瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 木马分析4
zzr420 - 2006-2-26 0:39:00
[编号:94]
[名称:C:\Program Files\木马防御大师\ScanEngine.dll]
[类型:已加载DLL]
[内容:ScanEngine Dynamic Link Library 版权所有 (C) 2005]

[编号:95]
[名称:C:\Program Files\木马防御大师\Protect.sys]
[类型:已加载DLL]
[内容:未知]

[编号:96]
[名称:C:\Program Files\ftc\ShellLink.Dll]
[类型:已加载DLL]
[内容:FYG ShellLink Dll Copyright(C) 2001-2004 FYGsoft]

[编号:97]
[分隔符:---------------------------------------------------------------------]

[编号:98]
[分隔符:---------------------------------------------------------------------]

[编号:99]
[名称:AFD 网络支持环境]
[类型:服务:未知]
[内容:\SystemRoot\System32\drivers\afd.sys]

[编号:100]
[名称:Service for Realtek AC97 Audio (WDM)]
[类型:服务:Windows (R) WDM driver for Realtek AC'97 Audio Copyright (c) Realtek Semiconductor Corp.1998-2003]
[内容:C:\WINDOWS\system32\drivers\alcxwdm.sys]

[编号:101]
[名称:BdGuard]
[类型:服务:BDGUARD Dynamic Link Library Copyright (C) 2005]
[内容:C:\WINDOWS\system32\drivers\bdguard.sys]

[编号:102]
[名称:DNS Cache]
[类型:服务:未知]
[内容:C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087]

[编号:103]
[名称:cdntran]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\drivers\cdntran.sys]

[编号:104]
[名称:DCOM 服务器进程启动器]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\svchost ]

[编号:105]
[名称:kmsinput]
[类型:服务:未知]
[内容:c:\windows\system32\drivers\kmsinput.sys]

[编号:106]
[名称:KNetWch]
[类型:服务:Kingsoft Firewall Copyright (C) 2001-2005, Kingsoft Corporation]
[内容:c:\kav2006\knetwch.sys]

[编号:107]
[名称:Kingsoft Personal Firewall Service]
[类型:服务:未知]
[内容:"C:\KAV2006\KPfwSvc.EXE"]

[编号:108]
[名称:KWatch3]
[类型:服务:Kingsoft Antivirus Copyright (C) 2000 - 2004 Kingsoft Corporation]
[内容:c:\windows\system32\drivers\kwatch3.sys]

[编号:109]
[名称:Kingsoft Antivirus KWatch Service]
[类型:服务:Kingsoft Antivirus Copyright (C) 1998 - 2005 Kingsoft Corporation]
[内容:C:\KAV2006\KWatch.EXE]

[编号:110]
[名称:LexBce Server]
[类型:服务:MarkVision for Windows (32 bit) (C) 1993 - 2002 Lexmark International, Inc.]
[内容:C:\WINDOWS\system32\LEXBCES.EXE]

[编号:111]
[名称:Windows Installer]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\msiexec.exe /V]

[编号:112]
[名称:MSJDrvr]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\drivers\msjdrvr.sys]

[编号:113]
[名称:npkcrypt]
[类型:服务:未知]
[内容:d:\qq\npkcrypt.sys]

[编号:114]
[名称:Office Source Engine]
[类型:服务:未知]
[内容:"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"]

[编号:115]
[名称:P4P Service]
[类型:服务:Sogou Express Sohu.com Inc. All rights reserved.]
[内容:D:\P4P\p2psvr.exe]

[编号:116]
[名称:PProtect]
[类型:服务:PProtect Device Driver 版权所有 (C) 2005 北京江民新科技术有限公司]
[内容:c:\windows\system32\drivers\pprotect.sys]

[编号:117]
[名称:PxHelp20]
[类型:服务:PxHelp20 Copyright ? Sonic Solutions]
[内容:C:\WINDOWS\system32\drivers\pxhelp20.sys]

[编号:118]
[名称:Remote Log]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\ServeHost.exe]

[编号:119]
[名称:Remote Procedure Call (RPC)]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\svchost ]

[编号:120]
[名称:Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver]
[类型:服务:Realtek RTL8139 Family Based Fast Ethernet Adapter                          1994-2001, Realtek Semiconductor Corp.                                                      All Rights Reserved.]
[内容:C:\WINDOWS\system32\drivers\rtl8139.sys]

[编号:121]
[名称:Secdrv]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\drivers\secdrv.sys]

[编号:122]
[名称:ServiceP]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\ServiceP.exe]

[编号:123]
[名称:System Restore Filter Driver]
[类型:服务:未知]
[内容:\SystemRoot\System32\DRIVERS\sr.sys]

[编号:124]
[名称:Terminal Services]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\svchost ]

[编号:125]
[名称:Conexant Setup API]
[类型:服务:Diagnostic Interface Copyright? Conexant Systems, Inc. 2000]
[内容:C:\WINDOWS\system32\drivers\uiusys.sys]

[编号:126]
[名称:Network System]
[类型:服务:QQFACE Copyright (C) COMENET TECHNOLOGY 2002-2005]
[内容:C:\Program Files\Common Files\SAND\Network.exe]

[编号:127]
[名称:VGA 显示控制器。]
[类型:服务:未知]
[内容:\SystemRoot\System32\drivers\vga.sys]

[编号:128]
[名称:WmRegProDrv]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\drivers\wmregprodrv.sys]

[编号:129]
[名称:Windows 套接字 2 .0 Non-IFS 服务提供程序支持环境]
[类型:服务:未知]
[内容:\SystemRoot\System32\drivers\ws2ifsl.sys]

[编号:130]
[分隔符:---------------------------------------------------------------------]

[编号:131]
[名称:Start Page]
[类型:IE主页-当前用户]
[内容:about:blank]

[编号:132]
[名称:Search Page]
[类型:IE搜索-当前用户]
[内容:http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch]

[编号:133]
[名称:Start Page]
[类型:IE主页-所有用户]
[内容:about:blank]

[编号:134]
[名称:Search Page]
[类型:IE搜索-所有用户]
[内容:http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch]

[编号:135]
[名称:Default_Page_URL]
[类型:默认IE主页-所有用户]
[内容:about:black]

[编号:136]
[名称:Default_Search_URL]
[类型:默认IE搜索-所有用户]
[内容:http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch]

[编号:137]
[分隔符:---------------------------------------------------------------------]

[编号:138]
[名称:{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}]
[类型:IE 扩展按钮]
[内容:q麙| 路径:q麙|]

[编号:139]
[名称:{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}]
[类型:IE 扩展按钮]
[内容:q麙| 路径:http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair]

[编号:140]
[名称:{FD00D911-7529-4084-9946-A29F1BDF4FE5}]
[类型:IE 扩展按钮]
[内容: 路径:http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean]

[编号:141]
[分隔符:---------------------------------------------------------------------]

[编号:142]
[名称:百度-搜索MP3]
[类型:IE 右键按钮]
[内容: 路径:nsbu]

[编号:143]
[名称:百度-搜索图片]
[类型:IE 右键按钮]
[内容: 路径:nsbu]

[编号:144]
[名称:百度-搜索新闻]
[类型:IE 右键按钮]
[内容: 路径:nsbu]

[编号:145]
[名称:百度-搜索歌词]
[类型:IE 右键按钮]
[内容: 路径:nsbu]

[编号:146]
[名称:百度-搜索网页]
[类型:IE 右键按钮]
[内容: 路径:nsbu]

[编号:147]
[名称:百度-搜索贴吧]
[类型:IE 右键按钮]
[内容: 路径:nsbu]

[编号:148]
[名称:百度-词典搜索]
[类型:IE 右键按钮]
[内容: 路径:nsbu]

[编号:149]
[分隔符:---------------------------------------------------------------------]

[编号:150]
[名称:{2d2e24cb-0cd5-458f-86ea-3e6fa22c8e64}]
[类型:VMR Allocator Presenter 9 <IE控件>]
[内容:%SystemRoot%\system32\quartz.dll]

[编号:151]
[名称:{51b4abf3-748f-4e3b-a276-c828330e926a}]
[类型:Video Mixing Renderer 9 <IE控件>]
[内容:%SystemRoot%\system32\quartz.dll]

[编号:152]
[名称:{e4979309-7a32-495e-8a92-7b014aad4961}]
[类型:VMR ImageSync 9 <IE控件>]
[内容:%SystemRoot%\system32\quartz.dll]

[编号:153]
[分隔符:---------------------------------------------------------------------]

[编号:154]
[名称:]
[类型:EXE关联]
[内容:"%1" %*]

[编号:155]
[名称:]
[类型:TXT关联]
[内容:%SystemRoot%\system32\NOTEPAD.EXE %1]

[编号:156]
[名称:]
[类型:vbs关联]
[内容:%SystemRoot%\System32\WScript.exe "%1" %*]

[编号:157]
[名称:]
[类型:Js关联]
[内容:%SystemRoot%\System32\WScript.exe "%1" %*]

[编号:158]
[名称:]
[类型:htmlfile关联]
[内容:"C:\Program Files\Internet Explorer\iexplore.exe" -nohome]

[编号:159]
[名称:]
[类型:HTTP协议]
[内容:"C:\Program Files\Internet Explorer\iexplore.exe" -nohome]

[编号:160]
[名称:]
[类型:FTP协议]
[内容:"C:\Program Files\Internet Explorer\iexplore.exe" %1]

[编号:161]
[分隔符:---------------------------------------------------------------------]

[编号:162]
[名称:c:\windows\system32\sbe.dll]
[类型:第三方 COM/ActiveX组件]
[内容:PSFactoryBuffer---发布公司:(null) (null)]

[编号:163]
[名称:c:\windows\system32\admwprox.dll]
[类型:第三方 COM/ActiveX组件]
[内容:PSFactoryBuffer---发布公司:未知]

[编号:164]
[名称:c:\windows\system32\deskpan.dll]
[类型:第三方 COM/ActiveX组件]
[内容:显示摇曳 CPL 扩展---发布公司:未知]

[编号:165]
[名称:c:\windows\system32\dmipn.dll]
[类型:第三方 COM/ActiveX组件]
[内容:DesktopMedia Client Monitor---发布公司:未知]

[编号:166]
[名称:c:\windows\system32\admwprox.dll]
[类型:第三方 COM/ActiveX组件]
[内容:PSFactoryBuffer---发布公司:未知]

[编号:167]
[名称:c:\windows\system32\admwprox.dll]
[类型:第三方 COM/ActiveX组件]
[内容:PSFactoryBuffer---发布公司:未知]

[编号:168]
[名称:c:\windows\system32\admwprox.dll]
[类型:第三方 COM/ActiveX组件]
[内容:PSFactoryBuffer---发布公司:未知]

[编号:169]
[名称:c:\windows\system32\audio3d.dll]
[类型:第三方 COM/ActiveX组件]
[内容:Audio3DObject---发布公司:Sensaura ? Copyright 1997-2001  Sensaura Ltd]

[编号:170]
[名称:c:\windows\system32\admwprox.dll]
[类型:第三方 COM/ActiveX组件]
[内容:PSFactoryBuffer---发布公司:未知]

--------------------感谢您关注我的软件---------------------
网站: http://www.wjfsoft.com  产品:完美卸载V2006
1
查看完整版本: 木马分析4
© 2000 - 2025 Rising Corp. Ltd.