中招了,请帮我看看日志
一开机,就出现一个提示框说有2000多个文件被感染,然后卡巴就一个一个的提示,也不能下载东西。
下面是日志,先谢了!:
2008-08-02,23:34:03
System Repair Engineer 2.6.12.1018
Smallfrogs ([url]http://www.KZTechs.com[/url])
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<Super Rabbit Desktop Search><; C:\Program Files\Super Rabbit\MagicSet\SRSearch.exe> []
<BitComet><; "E:\PCI_InstallShield_5641_0406\Program Files\BitComet\BitComet.exe" /tray> [(Verified)Comet Network Technology Co Ltd.]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><C:\WINDOWS\system32\Administrator.vbs> []
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SoundMan><; SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<nwiz><; nwiz.exe /install> []
<powerword 2007><; "d:\Program Files\Kingsoft\Powerword 2007\xdict.exe" -s -nosplash> [Kingsoft Co, Ltd.]
<switch><; c:\windows\system32\壁纸自动换.exe> []
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]
<NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"> [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
==================================
启动文件夹
N/A
==================================
服务
[Kaspersky Anti-Virus 7.0 / AVP][Running/Auto Start]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r><Kaspersky Lab>
[Cmb WebProtect Support / CMBWPS][Running/Auto Start]
<C:\Program Files\CMBCHINA\WebProtect\WPService.exe /start><China Merchants Bank>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[MATLAB Server / matlabserver][Running/Auto Start]
<E:\matlab\webserver\bin\win32\matlabserver.exe><N/A>
[Messengesr / Messengesr][Stopped/Auto Start]
<C:\Program Files\Common Files\Microsoft Shared\MSINFO\Messenger.exe><(File is missing)>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
<System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[CmdIde / CmdIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
<system32\DRIVERS\klim5.sys><Kaspersky Lab>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\QQ2006\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PCAMPR5 NDIS Protocol Driver / PCAMPR5][Running/Manual Start]
<\??\C:\WINDOWS\system32\PCAMPR5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Running/Manual Start]
<\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaidexp.sys><VIA Technologies, Inc.>
==================================
浏览器加载项
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <E:\PCI_InstallShield_5641_0406\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll, (Signed) BitComet>
[WebProtect]
{53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} <C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll, (Signed) China Merchants Bank>
[Web 反病毒统计]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll, (Signed) Kaspersky Lab>
[BitComet Button]
{461CC20B-FB6E-4f16-8FE8-C29359DB100E} <E:\PCI_InstallShield_5641_0406\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll, (Signed) BitComet>
[PPLive]
{95B3F550-91C4-4627-BCC4-521288C52977} <D:\Program Files\PPLive\PPLive.exe, (Signed) N/A>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, (Signed) Adobe Systems, Inc.>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <, >
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, (Signed) N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation>
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <E:\PCI_InstallShield_5641_0406\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll, (Signed) BitComet>
[]
{461CC20B-FB6E-4F16-8FE8-C29359DB100E} <, >
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[WebProtect]
{53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} <C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll, (Signed) China Merchants Bank>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[]
{7260569F-1D40-4E7F-B95B-2E68D35668B9} <, >
[VdCom Control]
{82B2D190-415D-4590-AEF3-6BB4E810A5A0} <E:\PROGRA~1\ViDown\VdCom.ocx, ViDown>
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\工具软件\杀毒\360safe\live.dll, 360safe.com>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[]
{95B3F550-91C4-4627-BCC4-521288C52977} <, >
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
[]
{C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <, >
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, (Signed) Adobe Systems, Inc.>
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[]
{EC0978ED-24E3-403C-AB7A-060E388553E6} <, >
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[&使用BitComet下载]
<res://E:\PCI_InstallShield_5641_0406\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
<res://E:\PCI_InstallShield_5641_0406\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
<res://E:\PCI_InstallShield_5641_0406\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A>
[使用迅雷下载]
<C:\Program Files\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
<C:\Program Files\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<E:\qq\AddEmotion.htm, N/A>
[用flvcd下载本页的视频]
<C:\Program Files\flvcd\flvcd_link.htm, N/A>
[用维棠下载视频]
<E:\Program Files\ViDown\vd_link.htm, N/A>
==================================
正在运行的进程
[PID: 752 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 824 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 848 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 7.0.0.125]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 892 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 904 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125]
[PID: 1068 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1140 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125]
[PID: 1256 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1348 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125]
[PID: 1408 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125]
[PID: 1688 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.0.125]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.8198]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.8198]
[C:\WINDOWS\system32\nvshell.dll] [, ]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll] [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.42]
[PID: 1756 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125]
[PID: 1932 / Administrator][C:\WINDOWS\System32\WScript.exe] [Microsoft Corporation, 5.6.0.8820]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\klscav.dll] [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42]
[PID: 1940 / Administrator][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3760]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125]
[PID: 1984 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 240 / SYSTEM][C:\Program Files\CMBCHINA\WebProtect\WPService.exe] [China Merchants Bank, 1, 0, 0, 1]
[C:\Program Files\CMBCHINA\WebProtect\WebProtectPlus.dll] [China Merchants Bank, 1, 0, 0, 1]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125]
[PID: 316 / SYSTEM][E:\matlab\webserver\bin\win32\matlabserver.exe] [N/A, ]
[e:\matlab\bin\win32\libeng.dll] [The MathWorks Inc., 6.5.1.196418a]
[e:\matlab\bin\win32\libut.dll] [The MathWorks Inc., 6.5.1.197397]
[e:\matlab\bin\win32\libmx.dll] [The MathWorks Inc., 6.5.1.196462]
[e:\matlab\bin\win32\mwoles05.dll] [N/A, ]
[e:\matlab\bin\win32\libmex.dll] [The MathWorks Inc., 6.5.1.196462]
[e:\matlab\bin\win32\libmwservices.dll] [The MathWorks Inc., 6.5.1.199709]
[e:\matlab\bin\win32\mpath.dll] [The MathWorks Inc., 6.5.1.196462]
[e:\matlab\bin\win32\m_interpreter.dll] [The MathWorks Inc., 6.5.1.199926]
[e:\matlab\bin\win32\libmat.dll] [The MathWorks Inc., 6.5.1.196462]
[e:\matlab\bin\win32\mlib.dll] [N/A, ]
[e:\matlab\bin\win32\m_pcodeio.dll] [The MathWorks Inc., 6.5.1.196462]
[e:\matlab\bin\win32\m_ir.dll] [The MathWorks Inc., 6.5.1.197812]
[e:\matlab\bin\win32\m_parser.dll] [The MathWorks Inc., 6.5.1.196462]
[e:\matlab\bin\win32\m_pcodegen.dll] [The MathWorks Inc., 6.5.1.196462]
[e:\matlab\bin\win32\m_dispatcher.dll] [The MathWorks Inc., 6.5.1.196462]
[e:\matlab\bin\win32\hg.dll] [The MathWorks Inc., 6.5.1.198064a]
[e:\matlab\bin\win32\numerics.dll] [The MathWorks Inc., 6.5.1.199294]
[e:\matlab\bin\win32\libmwlapack.dll] [N/A, ]
[e:\matlab\bin\win32\libmwfftw.dll] [N/A, ]
[e:\matlab\bin\win32\libmwumfpack.dll] [N/A, ]
[e:\matlab\bin\win32\udd.dll] [The MathWorks Inc., 6.5.1.196462]
[e:\matlab\bin\win32\uiw.dll] [The MathWorks Inc., 6.5.1.199926]
[e:\matlab\bin\win32\matlab.exe] [The MathWorks Inc., 6.0.0.196462]
[e:\matlab\bin\win32\dastudio.dll] [N/A, ]
[e:\matlab\bin\win32\glee.dll] [N/A, ]
[e:\matlab\bin\win32\jmi.dll] [The MathWorks Inc., 6.5.1.196462]
[e:\matlab\bin\win32\simulink.dll] [The MathWorks Inc., 5.1.0.200181]
[e:\matlab\bin\win32\libmwbuiltins.dll] [The MathWorks Inc., 6.5.1.196462]
[e:\matlab\bin\win32\cg_ir.dll] [The MathWorks Inc., 1.0.0.0]
[e:\matlab\bin\win32\libfixedpoint.dll] [N/A, ]
[e:\matlab\bin\win32\hardcopy.dll] [The MathWorks Inc., 6.5.1.199926]
[e:\matlab\bin\win32\gui.dll] [The MathWorks Inc., 6.5.1.199926]
[e:\matlab\bin\win32\sl_solver.dll] [N/A, ]
[e:\matlab\bin\win32\MFC42.DLL] [Microsoft Corporation, 6.00.8267.0]
[e:\matlab\bin\win32\udd_mi.dll] [The MathWorks Inc., 6.5.1.196462]
[e:\matlab\bin\win32\comcli.dll] [N/A, ]
[e:\matlab\bin\win32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[e:\matlab\bin\win32\mclcom.dll] [N/A, ]
[e:\matlab\bin\win32\atlas_Athlon.dll] [N/A, ]
[e:\matlab\bin\win32\lapack.dll] [N/A, ]
[e:\matlab\bin\win32\DFORRT.dll] [Digital Equipment Corporation, 6.0 - 575]
[PID: 356 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.8198]
[PID: 392 / SYSTEM][e:\matlab\bin\win32\matlab.exe] [The MathWorks Inc., 6.0.0.196462]
[e:\matlab\bin\win32\mwoles05.dll] [N/A, ]
[e:\matlab\bin\win32\libut.dll] [The MathWorks Inc., 6.5.1.197397]
[e:\matlab\bin\win32\libmx.dll] [The MathWorks Inc., 6.5.1.196462]
[e:\matlab\bin\win32\libmex.dll] [The MathWorks Inc., 6.5.1.196462]
[e:\matlab\bin\win32\libmwservices.dll] [The MathWorks Inc., 6.5.1.199709]
[e:\matlab\bin\win32\mpath.dll] [The MathWorks Inc., 6.5.1.196462]
[e:\matlab\bin\win32\m_interpreter.dll] [The MathWorks Inc., 6.5.1.199926]
[e:\matlab\bin\win32\libmat.dll] [The MathWorks Inc., 6.5.1.196462]
[e:\matlab\bin\win32\mlib.dll] [N/A, ]
[e:\matlab\bin\win32\m_pcodeio.dll] [The MathWorks Inc., 6.5.1.196462]
[e:\matlab\bin\win32\m_ir.dll] [The MathWorks Inc., 6.5.1.197812]
[e:\matlab\bin\win32\m_parser.dll] [The MathWorks Inc., 6.5.1.196462]
[e:\matlab\bin\win32\m_pcodegen.dll] [The MathWorks Inc., 6.5.1.196462]
[e:\matlab\bin\win32\m_dispatcher.dll] [The MathWorks Inc., 6.5.1.196462]
[e:\matlab\bin\win32\hg.dll] [The MathWorks Inc., 6.5.1.198064a]
[e:\matlab\bin\win32\numerics.dll] [The MathWorks Inc., 6.5.1.199294]
[e:\matlab\bin\win32\libmwlapack.dll] [N/A, ]
[e:\matlab\bin\win32\libmwfftw.dll] [N/A, ]
[e:\matlab\bin\win32\libmwumfpack.dll] [N/A, ]
[e:\matlab\bin\win32\udd.dll] [The MathWorks Inc., 6.5.1.196462]
[e:\matlab\bin\win32\uiw.dll] [The MathWorks Inc., 6.5.1.199926]
[e:\matlab\bin\win32\gui.dll] [The MathWorks Inc., 6.5.1.199926]
[e:\matlab\bin\win32\simulink.dll] [The MathWorks Inc., 5.1.0.200181]
[e:\matlab\bin\win32\libmwbuiltins.dll] [The MathWorks Inc., 6.5.1.196462]
[e:\matlab\bin\win32\cg_ir.dll] [The MathWorks Inc., 1.0.0.0]
[e:\matlab\bin\win32\libfixedpoint.dll] [N/A, ]
[e:\matlab\bin\win32\glee.dll] [N/A, ]
[e:\matlab\bin\win32\jmi.dll] [The MathWorks Inc., 6.5.1.196462]
[e:\matlab\bin\win32\dastudio.dll] [N/A, ]
[e:\matlab\bin\win32\hardcopy.dll] [The MathWorks Inc., 6.5.1.199926]
[e:\matlab\bin\win32\sl_solver.dll] [N/A, ]
[e:\matlab\bin\win32\MFC42.DLL] [Microsoft Corporation, 6.00.8267.0]
[e:\matlab\bin\win32\mclcom.dll] [N/A, ]
[e:\matlab\bin\win32\udd_mi.dll] [The MathWorks Inc., 6.5.1.196462]
[e:\matlab\bin\win32\comcli.dll] [N/A, ]
[e:\matlab\bin\win32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[e:\matlab\bin\win32\atlas_Athlon.dll] [N/A, ]
[e:\matlab\bin\win32\lapack.dll] [N/A, ]
[e:\matlab\bin\win32\DFORRT.dll] [Digital Equipment Corporation, 6.0 - 575]
[e:\matlab\sys\java\jre\win32\jre\bin\hotspot\jvm.dll] [N/A, ]
[e:\matlab\sys\java\jre\win32\jre\bin\hpi.dll] [N/A, ]
[e:\matlab\sys\java\jre\win32\jre\bin\verify.dll] [N/A, ]
[e:\matlab\sys\java\jre\win32\jre\bin\java.dll] [N/A, ]
[e:\matlab\sys\java\jre\win32\jre\bin\zip.dll] [N/A, ]
[E:\matlab\sys\java\jre\win32\jre\bin\awt.dll] [N/A, ]
[E:\matlab\sys\java\jre\win32\jre\bin\fontmanager.dll] [N/A, ]
[C:\WINDOWS\system32\nvoglnt.dll] [NVIDIA Corporation, 6.14.10.8198]
[E:\matlab\bin\win32\nativejava.dll] [N/A, ]
[e:\matlab\bin\win32\glren.dll] [The MathWorks Inc., 6.0.0.198064a]
[PID: 420 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 496 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 624 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3728 / Administrator][C:\Program Files\Huawei-3Com\H3C 802.1X 客户端\Dot1XClient.exe] [N/A, ]
[C:\WINDOWS\system32\W32N50.dll] [Printing Communications Assoc., Inc. (PCAUSA), 5.03.16.56]
[PID: 596 / Administrator][E:\qq\QQ.exe] [TENCENT, 8,0,777,1805]
[E:\qq\QQBaseClassInDll.dll] [TENCENT, 8,0,777,1805]
[E:\qq\QQHelperDll.dll] [TENCENT, 8,0,777,1805]
[E:\qq\BasicCtrlDll.dll] [TENCENT, 8,0,777,1805]
[E:\qq\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[E:\qq\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1]
[E:\qq\RICHED20.dll] [Microsoft Corporation, 5.31.23.1218]
[E:\qq\QQAPI.dll] [TENCENT, 8,0,777,1805]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125]
[E:\qq\LoginCtrl.dll] [TENCENT, 8,0,777,1805]
[E:\qq\LoginCtrlRes.dll] [TENCENT, 8,0,777,1805]
[E:\qq\QQRes.dll] [TENCENT, 8,0,776,1805]
[E:\qq\QQMainFrame.dll] [N/A, ]
[E:\qq\gdiplus.dll] [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\qq\UnReadMsgMgr.dll] [N/A, ]
[E:\qq\CQQApplication.dll] [N/A, ]
[E:\qq\QQPlugin.dll] [N/A, ]
[E:\qq\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[E:\qq\NewSkin.dll] [TENCENT, 8,0,777,1805]
[E:\qq\MailSummary.dll] [TENCENT, 8,0,777,1805]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125]
[E:\qq\QQSpace.dll] [TENCENT, 8,0,777,1805]
[E:\qq\vbscript.dll] [Microsoft Corporation, 5.6.0.7426]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[E:\qq\QQKnowledgeSearch.dll] [TENCENT, 8,0,777,1805]
[E:\qq\OEMApplication.dll] [TENCENT, 8,0,777,1805]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.0.125]
[E:\qq\QQGroupMng.dll] [TENCENT, 8,0,777,1805]
[E:\qq\QQAllInOne.dll] [TENCENT, 8,0,777,1805]
[E:\qq\SCCore.dll] [TENCENT, 1, 6, 0, 2]
[E:\qq\CameraDll.dll] [TENCENT, 8,0,777,1805]
[E:\qq\QQPet.dll] [TENCENT, 8,0,777,1805]
[E:\qq\UserDefinedHead.dll] [TENCENT, 8,0,777,1805]
[E:\qq\QQCustomFace.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\msadp32.acm] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\qq\ImageOle.dll] [TENCENT, 8,0,777,1805]
[E:\qq\QQLiveQMng.dll] [TENCENT, 8,0,777,1805]
[E:\qq\QRingMng.dll] [N/A, ]
[E:\qq\QQMagicFace.dll] [TENCENT, 8,0,777,1805]
[E:\qq\QQSceneMng.dll] [N/A, ]
[E:\qq\QQAvatar.dll] [N/A, ]
[C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx] [Adobe Systems, Inc., 9,0,115,0]
[E:\qq\LongConnection.dll] [TENCENT, 8,0,777,1805]
[E:\qq\QQConfigPlugin.dll] [TENCENT, 8,0,777,1805]
[E:\qq\PhoneAPI.dll] [TENCENT, 8,0,777,1805]
[E:\qq\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[E:\qq\QQSysMsgMng.dll] [N/A, ]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sohu.com Inc., 3, 1, 0, 0]
[d:\Program Files\SogouInput\Plugin\SgImeWord.dll] [, 1, 0, 0, 31]
[d:\Program Files\SogouInput\ZipLib.dll] [N/A, ]
[E:\qq\BQQApplication.dll] [N/A, ]
[E:\qq\CommercesMng.dll] [TENCENT, 8,0,777,1805]
[E:\qq\PersonalDesktop.dll] [TENCENT, 8,0,777,1805]
[E:\qq\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330]
[E:\qq\AddrSearch.dll] [腾讯科技(深圳)有限公司, 2, 2, 1, 15]
[E:\qq\QQFileTransfer.dll] [TENCENT, 8,0,777,1805]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\klscav.dll] [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prremote.dll] [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.42]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prloader.dll] [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prkernel.ppl] [Kaspersky Lab, 7.0.0.125]
[c:\program files\kaspersky lab\kaspersky anti-virus 7.0\params.ppl] [Kaspersky Lab, 7.0.0.125]
[c:\program files\kaspersky lab\kaspersky anti-virus 7.0\pxstub.ppl] [Kaspersky Lab, 7.0.0.125]
[c:\program files\kaspersky lab\kaspersky anti-virus 7.0\tempfile.ppl] [Kaspersky Lab, 7.0.0.125]
[E:\qq\GroupConnection.dll] [TENCENT, 8,0,777,1805]
[PID: 2164 / Administrator][E:\qq\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125]
[PID: 2248 / NETWORK SERVICE][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3344 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.0.125]
[E:\PCI_InstallShield_5641_0406\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll] [BitComet, 20070924]
[C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll] [China Merchants Bank, 1, 0, 0, 1]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\klscav.dll] [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prremote.dll] [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.42]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prloader.dll] [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prkernel.ppl] [Kaspersky Lab, 7.0.0.125]
[c:\program files\kaspersky lab\kaspersky anti-virus 7.0\params.ppl] [Kaspersky Lab, 7.0.0.125]
[c:\program files\kaspersky lab\kaspersky anti-virus 7.0\pxstub.ppl] [Kaspersky Lab, 7.0.0.125]
[c:\program files\kaspersky lab\kaspersky anti-virus 7.0\tempfile.ppl] [Kaspersky Lab, 7.0.0.125]
[c:\program files\kaspersky lab\kaspersky anti-virus 7.0\nfio.ppl] [Kaspersky Lab, 7.0.0.125]
[c:\program files\kaspersky lab\kaspersky anti-virus 7.0\fsdrvplg.ppl] [Kaspersky Lab, 7.0.0.125]
[c:\program files\kaspersky lab\kaspersky anti-virus 7.0\basegui.ppl] [Kaspersky Lab, 7.0.0.125]
[c:\program files\kaspersky lab\kaspersky anti-virus 7.0\thpimpl.ppl] [Kaspersky Lab, 7.0.0.125]
[c:\program files\kaspersky lab\kaspersky anti-virus 7.0\FSSync.dll] [Kaspersky Lab, 7.0.5.125]
[c:\program files\kaspersky lab\kaspersky anti-virus 7.0\winreg.ppl] [Kaspersky Lab, 7.0.0.125]
[C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx] [Adobe Systems, Inc., 9,0,115,0]
[C:\WINDOWS\system32\xpsp3res.dll] [Microsoft Corporation, 5.1.2600.3268 (WinXP.071206-1251)]
[C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.5510]
[PID: 3136 / Administrator][D:\工具软件\杀毒\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.6.12.1018]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125]
[PID: 3840 / Administrator][D:\工具软件\杀毒\sreng2\SRE9b4eb966.EXE] [Smallfrogs Studio, 2.6.12.1018]
[D:\工具软件\杀毒\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125]
[PID: 660 / Administrator][D:\工具软件\杀毒\sreng2\SRE9b4eb966.EXE] [Smallfrogs Studio, 2.6.12.1018]
[D:\工具软件\杀毒\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125]
==================================
文件关联
.TXT Error. [%SystemRoot%\System32\WScript.exe "C:\WINDOWS\Administrator.vbs" %1 %* ]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG Error. [%SystemRoot%\System32\WScript.exe "C:\WINDOWS\Administrator.vbs" %1 %* ]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. [%SystemRoot%\System32\WScript.exe "C:\WINDOWS\Administrator.vbs" %1 %* ]
.HLP Error. [%SystemRoot%\System32\WScript.exe "C:\WINDOWS\Administrator.vbs" %1 %* ]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
0.0.0.0 182838.com
0.0.0.0 204.177.92.68
0.0.0.0 asiafriendfinder.com
0.0.0.0 asqin123.51.net
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
0.0.0.0 [url]www.jpbeauty.com[/url]
0.0.0.0 beautishow.com
0.0.0.0 goodmovies88.com
0.0.0.0 hothack.home.chinaren.com
0.0.0.0 hualiao.net
0.0.0.0 iplus.allyes.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 asqin123.51.net
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
219.153.32.215 auto.search.msn.com
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 3728, C:\PROGRAM FILES\HUAWEI-3COM\H3C 802.1X 客户端\DOT1XCLIENT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3136, D:\工具软件\杀毒\SRENG2\SRENGLDR.EXE]
==================================
API HOOK
RVA 错误: LoadLibraryA (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 错误: LoadLibraryExA (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 错误: LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 错误: LoadLibraryW (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 错误: GetProcAddress (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
==================================
隐藏进程
N/A
==================================
[[i] 本帖最后由 eaglena 于 2008-8-2 23:43 编辑 [/i]]
