发表于: 2007-05-16 16:40 | 显示全部 短消息 资料
字号: 1楼

Backdoor.Win32.Agent.ank

[CODE]

2007-05-16,15:54:07

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <sys81><C:\Documents and Settings\朱德威\「开始」菜单\程序\管理工具\H27940.exe>  [N/A]
    <sys82><C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\H31059.exe>  [N/A]
    <sys21><C:\Documents and Settings\朱德威\Cookies\b12487.exe>  [N/A]
    <sys22><C:\Documents and Settings\朱德威\Local Settings\History\b1345.exe>  [N/A]
    <sys31><C:\Documents and Settings\朱德威\Local Settings\Application Data\c23235.exe>  [N/A]
    <sys32><C:\WINDOWS\c25409.exe>  [N/A]
    <sys51><C:\Documents and Settings\朱德威\Local Settings\History\E28463.exe>  [N/A]
    <sys52><C:\Documents and Settings\朱德威\My Documents\My Pictures\E24405.exe>  [N/A]
    <sys101><C:\Documents and Settings\朱德威\Local Settings\Temporary Internet Files\J16669.exe>  [N/A]
    <sys102><C:\Documents and Settings\朱德威\Application Data\J13650.exe>  [N/A]
    <sys61><C:\Documents and Settings\朱德威\My Documents\F6444.exe>  [N/A]
    <sys62><C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\F15701.exe>  [N/A]
    <sys71><C:\WINDOWS\system32\G17192.exe>  [N/A]
    <sys72><C:\Documents and Settings\朱德威\My Documents\My Pictures\G6996.exe>  [N/A]
    <sys25411><C:\Documents and Settings\朱德威\Cookies\12617.exe>  []
    <sys229132><C:\Program Files\14074.exe>  [N/A]
    <sys91951><C:\Documents and Settings\朱德威\My Documents\673.exe>  []
    <sys322502><C:\Program Files\25854.exe>  []
    <sys109481><C:\Documents and Settings\朱德威\Cookies\507.exe>  [N/A]
    <sys38862><C:\WINDOWS\5883.exe>  [N/A]
    <sys258521><C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\22526.exe>  [N/A]
    <sys327272><C:\WINDOWS\system32\28337.exe>  [N/A]
    <sys63221><C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\17102.exe>  []
    <sys36072><C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\29946.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <CertificateRegistration><SafeSignCertReg.exe>  [N/A]
    <qcsszjcz><c:\chenhu2\chenqxms.exe>  [N/A]
    <PCSuiteTrayApplication><C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray>  [Nokia]
    <DataLayer><C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE>  [Nokia Mobile Phones Ltd.]
    <KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize>  [Kaspersky Lab]
    <SoundMAX><C:\windows\svchost.exe>  [N/A]
    <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>  [Tencent]
    <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <tffhkfd><C:\WINDOWS\system32\1028\tffhkfd.exe>  [N/A]
    <tkcckhj><C:\Program Files\Microsoft Office\tkcckhj.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <wk><C:\WINDOWS\system32\865iae8.exe>  [软告工作室]
    <sys81><C:\Documents and Settings\朱德威\「开始」菜单\程序\管理工具\H27940.exe>  [N/A]
    <sys82><C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\H31059.exe>  [N/A]
    <sys21><C:\Documents and Settings\朱德威\Cookies\b12487.exe>  [N/A]
    <sys22><C:\Documents and Settings\朱德威\Local Settings\History\b1345.exe>  [N/A]
    <sys31><C:\Documents and Settings\朱德威\Local Settings\Application Data\c23235.exe>  [N/A]
    <sys32><C:\WINDOWS\c25409.exe>  [N/A]
    <sys51><C:\Documents and Settings\朱德威\Local Settings\History\E28463.exe>  [N/A]
    <sys52><C:\Documents and Settings\朱德威\My Documents\My Pictures\E24405.exe>  [N/A]
    <sys101><C:\Documents and Settings\朱德威\Local Settings\Temporary Internet Files\J16669.exe>  [N/A]
    <sys102><C:\Documents and Settings\朱德威\Application Data\J13650.exe>  [N/A]
    <sys61><C:\Documents and Settings\朱德威\My Documents\F6444.exe>  [N/A]
    <sys62><C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\F15701.exe>  [N/A]
    <sys71><C:\WINDOWS\system32\G17192.exe>  [N/A]
    <sys72><C:\Documents and Settings\朱德威\My Documents\My Pictures\G6996.exe>  [N/A]
    <sys25411><C:\Documents and Settings\朱德威\Cookies\12617.exe>  [N/A]
    <sys229132><C:\Program Files\14074.exe>  [N/A]
    <sys91951><C:\Documents and Settings\朱德威\My Documents\673.exe>  [N/A]
    <sys322502><C:\Program Files\25854.exe>  [N/A]
    <sys109481><C:\Documents and Settings\朱德威\Cookies\507.exe>  [N/A]
    <sys258521><C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\22526.exe>  [N/A]
    <sys38862><C:\WINDOWS\5883.exe>  [N/A]
    <sys327272><C:\WINDOWS\system32\28337.exe>  [N/A]
    <sys63221><C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\17102.exe>  [N/A]
    <sys36072><C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\29946.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\DOWNLO~1\CnsHook.dll>  [北京三七二一科技有限公司]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <Vision><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <-173163><; C:\WINDOWS\system32\-173163.exe>  [N/A]
    <helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  []
    <iparmor><; C:\Program Files\Iparmor\Iparmor.exe mini>  [N/A]
    <KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  [N/A]
    <rlijmgk><; C:\WINDOWS\system32\rlijmgk.exe>  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <swg><; C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]
    <WangWang><; rem rem "C:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE">  [N/A]
    <wk><; C:\WINDOWS\system\865fae8.exe>  [软告工作室]
    <yassistse><; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  [N/A]
    <YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [N/A]

==================================
启动文件夹
[WNSO]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\WNSO.lnk --> C:\PROGRA~1\COMMON~1\RGGZS\WNSO.exe [软告工作室]><N>
[ruango]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\ruango.lnk --> C:\WINDOWS\system32\MSRundll.exe [Microsoft Corporation]><N>
[yieedi]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\yieedi.lnk --> C:\WINDOWS\system32\Setup\yieedie.exe [N/A]><N>
[yciigd]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\yciigd.lnk --> C:\Program Files\Microsoft ActiveSync\yciigdi.exe [N/A]><N>
[sys81]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys81.lnk --> C:\Documents and Settings\朱德威\「开始」菜单\程序\管理工具\H27940.exe [N/A]><N>
[sys82]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys82.lnk --> C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\H31059.exe [N/A]><N>
[sys21]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys21.lnk --> C:\Documents and Settings\朱德威\Cookies\b12487.exe [N/A]><N>
[sys22]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys22.lnk --> C:\Documents and Settings\朱德威\Local Settings\History\b1345.exe [N/A]><N>
[sys31]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys31.lnk --> C:\Documents and Settings\朱德威\Local Settings\Application Data\c23235.exe [N/A]><N>
[sys32]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys32.lnk --> C:\WINDOWS\c25409.exe [N/A]><N>
[sys51]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys51.lnk --> C:\Documents and Settings\朱德威\Local Settings\History\E28463.exe [N/A]><N>
[sys52]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys52.lnk --> C:\Documents and Settings\朱德威\My Documents\My Pictures\E24405.exe [N/A]><N>
[sys101]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys101.lnk --> C:\Documents and Settings\朱德威\Local Settings\Temporary Internet Files\J16669.exe [N/A]><N>
[sys102]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys102.lnk --> C:\Documents and Settings\朱德威\Application Data\J13650.exe [N/A]><N>
[sys61]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys61.lnk --> C:\Documents and Settings\朱德威\My Documents\F6444.exe [N/A]><N>
[sys62]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys62.lnk --> C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\F15701.exe [N/A]><N>
[sys71]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys71.lnk --> C:\WINDOWS\system32\G17192.exe [N/A]><N>
[sys72]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys72.lnk --> C:\Documents and Settings\朱德威\My Documents\My Pictures\G6996.exe [N/A]><N>
[yckgfd]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\yckgfd.lnk --> C:\Program Files\Microsoft ActiveSync\yckgfde.exe [N/A]><N>
最后编辑2007-05-16 16:36:00