这2个礼拜给这病毒折磨死了,起初不了解,以为格了重装系统就没事了,这也是听我哥哥说地,新装了系统没过多久,
又发现不对劲了,系统的时间又变成了2005年- -|||,卡巴起不了作用,就算手动更改了时间用卡巴查杀,根本查不出毒,
后来才知道auto病毒会全盘感染,还带病毒下载器......这世界上为什么就有些无聊人士喜欢惟恐天下不乱呢,无语~
拜托大家帮我看看,论文和作业到现在还没办法提交,拜托大家帮我看看,谢谢
通过几天的查杀,还是有好多不懂的地方,请大家赐教,病毒是用瑞星在线查出来,
后来我用360的专杀工具killer_autorun.exe清除了,再用瑞星查了边,没查出来...按论坛提示的用SREng查了下,说我进
程有些问题,毕竟我不是特别专研这方面的,根本就看不懂,也不知道怎么修改,所以直接把我的进程SREngLOG.log传
上来,请大家帮我看下,如何修改- 2007-12-06,22:58:08
- System Repair Engineer 2.5.16.900
- Smallfrogs (http://www.KZTechs.com)
- Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
- 以下内容被选中:
- 所有的启动项目(包括注册表、启动文件夹、服务等)
- 浏览器加载项
- 正在运行的进程(包括进程模块信息)
- 文件关联
- Winsock 提供者
- Autorun.inf
- HOSTS 文件
- 进程特权扫描
- 启动项目
- 注册表
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
- <bgswitch><; C:\WINDOWS\system32\bgswitch.exe> []
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"> [(Verified)Kaspersky Lab]
- <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Publisher]
- <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
- <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
- <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
- <nwiz><; nwiz.exe /install> []
- <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
- <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
- <SoundMan><; SOUNDMAN.EXE> [(Verified)Microsoft Windows Publisher]
- <360Safetray><C:\Program Files\360safe\safemon\360Tray.exe /start> [奇虎网]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
- <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
- <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
- <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [(Verified)Kaspersky Lab]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
- <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
- <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
- <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
- <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
- <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
- <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
- <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
- <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
- ==================================
- 启动文件夹
- N/A
- ==================================
- 服务
- [Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
- <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
- [卡巴斯基互联网安全套装 7.0 / AVP][Running/Auto Start]
- <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r><Kaspersky Lab>
- [Contrl Center of Storm Media / ccosm][Running/Auto Start]
- <C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
- [Human Interface Device Access / HidServ][Stopped/Disabled]
- <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
- [NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
- <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
- ==================================
- 驱动程序
- [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
- <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
- [D-Link DFE-528TX PCI Adapter NT Driver / DLKRTL][Running/Manual Start]
- <system32\DRIVERS\DLKRTL.SYS><D-Link Corporation>
- [kl1 / kl1][Running/Boot Start]
- <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
- [klif / klif][Running/System Start]
- <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
- [Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
- <system32\DRIVERS\klim5.sys><Kaspersky Lab>
- [nv / nv][Running/Manual Start]
- <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
- [Padus ASPI Shell / pfc][Running/Manual Start]
- <system32\drivers\pfc.sys><Padus, Inc.>
- [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
- <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
- [WAN Miniport (PPP over Ethernet Protocol) / RMSPPPOE][Running/Manual Start]
- <system32\DRIVERS\RMSPPPOE.SYS><Robert Schlabbach>
- [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
- <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
- [Secdrv / Secdrv][Stopped/Manual Start]
- <system32\DRIVERS\secdrv.sys><N/A>
- ==================================
- 浏览器加载项
- [ThunderAtOnce Class]
- {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, N/A>
- [FGCatchUrl]
- {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch_1.dll, www.flashget.com>
- [SafeMon Class]
- {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
- [FlashGet GetFlash Class]
- {F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com>
- [Web 反病毒统计]
- {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll, Kaspersky Lab>
- [番茄花园]
- {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
- [信息检索(&R)]
- {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
- [快车]
- {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\Program Files\FlashGet\FlashGet.exe, FlashGet.com>
- [Messenger]
- {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
- [CKAVWebScan Object]
- {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
- [Shockwave Flash Object]
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
- [Rising Web Scan Object]
- {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
- [ThunderAtOnce Class]
- {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, N/A>
- [CKAVWebScan Object]
- {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
- [Windows Media Player]
- {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
- [FGCatchUrl]
- {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch_1.dll, www.flashget.com>
- [Thunder Agent Class]
- {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, N/A>
- [Shell Name Space]
- {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
- [CKAVReportCtrl Object]
- {6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
- [XMP Class]
- {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
- [XDRM]
- {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
- [Windows Media Player]
- {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
- [360SafeLive]
- {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360safe.com>
- [RMGetLicense Class]
- {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
- [SearchAssistantOC]
- {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
- [SafeMon Class]
- {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
- [RDS.DataSpace]
- {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
- [Shockwave Flash Object]
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
- [Rising Web Scan Object]
- {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
- [FlashGet GetFlash Class]
- {F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com>
- [XPPlayer Class]
- {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
- [FGAutoLive]
- {F90D830D-C175-4bbe-82C7-FF94669A4C42} <C:\Program Files\FlashGet\fgupdate.dll, www.flashget.com>
- [FGCatchUrl]
- {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <C:\Program Files\FlashGet\jccatch_1.dll, www.flashget.com>
- [&使用BitComet下载]
- <res://E:\BitComet_0.96\BitComet.exe/AddLink.htm, N/A>
- [&使用BitComet下载全部链接]
- <res://E:\BitComet_0.96\BitComet.exe/AddAllLink.htm, N/A>
- [&使用BitComet下载本页视频]
- <res://E:\BitComet_0.96\BitComet.exe/AddVideo.htm, N/A>
- [&使用快车(FlashGet)下载]
- <C:\Program Files\FlashGet\jc_link.htm, N/A>
- [&使用快车(FlashGet)下载全部链接]
- <C:\Program Files\FlashGet\jc_all.htm, N/A>
- [导出到 Microsoft Office Excel(&X)]
- <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
- [添加到反广告条]
- <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm, N/A>
- ==================================
- 正在运行的进程
- [PID: 848 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 908 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 932 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125]
- [C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 7.0.0.125]
- [PID: 976 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 988 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125]
- [PID: 1152 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1224 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125]
- [PID: 1348 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll] [Kaspersky Lab, 7.0.0.125]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125]
- [PID: 1396 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125]
- [PID: 1456 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125]
- [PID: 1780 / kurama][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.0.125]
- [C:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll] [Kaspersky Lab, 7.0.0.125]
- [C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.9371]
- [C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.9371]
- [C:\WINDOWS\system32\nvapi.dll] [N/A, ]
- [C:\WINDOWS\system32\nvshell.dll] [, ]
- [C:\Program Files\WinRAR\rarext.dll] [N/A, ]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll] [Kaspersky Lab, 7.0.0.125]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.42]
- [PID: 1852 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125]
- [C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0]
- [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
- [PID: 236 / kurama][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 340 / SYSTEM][C:\Program Files\StormII\stormliv.exe] [北京暴风网际科技有限公司, 3, 7, 11, 26]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125]
- [PID: 420 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.9371]
- [C:\WINDOWS\system32\nvapi.dll] [N/A, ]
- [PID: 516 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
- [PID: 1296 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 568 / kurama][E:\Downloads\software\查杀病毒工具包\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
- [E:\Downloads\software\查杀病毒工具包\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll] [Kaspersky Lab, 7.0.0.125]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125]
- [PID: 2748 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- ==================================
- 文件关联
- .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .EXE OK. ["%1" %*]
- .COM OK. ["%1" %*]
- .PIF OK. ["%1" %*]
- .REG OK. [regedit.exe "%1"]
- .BAT OK. ["%1" %*]
- .SCR OK. ["%1" /S]
- .CHM OK. ["C:\WINDOWS\hh.exe" %1]
- .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
- .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
- .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
- .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .LNK OK. [{00021401-0000-0000-C000-000000000046}]
- ==================================
- Winsock 提供者
- N/A
- ==================================
- Autorun.inf
- N/A
- ==================================
- HOSTS 文件
- 127.0.0.1 localhost
- 0.0.0.0 www.balldu.com
- ==================================
- 进程特权扫描
- N/A
- ==================================
- API HOOK
- RVA 错误: LoadLibraryA (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
- RVA 错误: LoadLibraryExA (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
- RVA 错误: LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
- RVA 错误: LoadLibraryW (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
- RVA 错误: GetProcAddress (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
- ==================================
- 隐藏进程
- N/A
- ==================================
[ 本帖最后由 贝贝 于 2007-12-11 21:14 编辑 ] |
发表于 2007-12-8 12:13:42
楼主
