求助 - 整個系統的語言顯示好像都有被病毒或木馬入侵的跡象

wulom · 2009-07-07, 06:36 AM

[PID: 1940 / Administrator][C:\Program Files\Common Files\System\QQWbYS.exe] [N/A, ]
[C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163]
[C:\Program Files\Common Files\System\debug.obj] [N/A, ]
[C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ]
[C:\WINDOWS\system32\nl_msgc.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.325]
[PID: 2028 / SYSTEM][C:\Program Files\Kingsoft\KAC\Service\kaccore.exe] [Kingsoft Corporation, 2009,06,05,614]
[C:\Program Files\Kingsoft\KAC\Service\WS2HELP.dll] [N/A, ]
[C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325]
[C:\Program Files\Kingsoft\KAC\Service\errorreport.dll] [Kingsoft Corporation, 2008,07,23,168]
[C:\Program Files\Kingsoft\KAC\Service\dbghelp.dll] [Microsoft Corporation, 6.5.0003.7 (vbl_core_fbrel(jshay).050527-1915)]
[C:\Program Files\Kingsoft\KAC\Service\corehelper.dll] [Kingsoft Corporation, 2009,05,12,579]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ]
[C:\WINDOWS\system32\nl_msgc.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.325]
[PID: 328 / Administrator][C:\WINDOWS\system32\conime.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163]
[C:\WINDOWS\system\SHELLEX.DLL] [N/A, ]
[C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ]
[C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ]
[C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ]
[C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ]
[C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ]
[C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ]
[PID: 764 / Administrator][C:\WINDOWS\Integrator.exe] [Dachshund Software, 1.05.0001]
[C:\WINDOWS\system32\MAGE.DLL] [Dachshund Software, 1.0]
[C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ]
[C:\WINDOWS\system32\VB6CHT.DLL] [Microsoft Corporation, 6.00.8988]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163]
[C:\WINDOWS\system\SHELLEX.DLL] [N/A, ]
[C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ]
[C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ]
[C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ]
[C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ]
[C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ]
[C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ]
[PID: 1232 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325]
[C:\WINDOWS\System32\COMRes.dll] [N/A, ]
[PID: 2600 / Administrator][C:\WINDOWS\system32\notepad.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\WINDOWS\system\SHELLEX.DLL] [N/A, ]
[C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ]
[C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ]
[C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ]
[C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ]
[C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ]
[C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ]
[C:\WINDOWS\system32\ybM7kf9heVHDx.dll] [N/A, ]
[C:\WINDOWS\system32\LIUNT.IME] [Microsoft Corporation, 4.00.950]
[C:\WINDOWS\system32\JAPENESE.IME] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2812 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163]
[C:\WINDOWS\System32\COMRes.dll] [N/A, ]
[C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ]
[C:\WINDOWS\System32\nl_msgc.dll] [N/A, ]
[PID: 3272 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.1.325]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\WINDOWS\system\SHELLEX.DLL] [N/A, ]
[C:\Program Files\Orbitdownloader\orbitcth.dll] [Orbitdownloader.com, 2, 4, 0, 2]
[C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll] [Yahoo! Inc., 2007, 5, 30, 1]
[C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll] [BitComet, 20071130]
[C:\Program Files\Internet Explorer\IETimber\IETimber.dll] [北京世?乾坤?件, V02]
[C:\Documents and Settings\Administrator\Application Data\FlashGetBHO\FlashGetBHO31.dll] [FlashGet, 2, 5, 0, 1037]
[C:\Program Files\Java\jre6\bin\jp2ssv.dll] [Sun Microsystems, Inc., 6.0.130.3]
[C:\Program Files\Java\jre6\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll] [Sun Microsystems, Inc., 6.0.130.3]
[C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ]
[C:\WINDOWS\system32\nl_msgc.dll] [N/A, ]
[C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ]
[C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ]
[C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ]
[C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ]
[C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ]
[C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ]
[C:\WINDOWS\system32\ybM7kf9heVHDx.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.325]
[C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx] [Adobe Systems, Inc., 10,0,22,87]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[PID: 3684 / Administrator][C:\WINDOWS\system32\wuauclt.exe] [(Verified) Microsoft Corporation, 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330)]
[C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\WINDOWS\system\SHELLEX.DLL] [N/A, ]
[C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ]
[C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ]
[C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ]
[C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ]
[C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ]
[C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ]
[C:\WINDOWS\system32\ybM7kf9heVHDx.dll] [N/A, ]
[PID: 2328 / Administrator][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
[C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ]
[C:\Program Files\WinRAR\WS2HELP.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\WINDOWS\system\SHELLEX.DLL] [N/A, ]
[C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ]
[C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ]
[C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ]
[C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ]
[C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ]
[C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ]
[C:\WINDOWS\system32\ybM7kf9heVHDx.dll] [N/A, ]
[C:\WINDOWS\fonts\MqppW9KYn.fon] [N/A, ]
[C:\WINDOWS\system32\EN7hzSreCat8.dll] [N/A, ]
[C:\WINDOWS\system32\qB5BKZy7vR5m.dll] [N/A, ]
[C:\WINDOWS\system32\A0C86020.dll] [N/A, ]
[C:\WINDOWS\system32\dhDhwS7fFW.dll] [N/A, ]
[C:\WINDOWS\system32\122B901E.dll] [N/A, ]
[PID: 2576 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.734\SREngLdr.EXE] [Smallfrogs Studio, 2.7.1.1261]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163]
[PID: 2612 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.734\SRE7c1bddb.EXE] [Smallfrogs Studio, 2.7.1.1261]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163]
[C:\WINDOWS\system\SHELLEX.DLL] [N/A, ]
[C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ]
[C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ]
[C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ]
[C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ]
[C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ]
[C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ]
[C:\WINDOWS\system32\ybM7kf9heVHDx.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.734\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325]
[C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ]
[C:\WINDOWS\system32\nl_msgc.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.325]

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
NL MSAFD Tcpip [TCP/IP]
C:\Program Files\NetLimiter\nl_lsp.dll(, N/A)
NL MSAFD Tcpip [UDP/IP]
C:\Program Files\NetLimiter\nl_lsp.dll(, N/A)
NL MSAFD Tcpip [RAW/IP]
C:\Program Files\NetLimiter\nl_lsp.dll(, N/A)
NL RSVP UDP Service Provider
C:\Program Files\NetLimiter\nl_lsp.dll(, N/A)
NL RSVP TCP Service Provider
C:\Program Files\NetLimiter\nl_lsp.dll(, N/A)
NL MSAFD Tcpip [TCP/IPv6]
C:\Program Files\NetLimiter\nl_lsp.dll(, N/A)
NL MSAFD Tcpip [UDP/IPv6]
C:\Program Files\NetLimiter\nl_lsp.dll(, N/A)
NL MSAFD Tcpip [RAW/IPv6]
C:\Program Files\NetLimiter\nl_lsp.dll(, N/A)
NL LSP
C:\Program Files\NetLimiter\nl_lsp.dll(, N/A)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
進程特權掃描
特殊特權被允許： SeDebugPrivilege [PID = 1860, C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE]
特殊特權被允許： SeLoadDriverPrivilege [PID = 1860, C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE]
特殊特權被允許： SeDebugPrivilege [PID = 1924, C:\PROGRAM FILES\JIBREEL INC\ANTICRASH 5.0\ANTICRASH.EXE]
特殊特權被允許： SeLoadDriverPrivilege [PID = 1924, C:\PROGRAM FILES\JIBREEL INC\ANTICRASH 5.0\ANTICRASH.EXE]
特殊特權被允許： SeDebugPrivilege [PID = 1940, C:\PROGRAM FILES\COMMON FILES\SYSTEM\QQWBYS.EXE]
特殊特權被允許： SeLoadDriverPrivilege [PID = 1940, C:\PROGRAM FILES\COMMON FILES\SYSTEM\QQWBYS.EXE]
特殊特權被允許： SeDebugPrivilege [PID = 764, C:\WINDOWS\INTEGRATOR.EXE]
特殊特權被允許： SeLoadDriverPrivilege [PID = 764, C:\WINDOWS\INTEGRATOR.EXE]
特殊特權被允許： SeDebugPrivilege [PID = 2328, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特權被允許： SeLoadDriverPrivilege [PID = 2328, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特權被允許： SeDebugPrivilege [PID = 2576, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX00.734\SRENGLDR.EXE]
特殊特權被允許： SeLoadDriverPrivilege [PID = 2576, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX00.734\SRENGLDR.EXE]

==================================
計畫任務
[已啟用] WGASetup.job
C:\WINDOWS\system32\KB905474\wgasetup.exe
[已啟用] FRU Task #Hewlett-Packard#hp psc 1200 series#1122421761.job
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe

==================================
API HOOK
RVA 錯誤： LoadLibraryA (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 錯誤： LoadLibraryExA (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 錯誤： LoadLibraryExW (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 錯誤： LoadLibraryW (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 錯誤： GetProcAddress (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)

==================================
隱藏進程
N/A

==================================

[/code]

2009-07-07, 06:36 AM	#13 (permalink)
wulom 註冊會員榮譽勳章勳章總數2 UID - 325050 在線等級: 註冊日期: 2009-05-26 VIP期限: 2010-08 文章: 42 精華: 0 現金: 51 金幣資產: 53607 金幣	[PID: 1940 / Administrator][C:\Program Files\Common Files\System\QQWbYS.exe] [N/A, ] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\Program Files\Common Files\System\debug.obj] [N/A, ] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ] [C:\WINDOWS\system32\nl_msgc.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.325] [PID: 2028 / SYSTEM][C:\Program Files\Kingsoft\KAC\Service\kaccore.exe] [Kingsoft Corporation, 2009,06,05,614] [C:\Program Files\Kingsoft\KAC\Service\WS2HELP.dll] [N/A, ] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kingsoft\KAC\Service\errorreport.dll] [Kingsoft Corporation, 2008,07,23,168] [C:\Program Files\Kingsoft\KAC\Service\dbghelp.dll] [Microsoft Corporation, 6.5.0003.7 (vbl_core_fbrel(jshay).050527-1915)] [C:\Program Files\Kingsoft\KAC\Service\corehelper.dll] [Kingsoft Corporation, 2009,05,12,579] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ] [C:\WINDOWS\system32\nl_msgc.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.325] [PID: 328 / Administrator][C:\WINDOWS\system32\conime.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\WINDOWS\system\SHELLEX.DLL] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ] [C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ] [C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ] [C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ] [C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ] [PID: 764 / Administrator][C:\WINDOWS\Integrator.exe] [Dachshund Software, 1.05.0001] [C:\WINDOWS\system32\MAGE.DLL] [Dachshund Software, 1.0] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\WINDOWS\system32\VB6CHT.DLL] [Microsoft Corporation, 6.00.8988] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\WINDOWS\system\SHELLEX.DLL] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ] [C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ] [C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ] [C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ] [C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ] [PID: 1232 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\WINDOWS\System32\COMRes.dll] [N/A, ] [PID: 2600 / Administrator][C:\WINDOWS\system32\notepad.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\system\SHELLEX.DLL] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ] [C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ] [C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ] [C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ] [C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ] [C:\WINDOWS\system32\ybM7kf9heVHDx.dll] [N/A, ] [C:\WINDOWS\system32\LIUNT.IME] [Microsoft Corporation, 4.00.950] [C:\WINDOWS\system32\JAPENESE.IME] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2812 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\WINDOWS\System32\COMRes.dll] [N/A, ] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ] [C:\WINDOWS\System32\nl_msgc.dll] [N/A, ] [PID: 3272 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.1.325] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\system\SHELLEX.DLL] [N/A, ] [C:\Program Files\Orbitdownloader\orbitcth.dll] [Orbitdownloader.com, 2, 4, 0, 2] [C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll] [Yahoo! Inc., 2007, 5, 30, 1] [C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll] [BitComet, 20071130] [C:\Program Files\Internet Explorer\IETimber\IETimber.dll] [北京世?乾坤?件, V02] [C:\Documents and Settings\Administrator\Application Data\FlashGetBHO\FlashGetBHO31.dll] [FlashGet, 2, 5, 0, 1037] [C:\Program Files\Java\jre6\bin\jp2ssv.dll] [Sun Microsystems, Inc., 6.0.130.3] [C:\Program Files\Java\jre6\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll] [Sun Microsystems, Inc., 6.0.130.3] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ] [C:\WINDOWS\system32\nl_msgc.dll] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ] [C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ] [C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ] [C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ] [C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ] [C:\WINDOWS\system32\ybM7kf9heVHDx.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.325] [C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx] [Adobe Systems, Inc., 10,0,22,87] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0] [PID: 3684 / Administrator][C:\WINDOWS\system32\wuauclt.exe] [(Verified) Microsoft Corporation, 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330)] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\system\SHELLEX.DLL] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ] [C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ] [C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ] [C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ] [C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ] [C:\WINDOWS\system32\ybM7kf9heVHDx.dll] [N/A, ] [PID: 2328 / Administrator][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\WinRAR\WS2HELP.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\system\SHELLEX.DLL] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ] [C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ] [C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ] [C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ] [C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ] [C:\WINDOWS\system32\ybM7kf9heVHDx.dll] [N/A, ] [C:\WINDOWS\fonts\MqppW9KYn.fon] [N/A, ] [C:\WINDOWS\system32\EN7hzSreCat8.dll] [N/A, ] [C:\WINDOWS\system32\qB5BKZy7vR5m.dll] [N/A, ] [C:\WINDOWS\system32\A0C86020.dll] [N/A, ] [C:\WINDOWS\system32\dhDhwS7fFW.dll] [N/A, ] [C:\WINDOWS\system32\122B901E.dll] [N/A, ] [PID: 2576 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.734\SREngLdr.EXE] [Smallfrogs Studio, 2.7.1.1261] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [PID: 2612 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.734\SRE7c1bddb.EXE] [Smallfrogs Studio, 2.7.1.1261] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\WINDOWS\system\SHELLEX.DLL] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ] [C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ] [C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ] [C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ] [C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ] [C:\WINDOWS\system32\ybM7kf9heVHDx.dll] [N/A, ] [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.734\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ] [C:\WINDOWS\system32\nl_msgc.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.325] ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 NL MSAFD Tcpip [TCP/IP] C:\Program Files\NetLimiter\nl_lsp.dll(, N/A) NL MSAFD Tcpip [UDP/IP] C:\Program Files\NetLimiter\nl_lsp.dll(, N/A) NL MSAFD Tcpip [RAW/IP] C:\Program Files\NetLimiter\nl_lsp.dll(, N/A) NL RSVP UDP Service Provider C:\Program Files\NetLimiter\nl_lsp.dll(, N/A) NL RSVP TCP Service Provider C:\Program Files\NetLimiter\nl_lsp.dll(, N/A) NL MSAFD Tcpip [TCP/IPv6] C:\Program Files\NetLimiter\nl_lsp.dll(, N/A) NL MSAFD Tcpip [UDP/IPv6] C:\Program Files\NetLimiter\nl_lsp.dll(, N/A) NL MSAFD Tcpip [RAW/IPv6] C:\Program Files\NetLimiter\nl_lsp.dll(, N/A) NL LSP C:\Program Files\NetLimiter\nl_lsp.dll(, N/A) ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost ================================== 進程特權掃描特殊特權被允許： SeDebugPrivilege [PID = 1860, C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE] 特殊特權被允許： SeLoadDriverPrivilege [PID = 1860, C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE] 特殊特權被允許： SeDebugPrivilege [PID = 1924, C:\PROGRAM FILES\JIBREEL INC\ANTICRASH 5.0\ANTICRASH.EXE] 特殊特權被允許： SeLoadDriverPrivilege [PID = 1924, C:\PROGRAM FILES\JIBREEL INC\ANTICRASH 5.0\ANTICRASH.EXE] 特殊特權被允許： SeDebugPrivilege [PID = 1940, C:\PROGRAM FILES\COMMON FILES\SYSTEM\QQWBYS.EXE] 特殊特權被允許： SeLoadDriverPrivilege [PID = 1940, C:\PROGRAM FILES\COMMON FILES\SYSTEM\QQWBYS.EXE] 特殊特權被允許： SeDebugPrivilege [PID = 764, C:\WINDOWS\INTEGRATOR.EXE] 特殊特權被允許： SeLoadDriverPrivilege [PID = 764, C:\WINDOWS\INTEGRATOR.EXE] 特殊特權被允許： SeDebugPrivilege [PID = 2328, C:\PROGRAM FILES\WINRAR\WINRAR.EXE] 特殊特權被允許： SeLoadDriverPrivilege [PID = 2328, C:\PROGRAM FILES\WINRAR\WINRAR.EXE] 特殊特權被允許： SeDebugPrivilege [PID = 2576, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX00.734\SRENGLDR.EXE] 特殊特權被允許： SeLoadDriverPrivilege [PID = 2576, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX00.734\SRENGLDR.EXE] ================================== 計畫任務 [已啟用] WGASetup.job C:\WINDOWS\system32\KB905474\wgasetup.exe [已啟用] FRU Task #Hewlett-Packard#hp psc 1200 series#1122421761.job C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe ================================== API HOOK RVA 錯誤： LoadLibraryA (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA 錯誤： LoadLibraryExA (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA 錯誤： LoadLibraryExW (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA 錯誤： LoadLibraryW (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA 錯誤： GetProcAddress (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) ================================== 隱藏進程 N/A ================================== [/code]

	送花文章: 63, 收花文章: 32 篇, 收花: 56 次

Google 提供的廣告