开机多了1~2个进程

景圣临

是不是中马了？

扫描日志如下：

1. 2007-07-21,09:39:28
   
2. 
   
3. System Repair Engineer 2.5.16.900
   
4. Smallfrogs (http://www.KZTechs.com)
   
5. 
   
6. Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
   
7. 
   
8. 以下内容被选中：
   
9.     所有的启动项目（包括注册表、启动文件夹、服务等）
   
10.     浏览器加载项
    
11.     正在运行的进程（包括进程模块信息）
    
12.     文件关联
    
13.     Winsock 提供者
    
14.     Autorun.inf
    
15.     HOSTS 文件
    
16.     进程特权扫描
    
17. 
    
18. 
    
19. 启动项目
    
20. 注册表
    
21. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    
22.     <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    
23. [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    
24.     <load><>  [N/A]
    
25. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    
26.     <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    
27.     <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    
28.     <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    
29.     <Memory Saviour><D:\工具\MemorySaviour\MemorySaviour.exe /autorun>  []
    
30.     <PcBoost><"C:\Program Files\PcBoost\PcBoost.exe" /start>  [(Verified)PGWARE LLC]
    
31.     <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe">  [(Verified)Kaspersky Lab]
    
32. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    
33.     <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    
34.     <Userinit><C:\WINDOWS\system32\Userinit.exe>  [(Verified)Microsoft Windows Publisher]
    
35. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    
36.     <AppInit_DLLs><C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll>  [(Verified)Kaspersky Lab]
    
37. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    
38.     <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
    
39. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    
40.     <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [(Verified)GRISOFT LTD]
    
41. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    
42.     <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [(Verified)Kaspersky Lab]
    
43. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    
44.     <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
    
45. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    
46.     <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
    
47. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    
48.     <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
    
49. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    
50.     <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
    
51. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    
52.     <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
    
53. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    
54.     <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
    
55. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    
56.     <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
    
57. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    
58.     <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
    
59. 
    
60. ==================================
    
61. 启动文件夹
    
62. N/A
    
63. 
    
64. ==================================
    
65. 服务
    
66. [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
    
67.   <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.>
    
68. [Kaspersky Internet Security 7.0 / AVP][Running/Auto Start]
    
69.   <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r><Kaspersky Lab>
    
70. [InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
    
71.   <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
    
72. [NVIDIA Display Driver Service / NVSvc][Stopped/Manual Start]
    
73.   <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
    
74. 
    
75. ==================================
    
76. 驱动程序
    
77. [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
    
78.   <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
    
79. [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
    
80.   <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
    
81. [Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start]
    
82.   <system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
    
83. [Broadcom Advanced Server Program Driver / Blfp][Stopped/Manual Start]
    
84.   <system32\DRIVERS\baspxp32.sys><Broadcom Corporation>
    
85. [Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
    
86.   <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
    
87. [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
    
88.   <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
    
89. [KAVBootC / KAVBootC][Running/Boot Start]
    
90.   <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
    
91. [kl1 / kl1][Running/Boot Start]
    
92.   <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
    
93. [klif / klif][Running/System Start]
    
94.   <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
    
95. [Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
    
96.   <system32\DRIVERS\klim5.sys><Kaspersky Lab>
    
97. [nv / nv][Running/Manual Start]
    
98.   <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
    
99. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
    
100.   <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
     
101. [QuakeDRV / QuakeDRV][Running/Boot Start]
     
102.   <\SystemRoot\system32\DRIVERS\quakedrv.sys><N/A>
     
103. [Secdrv / Secdrv][Stopped/Manual Start]
     
104.   <System32\DRIVERS\secdrv.sys><N/A>
     
105. [sptd / sptd][Running/Boot Start]
     
106.   <\SystemRoot\System32\Drivers\sptd.sys><N/A>
     
107. 
     
108. ==================================
     
109. 浏览器加载项
     
110. [ThunderAtOnce Class]
     
111.   {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
     
112. [FGCatchUrl]
     
113.   {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
     
114. [Thunder Browser Helper]
     
115.   {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
     
116. [FlashGet GetFlash Class]
     
117.   {F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com>
     
118. [启动迅雷5]
     
119.   {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
     
120. [Web Anti-Virus statistics]
     
121.   {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll, Kaspersky Lab>
     
122. [QQ]
     
123.   {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
     
124. [快车]
     
125.   {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\Program Files\FlashGet\FlashGet.exe, FlashGet.com>
     
126. [Messenger]
     
127.   {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
     
128. [WUWebControl Class]
     
129.   {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
     
130. [MUWebControl Class]
     
131.   {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
     
132. [Shockwave Flash Object]
     
133.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
     
134. [ThunderAtOnce Class]
     
135.   {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
     
136. [XML DOM Document]
     
137.   {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
     
138. [FGCatchUrl]
     
139.   {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
     
140. [Thunder Agent Class]
     
141.   {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
     
142. [WUWebControl Class]
     
143.   {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
     
144. [Windows Media Player]
     
145.   {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
     
146. [MUWebControl Class]
     
147.   {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
     
148. [360SafeLive]
     
149.   {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360safe.com>
     
150. [Thunder Browser Helper]
     
151.   {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
     
152. [XML DOM Document 4.0]
     
153.   {88D969C0-F192-11D4-A65F-0040963251E5} <%SystemRoot%\system32\msxml4.dll, N/A>
     
154. [Shockwave Flash Object]
     
155.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
     
156. [XML HTTP Request]
     
157.   {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
     
158. [Vod Class]
     
159.   {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer1.0.0.41.dll, XunLei>
     
160. [FlashGet GetFlash Class]
     
161.   {F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com>
     
162. [XML HTTP]
     
163.   {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
     
164. [FGAutoLive]
     
165.   {F90D830D-C175-4bbe-82C7-FF94669A4C42} <C:\Program Files\FlashGet\fgupdate.dll, www.flashget.com>
     
166. [FGCatchUrl]
     
167.   {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
     
168. [&使用快车(FlashGet)下载]
     
169.   <C:\Program Files\FlashGet\jc_link.htm, N/A>
     
170. [&使用快车(FlashGet)下载全部链接]
     
171.   <C:\Program Files\FlashGet\jc_all.htm, N/A>
     
172. [Add to Anti-Banner]
     
173.   <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm, N/A>
     
174. [上传到QQ网络硬盘]
     
175.   <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
     
176. [下载页面上的ED2(&K)链接]
     
177.   <C:\Program Files\eMule\ed2k.html, N/A>
     
178. [使用迅雷下载]
     
179.   <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
     
180. [使用迅雷下载全部链接]
     
181.   <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
     
182. [添加到QQ自定义面板]
     
183.   <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
     
184. [添加到QQ表情]
     
185.   <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
     
186. [用QQ彩信发送该图片]
     
187.   <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
     
188. [用比特精灵下载(&B)]
     
189.   <C:\Program Files\BitSpirit\bsurl.htm, N/A>
     
190. 
     
191. ==================================
     
192. 正在运行的进程
     
193. [PID: 1032 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
     
194. [PID: 1108 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
     
195. [PID: 1132 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
     
196.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.123]
     
197.     [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 7.0.0.123]
     
198. [PID: 1176 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
     
199.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.123]
     
200. [PID: 1188 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
     
201.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.123]
     
202.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.123]
     
203. [PID: 1348 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
     
204.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll]  [Kaspersky Lab, 7.0.0.123]
     
205. [PID: 1684 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
     
206.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.123]
     
207. [PID: 168 / Dracula][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
     
208.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.123]
     
209.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll]  [Kaspersky Lab, 7.0.0.123]
     
210.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll]  [Kaspersky Lab, 7.0.0.123]
     
211.     [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
     
212.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll]  [Kaspersky Lab, 7.0.0.123]
     
213.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
     
214.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
     
215.     [C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll]  [TuneUp Software GmbH, 2.0.0.4]
     
216. [PID: 332 / SYSTEM][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe]  [GRISOFT s.r.o., 7, 5, 1, 22]
     
217.     [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll]  [GRISOFT s.r.o., 4, 2, 0, 19]
     
218.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.123]
     
219.     [D:\工具\MemorySaviour\ClnMem.dll]  [N/A, ]
     
220. [PID: 672 / Dracula][D:\工具\MemorySaviour\MemorySaviour.exe]  [N/A, ]
     
221.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.123]
     
222.     [D:\工具\MemorySaviour\ClnMem.dll]  [N/A, ]
     
223. [PID: 680 / Dracula][C:\Program Files\PcBoost\PcBoost.exe]  [PGWARE LLC, 3.0.0.1]
     
224. 
     
225. ==================================
     
226. 文件关联
     
227. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
     
228. .EXE  OK. ["%1" %*]
     
229. .COM  OK. ["%1" %*]
     
230. .PIF  OK. ["%1" %*]
     
231. .REG  OK. [regedit.exe "%1"]
     
232. .BAT  OK. ["%1" %*]
     
233. .SCR  OK. ["%1" /S]
     
234. .CHM  Error. ["hh.exe" %1]
     
235. .HLP  Error. [C:\WINDOWS\system32\winhlp32.exe %1]
     
236. .INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
     
237. .INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
     
238. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
     
239. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
     
240. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]
     
241. 
     
242. ==================================
     
243. Winsock 提供者
     
244. N/A
     
245. 
     
246. ==================================
     
247. Autorun.inf
     
248. N/A
     
249. 
     
250. ==================================
     
251. HOSTS 文件
     
252. 127.0.0.1       localhost
     
253. 
     
254. ==================================
     
255. 进程特权扫描
     
256. 特殊特权被允许： SeDebugPrivilege [PID = 672, D:\工具\MEMORYSAVIOUR\MEMORYSAVIOUR.EXE]
     
257. 特殊特权被允许： SeLoadDriverPrivilege [PID = 672, D:\工具\MEMORYSAVIOUR\MEMORYSAVIOUR.EXE]
     
258. 
     
259. ==================================
     
260. API HOOK
     
261. RVA  错误： LoadLibraryA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
     
262. RVA  错误： LoadLibraryExA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
     
263. RVA  错误： LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
     
264. RVA  错误： LoadLibraryW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
     
265. RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
     
266. 
     
267. ==================================
     
268. 隐藏进程
     
269. N/A
     
270. 
     
271. ==================================

复制代码

zhaonimm

注意该项[Userinit]修改：把<C:\WINDOWS\system32\Userinit.exe>修改为<C:\WINDOWS\system32\userinit.exe,>逗号不可省略
报告中唯一可能的问题！！！
你说说  多了那两个进程呢?

Giggs

没问题

景圣临

我记得原来SVCHOST是4个。

景圣临

谢谢。

zhaonimm

4个SVCHOST是正常的 你要是优化系统做得好的话 可能到2个或者3个的 没问题！！！

景圣临

现在是5个，，，

不过貌似没什么问题。

以前都4个，

景圣临

昨天用AVG查出的毒，卡7挂，今天又出现了