- 积分
- 7071
UID27375
精华
串币
恶意灌水
在线时间 小时
最后登录1970-1-1
该用户从未签到
|
发表于 2011-12-15 08:03:51
|
显示全部楼层
感谢分享|
|76F90000|rasadhlp.dll |Remote Access AutoDial Helper |5.1.2600.5512 |7680 |2008-04-14 20:00:00|C:\WINDOWS\system32 |
|770F0000|oleaut32.dll | |5.1.2600.6058 |551936 |2010-12-21 01:32:06|C:\WINDOWS\system32 |
|77180000|comctl32.dll |User Experience Controls Library |6.0.2900.6028 |1054208|2010-08-24 00:11:14|C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202|
|77BD0000|version.dll |Version Checking and File Installation Libraries|5.1.2600.5512 |18944 |2008-04-14 20:00:00|C:\WINDOWS\system32 |
|77BE0000|msvcrt.dll |Windows NT CRT DLL |7.0.2600.5512 |343040 |2008-04-14 20:00:00|C:\WINDOWS\system32 |
|77C90000|ACTIVEDS.dll |ADs Router Layer DLL |5.1.2600.5512 |192000 |2008-04-14 20:00:00|C:\WINDOWS\system32 |
|77D10000|USER32.dll |Windows XP USER API Client DLL |5.1.2600.5512 |574976 |2008-04-14 20:00:00|C:\WINDOWS\system32 |
|77DA0000|ADVAPI32.dll |Advanced Windows 32 Base API |5.1.2600.5755 |674816 |2009-02-09 18:52:44|C:\WINDOWS\system32 |
|77E50000|RPCRT4.dll |Remote Procedure Call Runtime |5.1.2600.6022 |590848 |2010-08-16 16:44:12|C:\WINDOWS\system32 |
|77EF0000|GDI32.dll |GDI Client DLL |5.1.2600.5698 |286720 |2008-10-23 20:38:08|C:\WINDOWS\system32 |
|77F40000|SHLWAPI.dll |Shell Light-weight Utility Library |6.0.2900.5512 |473088 |2008-04-14 20:00:00|C:\WINDOWS\system32 |
|77FC0000|Secur32.dll |Security Support Provider Interface |5.1.2600.5834 |56832 |2009-06-25 16:24:50|C:\WINDOWS\system32 |
|7C800000|kernel32.dll |Windows NT BASE API Client DLL |5.1.2600.5781 |1150464|2009-03-21 22:06:58|C:\WINDOWS\system32 |
|7C920000|ntdll.dll |NT Layer DLL |5.1.2600.6055 |601600 |2010-12-09 23:15:12|C:\WINDOWS\system32 |
|7D590000|shell32.dll |Windows Shell Common Dll |6.0.2900.6072 |8320000|2011-01-21 22:44:10|C:\WINDOWS\system32 |
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Processes Information:
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|ID |Name |Description |Version |Memory |Priority |Threads|Path |
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|4 |System | | |299008 |Normal |83 | |
|188 |Explorer.EXE |Windows Explorer |6.0.2900.5512|86429696 |Normal |23 |C:\WINDOWS |
|600 |IcbcDaemon.exe | | |5525504 |Normal |2 |C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32 |
|660 |D4Ser_ICBC.exe |中国工商银行U盾服务软件 |1.0.0.1 |1499136 |Normal |2 |C:\WINDOWS\system32 |
|680 |D4MON_ICBC.exe |中国工商银行U盾服务软件 |1.0.0.1 |2301952 |Normal |2 |C:\WINDOWS\system32 |
|700 |360Tray.exe |360安全卫士 木马防火墙模块 |7.7.0.1037 |11497472 |Normal |42 |C:\Program Files\360\360Safe\safemon |
|704 |svchost.exe |Generic Host Process for Win32 Services |5.1.2600.5512|5263360 |Normal |7 |C:\WINDOWS\System32 |
|756 |smss.exe | | |442368 |Normal |3 |\SystemRoot\System32 |
|812 |csrss.exe | | |11161600 |Normal |12 |C:\WINDOWS\system32 |
|840 |winlogon.exe | | |5246976 |High |20 |C:\WINDOWS\system32 |
|884 |services.exe |Services and Controller app |5.1.2600.5755|3768320 |Normal |15 |C:\WINDOWS\system32 |
|896 |lsass.exe |LSA Shell (Export Version) |5.1.2600.5512|1323008 |Normal |18 |C:\WINDOWS\system32 |
|1068|nvsvc32.exe |NVIDIA Driver Helper Service, Version 258.96 |4.0.1382.5896|6250496 |Normal |4 |C:\WINDOWS\system32 |
|1100|svchost.exe |Generic Host Process for Win32 Services |5.1.2600.5512|5230592 |Normal |19 |C:\WINDOWS\system32 |
|1168|svchost.exe |Generic Host Process for Win32 Services |5.1.2600.5512|4890624 |Normal |10 |C:\WINDOWS\system32 |
|1212|SynTPEnh.exe |Synaptics TouchPad Enhancements |14.0.10.0 |6496256 |Above-Normal|4 |C:\Program Files\Synaptics\SynTP |
|1220|UDown.exe |115优蛋 |2.4.0.130 |36360192 |Normal |26 |C:\Program Files\115\UDown |
|1224|U46Pan.exe |U46 Panel file |3.0.0.0 |4227072 |Normal |1 |C:\WINDOWS\system32 |
|1236|RTHDCPL.EXE |Realtek HD Audio Control Panel |2.3.2.4 |26644480 |Normal |4 |C:\WINDOWS |
|1252|RUNDLL32.EXE |Run a DLL as an App |5.1.2600.5512|5537792 |Normal |1 |C:\WINDOWS\system32 |
|1260|D4Svr_ICBC.exe |auto register cert for Industrial and Commercial Bank of China|2.5.1.10 |4603904 |Normal |2 |C:\WINDOWS\system32 |
|1284|ctfmon.exe |CTF Loader |5.1.2600.5512|3637248 |Normal |1 |C:\WINDOWS\system32 |
|1312|360sd.exe |360杀毒 主程序 |3.0.0.2121 |1015808 |Normal |14 |C:\Program Files\360\360SD |
|1336|svchost.exe |Generic Host Process for Win32 Services |5.1.2600.5512|23437312 |Normal |66 |C:\WINDOWS\System32 |
|1396|dmhkcore.exe |Easy Display Manager |2.3.2.6 |12017664 |High |4 |C:\Program Files\Samsung\Easy Display Manager |
|1436|ICBCEBankAssist.exe |ICBCEBankAssist |1.0.0.1 |21106688 |Normal |6 |C:\Program Files\ICBCEbankTools\ICBCSetupIntegration |
|1480|svchost.exe |Generic Host Process for Win32 Services |5.1.2600.5512|4849664 |Normal |6 |C:\WINDOWS\system32 |
|1528|zhudongfangyu.exe |360主动防御服务模块 |3.2.2.1040 |10592256 |Normal |8 |C:\Program Files\360\360Safe\deepscan |
|1612|SRS_PostInstaller2.exe|Service to handle post-installation details |1.2.4.0 |1982464 |Normal |2 |C:\Program Files\SRS Labs\WOWXT and TSXT Driver |
|1768|svchost.exe |Generic Host Process for Win32 Services |5.1.2600.5512|4984832 |Normal |7 |C:\WINDOWS\system32 |
|1876|svchost.exe |Generic Host Process for Win32 Services |5.1.2600.5512|4329472 |Normal |9 |C:\WINDOWS\system32 |
|1936|spoolsv.exe |Spooler SubSystem App |5.1.2600.6024|7368704 |Normal |12 |C:\WINDOWS\system32 |
|2428|urlproc.exe |360安全浏览器 安全红绿灯扩展程序 |2.0.1.1008 |7712768 |Normal |6 |C:\Program Files\360\360se3\SafeCentral |
|3056|360se.exe |360安全浏览器 |4.1.1.6 |89260032 |Normal |25 |C:\Program Files\360\360se3 |
|3340|Rundll32.exe |Run a DLL as an App |5.1.2600.5512|5701632 |Normal |5 |C:\WINDOWS\system32 |
|3368|360seNotify.exe |360安全浏览器 提醒及分享辅助扩展 |2.3.4.1171 |1720320 |Normal |2 |C:\Documents and Settings\Administrator\Application Data\360Notify\Bin|
|3444|Rundll32.exe |Run a DLL as an App |5.1.2600.5512|7528448 |Normal |5 |C:\WINDOWS\system32 |
|3640|QvodTerminal.exe |QvodTerminal |5.0.67.4 |9306112 |Normal |15 |C:\Program Files\QvodPlayer |
|3860|ikuacc.exe |iKu Accelerator |1.0.4.11251 |22761472 |Normal |19 |C:\Program Files\YouKu\common |
|3868|360se.exe |360安全浏览器 |4.1.1.6 |13307904 |Normal |42 |C:\Program Files\360\360se3 |
|3956|360rp.exe |360杀毒 实时监控 |3.0.0.2122 |18161664 |Normal |37 |C:\Program Files\360\360SD |
|4040|ikucmc.exe |iKu Management and Configure |1.0.4.11160 |17485824 |Normal |8 |C:\Program Files\YouKu\common |
|5184|360se.exe |360安全浏览器 |4.1.1.6 |158507008|Normal |64 |C:\Program Files\360\360se3 |
|5800|UDown.exe |115优蛋 |2.4.0.130 |11558912 |Normal |3 |C:\Program Files\115\UDown |
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Assembler Information:
-------------------------------------------------------
; LogRecordClass.TLogRecord.Add (Line=62 - Offset=26)
; ---------------------------------------------------
005E65FD call -$001E1546
005E6602 call -$001E2177
005E6607 xor eax, eax
005E6609 pop edx
005E660A pop ecx
005E660B pop ecx
005E660C mov fs:[eax], edx
005E660F push $005E662C ; '3繸YYd?hMf^'
;
; Line=64 - Offset=28
; -------------------
005E6614 lea eax, [ebp+$FFFFFD18]
005E661A call -$001E1937
005E661F call -$001E2194 ; <-- EXCEPTION
005E6624 ret
Registers:
-----------------------------
EAX: 01183258 EDI: 0012FBCC
EBX: 005E6624 ESI: 005E6624
ECX: 00411700 ESP: 0012F2BC
EDX: 005E6624 EIP: 005E661F
Stack: Memory Dump:
------------------ ---------------------------------------------------------------------------
0012F2BC: 00000000 01841DC0: E8 6C DE E1 FF C3 E9 96 FA E1 FF EB E8 33 C0 5A .l...........3.Z
0012F2C0: 00404454 01841DD0: 59 59 64 89 10 68 4D 66 5E 00 8B 45 F0 83 C0 04 YYd..hMf^..E....
0012F2C4: 00000000 01841DE0: 50 E8 3B 6A E2 FF C3 E9 75 FA E1 FF EB EC 33 C0 P.;j....u.....3.
0012F2C8: 0012F2E8 01841DF0: 5A 59 59 64 89 10 68 95 66 5E 00 8D 85 E4 FC FF ZYYd..h.f^......
0012F2CC: 005E6624 01841E00: FF E8 1F 15 E2 FF 8D 85 F0 FC FF FF BA 05 00 00 ................
0012F2D0: 0040611C 01841E10: 00 E8 17 15 E2 FF 8D 85 14 FD FF FF E8 04 15 E2 ................
0012F2D4: 00000000 01841E20: FF 8D 45 F4 BA 03 00 00 00 E8 FF 14 E2 FF C3 E9 ..E.............
0012F2D8: 005E6435 01841E30: 2D FA E1 FF EB C5 5E 5B 8B E5 5D C3 00 B0 04 02 -.....^[..].....
0012F2DC: 012B2A90 01841E40: 00 FF FF FF FF 05 00 00 00 25 00 73 00 20 00 25 .........%.s. .%
0012F2E0: 0012F80C 01841E50: 00 73 00 00 00 B0 04 02 00 FF FF FF FF 06 00 00 .s..............
0012F2E4: 0012F2E8 01841E60: 00 20 00 62 00 65 00 67 00 69 00 6E 00 00 00 00 . .b.e.g.i.n....
0012F2E8: 0012F318 01841E70: 00 B0 04 02 00 FF FF FF FF 11 00 00 00 20 00 65 ............. .e
0012F2EC: 00406140 01841E80: 00 6E 00 64 00 2C 00 20 00 74 00 69 00 6D 00 65 .n.d.,. .t.i.m.e
0012F2F0: 0012F324 01841E90: 00 3A 00 20 00 25 00 64 00 20 00 6D 00 73 00 00 .:. .%.d. .m.s..
0012F2F4: 0012F324 01841EA0: 00 B0 04 02 00 FF FF FF FF 14 00 00 00 25 00 73 .............%.s
0012F2F8: 00000000 01841EB0: 00 20 00 54 00 68 00 72 00 65 00 61 00 64 00 49 . .T.h.r.e.a.d.I
|
|
IP卡
狗仔卡
显身卡