A-A+
腾讯QQ正在监视你电脑上的一切文件,有图为证
最近看到有朋友一直在议论疼逊QQ在后台进行大量匪夷所思的“可疑动作”的帖子。
心里也是毛毛的。在通过windows7自带的资源监视器中,对QQ进行的一些监视之后,实在让我大为吃惊。它疯狂“触碰”着我电脑里的很多文件。每一次一登录,用资源管理器”监视“着它的一举一动时,发现。
hotmail客户端、MSN、杀软、skype、firefox浏览器、私人文件夹、支付宝数字证书,它几乎触碰过我电脑里的所有文件。一开始的截图如下。
这些都是大概一个星期以内的截图:
QQ,你监视我,我也监视你!
重新申请了QQ,里面只有我自己。不存在跟任何其他人通讯。
除了弹出广告以外,什么操作也没做。死盯。
不一会儿,终于显形了:
我才启动你1秒钟,你就开始扫描我了?
我是从桌面启动你,不是从TC启动你的
(Total Commander)
9:59:31. QQ.exe 3936 QueryDirectory E:Program FilesTotalCmd SUCCESS 0: ., 1: .., 2: CABRK.DLL, 3: CGLPT9X.VXD, 4: CGLPTNT.SYS, 5: FRERES32.DLL, 6: HISTORY.TXT, 7: sfxhead.sfx, 8: SHARE_NT.EXE, 9: TCMADMIN.EXE, 10: TOTALCMD.EXE, 11: TOTALCMD.HLP, 12: TCUNZLIB.DLL, 13: UNACEV2.DLL, 14: UNRAR.DLL, 15: WC32TO16.EXE, 16: WCMICONS.DLL, 17: WCMICONS.INC, 18: WCMZIP32.DLL, 19: Readme.txt, 20: FAQ.txt, 21: Keyboard_chs.txt, 22: Keyboard_eng.TXT, 23: Totalcmd_eng.INC, 24: Totalcmd.inc, 25: UserApps_eng.bar, 26: UserApps.bar, 27: TCscheme.exe, 28: NoClose.pif, 29: NoClose.ini, 30: DEFAULT.BAR, 31: wcx_ftp.ini, 32: wincmd.ini, 33: uninst.exe, 34: fsplugin.ini, 35: LSPlugin.ini, 36: default.br2, 37: WINCMD.KEY, 38: ShellDetails.ini, 39: UserApps.br2, 40: Plugins, 41: Sounds, 42: Language, 43: Themes, 44: TOTALCMD.GID
9:59:31. QQ.exe 3936 QueryDirectory E:Program FilesTotalCmd NO MORE FILES
9:59:31. QQ.exe 3936 CloseFile E:Program FilesTotalCmd SUCCESS
9:59:31. QQ.exe 3936 CreateFile E:Program FilesTotalCmdPlugins SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
9:59:31. QQ.exe 3936 QueryDirectory E:Program FilesTotalCmdPlugins SUCCESS 0: ., 1: .., 2: TCPPReadme.txt, 3: TCPPuninst.exe, 4: Wdx, 5: Wlx, 6: Wfx, 7: Wcx
9:59:31. QQ.exe 3936 QueryDirectory E:Program FilesTotalCmdPlugins NO MORE FILES
9:59:31. QQ.exe 3936 CloseFile E:Program FilesTotalCmdPlugins SUCCESS
9:59:31. QQ.exe 3936 CreateFile E:Program FilesTotalCmdPluginsWlx SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
9:59:31. QQ.exe 3936 QueryDirectory E:Program FilesTotalCmdPluginsWlx SUCCESS 0: ., 1: .., 2: peviewer, 3: SWFView, 4: iclview, 5: xBaseView, 6: synplus, 7: OOoViewer, 8: gswlx, 9: fileinfo, 10: nfoviewer, 11: ieview, 12: mmedia, 13: office, 14: Imagine
9:59:31. QQ.exe 3936 QueryDirectory E:Program FilesTotalCmdPluginsWlx NO MORE FILES
9:59:31. QQ.exe 3936 CloseFile E:Program FilesTotalCmdPluginsWlx SUCCESS
9:59:31. QQ.exe 3936 CreateFile E:Program FilesTotalCmdPluginsWlxieview SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
9:59:31. QQ.exe 3936 QueryDirectory E:Program FilesTotalCmdPluginsWlxieview SUCCESS 0: ., 1: .., 2: ieview.wlx, 3: Ieview.ini, 4: readme_eng.txt, 5: positions.ini
9:59:31. QQ.exe 3936 QueryDirectory E:Program FilesTotalCmdPluginsWlxieview NO MORE FILES
9:59:31. QQ.exe 3936 CloseFile E:Program FilesTotalCmdPluginsWlxieview SUCCESS
C、E盘读写了大量文件,大量注册表项,20秒钟后,你终于开始了你的网络数据处女行
9:59:52. QQ.exe 3936 UDP Send IBM-T43:4000 -> 219.133.60.25:8000 SUCCESS Length: 76
……
9:59:53. QQ.exe 3936 UDP Send IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 76
9:59:53. QQ.exe 3936 UDP Send IBM-T43:4001 -> 58.60.14.201:8000 SUCCESS Length: 76
9:59:53. QQ.exe 3936 UDP Receive IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 96
9:59:53. QQ.exe 3936 UDP Receive IBM-T43:4001 -> 58.60.14.201:8000 SUCCESS Length: 112
9:59:53. QQ.exe 3936 UDP Send IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 132
9:59:53. QQ.exe 3936 UDP Send IBM-T43:4001 -> 58.60.15.103:8000 SUCCESS Length: 76
9:59:53. QQ.exe 3936 UDP Receive IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 88
9:59:53. QQ.exe 3936 UDP Receive IBM-T43:4001 -> 58.60.15.103:8000 SUCCESS Length: 96
9:59:53. QQ.exe 3936 UDP Send IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 644
9:59:53. QQ.exe 3936 UDP Send IBM-T43:4002 -> reverse.gdsz.cncnet.net:8000 SUCCESS Length: 76
9:59:53. QQ.exe 3936 UDP Receive IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 304
9:59:53. QQ.exe 3936 UDP Send IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 358
9:59:53. QQ.exe 3936 UDP Receive IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 384
9:59:53. QQ.exe 3936 UDP Receive IBM-T43:4002 -> reverse.gdsz.cncnet.net:8000 SUCCESS Length: 112
9:59:54. QQ.exe 3936 UDP Send IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 134
9:59:54. QQ.exe 3936 UDP Send IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 486
9:59:54. QQ.exe 3936 UDP Receive IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 88
9:59:54. QQ.exe 3936 UDP Receive IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 40
上面这些IP,我都查过了,深圳珠海的。上次那个陕西电信机房又是怎么回事?
其实QQ只有不到1%的动作是在进行网络通讯,其余时间不厌其烦的反复读写注册表许多项目,硬盘里面的文件。反复再反复
是不是想统计一下用各种浏览器的人群,为自己改进浏览器作基础?
10:04:18. QQ.exe 3936 ReadFile E:Program Filesopera10bopera.exe SUCCESS Offset: 0, Length: 1,024
10:04:18. QQ.exe 3936 QueryStandardInformationFile E:Program Filesopera10bopera.exe SUCCESS AllocationSize: 835,584, EndOfFile: 832,808, NumberOfLinks: 1, DeletePending: False, Directory: False
10:04:18. QQ.exe 3936 QueryStandardInformationFile E:Program Filesopera10bopera.exe SUCCESS AllocationSize: 835,584, EndOfFile: 832,808, NumberOfLinks: 1, DeletePending: False, Directory: False
10:04:18. QQ.exe 3936 ReadFile E:Program Filesopera10bopera.exe SUCCESS Offset: 827,392, Length: 28
10:04:18. QQ.exe 3936 ReadFile E:Program Filesopera10bopera.exe SUCCESS Offset: 827,392, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
动我foobar,为什么?
10:03:51. QQ.exe 3936 ReadFile E:Program FilesHA_FB_OY_Green_Asion_Fixcomponentsfoo_uie_panel_splitter.dll SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51. QQ.exe 3936 ReadFile E:Program FilesHA_FB_OY_Green_Asion_Fixcomponentsfoo_uie_peakmeter.dll SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51. QQ.exe 3936 ReadFile E:Program FilesHA_FB_OY_Green_Asion_Fixcomponentsfoo_uie_playlists_dropdown.dll SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51. QQ.exe 3936 ReadFile E:Program FilesHA_FB_OY_Green_Asion_Fixcomponentsfoo_uie_quicksearch.dll SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51. QQ.exe 3936 ReadFile E:Program FilesHA_FB_OY_Green_Asion_Fixcomponentsfoo_uie_tabs.dll SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51. QQ.exe 3936 ReadFile E:Program FilesHA_FB_OY_Green_Asion_Fixcomponentsfoo_uie_trackinfo_mod.dll SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51. QQ.exe 3936 ReadFile E:Program FilesHA_FB_OY_Green_Asion_Fixcomponentsfoo_uie_vis_channel_spectrum.dll SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51. QQ.exe 3936 ReadFile E:Program FilesHA_FB_OY_Green_Asion_Fixfoobar2000.exe SUCCESS Offset: 1,024, Length: 8,192, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51. QQ.exe 3936 ReadFile E:Program FilesHA_FB_OY_Green_Asion_Fixfoobar2000.exe SUCCESS Offset: 25,600, Length: 16,384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51. QQ.exe 3936 ReadFile E:Program FilesHA_FB_OY_Green_Asion_Fixfoobar2000.exe SUCCESS Offset: 95,232, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
动我电驴?
10:03:58. QQ.exe 3936 ReadFile E:Program Filesemule0.49c-Xtreme7.2 SSE2 Optimizedemule.exe SUCCESS Offset: 24,576, Length: 12,288, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:58. QQ.exe 3936 ReadFile E:Program Filesemule0.49c-Xtreme7.2 SSE2 Optimizedemule.exe SUCCESS Offset: 40,960, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:58. QQ.exe 3936 ReadFile E:Program Filesemule0.49c-Xtreme7.2 SSE2 Optimizedemule.exe SUCCESS Offset: 253,952, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
动我金山词霸
10:04:10. QQ.exe 3936 CloseFile E:Program FilesPowerWord LiteCBEBand.DLL SUCCESS
赛门铁克你也动?
10:04:12. QQ.exe 3936 ReadFile C:Program FilesSymantecNorton Ghost 2003GhostStartService.exe SUCCESS Offset: 0, Length: 1,024
IBM自带软件你也想看看?
10:04:16. QQ.exe 3936 ReadFile C:Documents and SettingsAll Users桌面Access IBM.lnk SUCCESS Offset: 0, Length: 1,712
10:04:16. QQ.exe 3936 ReadFile C:Documents and SettingsAll Users桌面Access IBM.lnk SUCCESS Offset: 0, Length: 1,712, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:04:16. QQ.exe 3936 QueryInformationVolume C:Documents and SettingsAll Users桌面Access IBM.lnk SUCCESS VolumeCreationTime: 2006-2-22 6:33:19, VolumeSerialNumber: F4D2-6761, SupportsObjects: True, VolumeLabel:
10:04:16. QQ.exe 3936 QueryAllInformationFile C:Documents and SettingsAll Users桌面Access IBM.lnk BUFFER OVERFLOW CreationTime: 2006-2-21 23:40:28, LastAccessTime: 2009-9-19 20:30:00, LastWriteTime: 2006-2-21 23:40:28, ChangeTime: 2006-2-21 23:40:28, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 1,712, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xd, EaSize: 0, Access: Generic Read, Position: 1,712, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word
我自己安装的游戏,你也想看看?
10:04:17. QQ.exe 3936 QueryDirectory E:Program FilesBoontyGamesKotori Chicks n CatsKotori.exe SUCCESS Filter: Kotori.exe, 1: Kotori.exe
10:04:17. QQ.exe 3936 CloseFile E:Program FilesBoontyGamesKotori Chicks n Cats SUCCESS
10:04:17. QQ.exe 3936 QueryOpen E:Program FilesBoontyGamesKotori Chicks n CatsKotori.exe FAST IO DISALLOWED
OpenOffice,哪点招惹你了?
10:04:17. QQ.exe 3936 QueryDirectory E:Program FilesOpenOfficePortableOpenOfficePortable.exe SUCCESS Filter: OpenOfficePortable.exe, 1: OpenOfficePortable.exe
10:04:17. QQ.exe 3936 CloseFile E:Program FilesOpenOfficePortable SUCCESS
10:04:17. QQ.exe 3936 QueryOpen E:Program FilesOpenOfficePortableOpenOfficePortable.exe FAST IO DISALLOWED
10:04:17. QQ.exe 3936 CreateFile E:Program FilesOpenOfficePortableOpenOfficePortable.exe SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
10:04:17. QQ.exe 3936 QueryBasicInformationFile E:Program FilesOpenOfficePortableOpenOfficePortable.exe SUCCESS CreationTime: 2009-9-13 0:11:06, LastAccessTime: 2009-9-19 0:00:00, LastWriteTime: 2009-6-26 10:32:14, ChangeTime: 1601-1-1 8:00:00, FileAttributes: A
10:04:17. QQ.exe 3936 CloseFile E:Program FilesOpenOfficePortableOpenOfficePortable.exe SUCCESS
条留言