主題: 整個系統的語言顯示好像都有被病毒或木馬入侵的跡象
查看單個文章
舊 2009-07-07, 06:36 AM   #13 (permalink)
wulom
註冊會員
榮譽勳章
UID - 325050
在線等級: 級別:10 | 在線時長:145小時 | 升級還需:20小時級別:10 | 在線時長:145小時 | 升級還需:20小時級別:10 | 在線時長:145小時 | 升級還需:20小時級別:10 | 在線時長:145小時 | 升級還需:20小時級別:10 | 在線時長:145小時 | 升級還需:20小時
註冊日期: 2009-05-26
VIP期限: 2010-08
文章: 42
精華: 0
現金: 51 金幣
資產: 53607 金幣
預設
[PID: 1940 / Administrator][C:\Program Files\Common Files\System\QQWbYS.exe] [N/A, ]
[C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163]
[C:\Program Files\Common Files\System\debug.obj] [N/A, ]
[C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ]
[C:\WINDOWS\system32\nl_msgc.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.325]
[PID: 2028 / SYSTEM][C:\Program Files\Kingsoft\KAC\Service\kaccore.exe] [Kingsoft Corporation, 2009,06,05,614]
[C:\Program Files\Kingsoft\KAC\Service\WS2HELP.dll] [N/A, ]
[C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325]
[C:\Program Files\Kingsoft\KAC\Service\errorreport.dll] [Kingsoft Corporation, 2008,07,23,168]
[C:\Program Files\Kingsoft\KAC\Service\dbghelp.dll] [Microsoft Corporation, 6.5.0003.7 (vbl_core_fbrel(jshay).050527-1915)]
[C:\Program Files\Kingsoft\KAC\Service\corehelper.dll] [Kingsoft Corporation, 2009,05,12,579]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ]
[C:\WINDOWS\system32\nl_msgc.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.325]
[PID: 328 / Administrator][C:\WINDOWS\system32\conime.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163]
[C:\WINDOWS\system\SHELLEX.DLL] [N/A, ]
[C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ]
[C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ]
[C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ]
[C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ]
[C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ]
[C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ]
[PID: 764 / Administrator][C:\WINDOWS\Integrator.exe] [Dachshund Software, 1.05.0001]
[C:\WINDOWS\system32\MAGE.DLL] [Dachshund Software, 1.0]
[C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ]
[C:\WINDOWS\system32\VB6CHT.DLL] [Microsoft Corporation, 6.00.8988]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163]
[C:\WINDOWS\system\SHELLEX.DLL] [N/A, ]
[C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ]
[C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ]
[C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ]
[C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ]
[C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ]
[C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ]
[PID: 1232 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325]
[C:\WINDOWS\System32\COMRes.dll] [N/A, ]
[PID: 2600 / Administrator][C:\WINDOWS\system32\notepad.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\WINDOWS\system\SHELLEX.DLL] [N/A, ]
[C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ]
[C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ]
[C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ]
[C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ]
[C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ]
[C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ]
[C:\WINDOWS\system32\ybM7kf9heVHDx.dll] [N/A, ]
[C:\WINDOWS\system32\LIUNT.IME] [Microsoft Corporation, 4.00.950]
[C:\WINDOWS\system32\JAPENESE.IME] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2812 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163]
[C:\WINDOWS\System32\COMRes.dll] [N/A, ]
[C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ]
[C:\WINDOWS\System32\nl_msgc.dll] [N/A, ]
[PID: 3272 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.1.325]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\WINDOWS\system\SHELLEX.DLL] [N/A, ]
[C:\Program Files\Orbitdownloader\orbitcth.dll] [Orbitdownloader.com, 2, 4, 0, 2]
[C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll] [Yahoo! Inc., 2007, 5, 30, 1]
[C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll] [BitComet, 20071130]
[C:\Program Files\Internet Explorer\IETimber\IETimber.dll] [北京世?乾坤?件, V02]
[C:\Documents and Settings\Administrator\Application Data\FlashGetBHO\FlashGetBHO31.dll] [FlashGet, 2, 5, 0, 1037]
[C:\Program Files\Java\jre6\bin\jp2ssv.dll] [Sun Microsystems, Inc., 6.0.130.3]
[C:\Program Files\Java\jre6\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll] [Sun Microsystems, Inc., 6.0.130.3]
[C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ]
[C:\WINDOWS\system32\nl_msgc.dll] [N/A, ]
[C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ]
[C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ]
[C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ]
[C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ]
[C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ]
[C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ]
[C:\WINDOWS\system32\ybM7kf9heVHDx.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.325]
[C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx] [Adobe Systems, Inc., 10,0,22,87]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[PID: 3684 / Administrator][C:\WINDOWS\system32\wuauclt.exe] [(Verified) Microsoft Corporation, 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330)]
[C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\WINDOWS\system\SHELLEX.DLL] [N/A, ]
[C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ]
[C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ]
[C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ]
[C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ]
[C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ]
[C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ]
[C:\WINDOWS\system32\ybM7kf9heVHDx.dll] [N/A, ]
[PID: 2328 / Administrator][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
[C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ]
[C:\Program Files\WinRAR\WS2HELP.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\WINDOWS\system\SHELLEX.DLL] [N/A, ]
[C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ]
[C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ]
[C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ]
[C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ]
[C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ]
[C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ]
[C:\WINDOWS\system32\ybM7kf9heVHDx.dll] [N/A, ]
[C:\WINDOWS\fonts\MqppW9KYn.fon] [N/A, ]
[C:\WINDOWS\system32\EN7hzSreCat8.dll] [N/A, ]
[C:\WINDOWS\system32\qB5BKZy7vR5m.dll] [N/A, ]
[C:\WINDOWS\system32\A0C86020.dll] [N/A, ]
[C:\WINDOWS\system32\dhDhwS7fFW.dll] [N/A, ]
[C:\WINDOWS\system32\122B901E.dll] [N/A, ]
[PID: 2576 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.734\SREngLdr.EXE] [Smallfrogs Studio, 2.7.1.1261]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163]
[PID: 2612 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.734\SRE7c1bddb.EXE] [Smallfrogs Studio, 2.7.1.1261]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163]
[C:\WINDOWS\system\SHELLEX.DLL] [N/A, ]
[C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ]
[C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ]
[C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ]
[C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ]
[C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ]
[C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ]
[C:\WINDOWS\system32\ybM7kf9heVHDx.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.734\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325]
[C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ]
[C:\WINDOWS\system32\nl_msgc.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.325]

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
NL MSAFD Tcpip [TCP/IP]
C:\Program Files\NetLimiter\nl_lsp.dll(, N/A)
NL MSAFD Tcpip [UDP/IP]
C:\Program Files\NetLimiter\nl_lsp.dll(, N/A)
NL MSAFD Tcpip [RAW/IP]
C:\Program Files\NetLimiter\nl_lsp.dll(, N/A)
NL RSVP UDP Service Provider
C:\Program Files\NetLimiter\nl_lsp.dll(, N/A)
NL RSVP TCP Service Provider
C:\Program Files\NetLimiter\nl_lsp.dll(, N/A)
NL MSAFD Tcpip [TCP/IPv6]
C:\Program Files\NetLimiter\nl_lsp.dll(, N/A)
NL MSAFD Tcpip [UDP/IPv6]
C:\Program Files\NetLimiter\nl_lsp.dll(, N/A)
NL MSAFD Tcpip [RAW/IPv6]
C:\Program Files\NetLimiter\nl_lsp.dll(, N/A)
NL LSP
C:\Program Files\NetLimiter\nl_lsp.dll(, N/A)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
進程特權掃描
特殊特權被允許: SeDebugPrivilege [PID = 1860, C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 1860, C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE]
特殊特權被允許: SeDebugPrivilege [PID = 1924, C:\PROGRAM FILES\JIBREEL INC\ANTICRASH 5.0\ANTICRASH.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 1924, C:\PROGRAM FILES\JIBREEL INC\ANTICRASH 5.0\ANTICRASH.EXE]
特殊特權被允許: SeDebugPrivilege [PID = 1940, C:\PROGRAM FILES\COMMON FILES\SYSTEM\QQWBYS.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 1940, C:\PROGRAM FILES\COMMON FILES\SYSTEM\QQWBYS.EXE]
特殊特權被允許: SeDebugPrivilege [PID = 764, C:\WINDOWS\INTEGRATOR.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 764, C:\WINDOWS\INTEGRATOR.EXE]
特殊特權被允許: SeDebugPrivilege [PID = 2328, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 2328, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特權被允許: SeDebugPrivilege [PID = 2576, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX00.734\SRENGLDR.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 2576, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX00.734\SRENGLDR.EXE]

==================================
計畫任務
[已啟用] WGASetup.job
C:\WINDOWS\system32\KB905474\wgasetup.exe
[已啟用] FRU Task #Hewlett-Packard#hp psc 1200 series#1122421761.job
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe

==================================
API HOOK
RVA 錯誤: LoadLibraryA (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 錯誤: LoadLibraryExA (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 錯誤: LoadLibraryExW (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 錯誤: LoadLibraryW (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 錯誤: GetProcAddress (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)

==================================
隱藏進程
N/A

==================================


[/code]
wulom 目前離線  
送花文章: 63, 收花文章: 32 篇, 收花: 56 次
回覆時引用此帖
向 wulom 送花的會員:
sob790717b (2009-07-09)
感謝您發表一篇好文章