廣告廣告
  加入我的最愛 設為首頁 風格修改
首頁 首尾
 手機版   訂閱   地圖  簡體 
您是第 18906 個閱讀者
 
<<   1   2   3  下頁 >>(共 3 頁)
發表文章 發表投票 回覆文章
  可列印版   加為IE收藏   收藏主題   上一主題 | 下一主題   
南海人
數位造型
個人文章 個人相簿 個人日記 個人地圖
路人甲
級別: 路人甲 該用戶目前不上站
推文 x0 鮮花 x0
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片
推文 x0
[病毒蠕蟲] 中了tmp.edb   刪不掉,求救
我的電腦中了tmp.edb   位置c:/WINDOWS/SYSTEM32/Catroot2
聽說是中國網軍的木馬,在一般模式刪不掉它,電腦會顯示有人或其他程式正在使用中,請關閉所有可能程式後再試,,,如果在安全模式下,則找不到它的存在....
拜託版主大大,幫幫我,謝謝,
PS:卡巴斯基掃不到它 表情 表情 表情 表情


獻花 x0 回到頂端 [樓 主] From:臺灣 | Posted:2006-12-25 22:08 |
upside 手機 葫蘆墩家族
個人頭像
個人文章 個人相簿 個人日記 個人地圖
特殊貢獻獎 社區建設獎 優秀管理員勳章
頭銜:反病毒 反詐騙 反虐犬   反病毒 反詐騙 反虐犬  
版主
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片

光只有此檔案名稱 無法正確判斷 請列出 防毒程式偵測出來的病毒名稱
我查詢了一下 剛好與之前我所發的解決方案 其中一個檔名相同
可以測試解除看看
http://bbs.mychat.to/read.php?tid=590504


爸爸 你一路好走
獻花 x0 回到頂端 [1 樓] From:臺灣和信超媒體寬帶網 | Posted:2006-12-26 01:17 |
南海人
數位造型
個人文章 個人相簿 個人日記 個人地圖
路人甲
級別: 路人甲 該用戶目前不上站
推文 x0 鮮花 x0
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片

下面是引用upside於2006-12-26 01:17發表的 :
光只有此檔案名稱 無法正確判斷 請列出 防毒程式偵測出來的病毒名稱
我查詢了一下 剛好與之前我所發的解決方案 其中一個檔名相同
可以測試解除看看
http://bbs.mychat.to/read.php?tid=590504

病毒名称: Trojan-Downloader.Win32.Delf.ain
病毒类型: 木马
文件 MD5: 8B10932BA81F41561EA62FF3E0426A17
公开范围: 完全公开
危害等级: 中
文件长度: 66,056 字节
感染系统: windows98以上版本
开发工具: Microsoft Visual C++ 6.0
加壳类型: 未知壳
命名对照: Symentec[Hacktool]
      Mcafee[无]

病毒描述:
  该病毒属木马类,病毒运行后在%system32%\CatRoot2下新建了大量.log文件,用以记录键盘操作,从而盗取用户敏感信息,并以邮件的形式发送给病毒作者。释放修改系统时间的文件到文件夹%system32%\CatRoot2下,使病毒文件的新建时间与系统时间不一至,同时释放文件碎片恢复文件%system32%\CatRoot2\.edb.chk,此文件可以恢复被删除的病毒文件,给手工删除此病毒带来了一定的困难。此病毒对用户有一定危害。

行为分析:
1、病毒运行后在%system32%\CatRoot2下新建了大量.log文件,用以记录键盘操作:

%system32%\CatRoot2\res1.log
%system32%\CatRoot2\res2.log
%system32%\CatRoot2\edb.log
%system32%\CatRoot2\dberr.txt
%system32%\CatRoot2\edbtmp.log
%system32%\CatRoot2\edb0001b.log


2、病毒记录键盘操作,并以邮件的形式发送给病毒作者:

病毒作者邮箱:refdom@263.net

3、释放修改系统时间的文件到文件夹%system32%\CatRoot2下,使病毒文件的新建时间与系统时间不一至:

%system32%\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
%system32%\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TimeStamp
%system32%\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ catdb
%system32%\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ TimeStamp
%system32%\CatRoot2\tmp.edb

4、释放文件碎片恢复文件,用来恢复被删除的病毒文件,从而给手工删除此病毒带来了一定的困难:

%system32%\CatRoot2\.edb.chk

注:% System%是一个可变路径。病毒通过查询操作系统来决定当前System文件夹的位置。Windows2000/NT中默认的安装路径是C:\Winnt\System32,windows95/98/me中默认的安装路径是C:\Windows\System,windowsXP中默认的安装路径是C:\Windows\System32。


以上是我在用google找到的大陸網站內文,跟我的電腦目前的情形完全一樣,請版主大大幫我,看有什麼辦法清掉它.謝謝您!


獻花 x0 回到頂端 [2 樓] From:臺灣 | Posted:2006-12-28 23:23 |
upside 手機 葫蘆墩家族
個人頭像
個人文章 個人相簿 個人日記 個人地圖
特殊貢獻獎 社區建設獎 優秀管理員勳章
頭銜:反病毒 反詐騙 反虐犬   反病毒 反詐騙 反虐犬  
版主
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片

http://research.sunbelt-software.com/threatdisplay.aspx?...32.Delf.ain&threatid=44110

先到此網站 右邊下載解毒程式測試看看
我這邊正在收集資料 若可以就製作出解毒法


爸爸 你一路好走
獻花 x0 回到頂端 [3 樓] From:臺灣 | Posted:2006-12-29 14:29 |
南海人
數位造型
個人文章 個人相簿 個人日記 個人地圖
路人甲
級別: 路人甲 該用戶目前不上站
推文 x0 鮮花 x0
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片

下面是引用upside於2006-12-29 14:29發表的 :
http://research.sunbelt-software.com/threatdisplay.aspx?...32.Delf.ain&threatid=44110

先到此網站 右邊下載解毒程式測試看看
我這邊正在收集資料 若可以就製作出解毒法


在看到大大的留言後,我立即去下載並掃過,結果它沒有掃到這個病毒的存在. 表情
我有先做update,病毒碼之類東西應該是最新的,,可是它沒......


獻花 x0 回到頂端 [4 樓] From:臺灣 | Posted:2006-12-29 19:11 |
upside 手機 葫蘆墩家族
個人頭像
個人文章 個人相簿 個人日記 個人地圖
特殊貢獻獎 社區建設獎 優秀管理員勳章
頭銜:反病毒 反詐騙 反虐犬   反病毒 反詐騙 反虐犬  
版主
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片

雖然目前可以立即刪除該木馬建立的檔案
但是並不能解決問題
請立即以下連結分析出系統資料 讓小弟來分析
以便製出批次查殺工具
http://bbs.mychat.to/read.php?tid=592517


爸爸 你一路好走
獻花 x0 回到頂端 [5 樓] From:臺灣 | Posted:2006-12-29 19:21 |
南海人
數位造型
個人文章 個人相簿 個人日記 個人地圖
路人甲
級別: 路人甲 該用戶目前不上站
推文 x0 鮮花 x0
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片

下面是引用upside於2006-12-29 19:21發表的 :
雖然目前可以立即刪除該木馬建立的檔案
但是並不能解決問題
請立即以下連結分析出系統資料 讓小弟來分析
以便製出批次查殺工具
http://bbs.mychat.to/read.php?tid=592517


複製程式

2006-12-29,22:19:03

System Repair Engineer 2.3.13.690
Smallfrogs ([url]http://www.KZTechs.com[/url])

Windows XP Professional Service Pack 2 (Build 2600)
 - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [N/A]
    <MSCalsClocks><C:\Program Files\Microsoft Chinese Date & Time\ICalClk.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe">  [Kaspersky Lab]
    <Device Detector><DevDetect.exe -autorun>  [N/A]
    <SunServer><C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe>  [Sunbelt Software]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><"C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll">  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]

==================================
Startup Folders
N/A

==================================
Services
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Kaspersky Internet Security 6.0 / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r><Kaspersky Lab>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[PDEngine / PDEngine][Stopped/Manual Start]
  <C:\Program Files\Raxco\PerfectDisk\PDEngine.exe><Raxco Software, Inc.>
[PDScheduler / PDSched][Running/Auto Start]
  <C:\Program Files\Raxco\PerfectDisk\PDSched.exe><Raxco Software, Inc.>
[Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup-->%SystemRoot%\System32\WUDFSvc.dll><Microsoft Corporation>

==================================
Drivers
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[dump_wmimmc / dump_wmimmc][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\dump_wmimmc.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Running/Manual Start]
  <System32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Gamania\MapleStory\npkcrypt.sys><INCA Internet Co., Ltd.>
[直接平行連接埠連結驅動程式 / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Manual Start]
  <system32\DRIVERS\WudfPf.sys><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start]
  <system32\DRIVERS\wudfrd.sys><Microsoft Corporation>
[Padus ASPI Shell / pfc][Stopped/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[NPPTNT2 / NPPTNT2][Running/Manual Start]
  <\??\C:\WINDOWS\system32\npptNT2.sys><INCA Internet Co., Ltd.>

==================================
Browser Add-ons
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[NTIECatcher Class]
  {C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi>
[網頁]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[NTIECatcher Class]
  {C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[使用影音傳送帶下載]
  <C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A>
[使用影音傳送帶下載全部連結]
  <C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A>

==================================
Running Processes
[PID: 596][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 664][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 692][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4129]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 736][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 748][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 912][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4129]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2500]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 924][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1020][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1128][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1176][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1280][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1528][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1668][C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prremote.dll]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\FSSync.dll]  [Kaspersky Lab, 6.0.5.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\AVPGS.PPL]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\winreg.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\tm.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\bl.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\wmihlpr.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\ndetect.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\crpthlpr.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\schedule.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\timer.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\thpimpl.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\lic60.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\report.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\hashmd5.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\avs.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\avpmgr.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\wdiskio.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\avlib.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\avspm.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\avp3info.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\antispam.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\adialtsk.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\oas.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\ahids.ppl]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\CKAHUM.dll]  [Kaspersky Lab, 6.0.1.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\CKAHComm.dll]  [Kaspersky Lab, 6.0.1.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ckahrule.dll]  [Kaspersky Lab, 6.0.1.1]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\aphish.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\mc.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\procmon.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\sc.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\httpscan.ppl]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klaveng.dll]  [N/A, N/A]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\aphisht.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\popupchk.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\og.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\pdm.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\httpanlz.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\dtreg.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\sfdb.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\trafficmonitor2.ppl]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\SSLEAY32.dll]  [The OpenSSL Project, [url]http://www.openssl.org/[/url], 0.9.8b]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\LIBEAY32.dll]  [The OpenSSL Project, [url]http://www.openssl.org/[/url], 0.9.8b]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\prutil.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\spamtst.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\avp1.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\l_llio.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\smtpprotocoller.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\pop3protocoller.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\maildisp.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\imapprotocoller.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\nntpprotocoller.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\ahfw.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\resip.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\ichk2.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\icheckersa.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\hashcont.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\hccmp.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\iwgen.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\uniarc.ppl]  [Kaspersky Lab, 6.0.0.16]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\minizip.ppl]  [Kaspersky Lab, 6.0.0.16]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\cab.ppl]  [Kaspersky Lab, 6.0.0.16]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\arj.ppl]  [Kaspersky Lab, 6.0.0.16]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\rar.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\lha.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\mdb.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\msoe.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\ods.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\buffer.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\memscan.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\memmodsc.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\ntfsstrm.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\btdisk.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\startupenum2.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\inifile.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\btimages.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\qb.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\updater2005.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\productinfo.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\updater.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\diff.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\base64p.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\updateinfo.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\updateobjectinfo.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\netsession.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\socket.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\ftpsession.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\base64.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\updatecategory.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\httpsession.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\ntlm.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\updateinstaller.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\baseinstaller.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\execinstaller.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\prseqio.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\inflate.ppl]  [Kaspersky Lab, 6.0.0.16]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\unlzx.ppl]  [Kaspersky Lab, 6.0.0.16]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\mdmap.ppl]  [Kaspersky Lab, 6.0.0.16]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\unstored.ppl]  [Kaspersky Lab, 6.0.0.16]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1820][C:\Program Files\Raxco\PerfectDisk\PDSched.exe]  [Raxco Software, Inc., 6, 0, 0, 31]
    [C:\Program Files\Raxco\PerfectDisk\PDCommon.dll]  [Raxco Software, Inc., 6, 0, 0, 31]
    [C:\Program Files\Raxco\PerfectDisk\PDLangEN.dll]  [Raxco Software, Inc., 6, 0, 0, 31]
    [C:\Program Files\Raxco\PerfectDisk\PDSchedPS.dll]  [Raxco Software, Inc., 6, 0, 0, 31]
    [C:\Program Files\Raxco\PerfectDisk\PDEnginePS.dll]  [Raxco Software, Inc., 6, 0, 0, 31]
    [C:\Program Files\Common Files\Raxco\AutoUpdps.dll]  [Raxco Software, Inc., 6, 0, 0, 3]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 668][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4129]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2500]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1116][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.1.2003110300]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunExecuteHook.dll]  [Sunbelt Software, 1.02.0097]
    [C:\WINDOWS\system32\VB6CHT.DLL]  [Microsoft Corporation, 6.00.8988]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prremote.dll]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.1.360]
[PID: 1316][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1912][C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prremote.dll]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\FSSync.dll]  [Kaspersky Lab, 6.0.5.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\AVPGS.PPL]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\winreg.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\avpgui.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\basegui.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\thpimpl.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\qb.ppl]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\report.ppl]  [Kaspersky Lab, 6.0.1.360]
[PID: 392][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 452][C:\Program Files\Microsoft Chinese Date & Time\ICalClk.exe]  [Microsoft Corporation, 1.0.0129.0]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 2144][C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe]  [ACD Systems, Ltd., 3,1,40,0]
    [C:\Program Files\Common Files\ACD Systems\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\ACD Systems\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\ACD Systems\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 540][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1452][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.1.2003110300]
    [C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll]  [Xi, 1.60.11]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scrchpg.dll]  [Kaspersky Lab, 1.0.6.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prremote.dll]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.1.360]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\basegui.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\winreg.ppl]  [Kaspersky Lab, 6.0.1.360]
[PID: 2892][C:\Program Files\Xi\NetTransport 2\NetTransport.exe]  [Xi, 1.87.258]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
    [C:\Program Files\Xi\NetTransport 2\libssl.dll]  [Xi, 0.97c.14]
    [C:\Program Files\Xi\NetTransport 2\libssh.dll]  [Xi, 3.1.006]
[PID: 2240][C:\Documents and Settings\Administrator\桌面\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1       localhost

==================================
API HOOK
Warning! System Repair Engineer
remind you that following
functions have modified to
abnormal values by unknown
reasons:
Entry Error: NtLoadDriver
Entry Error: NtOpenProcess
Entry Error: NtQuerySystemInformation
Entry Error: NtTerminateProcess
Entry Error: NtTerminateThread
Entry Error: ZwOpenProcess
Entry Error: ZwTerminateProcess
Entry Error: ZwTerminateThread
Entry Error: LoadLibraryExW
Entry Error: MoveFileW
Entry Error: DeviceIoControl
Entry Error: ReadProcessMemory
Entry Error: WriteProcessMemory

==================================






以上LOG請大大幫忙,感恩 表情


獻花 x0 回到頂端 [6 樓] From:臺灣 | Posted:2006-12-29 22:30 |
upside 手機 葫蘆墩家族
個人頭像
個人文章 個人相簿 個人日記 個人地圖
特殊貢獻獎 社區建設獎 優秀管理員勳章
頭銜:反病毒 反詐騙 反虐犬   反病毒 反詐騙 反虐犬  
版主
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片

看了一整晚 從報表中來看 並無異常
是否已被防毒程式刪除
嗯 感覺是誤判
請到安全模式下 將 C:\WINDOWS\SYSTEM32\CatRoot2
這個資料夾 檔名 改成 CatRoot2TMP 再重新開機測試


[ 此文章被upside在2006-12-30 10:22重新編輯 ]


爸爸 你一路好走
獻花 x0 回到頂端 [7 樓] From:台灣 | Posted:2006-12-30 10:15 |
南海人
數位造型
個人文章 個人相簿 個人日記 個人地圖
路人甲
級別: 路人甲 該用戶目前不上站
推文 x0 鮮花 x0
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片

下面是引用upside於2006-12-30 10:15發表的 :
看了一整晚 從報表中來看 並無異常
是否已被防毒程式刪除
嗯 感覺是誤判
請到安全模式下 將 C:\WINDOWS\SYSTEM32\CatRoot2
這個資料夾 檔名 改成 CatRoot2TMP 再重新開機測試

我遵照大大的指示去做了一次(重新開機後,電腦又新建了CatRoot2),另外也做了一次變更CatRoot2資料夾中另二個資料夾的名字,不過都沒效,它一樣會再出現.我勒,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 表情


獻花 x0 回到頂端 [8 樓] From:臺灣 | Posted:2006-12-30 12:58 |
upside 手機 葫蘆墩家族
個人頭像
個人文章 個人相簿 個人日記 個人地圖
特殊貢獻獎 社區建設獎 優秀管理員勳章
頭銜:反病毒 反詐騙 反虐犬   反病毒 反詐騙 反虐犬  
版主
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片

是防毒程式的警告 還是檔案會再生
此資料夾是系統必備的
我的電腦中亦有此檔案
刪除後 重新開機仍會再生 是正常的


爸爸 你一路好走
獻花 x0 回到頂端 [9 樓] From:台灣 | Posted:2006-12-30 13:33 |

<<   1   2   3  下頁 >>(共 3 頁)
首頁  發表文章 發表投票 回覆文章
Powered by PHPWind v1.3.6
Copyright © 2003-04 PHPWind
Processed in 0.063415 second(s),query:16 Gzip disabled
本站由 瀛睿律師事務所 擔任常年法律顧問 | 免責聲明 | 本網站已依台灣網站內容分級規定處理 | 連絡我們 | 訪客留言