最近看到有朋友一直在议论疼逊QQ在后台进行大量匪夷所思的“可疑动作”的帖子。
心里也是毛毛的。在通过windows7自带的资源监视器中,对QQ进行的一些监视之后,实在让我大为吃惊。它疯狂“触碰”着我电脑里的很多文件。每一次一登录,用资源管理器”监视“着它的一举一动时,发现。
hotmail客户端、MSN、杀软、skype、firefox浏览器、私人文件夹、支付宝数字证书,它几乎触碰过我电脑里的所有文件。一开始的截图如下。
这些都是大概一个星期以内的截图:
QQ,你监视我,我也监视你!
重新申请了QQ,里面只有我自己。不存在跟任何其他人通讯。
除了弹出广告以外,什么操作也没做。死盯。
不一会儿,终于显形了:
我才启动你1秒钟,你就开始扫描我了?
我是从桌面启动你,不是从TC启动你的
(Total Commander)
Quote:
9:59:31.1445962 QQ.exe 3936 CreateFile E:Program FilesTotalCmd SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
9:59:31.1446909 QQ.exe 3936 QueryDirectory E:Program FilesTotalCmd SUCCESS 0: ., 1: .., 2: CABRK.DLL, 3: CGLPT9X.VXD, 4: CGLPTNT.SYS, 5: FRERES32.DLL, 6: HISTORY.TXT, 7: sfxhead.sfx, 8: SHARE_NT.EXE, 9: TCMADMIN.EXE, 10: TOTALCMD.EXE, 11: TOTALCMD.HLP, 12: TCUNZLIB.DLL, 13: UNACEV2.DLL, 14: UNRAR.DLL, 15: WC32TO16.EXE, 16: WCMICONS.DLL, 17: WCMICONS.INC, 18: WCMZIP32.DLL, 19: Readme.txt, 20: FAQ.txt, 21: Keyboard_chs.txt, 22: Keyboard_eng.TXT, 23: Totalcmd_eng.INC, 24: Totalcmd.inc, 25: UserApps_eng.bar, 26: UserApps.bar, 27: TCscheme.exe, 28: NoClose.pif, 29: NoClose.ini, 30: DEFAULT.BAR, 31: wcx_ftp.ini, 32: wincmd.ini, 33: uninst.exe, 34: fsplugin.ini, 35: LSPlugin.ini, 36: default.br2, 37: WINCMD.KEY, 38: ShellDetails.ini, 39: UserApps.br2, 40: Plugins, 41: Sounds, 42: Language, 43: Themes, 44: TOTALCMD.GID
9:59:31.1447920 QQ.exe 3936 QueryDirectory E:Program FilesTotalCmd NO MORE FILES
9:59:31.1448373 QQ.exe 3936 CloseFile E:Program FilesTotalCmd SUCCESS
9:59:31.1456276 QQ.exe 3936 CreateFile E:Program FilesTotalCmdPlugins SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
9:59:31.1458564 QQ.exe 3936 QueryDirectory E:Program FilesTotalCmdPlugins SUCCESS 0: ., 1: .., 2: TCPPReadme.txt, 3: TCPPuninst.exe, 4: Wdx, 5: Wlx, 6: Wfx, 7: Wcx
9:59:31.1459408 QQ.exe 3936 QueryDirectory E:Program FilesTotalCmdPlugins NO MORE FILES
9:59:31.1461584 QQ.exe 3936 CloseFile E:Program FilesTotalCmdPlugins SUCCESS
9:59:31.1464721 QQ.exe 3936 CreateFile E:Program FilesTotalCmdPluginsWlx SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
9:59:31.1467568 QQ.exe 3936 QueryDirectory E:Program FilesTotalCmdPluginsWlx SUCCESS 0: ., 1: .., 2: peviewer, 3: SWFView, 4: iclview, 5: xBaseView, 6: synplus, 7: OOoViewer, 8: gswlx, 9: fileinfo, 10: nfoviewer, 11: ieview, 12: mmedia, 13: office, 14: Imagine
9:59:31.1468641 QQ.exe 3936 QueryDirectory E:Program FilesTotalCmdPluginsWlx NO MORE FILES
9:59:31.1469110 QQ.exe 3936 CloseFile E:Program FilesTotalCmdPluginsWlx SUCCESS
9:59:31.1473337 QQ.exe 3936 CreateFile E:Program FilesTotalCmdPluginsWlxieview SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
9:59:31.1474312 QQ.exe 3936 QueryDirectory E:Program FilesTotalCmdPluginsWlxieview SUCCESS 0: ., 1: .., 2: ieview.wlx, 3: Ieview.ini, 4: readme_eng.txt, 5: positions.ini
9:59:31.1482176 QQ.exe 3936 QueryDirectory E:Program FilesTotalCmdPluginsWlxieview NO MORE FILES
9:59:31.1482696 QQ.exe 3936 CloseFile E:Program FilesTotalCmdPluginsWlxieview SUCCESS
C、E盘读写了大量文件,大量注册表项,20秒钟后,你终于开始了你的网络数据处女行
9:59:52.9243551 QQ.exe 3936 UDP Send IBM-T43:4000 -> 219.133.60.25:8000 SUCCESS Length: 76
……
Quote:
9:59:52.9747783 QQ.exe 3936 UDP Receive IBM-T43:4000 -> 219.133.60.25:8000 SUCCESS Length: 112
9:59:53.4906690 QQ.exe 3936 UDP Send IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 76
9:59:53.5042417 QQ.exe 3936 UDP Send IBM-T43:4001 -> 58.60.14.201:8000 SUCCESS Length: 76
9:59:53.5488116 QQ.exe 3936 UDP Receive IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 96
9:59:53.5574294 QQ.exe 3936 UDP Receive IBM-T43:4001 -> 58.60.14.201:8000 SUCCESS Length: 112
9:59:53.5789847 QQ.exe 3936 UDP Send IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 132
9:59:53.6148879 QQ.exe 3936 UDP Send IBM-T43:4001 -> 58.60.15.103:8000 SUCCESS Length: 76
9:59:53.6482879 QQ.exe 3936 UDP Receive IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 88
9:59:53.6833259 QQ.exe 3936 UDP Receive IBM-T43:4001 -> 58.60.15.103:8000 SUCCESS Length: 96
9:59:53.6962666 QQ.exe 3936 UDP Send IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 644
9:59:53.7445108 QQ.exe 3936 UDP Send IBM-T43:4002 -> reverse.gdsz.cncnet.net:8000 SUCCESS Length: 76
9:59:53.7568291 QQ.exe 3936 UDP Receive IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 304
9:59:53.7580466 QQ.exe 3936 UDP Send IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 358
9:59:53.8287832 QQ.exe 3936 UDP Receive IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 384
9:59:53.8902829 QQ.exe 3936 UDP Receive IBM-T43:4002 -> reverse.gdsz.cncnet.net:8000 SUCCESS Length: 112
9:59:54.1793962 QQ.exe 3936 UDP Send IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 134
9:59:54.2249165 QQ.exe 3936 UDP Send IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 486
9:59:54.2312704 QQ.exe 3936 UDP Receive IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 88
9:59:54.4483617 QQ.exe 3936 UDP Receive IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 40
上面这些IP,我都查过了,深圳珠海的。上次那个陕西电信机房又是怎么回事?
其实QQ只有不到1%的动作是在进行网络通讯,其余时间不厌其烦的反复读写注册表许多项目,硬盘里面的文件。反复再反复
是不是想统计一下用各种浏览器的人群,为自己改进浏览器作基础?
Quote:
10:04:18.0957294 QQ.exe 3936 CreateFile E:Program Filesopera10bopera.exe SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: RHSAN, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
10:04:18.0958258 QQ.exe 3936 ReadFile E:Program Filesopera10bopera.exe SUCCESS Offset: 0, Length: 1,024
10:04:18.1857640 QQ.exe 3936 QueryStandardInformationFile E:Program Filesopera10bopera.exe SUCCESS AllocationSize: 835,584, EndOfFile: 832,808, NumberOfLinks: 1, DeletePending: False, Directory: False
10:04:18.1857886 QQ.exe 3936 QueryStandardInformationFile E:Program Filesopera10bopera.exe SUCCESS AllocationSize: 835,584, EndOfFile: 832,808, NumberOfLinks: 1, DeletePending: False, Directory: False
10:04:18.1858165 QQ.exe 3936 ReadFile E:Program Filesopera10bopera.exe SUCCESS Offset: 827,392, Length: 28
10:04:18.1858464 QQ.exe 3936 ReadFile E:Program Filesopera10bopera.exe SUCCESS Offset: 827,392, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
动我foobar,为什么?
Quote:
10:03:51.1510311 QQ.exe 3936 ReadFile E:Program FilesHA_FB_OY_Green_Asion_Fixcomponentsfoo_uie_explorer.dll SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51.1746559 QQ.exe 3936 ReadFile E:Program FilesHA_FB_OY_Green_Asion_Fixcomponentsfoo_uie_panel_splitter.dll SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51.1823183 QQ.exe 3936 ReadFile E:Program FilesHA_FB_OY_Green_Asion_Fixcomponentsfoo_uie_peakmeter.dll SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51.1938480 QQ.exe 3936 ReadFile E:Program FilesHA_FB_OY_Green_Asion_Fixcomponentsfoo_uie_playlists_dropdown.dll SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51.2028165 QQ.exe 3936 ReadFile E:Program FilesHA_FB_OY_Green_Asion_Fixcomponentsfoo_uie_quicksearch.dll SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51.2123858 QQ.exe 3936 ReadFile E:Program FilesHA_FB_OY_Green_Asion_Fixcomponentsfoo_uie_tabs.dll SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51.2229601 QQ.exe 3936 ReadFile E:Program FilesHA_FB_OY_Green_Asion_Fixcomponentsfoo_uie_trackinfo_mod.dll SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51.2311921 QQ.exe 3936 ReadFile E:Program FilesHA_FB_OY_Green_Asion_Fixcomponentsfoo_uie_vis_channel_spectrum.dll SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51.2975508 QQ.exe 3936 ReadFile E:Program FilesHA_FB_OY_Green_Asion_Fixfoobar2000.exe SUCCESS Offset: 1,024, Length: 8,192, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51.3610165 QQ.exe 3936 ReadFile E:Program FilesHA_FB_OY_Green_Asion_Fixfoobar2000.exe SUCCESS Offset: 25,600, Length: 16,384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51.3644588 QQ.exe 3936 ReadFile E:Program FilesHA_FB_OY_Green_Asion_Fixfoobar2000.exe SUCCESS Offset: 95,232, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
动我电驴?
Quote:
10:03:58.6175027 QQ.exe 3936 ReadFile E:Program Filesemule0.49c-Xtreme7.2 SSE2 OptimizedantiLeech.dll SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:58.6431934 QQ.exe 3936 ReadFile E:Program Filesemule0.49c-Xtreme7.2 SSE2 Optimizedemule.exe SUCCESS Offset: 24,576, Length: 12,288, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:58.6555276 QQ.exe 3936 ReadFile E:Program Filesemule0.49c-Xtreme7.2 SSE2 Optimizedemule.exe SUCCESS Offset: 40,960, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:58.6600008 QQ.exe 3936 ReadFile E:Program Filesemule0.49c-Xtreme7.2 SSE2 Optimizedemule.exe SUCCESS Offset: 253,952, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
动我金山词霸
Quote:
10:04:10.1319991 QQ.exe 3936 CreateFile E:Program FilesPowerWord LiteCBEBand.DLL SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
10:04:10.1325997 QQ.exe 3936 CloseFile E:Program FilesPowerWord LiteCBEBand.DLL SUCCESS
赛门铁克你也动?
Quote:
10:04:12.9233569 QQ.exe 3936 CreateFile C:Program FilesSymantecNorton Ghost 2003GhostStartService.exe SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: RHSAN, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
10:04:12.9234561 QQ.exe 3936 ReadFile C:Program FilesSymantecNorton Ghost 2003GhostStartService.exe SUCCESS Offset: 0, Length: 1,024
IBM自带软件你也想看看?
Quote:
10:04:16.7362021 QQ.exe 3936 CreateFile C:Documents and SettingsAll Users桌面Access IBM.lnk SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
10:04:16.7366393 QQ.exe 3936 ReadFile C:Documents and SettingsAll Users桌面Access IBM.lnk SUCCESS Offset: 0, Length: 1,712
10:04:16.7366832 QQ.exe 3936 ReadFile C:Documents and SettingsAll Users桌面Access IBM.lnk SUCCESS Offset: 0, Length: 1,712, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:04:16.7528291 QQ.exe 3936 QueryInformationVolume C:Documents and SettingsAll Users桌面Access IBM.lnk SUCCESS VolumeCreationTime: 2006-2-22 6:33:19, VolumeSerialNumber: F4D2-6761, SupportsObjects: True, VolumeLabel:
10:04:16.7528618 QQ.exe 3936 QueryAllInformationFile C:Documents and SettingsAll Users桌面Access IBM.lnk BUFFER OVERFLOW CreationTime: 2006-2-21 23:40:28, LastAccessTime: 2009-9-19 20:30:00, LastWriteTime: 2006-2-21 23:40:28, ChangeTime: 2006-2-21 23:40:28, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 1,712, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x100000000592d, EaSize: 0, Access: Generic Read, Position: 1,712, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word
我自己安装的游戏,你也想看看?
Quote:
10:04:17.8062510 QQ.exe 3936 CreateFile E:Program FilesBoontyGamesKotori Chicks n Cats SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
10:04:17.8063172 QQ.exe 3936 QueryDirectory E:Program FilesBoontyGamesKotori Chicks n CatsKotori.exe SUCCESS Filter: Kotori.exe, 1: Kotori.exe
10:04:17.8064538 QQ.exe 3936 CloseFile E:Program FilesBoontyGamesKotori Chicks n Cats SUCCESS
10:04:17.8070961 QQ.exe 3936 QueryOpen E:Program FilesBoontyGamesKotori Chicks n CatsKotori.exe FAST IO DISALLOWED
OpenOffice,哪点招惹你了?
Quote:
10:04:17.8226958 QQ.exe 3936 CreateFile E:Program FilesOpenOfficePortable SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
10:04:17.8227603 QQ.exe 3936 QueryDirectory E:Program FilesOpenOfficePortableOpenOfficePortable.exe SUCCESS Filter: OpenOfficePortable.exe, 1: OpenOfficePortable.exe
10:04:17.8228866 QQ.exe 3936 CloseFile E:Program FilesOpenOfficePortable SUCCESS
10:04:17.8232255 QQ.exe 3936 QueryOpen E:Program FilesOpenOfficePortableOpenOfficePortable.exe FAST IO DISALLOWED
10:04:17.8233163 QQ.exe 3936 CreateFile E:Program FilesOpenOfficePortableOpenOfficePortable.exe SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
10:04:17.8237155 QQ.exe 3936 QueryBasicInformationFile E:Program FilesOpenOfficePortableOpenOfficePortable.exe SUCCESS CreationTime: 2009-9-13 0:11:06, LastAccessTime: 2009-9-19 0:00:00, LastWriteTime: 2009-6-26 10:32:14, ChangeTime: 1601-1-1 8:00:00, FileAttributes: A
10:04:17.8237331 QQ.exe 3936 CloseFile E:Program FilesOpenOfficePortableOpenOfficePortable.exe SUCCESS
相关文章
「 支持乌有之乡!」
乌有之乡 WYZXWK.COM
您的打赏将用于网站日常运行与维护。
帮助我们办好网站,宣传红色文化!
注:配图来自网络无版权标志图像,侵删!
声明:文章仅代表作者个人观点,不代表本站观点——乌有之乡
责任编辑:heji
欢迎扫描下方二维码,订阅乌有之乡网刊微信公众号
