Beyond 工作室论坛 - 木马上报 - 兄弟这里是查完的文件，帮忙分析一下看那个是木马木马专家2005 专业的防杀木马软件

vasoft Ad-aware Personal Build 162
Logfile created on  :2005年3月23日 13:33:24
Created with Ad-aware Personal, free for private use.
Using reference-file :0R114 09.02.2003
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry

Listing running processes


#:1 [smss.exe]
    FilePath           : \SystemRoot\System32\
    ThreadCreationTime : 2005-3-22 23:32:01
    BasePriority       : Normal

#:2 [winlogon.exe]
    FilePath           : \??\C:\WINNT\system32\
    ThreadCreationTime : 2005-3-22 23:32:07
    BasePriority       : High

#:3 [services.exe]
    FilePath           : C:\WINNT\system32\
    ThreadCreationTime : 2005-3-22 23:32:08
    BasePriority       : Normal
    FileSize           : 87 KB
    FileVersion        : 5.00.2195.6700
    ProductVersion     : 5.00.2195.6700
    Copyright          : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName        : Microsoft Corporation
    FileDescription    : Services and Controller app
    InternalName       : services.exe
    OriginalFilename   : services.exe
    ProductName        : Microsoft(R) Windows (R) 2000 Operating System
    Created on         : 2003-6-18 20:05:04
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2003-6-18 20:05:04

#:4 [lsass.exe]
    FilePath           : C:\WINNT\system32\
    ThreadCreationTime : 2005-3-22 23:32:08
    BasePriority       : Normal
    FileSize           : 32 KB
    FileVersion        : 5.00.2195.6695
    ProductVersion     : 5.00.2195.6695
    Copyright          : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName        : Microsoft Corporation
    FileDescription    : LSA Executable and Server DLL (Export Version)
    InternalName       : lsasrv.dll and lsass.exe
    OriginalFilename   : lsasrv.dll and lsass.exe
    ProductName        : Microsoft(R) Windows (R) 2000 Operating System
    Created on         : 2003-6-18 20:05:04
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2003-6-18 20:05:04

#:5 [svchost.exe]
    FilePath           : C:\WINNT\system32\
    ThreadCreationTime : 2005-3-22 23:32:10
    BasePriority       : Normal
    FileSize           : 7 KB
    FileVersion        : 5.00.2134.1
    ProductVersion     : 5.00.2134.1
    Copyright          : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    OriginalFilename   : svchost.exe
    ProductName        : Microsoft(R) Windows (R) 2000 Operating System
    Created on         : 2000-1-9 20:00:00
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2000-1-9 20:00:00

#:6 [spoolsv.exe]
    FilePath           : C:\WINNT\system32\
    ThreadCreationTime : 2005-3-22 23:32:11
    BasePriority       : Normal
    FileSize           : 44 KB
    FileVersion        : 5.00.2195.6659
    ProductVersion     : 5.00.2195.6659
    Copyright          : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName        : Microsoft Corporation
    FileDescription    : Spooler SubSystem App
    InternalName       : spoolss.exe
    OriginalFilename   : spoolss.exe
    ProductName        : Microsoft(R) Windows (R) 2000 Operating System
    Created on         : 2004-12-27 11:58:38
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2003-6-19 4:05:04

#:7 [cisvc.exe]
    FilePath           : C:\WINNT\system32\
    ThreadCreationTime : 2005-3-22 23:32:11
    BasePriority       : Normal
    FileSize           : 5 KB
    FileVersion        : 5.00.2134.1
    ProductVersion     : 5.00.2134.1
    Copyright          : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName        : Microsoft Corporation
    FileDescription    : Content Index service
    InternalName       : cisvc.exe
    OriginalFilename   : cisvc.exe
    ProductName        : Microsoft(R) Windows (R) 2000 Operating System
    Created on         : 2000-1-9 20:00:00
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2000-1-9 20:00:00

#:8 [defwatch.exe]
    FilePath           : C:\PROGRA~1\SYMANT~1\SYMANT~1\
    ThreadCreationTime : 2005-3-22 23:32:11
    BasePriority       : Normal
    FileSize           : 32 KB
    FileVersion        : 8.1.0.821
    ProductVersion     : 8.1.0.821
    Copyright          : Copyright ? 1998 Symantec Corporation
    CompanyName        : Symantec Corporation
    FileDescription    : Virus Definition Daemon
    InternalName       : DefWatch
    OriginalFilename   : DefWatch.exe
    ProductName        : Norton AntiVirus
    Created on         : 2003-5-16 6:08:22
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2003-5-16 6:08:22

#:9 [svchost.exe]
    FilePath           : C:\WINNT\system32\
    ThreadCreationTime : 2005-3-22 23:32:11
    BasePriority       : Normal
    FileSize           : 7 KB
    FileVersion        : 5.00.2134.1
    ProductVersion     : 5.00.2134.1
    Copyright          : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    OriginalFilename   : svchost.exe
    ProductName        : Microsoft(R) Windows (R) 2000 Operating System
    Created on         : 2000-1-9 20:00:00
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2000-1-9 20:00:00

#:10 [hidserv.exe]
    FilePath           : C:\WINNT\system32\
    ThreadCreationTime : 2005-3-22 23:32:11
    BasePriority       : Normal
    FileSize           : 19 KB
    FileVersion        : 5.00.2195.6655
    ProductVersion     : 5.00.2195.6655
    Copyright          : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName        : Microsoft Corporation
    FileDescription    : HID Audio Service
    InternalName       : hidserv
    OriginalFilename   : HIDSERV.EXE
    ProductName        : Microsoft(R) Windows (R) 2000 Operating System
    Created on         : 2005-2-20 23:37:05
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2003-6-19 4:05:04

#:11 [rtvscan.exe]
    FilePath           : C:\PROGRA~1\SYMANT~1\SYMANT~1\
    ThreadCreationTime : 2005-3-22 23:32:11
    BasePriority       : Normal
    FileSize           : 596 KB
    FileVersion        : 8.1.0.821
    ProductVersion     : 8.1.0.821
    Copyright          : Copyright (C) Symantec Corporation 1991-2003
    CompanyName        : Symantec Corporation
    FileDescription    : Symantec AntiVirus
    ProductName        : Symantec AntiVirus
    Created on         : 2003-5-30 2:37:18
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2003-5-30 2:37:18

#:12 [regsvc.exe]
    FilePath           : C:\WINNT\system32\
    ThreadCreationTime : 2005-3-22 23:32:15
    BasePriority       : Normal
    FileSize           : 66 KB
    FileVersion        : 5.00.2195.6701
    ProductVersion     : 5.00.2195.6701
    Copyright          : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName        : Microsoft Corporation
    FileDescription    : Remote Registry Service
    InternalName       : regsvc
    OriginalFilename   : REGSVC.EXE
    ProductName        : Microsoft(R) Windows (R) 2000 Operating System
    Created on         : 2003-6-18 20:05:04
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2003-6-18 20:05:04

#:13 [mstask.exe]
    FilePath           : C:\WINNT\system32\
    ThreadCreationTime : 2005-3-22 23:32:15
    BasePriority       : Normal
    FileSize           : 116 KB
    FileVersion        : 4.71.2195.6704
    ProductVersion     : 4.71.2195.6704
    Copyright          : Copyright (C) Microsoft Corp. 1997
    CompanyName        : Microsoft Corporation
    FileDescription    : Task Scheduler Engine
    InternalName       : TaskScheduler
    OriginalFilename   : mstask.exe
    ProductName        : Microsoft(R) Windows(R) Task Scheduler
    Created on         : 2004-12-27 12:05:21
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2003-6-19 4:05:04

#:14 [smagent.exe]
    FilePath           : C:\Program Files\Analog Devices\SoundMAX\
    ThreadCreationTime : 2005-3-22 23:32:16
    BasePriority       : Normal
    FileSize           : 44 KB
    FileVersion        : 3, 2, 6, 0
    ProductVersion     : 3, 2, 6, 0
    Copyright          : Copyright ? 2002
    CompanyName        : Analog Devices, Inc.
    FileDescription    : SoundMAX service agent component
    InternalName       : SMAgent
    OriginalFilename   : SMAgent.exe
    ProductName        : SoundMAX service agent
    Created on         : 2004-12-27 12:13:21
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2002-9-20 7:50:10

#:15 [winmgmt.exe]
    FilePath           : C:\WINNT\System32\WBEM\
    ThreadCreationTime : 2005-3-22 23:32:17
    BasePriority       : Normal
    FileSize           : 192 KB
    FileVersion        : 1.50.1085.0100
    ProductVersion     : 1.50.1085.0100
    Copyright          : Copyright (C) Microsoft Corp. 1995-1999
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows Management Instrumentation
    InternalName       : WINMGMT
    ProductName        : Windows Management Instrumentation
    Created on         : 2003-6-18 20:05:04
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2003-6-18 20:05:04

#:16 [svchost.exe]
    FilePath           : C:\WINNT\system32\
    ThreadCreationTime : 2005-3-22 23:32:17
    BasePriority       : Normal
    FileSize           : 7 KB
    FileVersion        : 5.00.2134.1
    ProductVersion     : 5.00.2134.1
    Copyright          : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    OriginalFilename   : svchost.exe
    ProductName        : Microsoft(R) Windows (R) 2000 Operating System
    Created on         : 2000-1-9 20:00:00
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2000-1-9 20:00:00

#:17 [explorer.exe]
    FilePath           : C:\WINNT\
    ThreadCreationTime : 2005-3-22 23:34:19
    BasePriority       : Normal
    FileSize           : 237 KB
    FileVersion        : 5.00.3700.6690
    ProductVersion     : 5.00.3700.6690
    Copyright          : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows Explorer
    InternalName       : explorer
    OriginalFilename   : EXPLORER.EXE
    ProductName        : Microsoft(R) Windows (R) 2000 Operating System
    Created on         : 2003-6-18 20:05:04
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2003-6-18 20:05:04

#:18 [igfxtray.exe]
    FilePath           : C:\WINNT\system32\
    ThreadCreationTime : 2005-3-22 23:34:22
    BasePriority       : Normal
    FileSize           : 152 KB
    FileVersion        : 3.0.0.2331
    ProductVersion     : 7.0.0.2331
    Copyright          : Copyright 1999-2003, Intel Corporation
    CompanyName        : Intel Corporation
    FileDescription    : igfxTray Module
    InternalName       : IGFXTRAY
    OriginalFilename   : IGFXTRAY.EXE
    ProductName        : Intel(R) Common User Interface
    Created on         : 2004-12-27 12:12:40
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2003-11-17 16:24:50

#:19 [hkcmd.exe]
    FilePath           : C:\WINNT\system32\
    ThreadCreationTime : 2005-3-22 23:34:22
    BasePriority       : Normal
    FileSize           : 116 KB
    FileVersion        : 3.0.0.2331
    ProductVersion     : 7.0.0.2331
    Copyright          : Copyright 1999-2003, Intel Corporation
    CompanyName        : Intel Corporation
    FileDescription    : hkcmd Module
    InternalName       : HKCMD
    OriginalFilename   : HKCMD.EXE
    ProductName        : Intel(R) Common User Interface
    Created on         : 2004-12-27 12:12:35
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2003-11-17 16:11:44

#:20 [rundll32.exe]
    FilePath           : C:\WINNT\system32\
    ThreadCreationTime : 2005-3-22 23:34:22
    BasePriority       : Normal
    FileSize           : 9 KB
    FileVersion        : 5.00.2134.1
    ProductVersion     : 5.00.2134.1
    Copyright          : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName        : Microsoft Corporation
    FileDescription    : Run a DLL as an App
    InternalName       : rundll
    OriginalFilename   : RUNDLL.EXE
    ProductName        : Microsoft(R) Windows (R) 2000 Operating System
    Created on         : 2000-1-9 20:00:00
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2000-1-9 20:00:00

#:21 [assistse.exe]
    FilePath           : C:\PROGRA~1\3721\
    ThreadCreationTime : 2005-3-22 23:34:22
    BasePriority       : Normal
    FileSize           : 54 KB
    FileVersion        : 1, 0, 0, 2
    ProductVersion     : 1, 0, 0, 2
    Copyright          : Copyright 3721.COM 2004
    CompanyName        : yahoo
    FileDescription    : AssistSetting
    InternalName       : AssistSetting
    OriginalFilename   : AssistSe.exe
    ProductName        : yahoo AssistSetting
    Created on         : 2004-12-7 5:51:04
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2004-12-7 5:51:04

#:22 [qttask.exe]
    FilePath           : C:\Program Files\QuickTime\
    ThreadCreationTime : 2005-3-22 23:34:23
    BasePriority       : Normal
    FileSize           : 96 KB
    FileVersion        : 6.5
    ProductVersion     : QuickTime 6.5
    Copyright          : ? Apple Computer, Inc. 2001-2004
    CompanyName        : Apple Computer, Inc.
    InternalName       : QuickTime Task
    OriginalFilename   : QTTask.exe
    ProductName        : QuickTime
    Created on         : 2005-2-23 8:15:26
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2005-2-23 8:15:28

#:23 [realsched.exe]
    FilePath           : C:\Program Files\Common Files\Real\Update_OB\
    ThreadCreationTime : 2005-3-22 23:34:24
    BasePriority       : Normal
    FileSize           : 176 KB
    FileVersion        : 0.1.0.3249
    ProductVersion     : 0.1.0.3249
    Copyright          : Copyright ? RealNetworks, Inc. 1995-2004
    CompanyName        : RealNetworks, Inc.
    FileDescription    : RealNetworks Scheduler
    InternalName       : schedapp
    OriginalFilename   : realsched.exe
    ProductName        : RealPlayer (32-bit)
    Created on         : 2005-3-10 1:32:06
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2005-3-10 1:32:08

#:24 [internat.exe]
    FilePath           : C:\WINNT\system32\
    ThreadCreationTime : 2005-3-22 23:34:24
    BasePriority       : Normal
    FileSize           : 20 KB
    FileVersion        : 5.00.2920.0000
    ProductVersion     : 5.00.2920.0000
    Copyright          : Copyright (C) Microsoft Corp. 1994-1999
    CompanyName        : Microsoft Corporation
    FileDescription    : Keyboard Language Indicator Applet
    InternalName       : INTERNAT
    OriginalFilename   : INTERNAT.EXE
    ProductName        : Microsoft(R) Windows (R) 2000 Operating System
    Created on         : 2000-1-9 20:00:00
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2000-1-9 20:00:00

#:25 [conime.exe]
    FilePath           : C:\WINNT\system32\
    ThreadCreationTime : 2005-3-22 23:34:25
    BasePriority       : Normal
    FileSize           : 25 KB
    FileVersion        : 5.00.2195.6655
    ProductVersion     : 5.00.2195.6655
    Copyright          : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName        : Microsoft Corporation
    FileDescription    : Console IME
    InternalName       : Console
    OriginalFilename   : CONIME.EXE
    ProductName        : Microsoft(R) Windows (R) 2000 Operating System
    Created on         : 2003-6-18 20:05:04
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2003-6-18 20:05:04

#:26 [search.exe]
    FilePath           : C:\Program Files\wsearch\
    ThreadCreationTime : 2005-3-22 23:34:25
    BasePriority       : Normal
    FileSize           : 84 KB
    FileVersion        : 1, 0, 0, 1
    ProductVersion     : 1, 0, 0, 1
    Copyright          :                  (C) 2004
    CompanyName        :
    FileDescription    :
    InternalName       : search
    OriginalFilename   : Search.EXE
    ProductName        :
    Created on         : 2004-12-6 1:48:22
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2005-1-20 3:52:56

#:27 [cidaemon.exe]
    FilePath           : C:\WINNT\system32\
    ThreadCreationTime : 2005-3-22 23:39:44
    BasePriority       : Idle
    FileSize           : 9 KB
    FileVersion        : 5.00.2134.1
    ProductVersion     : 5.00.2134.1
    Copyright          : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName        : Microsoft Corporation
    FileDescription    : Indexing Service filter daemon
    InternalName       : cidaemon.exe
    OriginalFilename   : cidaemon.exe
    ProductName        : Microsoft(R) Windows (R) 2000 Operating System
    Created on         : 2000-1-9 20:00:00
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2000-1-9 20:00:00

#:28 [qq.exe]
    FilePath           : C:\Program Files\Tencent\QQ\
    ThreadCreationTime : 2005-3-22 23:42:53
    BasePriority       : Normal
    FileSize           : 1080 KB
    FileVersion        : 12, 71, 0, 8039
    ProductVersion     : 1, 0, 0, 1
    Copyright          : Copyright ? 2004
    CompanyName        : TENCENT
    FileDescription    : QQ
    InternalName       : COMQQD
    OriginalFilename   : QQ.exe
    ProductName        : TENCENT QQ
    Created on         : 2004-12-14 6:34:48
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2004-12-14 6:34:48

#:29 [timplatform.exe]
    FilePath           : C:\Program Files\Tencent\QQ\
    ThreadCreationTime : 2005-3-22 23:42:54
    BasePriority       : Normal
    FileSize           : 68 KB
    FileVersion        : 2.05
    ProductVersion     : 0, 2, 0, 5
    Copyright          : Copyright ? 2004
    CompanyName        : tencent
    FileDescription    : TIMPlatform
    InternalName       : TIMPlatform
    OriginalFilename   : TIMPlatform.exe
    ProductName        : tencent TIMPlatform
    Created on         : 2004-12-14 6:34:56
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2004-12-14 6:34:56

#:30 [mmzj.exe]
    FilePath           : C:\Program Files\木马专家 2005\
    ThreadCreationTime : 2005-3-22 23:55:15
    BasePriority       : Normal
    FileSize           : 257 KB
    FileVersion        : 2,0,0,5 @Lega
    Copyright          : Beyond        ght8LegalTrade
    CompanyName        : Beyond         .cDFileDescri
    FileDescription    :         2005 ipti 0FileVers
    OriginalFilename   : mmzj.exe  <Prod
    ProductName        :         2005 me n D  VarFileI
    Created on         : 2005-3-21 3:20:10
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2005-3-21 3:20:10

#:31 [svchost.exe]
    FilePath           : C:\WINNT\system32\
    ThreadCreationTime : 2005-3-23 0:02:36
    BasePriority       : Normal
    FileSize           : 7 KB
    FileVersion        : 5.00.2134.1
    ProductVersion     : 5.00.2134.1
    Copyright          : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    OriginalFilename   : svchost.exe
    ProductName        : Microsoft(R) Windows (R) 2000 Operating System
    Created on         : 2000-1-9 20:00:00
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2000-1-9 20:00:00

#:32 [migpwda.exe]
    FilePath           : C:\WINNT\system32\
    ThreadCreationTime : 2005-3-23 3:42:56
    BasePriority       : Normal

#:33 [nettransport.exe]
    FilePath           : C:\Program Files\Xi\NetTransport 2\
    ThreadCreationTime : 2005-3-23 5:06:22
    BasePriority       : Normal
    FileSize           : 363 KB
    FileVersion        : 1.94.279
    ProductVersion     : 1.94.279
    Copyright          : Copyright (C) 2001-2004 Xi
    CompanyName        : Xi
    FileDescription    : Net Transport Download Manager
    InternalName       : Net Transport
    OriginalFilename   : NetTransport.EXE
    ProductName        : Net Transport Download Manager
    Created on         : 2005-1-27 12:46:14
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2005-1-27 12:46:14

#:34 [iexplore.exe]
    FilePath           : C:\Program Files\Internet Explorer\
    ThreadCreationTime : 2005-3-23 5:06:43
    BasePriority       : Normal
    FileSize           : 59 KB
    FileVersion        : 5.00.2920.0000
    ProductVersion     : 5.00.2920.0000
    Copyright          : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName        : Microsoft Corporation
    FileDescription    : Internet Explorer
    InternalName       : iexplore
    OriginalFilename   : IEXPLORE.EXE
    ProductName        : Microsoft(R) Windows (R) 2000 Operating System
    Created on         : 2004-12-27 12:05:25
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2000-1-10 4:00:00

#:35 [ad-aware.exe]
    FilePath           : C:\Program Files\Lavasoft\Ad-aware 6\
    ThreadCreationTime : 2005-3-23 5:29:41
    BasePriority       : Normal
    FileSize           : 645 KB
    FileVersion        : 6.0.1.165
    ProductVersion     : 6.0.0.0
    Copyright          : Copyright ? Lavasoft Sweden
    CompanyName        : Lavasoft Sweden
    FileDescription    : Ad-aware 6 core application
    InternalName       : Ad-aware.exe
    OriginalFilename   : Ad-aware.exe
    ProductName        : Lavasoft Ad-aware Plus
    Created on         : 2005-3-23 5:29:32
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2003-2-8 13:50:52

#:36 [ravqqmsender.exe]
    FilePath           : E:\
    ThreadCreationTime : 2005-3-23 5:32:16
    BasePriority       : Normal
    FileSize           : 116 KB
    FileVersion        : 2, 9, 0, 0
    ProductVersion     : 2, 9, 0, 0
    Copyright          : Copyright ? 2003
    CompanyName        : Beijing Rising Tech. Co., Ltd.
    FileDescription    : RavQQMsender
    InternalName       : RavQQMsender
    OriginalFilename   : RavQQMsender.exe
    ProductName        : Rising RavQQMsender
    Created on         : 2005-3-23 5:31:19
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2005-3-23 5:31:36

#:37 [iexplore.exe]
    FilePath           : C:\Program Files\Internet Explorer\
    ThreadCreationTime : 2005-3-23 5:32:18
    BasePriority       : Normal
    FileSize           : 59 KB
    FileVersion        : 5.00.2920.0000
    ProductVersion     : 5.00.2920.0000
    Copyright          : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName        : Microsoft Corporation
    FileDescription    : Internet Explorer
    InternalName       : iexplore
    OriginalFilename   : IEXPLORE.EXE
    ProductName        : Microsoft(R) Windows (R) 2000 Operating System
    Created on         : 2004-12-27 12:05:25
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2000-1-10 4:00:00

Memory scan result :

New objects : 0
Objects found so far: 0

Started registry scan


CnsMin Object recognized!
    Type               : RegKey
    Data               :
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : CLSID\{B83FC273-3522-4CC6-92EC-75CC86678DA4}

CnsMin Object recognized!
    Type               : RegKey
    Data               :
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : CnsHelper.CH

CnsMin Object recognized!
    Type               : RegKey
    Data               :
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : CnsHelper.CH.1

CnsMin Object recognized!
    Type               : RegKey
    Data               :
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : CnsMinHK.CnsHook

CnsMin Object recognized!
    Type               : RegKey
    Data               :
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : CnsMinHK.CnsHook.1

CnsMin Object recognized!
    Type               : RegKey
    Data               :
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : Interface\{1BB0ABBE-2D95-4847-B9D8-6F90DE3714C1}

CnsMin Object recognized!
    Type               : RegKey
    Data               :
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : Interface\{DF692509-D9EF-48A0-9CD0-3AA5B81F6F68}

CnsMin Object recognized!
    Type               : RegKey
    Data               :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : SOFTWARE\3721

CnsMin Object recognized!
    Type               : RegKey
    Data               :
    Rootkey            : HKEY_CURRENT_USER
    Object             : Software\3721

CnsMin Object recognized!
    Type               : RegKey
    Data               :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS

CnsMin Object recognized!
    Type               : RegKey
    Data               :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : SOFTWARE\Microsoft\Internet Explorer\Extensions\{5D73EE86-05F1-49ed-B850-E423120EC338}

Alexa Object recognized!
    Type               : RegKey
    Data               :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

CnsMin Object recognized!
    Type               : RegKey
    Data               :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : SOFTWARE\Microsoft\Internet Explorer\Extensions\{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}

CnsMin Object recognized!
    Type               : RegKey
    Data               :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : SOFTWARE\Microsoft\Internet Explorer\Extensions\{FD00D911-7529-4084-9946-A29F1BDF4FE5}

CnsMin Object recognized!
    Type               : RegKey
    Data               :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CnsMin

CnsMin Object recognized!
    Type               : RegKey
    Data               :
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : TypeLib\{A5ADEAE7-A8B4-4F94-9128-BF8D8DB5E927}

CnsMin Object recognized!
    Type               : RegKey
    Data               :
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : TypeLib\{AAB6BCE3-1DF6-4930-9B14-9CA79DC8C267}

Registry scan result :

New objects : 17
Objects found so far: 17

Started deep registry scan


CnsMin Object recognized!
    Type               : RegKey
    Data               :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : Software\microsoft\windows\currentversion\moduleusage\C:/WINNT/Downloaded Program Files/CONFLICT.1/CnsMin.dll

CnsMin Object recognized!
    Type               : RegKey
    Data               :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : Software\microsoft\windows\currentversion\moduleusage\C:/WINNT/Downloaded Program Files/CONFLICT.2/CnsMin.dll

CnsMin Object recognized!
    Type               : RegKey
    Data               :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : Software\microsoft\windows\currentversion\moduleusage\C:/WINNT/Downloaded Program Files/CONFLICT.3/CnsMin.dll

CnsMin Object recognized!
    Type               : RegValue
    Data               : cnsmin.dll
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
    Value              : C:\WINNT\Downloaded Program Files\CONFLICT.1\CnsMin.dll

CnsMin Object recognized!
    Type               : RegValue
    Data               : cnsmin.dll
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
    Value              : C:\WINNT\Downloaded Program Files\CONFLICT.2\CnsMin.dll

CnsMin Object recognized!
    Type               : RegValue
    Data               : cnsmin.dll
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
    Value              : C:\WINNT\Downloaded Program Files\CONFLICT.3\CnsMin.dll

Deep registry scan result :

New objects : 6
Objects found so far: 23

Deep scanning and examining files (C:)


Tracking Cookie Object recognized!
    Type               : File
    Data               : administrator@doubleclick[1].txt
    Object             : C:\WINNT\Cookies\

    Created on         : 2005-1-15 4:17:18
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2005-1-15 4:17:30

CnsMin Object recognized!
    Type               : File
    Data               : cnsmin.dll
    Object             : C:\WINNT\Downloaded Program Files\CONFLICT.1\
    FileSize           : 180 KB
    FileVersion        : 1, 5, 0, 9
    ProductVersion     : 1, 5, 0, 9
    Copyright          :          (C) 2001 - 2004
    CompanyName        :
    FileDescription    : 3721
    InternalName       : CnsMin
    OriginalFilename   : CnsMin.dll
    ProductName        : 3721 CnsMin
    Created on         : 2004-11-24 5:57:46
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2004-11-24 5:57:46

CnsMin Object recognized!
    Type               : File
    Data               : cnsmin.dll
    Object             : C:\WINNT\Downloaded Program Files\CONFLICT.2\
    FileSize           : 180 KB
    FileVersion        : 1, 5, 0, 9
    ProductVersion     : 1, 5, 0, 9
    Copyright          :          (C) 2001 - 2004
    CompanyName        :
    FileDescription    : 3721
    InternalName       : CnsMin
    OriginalFilename   : CnsMin.dll
    ProductName        : 3721 CnsMin
    Created on         : 2004-11-24 5:57:46
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2004-11-24 5:57:46

CnsMin Object recognized!
    Type               : File
    Data               : cnsmin.dll
    Object             : C:\WINNT\Downloaded Program Files\CONFLICT.3\
    FileSize           : 180 KB
    FileVersion        : 1, 5, 0, 9
    ProductVersion     : 1, 5, 0, 9
    Copyright          :          (C) 2001 - 2004
    CompanyName        :
    FileDescription    : 3721
    InternalName       : CnsMin
    OriginalFilename   : CnsMin.dll
    ProductName        : 3721 CnsMin
    Created on         : 2004-11-24 5:57:46
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2004-11-24 5:57:46

CnsMin Object recognized!
    Type               : File
    Data               : cnsmin.ini
    Object             : C:\WINNT\Downloaded Program Files\CONFLICT.3\

    Created on         : 2005-1-4 8:05:26
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2005-3-23 1:41:04

CnsMin Object recognized!
    Type               : File
    Data               : cnsmin.ini
    Object             : C:\WINNT\Downloaded Program Files\

    Created on         : 2004-12-31 8:03:11
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2004-12-31 8:03:12

CnsMin Object recognized!
    Type               : File
    Data               : cnsminex.ini
    Object             : C:\WINNT\Downloaded Program Files\

    Created on         : 2004-12-31 8:03:11
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2004-12-31 8:03:12

CnsMin Object recognized!
    Type               : File
    Data               : cnsminhk.cab
    Object             : C:\WINNT\Downloaded Program Files\
    FileSize           : 27 KB
    Created on         : 2004-12-31 8:03:11
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2004-12-31 8:03:14

CnsMin Object recognized!
    Type               : File
    Data               : cnsminio.cab
    Object             : C:\WINNT\Downloaded Program Files\
    FileSize           : 22 KB
    Created on         : 2004-12-31 8:03:11
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2004-12-31 8:03:14

CnsMin Object recognized!
    Type               : File
    Data               : cnshook.dll
    Object             : C:\WINNT\Downloaded Program Files\
    FileSize           : 55 KB
    FileVersion        : 1, 0, 2, 3
    ProductVersion     : 1, 0, 2, 3
    Copyright          :          (C) 2001 - 2004
    CompanyName        :
    FileDescription    : 3721 CNS Module
    OriginalFilename   :
    ProductName        : 3721 CNS Module
    Created on         : 2004-12-31 8:03:12
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2004-11-8 5:50:30

Tracking Cookie Object recognized!
    Type               : File
    Data               : administrator@clkhype.adbureau[2].txt
    Object             : C:\Documents and Settings\Administrator\Cookies\

    Created on         : 2005-1-21 12:25:02
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2005-1-21 12:25:04

Tracking Cookie Object recognized!
    Type               : File
    Data               : administrator@targetnet[1].txt
    Object             : C:\Documents and Settings\Administrator\Cookies\

    Created on         : 2005-1-21 13:00:51
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2005-1-21 13:00:52

Tracking Cookie Object recognized!
    Type               : File
    Data               : administrator@atdmt[1].txt
    Object             : C:\Documents and Settings\Administrator\Cookies\

    Created on         : 2005-1-21 23:49:36
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2005-1-21 23:49:38

Tracking Cookie Object recognized!
    Type               : File
    Data               : administrator@doubleclick[2].txt
    Object             : C:\Documents and Settings\Administrator\Cookies\

    Created on         : 2005-1-21 23:49:35
    Last accessed      : 2005-3-22 16:00:00
    Last modified      : 2005-1-21 23:49:36

Disk scan result for C:

New objects : 0
Objects found so far: 37

13:36:33 Scan complete

Summary of this scan

Total scanning time :00:03:07:110
Objects scanned :46261
Objects identified :37
Objects ignored :0
New objects :37

------------------签名------------------
骁

主题: 兄弟这里是查完的文件，帮忙分析一下看那个是木马
作者:yx25256	楼主
vasoft Ad-aware Personal Build 162 Logfile created on :2005年3月23日 13:33:24 Created with Ad-aware Personal, free for private use. Using reference-file :0R114 09.02.2003 ______________________________________________________ Ad-aware Settings ========================= Set : Activate in-depth scan (Recommended) Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep scan registry Listing running processes  #:1 [smss.exe] FilePath : \SystemRoot\System32\ ThreadCreationTime : 2005-3-22 23:32:01 BasePriority : Normal #:2 [winlogon.exe] FilePath : \??\C:\WINNT\system32\ ThreadCreationTime : 2005-3-22 23:32:07 BasePriority : High #:3 [services.exe] FilePath : C:\WINNT\system32\ ThreadCreationTime : 2005-3-22 23:32:08 BasePriority : Normal FileSize : 87 KB FileVersion : 5.00.2195.6700 ProductVersion : 5.00.2195.6700 Copyright : Copyright (C) Microsoft Corp. 1981-1999 CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe OriginalFilename : services.exe ProductName : Microsoft(R) Windows (R) 2000 Operating System Created on : 2003-6-18 20:05:04 Last accessed : 2005-3-22 16:00:00 Last modified : 2003-6-18 20:05:04 #:4 [lsass.exe] FilePath : C:\WINNT\system32\ ThreadCreationTime : 2005-3-22 23:32:08 BasePriority : Normal FileSize : 32 KB FileVersion : 5.00.2195.6695 ProductVersion : 5.00.2195.6695 Copyright : Copyright (C) Microsoft Corp. 1981-1999 CompanyName : Microsoft Corporation FileDescription : LSA Executable and Server DLL (Export Version) InternalName : lsasrv.dll and lsass.exe OriginalFilename : lsasrv.dll and lsass.exe ProductName : Microsoft(R) Windows (R) 2000 Operating System Created on : 2003-6-18 20:05:04 Last accessed : 2005-3-22 16:00:00 Last modified : 2003-6-18 20:05:04 #:5 [svchost.exe] FilePath : C:\WINNT\system32\ ThreadCreationTime : 2005-3-22 23:32:10 BasePriority : Normal FileSize : 7 KB FileVersion : 5.00.2134.1 ProductVersion : 5.00.2134.1 Copyright : Copyright (C) Microsoft Corp. 1981-1999 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft(R) Windows (R) 2000 Operating System Created on : 2000-1-9 20:00:00 Last accessed : 2005-3-22 16:00:00 Last modified : 2000-1-9 20:00:00 #:6 [spoolsv.exe] FilePath : C:\WINNT\system32\ ThreadCreationTime : 2005-3-22 23:32:11 BasePriority : Normal FileSize : 44 KB FileVersion : 5.00.2195.6659 ProductVersion : 5.00.2195.6659 Copyright : Copyright (C) Microsoft Corp. 1981-1999 CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolss.exe OriginalFilename : spoolss.exe ProductName : Microsoft(R) Windows (R) 2000 Operating System Created on : 2004-12-27 11:58:38 Last accessed : 2005-3-22 16:00:00 Last modified : 2003-6-19 4:05:04 #:7 [cisvc.exe] FilePath : C:\WINNT\system32\ ThreadCreationTime : 2005-3-22 23:32:11 BasePriority : Normal FileSize : 5 KB FileVersion : 5.00.2134.1 ProductVersion : 5.00.2134.1 Copyright : Copyright (C) Microsoft Corp. 1981-1999 CompanyName : Microsoft Corporation FileDescription : Content Index service InternalName : cisvc.exe OriginalFilename : cisvc.exe ProductName : Microsoft(R) Windows (R) 2000 Operating System Created on : 2000-1-9 20:00:00 Last accessed : 2005-3-22 16:00:00 Last modified : 2000-1-9 20:00:00 #:8 [defwatch.exe] FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\ ThreadCreationTime : 2005-3-22 23:32:11 BasePriority : Normal FileSize : 32 KB FileVersion : 8.1.0.821 ProductVersion : 8.1.0.821 Copyright : Copyright ? 1998 Symantec Corporation CompanyName : Symantec Corporation FileDescription : Virus Definition Daemon InternalName : DefWatch OriginalFilename : DefWatch.exe ProductName : Norton AntiVirus Created on : 2003-5-16 6:08:22 Last accessed : 2005-3-22 16:00:00 Last modified : 2003-5-16 6:08:22 #:9 [svchost.exe] FilePath : C:\WINNT\system32\ ThreadCreationTime : 2005-3-22 23:32:11 BasePriority : Normal FileSize : 7 KB FileVersion : 5.00.2134.1 ProductVersion : 5.00.2134.1 Copyright : Copyright (C) Microsoft Corp. 1981-1999 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft(R) Windows (R) 2000 Operating System Created on : 2000-1-9 20:00:00 Last accessed : 2005-3-22 16:00:00 Last modified : 2000-1-9 20:00:00 #:10 [hidserv.exe] FilePath : C:\WINNT\system32\ ThreadCreationTime : 2005-3-22 23:32:11 BasePriority : Normal FileSize : 19 KB FileVersion : 5.00.2195.6655 ProductVersion : 5.00.2195.6655 Copyright : Copyright (C) Microsoft Corp. 1981-1999 CompanyName : Microsoft Corporation FileDescription : HID Audio Service InternalName : hidserv OriginalFilename : HIDSERV.EXE ProductName : Microsoft(R) Windows (R) 2000 Operating System Created on : 2005-2-20 23:37:05 Last accessed : 2005-3-22 16:00:00 Last modified : 2003-6-19 4:05:04 #:11 [rtvscan.exe] FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\ ThreadCreationTime : 2005-3-22 23:32:11 BasePriority : Normal FileSize : 596 KB FileVersion : 8.1.0.821 ProductVersion : 8.1.0.821 Copyright : Copyright (C) Symantec Corporation 1991-2003 CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus ProductName : Symantec AntiVirus Created on : 2003-5-30 2:37:18 Last accessed : 2005-3-22 16:00:00 Last modified : 2003-5-30 2:37:18 #:12 [regsvc.exe] FilePath : C:\WINNT\system32\ ThreadCreationTime : 2005-3-22 23:32:15 BasePriority : Normal FileSize : 66 KB FileVersion : 5.00.2195.6701 ProductVersion : 5.00.2195.6701 Copyright : Copyright (C) Microsoft Corp. 1981-1999 CompanyName : Microsoft Corporation FileDescription : Remote Registry Service InternalName : regsvc OriginalFilename : REGSVC.EXE ProductName : Microsoft(R) Windows (R) 2000 Operating System Created on : 2003-6-18 20:05:04 Last accessed : 2005-3-22 16:00:00 Last modified : 2003-6-18 20:05:04 #:13 [mstask.exe] FilePath : C:\WINNT\system32\ ThreadCreationTime : 2005-3-22 23:32:15 BasePriority : Normal FileSize : 116 KB FileVersion : 4.71.2195.6704 ProductVersion : 4.71.2195.6704 Copyright : Copyright (C) Microsoft Corp. 1997 CompanyName : Microsoft Corporation FileDescription : Task Scheduler Engine InternalName : TaskScheduler OriginalFilename : mstask.exe ProductName : Microsoft(R) Windows(R) Task Scheduler Created on : 2004-12-27 12:05:21 Last accessed : 2005-3-22 16:00:00 Last modified : 2003-6-19 4:05:04 #:14 [smagent.exe] FilePath : C:\Program Files\Analog Devices\SoundMAX\ ThreadCreationTime : 2005-3-22 23:32:16 BasePriority : Normal FileSize : 44 KB FileVersion : 3, 2, 6, 0 ProductVersion : 3, 2, 6, 0 Copyright : Copyright ? 2002 CompanyName : Analog Devices, Inc. FileDescription : SoundMAX service agent component InternalName : SMAgent OriginalFilename : SMAgent.exe ProductName : SoundMAX service agent Created on : 2004-12-27 12:13:21 Last accessed : 2005-3-22 16:00:00 Last modified : 2002-9-20 7:50:10 #:15 [winmgmt.exe] FilePath : C:\WINNT\System32\WBEM\ ThreadCreationTime : 2005-3-22 23:32:17 BasePriority : Normal FileSize : 192 KB FileVersion : 1.50.1085.0100 ProductVersion : 1.50.1085.0100 Copyright : Copyright (C) Microsoft Corp. 1995-1999 CompanyName : Microsoft Corporation FileDescription : Windows Management Instrumentation InternalName : WINMGMT ProductName : Windows Management Instrumentation Created on : 2003-6-18 20:05:04 Last accessed : 2005-3-22 16:00:00 Last modified : 2003-6-18 20:05:04 #:16 [svchost.exe] FilePath : C:\WINNT\system32\ ThreadCreationTime : 2005-3-22 23:32:17 BasePriority : Normal FileSize : 7 KB FileVersion : 5.00.2134.1 ProductVersion : 5.00.2134.1 Copyright : Copyright (C) Microsoft Corp. 1981-1999 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft(R) Windows (R) 2000 Operating System Created on : 2000-1-9 20:00:00 Last accessed : 2005-3-22 16:00:00 Last modified : 2000-1-9 20:00:00 #:17 [explorer.exe] FilePath : C:\WINNT\ ThreadCreationTime : 2005-3-22 23:34:19 BasePriority : Normal FileSize : 237 KB FileVersion : 5.00.3700.6690 ProductVersion : 5.00.3700.6690 Copyright : Copyright (C) Microsoft Corp. 1981-1999 CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer OriginalFilename : EXPLORER.EXE ProductName : Microsoft(R) Windows (R) 2000 Operating System Created on : 2003-6-18 20:05:04 Last accessed : 2005-3-22 16:00:00 Last modified : 2003-6-18 20:05:04 #:18 [igfxtray.exe] FilePath : C:\WINNT\system32\ ThreadCreationTime : 2005-3-22 23:34:22 BasePriority : Normal FileSize : 152 KB FileVersion : 3.0.0.2331 ProductVersion : 7.0.0.2331 Copyright : Copyright 1999-2003, Intel Corporation CompanyName : Intel Corporation FileDescription : igfxTray Module InternalName : IGFXTRAY OriginalFilename : IGFXTRAY.EXE ProductName : Intel(R) Common User Interface Created on : 2004-12-27 12:12:40 Last accessed : 2005-3-22 16:00:00 Last modified : 2003-11-17 16:24:50 #:19 [hkcmd.exe] FilePath : C:\WINNT\system32\ ThreadCreationTime : 2005-3-22 23:34:22 BasePriority : Normal FileSize : 116 KB FileVersion : 3.0.0.2331 ProductVersion : 7.0.0.2331 Copyright : Copyright 1999-2003, Intel Corporation CompanyName : Intel Corporation FileDescription : hkcmd Module InternalName : HKCMD OriginalFilename : HKCMD.EXE ProductName : Intel(R) Common User Interface Created on : 2004-12-27 12:12:35 Last accessed : 2005-3-22 16:00:00 Last modified : 2003-11-17 16:11:44 #:20 [rundll32.exe] FilePath : C:\WINNT\system32\ ThreadCreationTime : 2005-3-22 23:34:22 BasePriority : Normal FileSize : 9 KB FileVersion : 5.00.2134.1 ProductVersion : 5.00.2134.1 Copyright : Copyright (C) Microsoft Corp. 1981-1999 CompanyName : Microsoft Corporation FileDescription : Run a DLL as an App InternalName : rundll OriginalFilename : RUNDLL.EXE ProductName : Microsoft(R) Windows (R) 2000 Operating System Created on : 2000-1-9 20:00:00 Last accessed : 2005-3-22 16:00:00 Last modified : 2000-1-9 20:00:00 #:21 [assistse.exe] FilePath : C:\PROGRA~1\3721\ ThreadCreationTime : 2005-3-22 23:34:22 BasePriority : Normal FileSize : 54 KB FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 Copyright : Copyright 3721.COM 2004 CompanyName : yahoo FileDescription : AssistSetting InternalName : AssistSetting OriginalFilename : AssistSe.exe ProductName : yahoo AssistSetting Created on : 2004-12-7 5:51:04 Last accessed : 2005-3-22 16:00:00 Last modified : 2004-12-7 5:51:04 #:22 [qttask.exe] FilePath : C:\Program Files\QuickTime\ ThreadCreationTime : 2005-3-22 23:34:23 BasePriority : Normal FileSize : 96 KB FileVersion : 6.5 ProductVersion : QuickTime 6.5 Copyright : ? Apple Computer, Inc. 2001-2004 CompanyName : Apple Computer, Inc. InternalName : QuickTime Task OriginalFilename : QTTask.exe ProductName : QuickTime Created on : 2005-2-23 8:15:26 Last accessed : 2005-3-22 16:00:00 Last modified : 2005-2-23 8:15:28 #:23 [realsched.exe] FilePath : C:\Program Files\Common Files\Real\Update_OB\ ThreadCreationTime : 2005-3-22 23:34:24 BasePriority : Normal FileSize : 176 KB FileVersion : 0.1.0.3249 ProductVersion : 0.1.0.3249 Copyright : Copyright ? RealNetworks, Inc. 1995-2004 CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp OriginalFilename : realsched.exe ProductName : RealPlayer (32-bit) Created on : 2005-3-10 1:32:06 Last accessed : 2005-3-22 16:00:00 Last modified : 2005-3-10 1:32:08 #:24 [internat.exe] FilePath : C:\WINNT\system32\ ThreadCreationTime : 2005-3-22 23:34:24 BasePriority : Normal FileSize : 20 KB FileVersion : 5.00.2920.0000 ProductVersion : 5.00.2920.0000 Copyright : Copyright (C) Microsoft Corp. 1994-1999 CompanyName : Microsoft Corporation FileDescription : Keyboard Language Indicator Applet InternalName : INTERNAT OriginalFilename : INTERNAT.EXE ProductName : Microsoft(R) Windows (R) 2000 Operating System Created on : 2000-1-9 20:00:00 Last accessed : 2005-3-22 16:00:00 Last modified : 2000-1-9 20:00:00 #:25 [conime.exe] FilePath : C:\WINNT\system32\ ThreadCreationTime : 2005-3-22 23:34:25 BasePriority : Normal FileSize : 25 KB FileVersion : 5.00.2195.6655 ProductVersion : 5.00.2195.6655 Copyright : Copyright (C) Microsoft Corp. 1981-1999 CompanyName : Microsoft Corporation FileDescription : Console IME InternalName : Console OriginalFilename : CONIME.EXE ProductName : Microsoft(R) Windows (R) 2000 Operating System Created on : 2003-6-18 20:05:04 Last accessed : 2005-3-22 16:00:00 Last modified : 2003-6-18 20:05:04 #:26 [search.exe] FilePath : C:\Program Files\wsearch\ ThreadCreationTime : 2005-3-22 23:34:25 BasePriority : Normal FileSize : 84 KB FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 Copyright : (C) 2004 CompanyName : FileDescription : InternalName : search OriginalFilename : Search.EXE ProductName : Created on : 2004-12-6 1:48:22 Last accessed : 2005-3-22 16:00:00 Last modified : 2005-1-20 3:52:56 #:27 [cidaemon.exe] FilePath : C:\WINNT\system32\ ThreadCreationTime : 2005-3-22 23:39:44 BasePriority : Idle FileSize : 9 KB FileVersion : 5.00.2134.1 ProductVersion : 5.00.2134.1 Copyright : Copyright (C) Microsoft Corp. 1981-1999 CompanyName : Microsoft Corporation FileDescription : Indexing Service filter daemon InternalName : cidaemon.exe OriginalFilename : cidaemon.exe ProductName : Microsoft(R) Windows (R) 2000 Operating System Created on : 2000-1-9 20:00:00 Last accessed : 2005-3-22 16:00:00 Last modified : 2000-1-9 20:00:00 #:28 [qq.exe] FilePath : C:\Program Files\Tencent\QQ\ ThreadCreationTime : 2005-3-22 23:42:53 BasePriority : Normal FileSize : 1080 KB FileVersion : 12, 71, 0, 8039 ProductVersion : 1, 0, 0, 1 Copyright : Copyright ? 2004 CompanyName : TENCENT FileDescription : QQ InternalName : COMQQD OriginalFilename : QQ.exe ProductName : TENCENT QQ Created on : 2004-12-14 6:34:48 Last accessed : 2005-3-22 16:00:00 Last modified : 2004-12-14 6:34:48 #:29 [timplatform.exe] FilePath : C:\Program Files\Tencent\QQ\ ThreadCreationTime : 2005-3-22 23:42:54 BasePriority : Normal FileSize : 68 KB FileVersion : 2.05 ProductVersion : 0, 2, 0, 5 Copyright : Copyright ? 2004 CompanyName : tencent FileDescription : TIMPlatform InternalName : TIMPlatform OriginalFilename : TIMPlatform.exe ProductName : tencent TIMPlatform Created on : 2004-12-14 6:34:56 Last accessed : 2005-3-22 16:00:00 Last modified : 2004-12-14 6:34:56 #:30 [mmzj.exe] FilePath : C:\Program Files\木马专家 2005\ ThreadCreationTime : 2005-3-22 23:55:15 BasePriority : Normal FileSize : 257 KB FileVersion : 2,0,0,5 @Lega Copyright : Beyond ght8LegalTrade CompanyName : Beyond .cDFileDescri FileDescription : 2005 ipti 0FileVers OriginalFilename : mmzj.exe <Prod ProductName : 2005 me n D VarFileI Created on : 2005-3-21 3:20:10 Last accessed : 2005-3-22 16:00:00 Last modified : 2005-3-21 3:20:10 #:31 [svchost.exe] FilePath : C:\WINNT\system32\ ThreadCreationTime : 2005-3-23 0:02:36 BasePriority : Normal FileSize : 7 KB FileVersion : 5.00.2134.1 ProductVersion : 5.00.2134.1 Copyright : Copyright (C) Microsoft Corp. 1981-1999 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft(R) Windows (R) 2000 Operating System Created on : 2000-1-9 20:00:00 Last accessed : 2005-3-22 16:00:00 Last modified : 2000-1-9 20:00:00 #:32 [migpwda.exe] FilePath : C:\WINNT\system32\ ThreadCreationTime : 2005-3-23 3:42:56 BasePriority : Normal #:33 [nettransport.exe] FilePath : C:\Program Files\Xi\NetTransport 2\ ThreadCreationTime : 2005-3-23 5:06:22 BasePriority : Normal FileSize : 363 KB FileVersion : 1.94.279 ProductVersion : 1.94.279 Copyright : Copyright (C) 2001-2004 Xi CompanyName : Xi FileDescription : Net Transport Download Manager InternalName : Net Transport OriginalFilename : NetTransport.EXE ProductName : Net Transport Download Manager Created on : 2005-1-27 12:46:14 Last accessed : 2005-3-22 16:00:00 Last modified : 2005-1-27 12:46:14 #:34 [iexplore.exe] FilePath : C:\Program Files\Internet Explorer\ ThreadCreationTime : 2005-3-23 5:06:43 BasePriority : Normal FileSize : 59 KB FileVersion : 5.00.2920.0000 ProductVersion : 5.00.2920.0000 Copyright : Copyright (C) Microsoft Corp. 1981-1999 CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore OriginalFilename : IEXPLORE.EXE ProductName : Microsoft(R) Windows (R) 2000 Operating System Created on : 2004-12-27 12:05:25 Last accessed : 2005-3-22 16:00:00 Last modified : 2000-1-10 4:00:00 #:35 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-aware 6\ ThreadCreationTime : 2005-3-23 5:29:41 BasePriority : Normal FileSize : 645 KB FileVersion : 6.0.1.165 ProductVersion : 6.0.0.0 Copyright : Copyright ? Lavasoft Sweden CompanyName : Lavasoft Sweden FileDescription : Ad-aware 6 core application InternalName : Ad-aware.exe OriginalFilename : Ad-aware.exe ProductName : Lavasoft Ad-aware Plus Created on : 2005-3-23 5:29:32 Last accessed : 2005-3-22 16:00:00 Last modified : 2003-2-8 13:50:52 #:36 [ravqqmsender.exe] FilePath : E:\ ThreadCreationTime : 2005-3-23 5:32:16 BasePriority : Normal FileSize : 116 KB FileVersion : 2, 9, 0, 0 ProductVersion : 2, 9, 0, 0 Copyright : Copyright ? 2003 CompanyName : Beijing Rising Tech. Co., Ltd. FileDescription : RavQQMsender InternalName : RavQQMsender OriginalFilename : RavQQMsender.exe ProductName : Rising RavQQMsender Created on : 2005-3-23 5:31:19 Last accessed : 2005-3-22 16:00:00 Last modified : 2005-3-23 5:31:36 #:37 [iexplore.exe] FilePath : C:\Program Files\Internet Explorer\ ThreadCreationTime : 2005-3-23 5:32:18 BasePriority : Normal FileSize : 59 KB FileVersion : 5.00.2920.0000 ProductVersion : 5.00.2920.0000 Copyright : Copyright (C) Microsoft Corp. 1981-1999 CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore OriginalFilename : IEXPLORE.EXE ProductName : Microsoft(R) Windows (R) 2000 Operating System Created on : 2004-12-27 12:05:25 Last accessed : 2005-3-22 16:00:00 Last modified : 2000-1-10 4:00:00 Memory scan result :  New objects : 0 Objects found so far: 0 Started registry scan  CnsMin Object recognized! Type : RegKey Data : Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{B83FC273-3522-4CC6-92EC-75CC86678DA4} CnsMin Object recognized! Type : RegKey Data : Rootkey : HKEY_CLASSES_ROOT Object : CnsHelper.CH CnsMin Object recognized! Type : RegKey Data : Rootkey : HKEY_CLASSES_ROOT Object : CnsHelper.CH.1 CnsMin Object recognized! Type : RegKey Data : Rootkey : HKEY_CLASSES_ROOT Object : CnsMinHK.CnsHook CnsMin Object recognized! Type : RegKey Data : Rootkey : HKEY_CLASSES_ROOT Object : CnsMinHK.CnsHook.1 CnsMin Object recognized! Type : RegKey Data : Rootkey : HKEY_CLASSES_ROOT Object : Interface\{1BB0ABBE-2D95-4847-B9D8-6F90DE3714C1} CnsMin Object recognized! Type : RegKey Data : Rootkey : HKEY_CLASSES_ROOT Object : Interface\{DF692509-D9EF-48A0-9CD0-3AA5B81F6F68} CnsMin Object recognized! Type : RegKey Data : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\3721 CnsMin Object recognized! Type : RegKey Data : Rootkey : HKEY_CURRENT_USER Object : Software\3721 CnsMin Object recognized! Type : RegKey Data : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS CnsMin Object recognized! Type : RegKey Data : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{5D73EE86-05F1-49ed-B850-E423120EC338} Alexa Object recognized! Type : RegKey Data : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} CnsMin Object recognized! Type : RegKey Data : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} CnsMin Object recognized! Type : RegKey Data : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{FD00D911-7529-4084-9946-A29F1BDF4FE5} CnsMin Object recognized! Type : RegKey Data : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CnsMin CnsMin Object recognized! Type : RegKey Data : Rootkey : HKEY_CLASSES_ROOT Object : TypeLib\{A5ADEAE7-A8B4-4F94-9128-BF8D8DB5E927} CnsMin Object recognized! Type : RegKey Data : Rootkey : HKEY_CLASSES_ROOT Object : TypeLib\{AAB6BCE3-1DF6-4930-9B14-9CA79DC8C267} Registry scan result :  New objects : 17 Objects found so far: 17 Started deep registry scan  CnsMin Object recognized! Type : RegKey Data : Rootkey : HKEY_LOCAL_MACHINE Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINNT/Downloaded Program Files/CONFLICT.1/CnsMin.dll CnsMin Object recognized! Type : RegKey Data : Rootkey : HKEY_LOCAL_MACHINE Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINNT/Downloaded Program Files/CONFLICT.2/CnsMin.dll CnsMin Object recognized! Type : RegKey Data : Rootkey : HKEY_LOCAL_MACHINE Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINNT/Downloaded Program Files/CONFLICT.3/CnsMin.dll CnsMin Object recognized! Type : RegValue Data : cnsmin.dll Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs Value : C:\WINNT\Downloaded Program Files\CONFLICT.1\CnsMin.dll CnsMin Object recognized! Type : RegValue Data : cnsmin.dll Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs Value : C:\WINNT\Downloaded Program Files\CONFLICT.2\CnsMin.dll CnsMin Object recognized! Type : RegValue Data : cnsmin.dll Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs Value : C:\WINNT\Downloaded Program Files\CONFLICT.3\CnsMin.dll Deep registry scan result :  New objects : 6 Objects found so far: 23 Deep scanning and examining files (C:)  Tracking Cookie Object recognized! Type : File Data : administrator@doubleclick[1].txt Object : C:\WINNT\Cookies\ Created on : 2005-1-15 4:17:18 Last accessed : 2005-3-22 16:00:00 Last modified : 2005-1-15 4:17:30 CnsMin Object recognized! Type : File Data : cnsmin.dll Object : C:\WINNT\Downloaded Program Files\CONFLICT.1\ FileSize : 180 KB FileVersion : 1, 5, 0, 9 ProductVersion : 1, 5, 0, 9 Copyright : (C) 2001 - 2004 CompanyName : FileDescription : 3721 InternalName : CnsMin OriginalFilename : CnsMin.dll ProductName : 3721 CnsMin Created on : 2004-11-24 5:57:46 Last accessed : 2005-3-22 16:00:00 Last modified : 2004-11-24 5:57:46 CnsMin Object recognized! Type : File Data : cnsmin.dll Object : C:\WINNT\Downloaded Program Files\CONFLICT.2\ FileSize : 180 KB FileVersion : 1, 5, 0, 9 ProductVersion : 1, 5, 0, 9 Copyright : (C) 2001 - 2004 CompanyName : FileDescription : 3721 InternalName : CnsMin OriginalFilename : CnsMin.dll ProductName : 3721 CnsMin Created on : 2004-11-24 5:57:46 Last accessed : 2005-3-22 16:00:00 Last modified : 2004-11-24 5:57:46 CnsMin Object recognized! Type : File Data : cnsmin.dll Object : C:\WINNT\Downloaded Program Files\CONFLICT.3\ FileSize : 180 KB FileVersion : 1, 5, 0, 9 ProductVersion : 1, 5, 0, 9 Copyright : (C) 2001 - 2004 CompanyName : FileDescription : 3721 InternalName : CnsMin OriginalFilename : CnsMin.dll ProductName : 3721 CnsMin Created on : 2004-11-24 5:57:46 Last accessed : 2005-3-22 16:00:00 Last modified : 2004-11-24 5:57:46 CnsMin Object recognized! Type : File Data : cnsmin.ini Object : C:\WINNT\Downloaded Program Files\CONFLICT.3\ Created on : 2005-1-4 8:05:26 Last accessed : 2005-3-22 16:00:00 Last modified : 2005-3-23 1:41:04 CnsMin Object recognized! Type : File Data : cnsmin.ini Object : C:\WINNT\Downloaded Program Files\ Created on : 2004-12-31 8:03:11 Last accessed : 2005-3-22 16:00:00 Last modified : 2004-12-31 8:03:12 CnsMin Object recognized! Type : File Data : cnsminex.ini Object : C:\WINNT\Downloaded Program Files\ Created on : 2004-12-31 8:03:11 Last accessed : 2005-3-22 16:00:00 Last modified : 2004-12-31 8:03:12 CnsMin Object recognized! Type : File Data : cnsminhk.cab Object : C:\WINNT\Downloaded Program Files\ FileSize : 27 KB Created on : 2004-12-31 8:03:11 Last accessed : 2005-3-22 16:00:00 Last modified : 2004-12-31 8:03:14 CnsMin Object recognized! Type : File Data : cnsminio.cab Object : C:\WINNT\Downloaded Program Files\ FileSize : 22 KB Created on : 2004-12-31 8:03:11 Last accessed : 2005-3-22 16:00:00 Last modified : 2004-12-31 8:03:14 CnsMin Object recognized! Type : File Data : cnshook.dll Object : C:\WINNT\Downloaded Program Files\ FileSize : 55 KB FileVersion : 1, 0, 2, 3 ProductVersion : 1, 0, 2, 3 Copyright : (C) 2001 - 2004 CompanyName : FileDescription : 3721 CNS Module OriginalFilename : ProductName : 3721 CNS Module Created on : 2004-12-31 8:03:12 Last accessed : 2005-3-22 16:00:00 Last modified : 2004-11-8 5:50:30 Tracking Cookie Object recognized! Type : File Data : administrator@clkhype.adbureau[2].txt Object : C:\Documents and Settings\Administrator\Cookies\ Created on : 2005-1-21 12:25:02 Last accessed : 2005-3-22 16:00:00 Last modified : 2005-1-21 12:25:04 Tracking Cookie Object recognized! Type : File Data : administrator@targetnet[1].txt Object : C:\Documents and Settings\Administrator\Cookies\ Created on : 2005-1-21 13:00:51 Last accessed : 2005-3-22 16:00:00 Last modified : 2005-1-21 13:00:52 Tracking Cookie Object recognized! Type : File Data : administrator@atdmt[1].txt Object : C:\Documents and Settings\Administrator\Cookies\ Created on : 2005-1-21 23:49:36 Last accessed : 2005-3-22 16:00:00 Last modified : 2005-1-21 23:49:38 Tracking Cookie Object recognized! Type : File Data : administrator@doubleclick[2].txt Object : C:\Documents and Settings\Administrator\Cookies\ Created on : 2005-1-21 23:49:35 Last accessed : 2005-3-22 16:00:00 Last modified : 2005-1-21 23:49:36 Disk scan result for C:  New objects : 0 Objects found so far: 37 13:36:33 Scan complete Summary of this scan  Total scanning time :00:03:07:110 Objects scanned :46261 Objects identified :37 Objects ignored :0 New objects :37 ------------------签名------------------ 骁
发表时间:2005-3-23 13:52:42


作者:枫	第楼
请用木马专家的系统报告比这个好查看好分析如果报有可疑文件直接点可疑文件上报就行 ------------------签名------------------- Beyond 工作室　枫
发表时间:2005-3-24 10:01:57

快速回复
默认支持UBB,如果你不希望支持UBB或要其它功能你可以用高级回复进行编辑	标题内容