查看: 2067|回复: 4
收起左侧

高手帮忙,我中招了,木马泛滥

[复制链接]
maxpeach
发表于 2007-7-24 12:58:26 | 显示全部楼层 |阅读模式
[CODE]

2007-07-24,12:15:39

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]
    <uTorrent><"C:\Program Files\utorrent\utorrent.exe">  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <!AVG Anti-Spyware><"D:\Program Files\AVG Anti-Spyware\avgas.exe" /minimized>  [(Verified)GRISOFT LTD]
    <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe">  [Kaspersky Lab]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Publisher]
    <DAEMON Tools><"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033>  [(Verified)DAEMON Tools Code Signing Services]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <RavMon><C:\DOCUME~1\uu\LOCALS~1\Temp\RavMonD.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><D:\Program Files\AVG Anti-Spyware\shellexecutehook.dll>  [(Verified)GRISOFT LTD]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]

==================================
启动文件夹
[Adobe Acrobat Speed Launcher]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Acrobat Speed Launcher.lnk --> C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [N/A]><N>
[腾讯QQ]
  <C:\Documents and Settings\uu\「开始」菜单\程序\启动\腾讯QQ.lnk --> C:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  <D:\Program Files\AVG Anti-Spyware\guard.exe><GRISOFT s.r.o.>
[Kaspersky Internet Security 6.0 / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r><Kaspersky Lab>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IDL DicomEx Storage SCP / IDL DicomEx Storage SCP][Running/Auto Start]
  <D:\RSI\IDL63\bin\bin.x86\idl_dicomexstorscp.exe><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"><Macrovision Corporation>
[ION Java Daemon 2.0 / ION Java Daemon 2.0][Stopped/Manual Start]
  <D:\RSI\IDL60\products\ion20\ion_java\bin\ion_srv.exe><N/A>
[ION Java Daemon 6.3 / ION Java Daemon 6.3][Stopped/Manual Start]
  <D:\RSI\IDL63\products\ion63\ion_java\bin\ion_srv.exe><N/A>
[Win32 Debug Service / MSDebugsvc][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe msdebug.dll,input><Microsoft Corporation>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[RSI FLEXlm License Manager / RSI FLEXlm License Manager][Stopped/Manual Start]
  <D:\RSI\FLEXlm\lmgrd.exe><Macrovision Corporation>
[SNMPTrapd Service / SNMPTrapdService][Running/Auto Start]
  <C:\PROGRA~1\NuTCROOT\bin\snmptrapd.exe><DataFocus, Inc.>
[Visual Studio Analyzer RPC bridge / Visual Studio Analyzer RPC bridge][Stopped/Manual Start]
  <C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe><Microsoft Corporation>
[Win32 Display Driver / Win32DDS][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe windds32.dll,input><Microsoft Corporation>
[WMI Performance API / WMIApiSrv][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe WMIApiSrv.dll,input><Microsoft Corporation>
[Wireless Service / WZCSRVC][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>
[MATLAB Server / matlabserver][Stopped/Auto Start]
  <D:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe><N/A>

==================================
驱动程序
[autorun / autorun][Stopped/Manual Start]
  <\??\C:\huadio.tmp><N/A>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  <\??\D:\Program Files\AVG Anti-Spyware\guard.sys><N/A>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
  <system32\drivers\cmuda.sys><C-Media Inc>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
  <system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[NTSIM / NTSIM][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\ntsim.sys><VIA Networking Technologies, Inc.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Padus ASPI Shell / pfc][Running/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Sentinel / Sentinel][Running/Auto Start]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><>
[SetupNT / SetupNT][Running/Auto Start]
  <\SystemRoot\system32\SetupNT.sys><N/A>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[viamraid / viamraid][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[E-VIEW PC CAMERA (ZS0211) / ZSMC211][Stopped/Manual Start]
  <System32\Drivers\ZS211.sys><ZSMC Corporation>
[dtscsi / dtscsi][Running/Manual Start]
  <\SystemRoot\System32\Drivers\dtscsi.sys><N/A>

==================================
浏览器加载项
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484f-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[FlashGet GetFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[Web Anti-Virus statistics]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[快车]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\Program Files\FlashGet\FlashGet.exe, FlashGet.com>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[WebThunder Class]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Vod Class]
  {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <C:\Program Files\Thunder Network\WebThunder\DownAndPlay\DapPlayer1.1.0.46.dll, XunLei>
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484F-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\system\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[FlashGet GetFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[FGAutoLive]
  {F90D830D-C175-4bbe-82C7-FF94669A4C42} <C:\Program Files\FlashGet\fgupdate.dll, www.flashget.com>
[FGCatchUrl]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[&使用快车(FlashGet)下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[Convert link target to Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert link target to existing PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert selected links to Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[Convert selected links to existing PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[Convert selection to Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert selection to existing PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert to Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert to existing PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[使用Web迅雷下载]
  <C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[添加到反横幅广告]
  <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm, N/A>
maxpeach
 楼主| 发表于 2007-7-24 12:59:17 | 显示全部楼层

高手帮忙,我中招了,木马泛滥

==================================
正在运行的进程
[PID: 668 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 740 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 764 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 808 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 820 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 984 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1052 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1148 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[PID: 1200 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1320 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1640 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\AdobePDF.dll]  [Adobe Systems Incorporated., 7.0.0.00]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Adobe\Acrobat 7.0\Distillr\adistres.dll]  [Adobe Systems Incorporated., 7.0.0.2004121400]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
[PID: 1780 / uu][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1788 / uu][C:\Program Files\MSN Messenger\MsnMsgr.Exe]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\MSNCore.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\msidcrl40.dll]  [Microsoft Corporation, 4.100.313.1]
    [C:\Program Files\MSN Messenger\ContactsUX.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\msgsres.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\MSGSWCAM.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\system32\sirenacm.dll]  [Microsoft Corp., 8.1.0178.00]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\Program Files\MSN Messenger\lmcdata.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\Program Files\MSN Messenger\dfsr.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\abssm.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\usnsvcps.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\custsat.dll]  [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\FlashGet\fgmgr.dll]  [www.flashget.com, 1, 8, 4, 1007]
    [C:\WINDOWS\system32\IMSC40A.IME]  [Microsoft Corporation, 6.0.0.2527]
    [C:\Program Files\MSN Messenger\contact.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll]  [Microsoft Corporation, 8.1.0178.00]
[PID: 476 / SYSTEM][D:\RSI\IDL63\bin\bin.x86\idl_dicomexstorscp.exe]  [N/A, ]
    [D:\RSI\IDL63\bin\bin.x86\MC3ADV.dll]  [Merge eFilm 1126 S. 70th Street Milwaukee, WI  53214-3151  (414)977-4000, 3.4.0 IB8]
    [D:\RSI\IDL63\bin\bin.x86\PICN20.dll]  [Pegasus Imaging Corp., 1.0.0.92]
    [D:\RSI\IDL63\bin\bin.x86\idl.dll]  [Research Systems, Inc., 6.3]
    [D:\RSI\IDL63\bin\bin.x86\UG3220.dll]  [, 2.0]
    [D:\RSI\IDL63\bin\bin.x86\MesaGLU6_2.dll]  [N/A, ]
    [D:\RSI\IDL63\bin\bin.x86\MSVCR70.dll]  [Microsoft Corporation, 7.00.9466.0]
    [D:\RSI\IDL63\bin\bin.x86\MesaGL6_2.dll]  [N/A, ]
    [D:\RSI\IDL63\bin\bin.x86\osmesa6_2.dll]  [N/A, ]
    [D:\RSI\IDL63\bin\bin.x86\freetype2_1_3.dll]  [N/A, ]
    [D:\RSI\IDL63\bin\bin.x86\xerces-c_2_6_0.dll]  [Apache Software Foundation, 2, 6, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mdiui.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mdigraph.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\Program Files\FlashGet\debugrpt.dll]  [flashget, 1, 0, 0, 1006]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\Program Files\FlashGet\fgmgr.dll]  [www.flashget.com, 1, 8, 4, 1007]
    [C:\Program Files\FlashGet\fgupdate.dll]  [www.flashget.com, 1, 8, 1, 1003]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1488 / uu][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\FlashGet\fgmgr.dll]  [www.flashget.com, 1, 8, 4, 1007]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll]  [Adobe Systems Inc., 7.0.0.2004121400\0]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Adobe\Acrobat 7.0\Distillr\ADIST32.dll]  [Adobe Systems Incorporated., 7.0.0.0]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [D:\Program Files\AVG Anti-Spyware\shellexecutehook.dll]  [GRISOFT s.r.o., 7, 5, 1, 36]
    [C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 10]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\UltraEdit\ue32ctmn.dll]  [, 1.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll]  [Kaspersky Lab, 6.0.2.621]
    [D:\Program Files\AVG Anti-Spyware\context.dll]  [GRISOFT s.r.o., 7, 5, 1, 36]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.2.621]
[PID: 568 / uu][D:\Program Files\MATLAB71\bin\win32\MATLAB.exe]  [The MathWorks Inc., 7.1.0.144]
    [D:\Program Files\MATLAB71\bin\win32\libmat.dll]  [The MathWorks Inc., 7.1.0.144]
    [D:\Program Files\MATLAB71\bin\win32\libmx.dll]  [The MathWorks Inc., 7.1.0.144]
    [D:\Program Files\MATLAB71\bin\win32\icuuc32.dll]  [IBM Corporation and others, 3, 2, 0, 0]
    [D:\Program Files\MATLAB71\bin\win32\icudt32.dll]  [N/A, ]
    [D:\Program Files\MATLAB71\bin\win32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\MATLAB71\bin\win32\libz.dll]  [N/A, ]
    [D:\Program Files\MATLAB71\bin\win32\libut.dll]  [The MathWorks Inc., 7.1.0.144]
    [D:\Program Files\MATLAB71\bin\win32\icuin32.dll]  [IBM Corporation and others, 3, 2, 0, 0]
    [D:\Program Files\MATLAB71\bin\win32\icuio32.dll]  [IBM Corporation and others, 3, 2, 0, 0]
    [D:\Program Files\MATLAB71\bin\win32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\MATLAB71\bin\win32\libmwservices.dll]  [The MathWorks Inc., 7.1.0.144]
    [D:\Program Files\MATLAB71\bin\win32\mpath.dll]  [The MathWorks Inc., 7.1.0.144]
    [D:\Program Files\MATLAB71\bin\win32\libmex.dll]  [The MathWorks Inc., 7.1.0.144]
    [D:\Program Files\MATLAB71\bin\win32\mvalue.dll]  [N/A, ]
    [D:\Program Files\MATLAB71\bin\win32\m_dispatcher.dll]  [N/A, ]
    [D:\Program Files\MATLAB71\bin\win32\xerces-c_2_6.dll]  [Apache Software Foundation, 2, 6, 0]
    [D:\Program Files\MATLAB71\bin\win32\datasvcs.dll]  [N/A, ]
    [D:\Program Files\MATLAB71\bin\win32\mcr.dll]  [N/A, ]
    [D:\Program Files\MATLAB71\bin\win32\m_interpreter.dll]  [The MathWorks Inc., 7.1.0.144]
    [D:\Program Files\MATLAB71\bin\win32\mcos.dll]  [N/A, ]
    [D:\Program Files\MATLAB71\bin\win32\mlib.dll]  [N/A, ]
    [D:\Program Files\MATLAB71\bin\win32\m_parser.dll]  [The MathWorks Inc., 7.1.0.144]
    [D:\Program Files\MATLAB71\bin\win32\ir_xfmr.dll]  [N/A, ]
    [D:\Program Files\MATLAB71\bin\win32\m_ir.dll]  [The MathWorks Inc., 7.1.0.144]
    [D:\Program Files\MATLAB71\bin\win32\m_pcodegen.dll]  [The MathWorks Inc., 7.1.0.144]
    [D:\Program Files\MATLAB71\bin\win32\m_pcodeio.dll]  [The MathWorks Inc., 7.1.0.144]
    [D:\Program Files\MATLAB71\bin\win32\udd_mi.dll]  [The MathWorks Inc., 7.1.0.144]
    [D:\Program Files\MATLAB71\bin\win32\udd.dll]  [The MathWorks Inc., 7.1.0.144]
    [D:\Program Files\MATLAB71\bin\win32\jmi.dll]  [The MathWorks Inc., 7.1.0.144]
    [D:\Program Files\MATLAB71\bin\win32\bridge.dll]  [N/A, ]
    [D:\Program Files\MATLAB71\bin\win32\libmwgui.dll]  [The MathWorks Inc., 7.1.0.144]
    [D:\Program Files\MATLAB71\bin\win32\mwoles05.dll]  [N/A, ]
    [D:\Program Files\MATLAB71\bin\win32\comcli.dll]  [N/A, ]
    [D:\Program Files\MATLAB71\bin\win32\uiw.dll]  [The MathWorks Inc., 7.1.0.144]
    [D:\Program Files\MATLAB71\bin\win32\libuij.dll]  [N/A, ]
    [D:\Program Files\MATLAB71\bin\win32\libmwhardcopy.dll]  [The MathWorks Inc., 7.1.0.144]
    [D:\Program Files\MATLAB71\bin\win32\uinone.dll]  [N/A, ]
    [D:\Program Files\MATLAB71\bin\win32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\MATLAB71\bin\win32\ATL71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\MATLAB71\bin\win32\mlautoregister.dll]  [N/A, ]
    [D:\Program Files\MATLAB71\bin\win32\hg.dll]  [The MathWorks Inc., 7.1.0.144]
    [D:\Program Files\MATLAB71\bin\win32\numerics.dll]  [The MathWorks Inc., 7.1.0.144]
    [D:\Program Files\MATLAB71\bin\win32\libmwamd.dll]  [N/A, ]
    [D:\Program Files\MATLAB71\bin\win32\libfftw3.dll]  [N/A, ]
    [D:\Program Files\MATLAB71\bin\win32\libfftw3f.dll]  [N/A, ]
    [D:\Program Files\MATLAB71\bin\win32\libmwlapack.dll]  [N/A, ]
    [D:\Program Files\MATLAB71\bin\win32\libmwumfpackv4.3.dll]  [N/A, ]
    [D:\Program Files\MATLAB71\bin\win32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\MATLAB71\bin\win32\atlas_Athlon.dll]  [N/A, ]
    [D:\Program Files\MATLAB71\bin\win32\lapack.dll]  [N/A, ]
    [D:\Program Files\MATLAB71\bin\win32\DFORMD.DLL]  [Compaq Computer Corporation, 6.6 - 893 (Update A)]
    [C:\Program Files\FlashGet\fgmgr.dll]  [www.flashget.com, 1, 8, 4, 1007]
    [D:\Program Files\MATLAB71\sys\java\jre\win32\jre1.5.0\bin\client\jvm.dll]  [Sun Microsystems, Inc., 1.5.0.0]
    [D:\Program Files\MATLAB71\sys\java\jre\win32\jre1.5.0\bin\hpi.dll]  [Sun Microsystems, Inc., 1.5.0.0]
    [D:\Program Files\MATLAB71\sys\java\jre\win32\jre1.5.0\bin\verify.dll]  [Sun Microsystems, Inc., 1.5.0.0]
    [D:\Program Files\MATLAB71\sys\java\jre\win32\jre1.5.0\bin\java.dll]  [Sun Microsystems, Inc., 1.5.0.0]
    [D:\Program Files\MATLAB71\sys\java\jre\win32\jre1.5.0\bin\zip.dll]  [Sun Microsystems, Inc., 1.5.0.0]
    [D:\Program Files\MATLAB71\bin\win32\jmi_mi.dll]  [N/A, ]
    [D:\Program Files\MATLAB71\sys\java\jre\win32\jre1.5.0\bin\awt.dll]  [Sun Microsystems, Inc., 1.5.0.0]
    [D:\Program Files\MATLAB71\bin\win32\nativejava.dll]  [N/A, ]
    [D:\Program Files\MATLAB71\sys\java\jre\win32\jre1.5.0\bin\fontmanager.dll]  [Sun Microsystems, Inc., 1.5.0.0]
    [D:\Program Files\MATLAB71\sys\java\jre\win32\jre1.5.0\bin\net.dll]  [Sun Microsystems, Inc., 1.5.0.0]
    [D:\Program Files\MATLAB71\sys\java\jre\win32\jre1.5.0\bin\nio.dll]  [Sun Microsystems, Inc., 1.5.0.0]
    [D:\Program Files\MATLAB71\bin\win32\nativeservices.dll]  [N/A, ]
    [D:\Program Files\MATLAB71\bin\win32\nativelex.dll]  [N/A, ]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mdiui.dll]  [Microsoft Corporation, 11.3.1897.0]
    [D:\Program Files\MATLAB71\bin\win32\libmwbuiltins.dll]  [The MathWorks Inc., 7.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
[PID: 524 / uu][C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE]  [Microsoft Corporation, 11.0.6361]
    [C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll]  [Microsoft Corporation, 11.0.6360]
    [C:\Program Files\Microsoft Office\OFFICE11\2052\ppintl.dll]  [Microsoft Corporation, 11.0.6355]
    [C:\Program Files\FlashGet\fgmgr.dll]  [www.flashget.com, 1, 8, 4, 1007]
    [C:\Program Files\Microsoft Office\OFFICE11\GdiPlus.DLL]  [Microsoft Corporation, 6.0.3264.0]
    [C:\PROGRA~1\MICROS~3\OFFICE11\ADDINS\SYMINPUT.DLL]  [Microsoft Corporation, 1.02]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
    [C:\Program Files\Common Files\Microsoft Shared\office11\riched20.dll]  [Microsoft Corporation, 5.50.99.2009]
    [C:\Program Files\Adobe\Acrobat 7.0\PDFMaker\Office\PDFMOfficeAddin.dll]  [Adobe Systems Incorporated, 7, 0, 0, 0]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Adobe\Acrobat 7.0\Distillr\adist32.dll]  [Adobe Systems Incorporated., 7.0.0.0]
    [C:\Program Files\Adobe\Acrobat 7.0\PDFMaker\Common\AdobePDFMakerX.dll]  [, ]
    [C:\Program Files\Common Files\Microsoft Shared\PROOF\2052\MSGR3SC.DLL]  [Microsoft Corporation, 3.0.1707.0]
    [C:\WINDOWS\system32\IMSC40A.IME]  [Microsoft Corporation, 6.0.0.2527]
    [C:\Program Files\Microsoft Office\OFFICE11\msostyle.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 1668 / uu][D:\Program Files\MyIEGB\MyIE.exe]  [MoreQuick, 1, 0, 0, 0]
    [C:\Program Files\FlashGet\fgmgr.dll]  [www.flashget.com, 1, 8, 4, 1007]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3864 / uu][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\Program Files\FlashGet\fgmgr.dll]  [www.flashget.com, 1, 8, 4, 1007]
    [C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll]  [Microsoft Corporation, 8.1.0178.00]
[PID: 2220 / uu][C:\DOCUME~1\uu\LOCALS~1\Temp\Rar$EX00.824\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\Program Files\FlashGet\fgmgr.dll]  [www.flashget.com, 1, 8, 4, 1007]
    [C:\DOCUME~1\uu\LOCALS~1\Temp\Rar$EX00.824\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.2.621]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
NuTCRACKER Unix domain sockets (STREAM)
    C:\WINDOWS\system32\nutafun4.dll(DataFocus, Inc., NuTCRACKER AF_UNIX WinSock2 provider)
NuTCRACKER Unix domain sockets (DGRAM)
    C:\WINDOWS\system32\nutafun4.dll(DataFocus, Inc., NuTCRACKER AF_UNIX WinSock2 provider)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost
127.0.0.1       www.88889999.info
127.0.0.1       xz.88889999.info

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 616, C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 568, D:\PROGRAM FILES\MATLAB71\BIN\WIN32\MATLAB.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1668, D:\PROGRAM FILES\MYIEGB\MYIE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3864, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1700, C:\PROGRAM FILES\ULTRAEDIT\UEDIT32.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3488, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]

==================================
API HOOK
RVA  错误: LoadLibraryA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误: LoadLibraryExA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误: LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误: LoadLibraryW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误: GetProcAddress (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)

==================================
隐藏进程
N/A

==================================


[/CODE]
maxpeach
 楼主| 发表于 2007-7-24 13:01:01 | 显示全部楼层

我哭了,卡巴每次都能扫出846个木马来!

[:12:] [:12:] [:12:] [:12:] [:12:]
高手一定要救救我啊!
卡江东N
发表于 2007-7-24 17:54:34 | 显示全部楼层
重复发帖.
卡江东N
发表于 2007-7-24 17:57:03 | 显示全部楼层
LZ安的是卡巴和COMODO防火墙.不会中的太多吧?
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-24 00:08 , Processed in 0.146311 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表