laboratory report
[code]
2007-03-03, 12:09:40
System Maintenance Engineer 2.3. 13.690
Little frog (. Ini>& lt Not applicable & gt
==================================
driver
[WDM 3D audio driver/ALCXSENS service] [Run/Manual start]
& ltsystem32\drivers\ALCXSENS。 SYS>& ltSensaura Limited & gt
Realtek AC97 audio (WDM)/ALCXWDM service] [run/start manually]
& ltsystem32\drivers\ALCXWDM。 SYS>& ltRealtek Semiconductor Company & gt
[AliIde/AliIde][ Stop/Start]
& lt\ SystemRoot \ System32 \ DRIVERS \ aliide . sys & gt; & lt not applicable & gt
[ati2m tag/ati2m tag][ Run/Manual Start]
& ltsystem32 \ DRIVERS \ ati2m tag . sys & gt; & ltATI technology company & gt
[cmide/cmide] [Run/Start]
& lt\ SystemRoot \ System32 \ DRIVERS \ cmd ide . sys & gt; & ltCMD technology company & gt
[Intel PRO adapter driver /e 100 b][ Run/Manual Start]
& ltsystem32 \ DRIVERS \ e 100 b325 . sys & gt; & lt Intel Corporation & gt
[KL 1/KL 1][ Run/Start]
& lt\ SystemRoot \ system32 \ drivers \ KL 1 . sys & gt; & lt Kaspersky Lab>
[klif/klif][ Run/System Start]
& lt\? \ C:\ WINDOWS \ system32 \ drivers \ klif . sys & gt; & lt Kaspersky Lab>
[knet wch/knet wch][ stop/system start]
& lt\? \f:\KAV2007\KNetWch。 SYS>& lt not applicable & gt
[kwa tch 3/kwa tch 3][ Run/System Start]
& lt\? \ C:\ WINDOWS \ system32 \ drivers \ k watch 3。 SYS>& lt Jinshan company & gt
[mega ide/mega ide][ Run/Start]
& lt\ SystemRoot \ System32 \ DRIVERS \ mega ide . sys & gt; & ltLSI logic company. & gt
[NPK crypt/NPK crypt][ Run/Auto Start]
& lt\? \ f:\ Tencent \ QQ \ npkcrypt . sys & gt; & lt Yingka Internet Co., Ltd. & gt
[NV/NV][ Stop/Manual Start]
& ltsystem32 \ DRIVERS \ nv4 _ mini . sys & gt; & lt NVIDIA company & gt
[Direct Parallel Link Drive /pti Link][ Run/Manual Start]
& ltsystem32 \ DRIVERS \ ptilink . sys & gt; & lt Parallel Technology Company & gt
[NT driver of PCI fast Ethernet adapter based on Realtek RTL8 139(A/B/C) /RTL 8 139][ Stop/start manually]
& ltsystem32\DRIVERS\RTL8 139。 SYS>& ltRealtek Semiconductor Company & gt
[sec drv/sec drv][ Run/Auto Start]
& ltsystem32 \ DRIVERS \ sec drv . sys & gt; < Macrovision Corporation, Macrovision Europe Limited and Macrovision Japan and Asia K.K. >:
[Intel System Management BIOS Service /SMBios][ Run/Manual Start]
& ltsystem32 \ DRIVERS \ smbios . sys & gt; & lt Intel Corporation & gt
[sm serial/sm serial][ Run/Manual Start]
& ltsystem32 \ DRIVERS \ sm serial . sys & gt; & lt Motorola & gt
[TSP/TSP][ Stop/Manual Start]
& lt\? \ C:\ WINDOWS \ system32 \ drivers \ klif . sys & gt; & lt Kaspersky Lab>
[ViaIde/ViaIde][ Run/Start]
& lt\ SystemRoot \ system32 \ DRIVERS \ viaide . sys & gt; & lt Microsoft Corporation & gt
==================================
Browser add-in
[Adobe PDF Reader link assistant]
{ 06849 e9f-c8 D7-4d 59-B87D-784 b 7 D6 be 0 b 3 } & lt; c:\ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ acroiehelper . dll,Adobe Systems Incorporated & gt
[QQBrowserHelperObject class]
{ 54 EBD 53 a-9bc 1-480 b-966 a-843 a 333 ca 162 } & lt; F:\ Tencent \QQ\QQIEHelper.dll, Shenzhen Tencent Computer System Co., Ltd. >
"Thunder browser helper"
{ 889 D2 feb-54 1 1-4565-8998- 1 dd2c 526 1283 } & lt; F:\ thunder network \ Xunlei \ ComDLLS \ Xunleibho _ 002.dll, Xunlei Network Technology Co., Ltd. & gt
[navigationmon class]
{ b 69 f 34 DD-f0f 9-42DC-9 edd-957 187 da 688d } & lt; D:\360safe\safemon\safemon.dll,& gt
[Fang Hao Battle Platform]
{ 0a 155 d3c-68e 2-42 15-A47A-e800a 446447 a } & lt; F:\HFGameOPT\GameClient.exe, Shanghai Fang Hao Online Information Technology Co., Ltd. >
[Web antivirus protection]
{ 1f 460357-8 a94-4d 7 1-9ca 3-aa 4 ACF 32 ed 8 e } & lt; F:\ Kaspersky Lab \ kaspersky anti-virus 6.0\scieplugin.dll, Kaspersky Lab>
【 Information retrieval (&; R)]
{ 92780 b25- 18CC-4 1 c8-B9BE-3c9c 57 1a 8263 } & lt; d:\ MICROS ~ 1 \ office 1 1 \ REFIEBAR。 Microsoft Corporation & gt
[qqiefalotbackfgcmd class]
{ dedeb 80d-FA35-45d 9-9460-4983 E5 A8 AFE 6 } & lt; F:\ Tencent \QQ\QQIEHelper.dll, Shenzhen Tencent Computer System Co., Ltd. >
[CEditCtrl object]
{ 488 a 4255-3236-44 B3-8f 27-fa 1 aecaa 8844 } & lt; c:\ WINDOWS \ system32 \ aliedit \ aliedit . dll, www.alipay.com
[Shockwave Flash object]
{ d 27 CDB 6 e-AE6D- 1 1CF-96b 8-444553540000 } & lt; c:\ WINDOWS \ system32 \ Macromed \ Flash \ Flash 9b . ocx,Adobe Systems,Inc. & gt
[Adobe PDF Reader link assistant]
{ 06849 e9f-c8 D7-4d 59-B87D-784 b 7 D6 be 0 b 3 } & lt; c:\ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ acroiehelper . dll,Adobe Systems Incorporated & gt
[QQBrowserHelperObject class]
{ 54 EBD 53 a-9bc 1-480 b-966 a-843 a 333 ca 162 } & lt; F:\ Tencent \QQ\QQIEHelper.dll, Shenzhen Tencent Computer System Co., Ltd. >
"Thunder browser helper"
{ 889 D2 feb-54 1 1-4565-8998- 1 dd2c 526 1283 } & lt; F:\ thunder network \ Xunlei \ ComDLLS \ Xunleibho _ 002.dll, Xunlei Network Technology Co., Ltd. & gt
[navigationmon class]
{ b 69 f 34 DD-f0f 9-42DC-9 edd-957 187 da 688d } & lt; D:\360safe\safemon\safemon.dll,& gt
[& amp; Download with Thunder]
& ltf:\ thunder network \ Thunder \Program\GetUrl.htm, not applicable & gt
[& amp; Download all links with Thunder]
& ltf:\ thunder network \ Thunder \Program\GetAllUrl.htm, not applicable & gt
[Export to Microsoft Office Excel (&; X)]
& ltRES://C:\ PROGRA ~ 1 \ MICROS ~ 2 \ office 1 1 \ EXCEL。 EXE/3000, not applicable.
==================================
Operation process
[PID: 600] [\ systemroot \ system32 \ smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp _ SP2 _ RTM.040803-2158.
[PID: 664][\? \ c: \ Windows \ System32 \ csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp _ SP2 _ RTM.040803-2158)]
[PID: 688][\? \ c: \ Windows \ System32 \ winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp _ SP2 _ RTM.040803-2158)]
[C: \ Windows \ System32 \ klogon.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 732] [C: \ Windows \ System32 \ services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp _ SP2 _ RTM.040803-2150.
[PID: 744] [C: \ Windows \ System32 \ lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp _ SP2 _ RTM.040803-21.
[PID: 896] [C: \ Windows \ System32 \ Ati2evxx.exe] [Not applicable, not applicable]
[PID: 908] [C: \ Windows \ System32 \ svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp _ SP2 _ RTM.040803-21.
[PID:1000] [C: \ Windows \ System32 \ svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp _ SP2 _ rtm.040803-2
[PID:116] [C: \ Windows \ System32 \ svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp
[PID:1204] [C: \ Windows \ System32 \ svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp _ SP2 _ rtm.040803-2
[PID:1312] [C: \ Windows \ System32 \ svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp _ SP2 _ RTM.
[PID:1544] [C: \ Windows \ System32 \ spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp _ SP2 _ GDR.050610-
[C:\WINDOWS\system32\EBPMON2。 Seiko Epson Company, 2, 20, 0, 0]
[PID: 1664][C:\ WINDOWS \ Explorer。 Microsoft corporation, 6.00.2900.2180 (xpsp _ SP2 _ rtm.040803-2158)]
[D:\ 360 safe \ safe mon \ safe mon . dll][, 1,0,0, 1004]
[C:\ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ pdf shell . dll][Adobe Systems,Inc .,7.0.0.0]
[f:\ thunder network \ Xunlei \ com dll \ XunLeiBHO _ 002. dll][ Xunlei Network Technology Co., Ltd., 5,0,0,2]
[C: \ Windows \ System32 \ msdmo.dll] [Not applicable, not applicable]
[c: \ program files \ winrar \ rarext.dll] [not applicable, not applicable]
[F:\ Kaspersky Lab \ kaspersky anti-virus Software 6.0 \ shellex. dll][ Kaspersky Lab, 6.0.0.299]
[f: \ unlocker \ unlockerhook.dll] [Not applicable, not applicable]
[C: \ Windows \ System32 \ ICM32.DLL] [Microsoft Corporation, 5.1.2600.2709 (xpsp _ SP2 _ GDR.050628-1518)]
[f:\ Unlocker \ Unlocker com. dll][ Not applicable, not applicable]
[C:\ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ acroiehelper . dll][Adobe Systems Incorporated,7.0.7.20060 1 1200]
[PID: 1860][C:\ WINDOWS \ sound man。 Realtek Semiconductor Company, 5. 1.0.22
[PID: 1868][C:\ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx . exe][ATI Technologies,Inc .,6. 14. 10.5 120]
[D:\ 360 safe \ safe mon \ safe mon . dll][, 1,0,0, 1004]
[C:\ Program Files \ ATI Technologies \ ATI Control Panel \ atipdsxx . dll][ATI Technologies,Inc .,6. 14. 10.5 120]
[c: \ program files \ ATI technologies \ ATI control panel \ atpuixx. CHS] [ATI Technology Company, 6.14.10.5120]
[C:\ Program Files \ ATI Technologies \ ATI Control Panel \ atipdxxx . dll][ATI Technologies,Inc .,6. 14. 10.5 120]
[PID:1876] [c: \ windows \ sm56hlpr.exe] [Motorola, September 6, 2007]
[C:\ WINDOWS \ sm 56 eng. dll][ Not applicable, not applicable]
[C:\ WINDOWS \ sm 56 fra. dll][ Not applicable, not applicable]
[C:\ WINDOWS \ sm 56 brz. dll][ Not applicable, not applicable]
[C:\ WINDOWS \ sm 56 CHS. dll][ Not applicable, not applicable]
[C:\ WINDOWS \ sm 56 cht. dll][ Not applicable, not applicable]
[C:\ WINDOWS \ sm 56 ger. dll][ Not applicable, not applicable]
[C:\ WINDOWS \ sm 56 ITL. dll][ Not applicable, not applicable]
[C:\ WINDOWS \ sm 56 JPN. dll][ not applicable, not applicable]
[C:\ WINDOWS \ sm 56 SPN. dll][ Not applicable, not applicable]
[D:\ 360 safe \ safe mon \ safe mon . dll][, 1,0,0, 1004]
[PID: 1884][C:\ WINDOWS \ System32 \ spool \ DRIVERS \ w32x 86 \ 3 \ E _ s 10ic 2。 Seiko Epson Company, 3.03]
[D:\ 360 safe \ safe mon \ safe mon . dll][, 1,0,0, 1004]
[PID:1912] [d: \ 360safe \ safemon \ 360tray.exe] [Qihoo. com, 1, 1, 1004]
[D:\ 360 safe \ safe mon \ safe mon . dll][, 1,0,0, 1004]
[d: \ 360 safe \ safemon \ safekrnl.dll] [Qihoo. com, 1,0,300 1]
[D:\ 360 safe \ antiadwa . dll][360 safe . com,2,2,5, 1000]
[D:\360safe\live.dll] [360safe。 1,0,0, 10 1 1]
[f: \ unlocker \ unlockerhook.dll] [Not applicable, not applicable]
[PID: 1944][C:\ Program Files \ Common Files \ Real \ Update _ OB \ Real sched . exe][Real networks,Inc .,0. 1.0.3760]
[D:\ 360 safe \ safe mon \ safe mon . dll][, 1,0,0, 1004]
[PID: 2008] [C: \ Windows \ System32 \ ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp _ SP2 _ RTM.040803-2/kloc-0.
[D:\ 360 safe \ safe mon \ safe mon . dll][, 1,0,0, 1004]
[PID: 212] [c: \ program files \ common files \ epson \ ebapi \ sagent2.exe] [Seiko EPSON CORPORATION, 2,2,0,0]
[C:\WINDOWS\system32\EBAPI2。 Seiko Epson Company, 1, 4,0,0]
[C:\ Program Files \ Common Files \ EPSON \ EBAPI \ EBPLPT。 Seiko Epson Company, 2, 20, 0, 0]
[PID: 168][C:\ Program Files \ Common Files \ Microsoft Shared \ vs 7 debug \ MDM。 Microsoft Corporation, 7.00.9466
[PID: 476] [C: \ program files \ common files \ sogou PXP \ p 2 psvr. exe][Sohu.com company, 2,0,0,28].
[C:\ Program Files \ sogou PXP \ VOD SVR. dll][Sohu.com company, 2,3,0, 1]
[C:\ Program Files \ sogou PXP \ px pnet. dll][Sohu.com company, 1, 0,0,9]
[C:\ Program Files \ sogou PXP \ P2P client. dll][Sohu.com company, 2, 9, 1, 4]
[PID:1724] [C: \ Windows \ System32 \ alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp _ SP2 _ rtm.040803-2
==================================
File association
. TXT OK。 [%SystemRoot%\system32\NOTEPAD。 EXE % 1]
. EXE OK。 ["% 1" %*]
. All right. ["% 1" %*]
. PIF. okay ["% 1" %*]
. Registration was successful. [ regedit.exe " % 1 "]
. Bats are fine. ["% 1" %*]
. SCR is normal. ["% 1" /S]
. CHM OK。 ["C:\WINDOWS\hh.exe" % 1 "
. HLP. okay [% SystemRoot % \ System32 \ winhlp 32 . exe % 1]
. All right. [%SystemRoot%\System32\NOTEPAD。 EXE % 1]
. Information is normal. [%SystemRoot%\System32\NOTEPAD。 EXE % 1]
. VBS. okay [% SystemRoot % \ System32 \ wscript . exe“% 1”% *]
. JS OK。 [% SystemRoot % \ System32 \ wscript . exe“% 1”% *]
. LNK. okay [{ 0002 140 1-0000-0000-C000-0000000046 }]
==================================
Winsock provider
inapplicable
==================================
Autorun.inf
inapplicable
==================================
Host file
127.0.0. 1 local host
==================================
API hook
Warning! System maintenance engineer reminds
The content of your following function is inconsistent with the expected value. male
Children may be modified by some malicious software:
RVA error: loading library a
RVA error: LoadLibraryExA
RVA error: LoadLibraryExW
RVA error: loading library w
Entry point error: CreateProcessA
Entry point error: CreateProcessW
==================================
[/CODE]