產生報表
--
[CODE]
2007-04-01,01:26:03
System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)
Windows 2000 Professional Service Pack 4 (Build 2195) - Administrative User - Completed Functions Allowed
Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
[(Verified)Microsoft Windows 2000 Publisher]
<"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
[(Verified)Microsoft Windows 2000 Publisher]
[N/A]
<"D:\Program Files\Filseclab\xfilter\xfilter.exe" -a> [費爾安全實驗室]
<"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]
<"D:\Program Files\Winamp\Winampa.exe"> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
[(Verified)Microsoft Windows 2000 Publisher]
[(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
[]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
[Kaspersky Lab]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<(無)> [N/A]
==================================
Startup Folders
[Microsoft Office]
D:\PROGRA~1\MICROS~1\Office\OSA9.EXE [Microsoft Corporation]>
[費爾消息服務]
C:\PROGRA~1\COMMON~1\FILSEC~1\FilMsg.exe [費爾安全實驗室]>
[YamQQ]
D:\PROGRA~1\Tencent\YamQQ\QQ.exe [N/A]>
==================================
Services
[Kaspersky Anti-Virus 6.0 / AVP][Running/Auto Start]
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
[Leadtek Driver Helper Service / NVSvc][Running/Auto Start]
==================================
Drivers
[dmboot / dmboot][Stopped/Disabled]
[邏輯磁碟管理員驅動程式 / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys>
[3Com EtherLink XL B/C Adapter Driver / EL90BC][Running/Manual Start]
<3Com Corporation>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
<\??\G:\INSTALL\GMSIPCI.SYS>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\system32\drivers\kl1.sys>
[klif / klif][Running/System Start]
<\??\C:\WINNT\system32\drivers\klif.sys>
[NTACCESS / NTACCESS][Stopped/Manual Start]
<\??\G:\NTACCESS.sys>
[nv / nv][Running/Manual Start]
[NVDual / NVDual][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\nvDual.sys>
[PfModNT / PfModNT][Running/Auto Start]
<\??\C:\WINNT\system32\PfModNT.sys>
[直接平行連接埠連結驅動程式 / Ptilink][Running/Manual Start]
[SB PCI Family Audio Driver (WDM) / sbpci][Running/Manual Start]
[SetupNTGLM7X / SetupNTGLM7X][Stopped/Manual Start]
<\??\G:\NTGLM7X.sys>
[trm3x5 / trm3x5][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\trm3x5.sys>
[WinFox Control I/O Driver / WFsys][Stopped/Manual Start]
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
[Filseclab Packet Filter / XPacket][Running/Boot Start]
<\SystemRoot\System32\xpacket.sys>
==================================
Browser Add-ons
[網頁防護程式]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[YamQQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b}
[收音機(&R)]
{8E718888-423F-11D2-876E-00A0C9082467}
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000}
[添加到QQ自定義面板]
[添加到QQ自定義面版]
[添加到QQ表情]
[用QQ彩信傳送該圖片]
[用QQ彩信發送該圖片]
==================================
Running Processes
N/A
==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock Provider
MSAFD Tcpip [TCP/IP]
D:\Program Files\Filseclab\xfilter\XFILTER.DLL(Filseclab Corporation, Filseclab Personal Firewall)
MSAFD Tcpip [UDP/IP]
D:\Program Files\Filseclab\xfilter\XFILTER.DLL(Filseclab Corporation, Filseclab Personal Firewall)
MSAFD Tcpip [RAW/IP]
D:\Program Files\Filseclab\xfilter\XFILTER.DLL(Filseclab Corporation, Filseclab Personal Firewall)
RSVP UDP Service Provider
D:\Program Files\Filseclab\xfilter\XFILTER.DLL(Filseclab Corporation, Filseclab Personal Firewall)
RSVP TCP Service Provider
D:\Program Files\Filseclab\xfilter\XFILTER.DLL(Filseclab Corporation, Filseclab Personal Firewall)
==================================
Autorun.Inf
N/A
==================================
HOSTS File
127.0.0.1 localhost
==================================
API HOOK
RVA Error: LoadLibraryA (Dangerous Level: Generic, Hooked by Module: Dest Addr: 0xBEAC1B25)
RVA Error: LoadLibraryExA (Dangerous Level: Generic, Hooked by Module: Dest Addr: 0xBEAC1D67)
RVA Error: LoadLibraryExW (Dangerous Level: Generic, Hooked by Module: Dest Addr: 0xBEAC1F0B)
RVA Error: LoadLibraryW (Dangerous Level: Generic, Hooked by Module: Dest Addr: 0xBEAC1C49)
RVA Error: GetProcAddress (Dangerous Level: High, Hooked by Module: Dest Addr: 0xBEAC1E8F)
==================================
Hidden Process
N/A
==================================
[/CODE]
--
[CODE]
2007-04-01,01:26:03
System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)
Windows 2000 Professional Service Pack 4 (Build 2195) - Administrative User - Completed Functions Allowed
Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
[(Verified)Microsoft Windows 2000 Publisher]
<"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
[(Verified)Microsoft Windows 2000 Publisher]
[N/A]
<"D:\Program Files\Filseclab\xfilter\xfilter.exe" -a> [費爾安全實驗室]
<"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]
<"D:\Program Files\Winamp\Winampa.exe"> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
[(Verified)Microsoft Windows 2000 Publisher]
[(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
[]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
[Kaspersky Lab]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<(無)> [N/A]
==================================
Startup Folders
[Microsoft Office]
D:\PROGRA~1\MICROS~1\Office\OSA9.EXE [Microsoft Corporation]>
[費爾消息服務]
C:\PROGRA~1\COMMON~1\FILSEC~1\FilMsg.exe [費爾安全實驗室]>
[YamQQ]
D:\PROGRA~1\Tencent\YamQQ\QQ.exe [N/A]>
==================================
Services
[Kaspersky Anti-Virus 6.0 / AVP][Running/Auto Start]
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
[Leadtek Driver Helper Service / NVSvc][Running/Auto Start]
==================================
Drivers
[dmboot / dmboot][Stopped/Disabled]
[邏輯磁碟管理員驅動程式 / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys>
[3Com EtherLink XL B/C Adapter Driver / EL90BC][Running/Manual Start]
<3Com Corporation>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
<\??\G:\INSTALL\GMSIPCI.SYS>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\system32\drivers\kl1.sys>
[klif / klif][Running/System Start]
<\??\C:\WINNT\system32\drivers\klif.sys>
[NTACCESS / NTACCESS][Stopped/Manual Start]
<\??\G:\NTACCESS.sys>
[nv / nv][Running/Manual Start]
[NVDual / NVDual][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\nvDual.sys>
[PfModNT / PfModNT][Running/Auto Start]
<\??\C:\WINNT\system32\PfModNT.sys>
[直接平行連接埠連結驅動程式 / Ptilink][Running/Manual Start]
[SB PCI Family Audio Driver (WDM) / sbpci][Running/Manual Start]
[SetupNTGLM7X / SetupNTGLM7X][Stopped/Manual Start]
<\??\G:\NTGLM7X.sys>
[trm3x5 / trm3x5][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\trm3x5.sys>
[WinFox Control I/O Driver / WFsys][Stopped/Manual Start]
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
[Filseclab Packet Filter / XPacket][Running/Boot Start]
<\SystemRoot\System32\xpacket.sys>
==================================
Browser Add-ons
[網頁防護程式]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[YamQQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b}
[收音機(&R)]
{8E718888-423F-11D2-876E-00A0C9082467}
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000}
[添加到QQ自定義面板]
[添加到QQ自定義面版]
[添加到QQ表情]
[用QQ彩信傳送該圖片]
[用QQ彩信發送該圖片]
==================================
Running Processes
N/A
==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock Provider
MSAFD Tcpip [TCP/IP]
D:\Program Files\Filseclab\xfilter\XFILTER.DLL(Filseclab Corporation, Filseclab Personal Firewall)
MSAFD Tcpip [UDP/IP]
D:\Program Files\Filseclab\xfilter\XFILTER.DLL(Filseclab Corporation, Filseclab Personal Firewall)
MSAFD Tcpip [RAW/IP]
D:\Program Files\Filseclab\xfilter\XFILTER.DLL(Filseclab Corporation, Filseclab Personal Firewall)
RSVP UDP Service Provider
D:\Program Files\Filseclab\xfilter\XFILTER.DLL(Filseclab Corporation, Filseclab Personal Firewall)
RSVP TCP Service Provider
D:\Program Files\Filseclab\xfilter\XFILTER.DLL(Filseclab Corporation, Filseclab Personal Firewall)
==================================
Autorun.Inf
N/A
==================================
HOSTS File
127.0.0.1 localhost
==================================
API HOOK
RVA Error: LoadLibraryA (Dangerous Level: Generic, Hooked by Module: Dest Addr: 0xBEAC1B25)
RVA Error: LoadLibraryExA (Dangerous Level: Generic, Hooked by Module: Dest Addr: 0xBEAC1D67)
RVA Error: LoadLibraryExW (Dangerous Level: Generic, Hooked by Module: Dest Addr: 0xBEAC1F0B)
RVA Error: LoadLibraryW (Dangerous Level: Generic, Hooked by Module: Dest Addr: 0xBEAC1C49)
RVA Error: GetProcAddress (Dangerous Level: High, Hooked by Module: Dest Addr: 0xBEAC1E8F)
==================================
Hidden Process
N/A
==================================
[/CODE]
文章標籤
全站熱搜
http://news.sina.com.tw/tech/sinacn/cn/2007-03-27/140538138896.shtml
最新的MSN走後門木馬
網路上說用 AVG Anti-Spyware 可以掃得出來