我的机子上至少中了小榕的RemoteNC和敲诈者,不过后者好像没有发作。只要一有网络连接,就自动联UDP端口,好长时间了也没找到解决办法,请给我以指点,谢谢。
2007-11-07,09:28:52
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(AtiTrayTools)("C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe") [Ray Adams]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(Logitech Hardware Abstraction Layer)(KHALMNPR.EXE) [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Windows Publisher]
(Userinit)(C:\WINDOWS\system32\userinit.exe,) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(UIHost)(logonui.exe) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
(Themes Setup)(%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
(Microsoft Outlook Express 6)("%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
(Microsoft Windows Media Player)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
(通讯簿 6)("%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
(N/A)(C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install) [Microsoft Corporation]
--------------------------------------------------------------------------------
启动文件夹
N/A
--------------------------------------------------------------------------------
服务
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Disabled]
(C:\WINDOWS\system32\Ati2evxx.exe)(ATI Technologies Inc.)
[ATI Smart / ATI Smart][Stopped/Auto Start]
(C:\WINDOWS\system32\ati2sgag.exe)()
[.NET Runtime Optimization Service v2.0.50727_X86 / clr_optimization_v2.0.50727_32][Stopped/Disabled]
(C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe)(N/A)
[Help and Support / helpsvc][Stopped/Disabled]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll)(N/A)
[Remote Procedure Call (RPC) / RpcSs][Running/Auto Start]
(C:\WINDOWS\system32\svchost -k rpcss--)%SystemRoot%\rpcss.dll)(Microsoft Corporation)
[StarWind iSCSI Service / StarWindService][Stopped/Auto Start]
(C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe)(N/A)
[Windows User Mode Driver Framework / UMWdf][Stopped/Disabled]
(C:\WINDOWS\system32\wdfmgr.exe)(N/A)
--------------------------------------------------------------------------------
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start]
(system32\drivers\ALCXWDM.SYS)(Realtek Semiconductor Corp.)
[ati2mtag / ati2mtag][Running/Manual Start]
(system32\DRIVERS\ati2mtag.sys)(ATI Technologies Inc.)
[atitray / atitray][Running/System Start]
(\??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys)(N/A)
[Logitech SetPoint HID Mouse Filter Driver / LHidKe][Running/Manual Start]
(system32\DRIVERS\LHidKE.Sys)(Logitech, Inc.)
[Logitech SetPoint Mouse Filter Driver / LMouKE][Running/Manual Start]
(system32\DRIVERS\LMouKE.Sys)(Logitech, Inc.)
[nvatabus / nvatabus][Running/Boot Start]
(\SystemRoot\system32\DRIVERS\nvatabus.sys)(NVIDIA Corporation)
[Direct Parallel Link Driver / Ptilink][Stopped/Disabled]
(system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)
[Secdrv / Secdrv][Stopped/Manual Start]
(system32\DRIVERS\secdrv.sys)(N/A)
[sptd / sptd][Stopped/Disabled]
(System32\Drivers\sptd.sys)(Duplex Secure Ltd.)
--------------------------------------------------------------------------------
浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated)
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} (e:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD)
--------------------------------------------------------------------------------
正在运行的进程
[PID: 344][\SystemRoot\System32\smss.exe] [N/A, ]
[PID: 400][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 428][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 472][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 484][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 628][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 708][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\windows\rpcss.dll] [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
[PID: 736][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1084][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll] [N/A, ]
[PID: 1212][C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe] [Ray Adams, 1.2.6.977]
[C:\Program Files\Ray Adams\ATI Tray Tools\support.dll] [N/A, ]
[C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll] [N/A, ]
[C:\Program Files\Ray Adams\ATI Tray Tools\attsio.dll] [OverSoft Team, 1.0.0.22]
[C:\WINDOWS\system32\atipdlxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2504]
[C:\Program Files\Ray Adams\ATI Tray Tools\kbdhook.dll] [N/A, ]
[C:\Program Files\Ray Adams\ATI Tray Tools\plugins\cpuload.dll] [N/A, ]
[C:\Program Files\Ray Adams\ATI Tray Tools\plugins\hddtemp.dll] [N/A, ]
[C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mg_hdddtemp.dll] [N/A, ]
[C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mg_xvlt.dll] [N/A, ]
[C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mongraphsexample.dll] [N/A, ]
[C:\Program Files\Ray Adams\ATI Tray Tools\plugins\pciset.dll] [N/A, ]
[PID: 1292][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll] [N/A, ]
[PID: 1364][C:\WINDOWS\system32\ntvdm.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1384][D:\我的文档\安全工具\SRENGPS.COM] [Smallfrogs Studio, 2.5.16.900]
[C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll] [N/A, ]
[D:\我的文档\安全工具\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[PID: 1464][C:\WINDOWS\system32\mspaint.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll] [N/A, ]
[PID: 1516][C:\WINDOWS\system32\mmc.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll] [N/A, ]
--------------------------------------------------------------------------------
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
--------------------------------------------------------------------------------
Winsock 提供者
N/A
--------------------------------------------------------------------------------
Autorun.inf
N/A
附件:
8338902007117193314.jpg