|
|
楼主 |
发表于 2006-12-6 09:42
|
显示全部楼层
meiyou
启动项报告: 2006-12-6, 9:42:47
启动项扫描器版本: 1.52.2
开始于: F:\HijackThis1991.EXE
系统检测: Windows XP SP2 (WinNT 5.01.2600)
系统检测: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* 使用默认选项
* 选择“列出主要的部分(标准)”方式
==================================================
当前运行的进程:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
F:\HijackThis1991.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CnsMin = Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
kis = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
(Default) =
helper.dll = C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
--------------------------------------------------
注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
cnshint.dll = regsvr32 /s C:\WINDOWS\downlo~1\cnshint.dll
CnsHook.dll = regsvr32 /s C:\WINDOWS\downlo~1\CnsHook.dll
CnsMinEx.dll = regsvr32.exe /s
--------------------------------------------------
注册表中的启动项:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
H/PC Connection Agent = "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
--------------------------------------------------
文件打开方式关联 for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(黙认) = notepad.exe %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=* 未找到INI相关项目值 *
run=* 未找到INI相关项目值 *
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *
HKLM\..\Windows\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *
HKLM\..\Windows\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *
HKCU\..\Windows\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *
HKCU\..\Windows\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: load=* 未找到相关注册表键值 *
HKLM\..\Windows NT\CurrentVersion\Windows: run=* 未找到相关注册表键值 *
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
--------------------------------------------------
外壳扩展和屏幕保护程序的键值 从 C:\WINDOWS\SYSTEM.INI:
Shell=* 未找到INI相关项目值 *
SCRNSAVE.EXE=* 未找到INI相关项目值 *
drivers=* 未找到INI相关项目值 *
外壳扩展和屏幕保护程序的键值 从 注册表
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\ssmypics.scr
drivers=* 未找到相关注册表键值 *
Policies Shell key:
HKCU\..\Policies: Shell=* 未找到相关注册表键值 *
HKLM\..\Policies: Shell=* 未找到相关注册表键值 *
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: NO!)
.pif: HIDDEN! (arrow overlay: NO!)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
列举IE浏览器辅助对象(BHO模块):
IE - C:\WINDOWS\downlo~1\CnsHook.dll - {D157330A-9EF3-49F8-9A67-4141AC41ADD4}
--------------------------------------------------
Enumerating Windows NT/2000/XP services
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
卡巴斯基互联网安全套装 6.0: "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (autostart)
Rising TDI Base Driver: System32\DRIVERS\BaseTDI.SYS (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
EPSON Printer Status Agent2: C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
ExpScaner: \??\C:\Program Files\Rising\Rav\ExpScan.sys (autostart)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HOOKAPI: \??\C:\PROGRAM FILES\RISING\RAV\HOOKAPI.SYS (autostart)
HookCont: \??\C:\Program Files\Rising\Rav\HOOKCONT.sys (autostart)
HookReg: \??\C:\Program Files\Rising\Rav\HookReg.sys (autostart)
HookSys: \??\C:\Program Files\Rising\Rav\HookSys.sys (autostart)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
MEMSCAN: \??\C:\Program Files\Rising\Rav\MEMSCAN.sys (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
MSSQLSERVER: C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
Rising Process Communication Center: "C:\Program Files\Rising\Rav\CCenter.exe" (autostart)
RSPPSYS: \??\C:\Program Files\rising\Rav\RSPPSYS.sys (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\WINDOWS\DOWNLO~1\3721\CNSPLUS.DLL => C:\WINDOWS\downlo~1\cnsplus.dll|C:\WINDOWS\DOWNLO~1\3721\CNSHINT.DLL => C:\WINDOWS\downlo~1\cnshint.dll|C:\WINDOWS\DOWNLO~1\3721\CNSHOOK.DLL => C:\WINDOWS\downlo~1\CnsHook.dll|C:\WINDOWS\DOWNLO~1\CNSDTU.DLL||C:\WINDOWS\downlo~1\3721\CnsMinEx.dll => C:\WINDOWS\downlo~1\CnsMinEx.dll|C:\WINDOWS\downlo~1\autolive.dll||C:\WINDOWS\downlo~1\autolive.dll||C:\PROGRA~1\3721\3721||C:\PROGRA~1\3721|||C
--------------------------------------------------
列举 ShellServiceObjectDelayLoad 项目:
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
--------------------------------------------------
报告完毕,共 11,670 字节
报告生成用时:1.222秒
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only |
|
IP卡
狗仔卡
发表于 2006-12-6 00:45
显身卡
发表于 2006-12-6 01:51
