [3721TRQua] Sygate Personal Firewall Startup = MSDEV.EXE [OptionalComponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices [3721TRQua] Sygate Personal Firewall Startup = msdev.exe Wind Security = mswi32.pif SVC Service = svc32.pif -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [3721TRQua] Sygate Personal Firewall Startup = MSDEV.EXE -------------------------------------------------- Shell & screensaver key from C:\WINNT\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - D:\adobe\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - (no file) - {749D1D7D-1969-4014-A98D-9E867E7508D0} (no name) - D:\KV2005\KV2005\KvShell.dll - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} (no name) - D:\FLASHGET\jccatch.dll - {A5366673-E8CA-11D3-9CD9-0090271D075B} (no name) - d:\NetTransport 2\NTIEHelper.dll - {C56CB6B0-0D96-11D6-8C65-B2868B609932} (no name) - C:\WINNT\system32\toolbar2.dll - {DAFE0426-96F6-472E-B98D-EF873EB7CFF2} -------------------------------------------------- Enumerating Task Scheduler jobs: DDD_Install_Program.job -------------------------------------------------- Enumerating Download Program Files: [VTPlug3 Class] InProcServer32 = C:\WINNT\Downloaded Program Files\VTrans3.dll CODEBASE = http://61.152.96.82:1995/VTrans.cab [InstaFred] InProcServer32 = C:\WINNT\DOWNLO~1\InstFred.ocx CODEBASE = file://D:\CAD\InstFred.ocx [BlueskyVideo Control] InProcServer32 = C:\WINNT\v2.ocx CODEBASE = http://www.bluesky.cn/download/v2_60.cab [IMCv1 Control] CODEBASE = http://61.152.96.82:1995/talk.cab [AcDcToday 控件] InProcServer32 = C:\WINNT\DOWNLO~1\ACDCTO~1.OCX CODEBASE = file://D:\CAD\AcDcToday.ocx [IE Class] InProcServer32 = C:\WINNT\DOWNLO~1\NewProc.dll CODEBASE = https://www.95599.cn/platform/pub/cab/ABC.cab [LoaderCore Class] InProcServer32 = C:\WINNT\Downloaded Program Files\DLLoader.dll CODEBASE = http://tb.sogou.com/DLLoader.cab [Blueskyvoice Control] InProcServer32 = C:\WINNT\DOWNLO~1\CONFLICT.1\BLUESK~1.OCX CODEBASE = http://www.bluesky.cn/download/blueskyvoice_60.cab [NOXLATE-BANR] InProcServer32 = C:\WINNT\DOWNLO~1\InstBanr.ocx CODEBASE = file://D:\CAD\InstBanr.ocx [Shockwave Flash Object] InProcServer32 = C:\WINNT\system32\macromed\flash\Flash.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Ravonline] InProcServer32 = C:\WINNT\Downloaded Program Files\RsOnline.dll CODEBASE = http://download.rising.com.cn/QQ/QQkill/rsonline.cab [Rising Web Scan Object] InProcServer32 = C:\WINNT\Downloaded Program Files\OL2005.dll CODEBASE = http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab [{EF6205C1-3F17-4829-BCB5-1336ED89E356}] CODEBASE = http://club.jiangmin.com/kvscan/KvDown.cab [AcPreview 控件] InProcServer32 = C:\WINNT\DOWNLO~1\ACPREV~1.OCX CODEBASE = file://D:\CAD\AcPreview.ocx -------------------------------------------------- Enumerating Winsock LSP files: Protocol #1: C:\WINNT\system32\KvWspXp.dll Protocol #2: C:\WINNT\system32\KvWspXp.dll Protocol #3: C:\WINNT\system32\KvWspXp.dll -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll WebCheck: C:\WINNT\system32\webcheck.dll SysTray: stobject.dll -------------------------------------------------- End of report, 7,556 bytes Report generated in 0.060 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only |
地主 发表时间: 05-10-17 19:40 |
回复: songhbo [songhbo] 论坛用户 | 登录 |
都这样了啊,你Y死定了. |
B1层 发表时间: 05-10-18 17:53 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号