广告广告
  加入我的最爱 设为首页 风格修改
首页 首尾
 手机版   订阅   地图  繁体 
您是第 18907 个阅读者
 
<<   1   2   3  下页 >>(共 3 页)
发表文章 发表投票 回覆文章
  可列印版   加为IE收藏   收藏主题   上一主题 | 下一主题   
南海人
数位造型
个人文章 个人相簿 个人日记 个人地图
路人甲
级别: 路人甲 该用户目前不上站
推文 x0 鲜花 x0
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片
推文 x0
[病毒蠕虫] 中了tmp.edb   删不掉,求救
我的电脑中了tmp.edb   位置c:/WINDOWS/SYSTEM32/Catroot2
听说是中国网军的木马,在一般模式删不掉它,电脑会显示有人或其他程式正在使用中,请关闭所有可能程式后再试,,,如果在安全模式下,则找不到它的存在....
拜托版主大大,帮帮我,谢谢,
PS:卡巴斯基扫不到它 表情 表情 表情 表情


献花 x0 回到顶端 [楼 主] From:台湾 | Posted:2006-12-25 22:08 |
upside 手机 葫芦墩家族
个人头像
个人文章 个人相簿 个人日记 个人地图
特殊贡献奖 社区建设奖 优秀管理员勋章
头衔:反病毒 反诈骗 反虐犬   反病毒 反诈骗 反虐犬  
版主
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片

光只有此档案名称 无法正确判断 请列出 防毒程式侦测出来的病毒名称
我查询了一下 刚好与之前我所发的解决方案 其中一个档名相同
可以测试解除看看
http://bbs.mychat.to/read.php?tid=590504


爸爸 你一路好走
献花 x0 回到顶端 [1 楼] From:台湾和信超媒体宽带网 | Posted:2006-12-26 01:17 |
南海人
数位造型
个人文章 个人相簿 个人日记 个人地图
路人甲
级别: 路人甲 该用户目前不上站
推文 x0 鲜花 x0
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片

下面是引用upside于2006-12-26 01:17发表的 :
光只有此档案名称 无法正确判断 请列出 防毒程式侦测出来的病毒名称
我查询了一下 刚好与之前我所发的解决方案 其中一个档名相同
可以测试解除看看
http://bbs.mychat.to/read.php?tid=590504

病毒名称: Trojan-Downloader.Win32.Delf.ain
病毒类型: 木马
文件 MD5: 8B10932BA81F41561EA62FF3E0426A17
公开范围: 完全公开
危害等级: 中
文件长度: 66,056 字节
感染系统: windows98以上版本
开发工具: Microsoft Visual C++ 6.0
加壳类型: 未知壳
命名对照: Symentec[Hacktool]
      Mcafee[无]

病毒描述:
  该病毒属木马类,病毒运行后在%system32%\CatRoot2下新建了大量.log文件,用以记录键盘操作,从而盗取用户敏感信息,并以邮件的形式发送给病毒作者。释放修改系统时间的文件到文件夹%system32%\CatRoot2下,使病毒文件的新建时间与系统时间不一至,同时释放文件碎片恢复文件%system32%\CatRoot2\.edb.chk,此文件可以恢复被删除的病毒文件,给手工删除此病毒带来了一定的困难。此病毒对用户有一定危害。

行为分析:
1、病毒运行后在%system32%\CatRoot2下新建了大量.log文件,用以记录键盘操作:

%system32%\CatRoot2\res1.log
%system32%\CatRoot2\res2.log
%system32%\CatRoot2\edb.log
%system32%\CatRoot2\dberr.txt
%system32%\CatRoot2\edbtmp.log
%system32%\CatRoot2\edb0001b.log


2、病毒记录键盘操作,并以邮件的形式发送给病毒作者:

病毒作者邮箱:refdom@263.net

3、释放修改系统时间的文件到文件夹%system32%\CatRoot2下,使病毒文件的新建时间与系统时间不一至:

%system32%\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
%system32%\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TimeStamp
%system32%\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ catdb
%system32%\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ TimeStamp
%system32%\CatRoot2\tmp.edb

4、释放文件碎片恢复文件,用来恢复被删除的病毒文件,从而给手工删除此病毒带来了一定的困难:

%system32%\CatRoot2\.edb.chk

注:% System%是一个可变路径。病毒通过查询操作系统来决定当前System文件夹的位置。Windows2000/NT中默认的安装路径是C:\Winnt\System32,windows95/98/me中默认的安装路径是C:\Windows\System,windowsXP中默认的安装路径是C:\Windows\System32。


以上是我在用google找到的大陆网站内文,跟我的电脑目前的情形完全一样,请版主大大帮我,看有什么办法清掉它.谢谢您!


献花 x0 回到顶端 [2 楼] From:台湾 | Posted:2006-12-28 23:23 |
upside 手机 葫芦墩家族
个人头像
个人文章 个人相簿 个人日记 个人地图
特殊贡献奖 社区建设奖 优秀管理员勋章
头衔:反病毒 反诈骗 反虐犬   反病毒 反诈骗 反虐犬  
版主
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片

http://research.sunbelt-software.com/threatdisplay.aspx?...32.Delf.ain&threatid=44110

先到此网站 右边下载解毒程式测试看看
我这边正在收集资料 若可以就制作出解毒法


爸爸 你一路好走
献花 x0 回到顶端 [3 楼] From:台湾 | Posted:2006-12-29 14:29 |
南海人
数位造型
个人文章 个人相簿 个人日记 个人地图
路人甲
级别: 路人甲 该用户目前不上站
推文 x0 鲜花 x0
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片

下面是引用upside于2006-12-29 14:29发表的 :
http://research.sunbelt-software.com/threatdisplay.aspx?...32.Delf.ain&threatid=44110

先到此网站 右边下载解毒程式测试看看
我这边正在收集资料 若可以就制作出解毒法


在看到大大的留言后,我立即去下载并扫过,结果它没有扫到这个病毒的存在. 表情
我有先做update,病毒码之类东西应该是最新的,,可是它没......


献花 x0 回到顶端 [4 楼] From:台湾 | Posted:2006-12-29 19:11 |
upside 手机 葫芦墩家族
个人头像
个人文章 个人相簿 个人日记 个人地图
特殊贡献奖 社区建设奖 优秀管理员勋章
头衔:反病毒 反诈骗 反虐犬   反病毒 反诈骗 反虐犬  
版主
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片

虽然目前可以立即删除该木马建立的档案
但是并不能解决问题
请立即以下连结分析出系统资料 让小弟来分析
以便制出批次查杀工具
http://bbs.mychat.to/read.php?tid=592517


爸爸 你一路好走
献花 x0 回到顶端 [5 楼] From:台湾 | Posted:2006-12-29 19:21 |
南海人
数位造型
个人文章 个人相簿 个人日记 个人地图
路人甲
级别: 路人甲 该用户目前不上站
推文 x0 鲜花 x0
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片

下面是引用upside于2006-12-29 19:21发表的 :
虽然目前可以立即删除该木马建立的档案
但是并不能解决问题
请立即以下连结分析出系统资料 让小弟来分析
以便制出批次查杀工具
http://bbs.mychat.to/read.php?tid=592517


复制程式

2006-12-29,22:19:03

System Repair Engineer 2.3.13.690
Smallfrogs ([url]http://www.KZTechs.com[/url])

Windows XP Professional Service Pack 2 (Build 2600)
 - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [N/A]
    <MSCalsClocks><C:\Program Files\Microsoft Chinese Date & Time\ICalClk.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe">  [Kaspersky Lab]
    <Device Detector><DevDetect.exe -autorun>  [N/A]
    <SunServer><C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe>  [Sunbelt Software]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><"C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll">  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]

==================================
Startup Folders
N/A

==================================
Services
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Kaspersky Internet Security 6.0 / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r><Kaspersky Lab>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[PDEngine / PDEngine][Stopped/Manual Start]
  <C:\Program Files\Raxco\PerfectDisk\PDEngine.exe><Raxco Software, Inc.>
[PDScheduler / PDSched][Running/Auto Start]
  <C:\Program Files\Raxco\PerfectDisk\PDSched.exe><Raxco Software, Inc.>
[Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup-->%SystemRoot%\System32\WUDFSvc.dll><Microsoft Corporation>

==================================
Drivers
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[dump_wmimmc / dump_wmimmc][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\dump_wmimmc.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Running/Manual Start]
  <System32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Gamania\MapleStory\npkcrypt.sys><INCA Internet Co., Ltd.>
[直接平行连接埠连结驱动程式 / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Manual Start]
  <system32\DRIVERS\WudfPf.sys><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start]
  <system32\DRIVERS\wudfrd.sys><Microsoft Corporation>
[Padus ASPI Shell / pfc][Stopped/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[NPPTNT2 / NPPTNT2][Running/Manual Start]
  <\??\C:\WINDOWS\system32\npptNT2.sys><INCA Internet Co., Ltd.>

==================================
Browser Add-ons
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[NTIECatcher Class]
  {C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi>
[网页]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[NTIECatcher Class]
  {C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[使用影音传送带下载]
  <C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A>
[使用影音传送带下载全部连结]
  <C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A>

==================================
Running Processes
[PID: 596][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 664][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 692][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4129]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 736][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 748][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 912][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4129]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2500]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 924][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1020][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1128][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1176][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1280][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1528][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1668][C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prremote.dll]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\FSSync.dll]  [Kaspersky Lab, 6.0.5.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\AVPGS.PPL]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\winreg.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\tm.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\bl.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\wmihlpr.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\ndetect.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\crpthlpr.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\schedule.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\timer.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\thpimpl.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\lic60.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\report.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\hashmd5.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\avs.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\avpmgr.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\wdiskio.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\avlib.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\avspm.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\avp3info.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\antispam.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\adialtsk.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\oas.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\ahids.ppl]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\CKAHUM.dll]  [Kaspersky Lab, 6.0.1.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\CKAHComm.dll]  [Kaspersky Lab, 6.0.1.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ckahrule.dll]  [Kaspersky Lab, 6.0.1.1]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\aphish.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\mc.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\procmon.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\sc.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\httpscan.ppl]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klaveng.dll]  [N/A, N/A]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\aphisht.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\popupchk.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\og.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\pdm.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\httpanlz.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\dtreg.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\sfdb.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\trafficmonitor2.ppl]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\SSLEAY32.dll]  [The OpenSSL Project, [url]http://www.openssl.org/[/url], 0.9.8b]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\LIBEAY32.dll]  [The OpenSSL Project, [url]http://www.openssl.org/[/url], 0.9.8b]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\prutil.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\spamtst.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\avp1.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\l_llio.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\smtpprotocoller.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\pop3protocoller.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\maildisp.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\imapprotocoller.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\nntpprotocoller.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\ahfw.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\resip.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\ichk2.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\icheckersa.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\hashcont.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\hccmp.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\iwgen.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\uniarc.ppl]  [Kaspersky Lab, 6.0.0.16]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\minizip.ppl]  [Kaspersky Lab, 6.0.0.16]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\cab.ppl]  [Kaspersky Lab, 6.0.0.16]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\arj.ppl]  [Kaspersky Lab, 6.0.0.16]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\rar.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\lha.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\mdb.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\msoe.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\ods.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\buffer.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\memscan.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\memmodsc.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\ntfsstrm.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\btdisk.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\startupenum2.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\inifile.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\btimages.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\qb.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\updater2005.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\productinfo.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\updater.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\diff.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\base64p.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\updateinfo.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\updateobjectinfo.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\netsession.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\socket.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\ftpsession.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\base64.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\updatecategory.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\httpsession.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\ntlm.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\updateinstaller.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\baseinstaller.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\execinstaller.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\prseqio.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\inflate.ppl]  [Kaspersky Lab, 6.0.0.16]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\unlzx.ppl]  [Kaspersky Lab, 6.0.0.16]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\mdmap.ppl]  [Kaspersky Lab, 6.0.0.16]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\unstored.ppl]  [Kaspersky Lab, 6.0.0.16]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1820][C:\Program Files\Raxco\PerfectDisk\PDSched.exe]  [Raxco Software, Inc., 6, 0, 0, 31]
    [C:\Program Files\Raxco\PerfectDisk\PDCommon.dll]  [Raxco Software, Inc., 6, 0, 0, 31]
    [C:\Program Files\Raxco\PerfectDisk\PDLangEN.dll]  [Raxco Software, Inc., 6, 0, 0, 31]
    [C:\Program Files\Raxco\PerfectDisk\PDSchedPS.dll]  [Raxco Software, Inc., 6, 0, 0, 31]
    [C:\Program Files\Raxco\PerfectDisk\PDEnginePS.dll]  [Raxco Software, Inc., 6, 0, 0, 31]
    [C:\Program Files\Common Files\Raxco\AutoUpdps.dll]  [Raxco Software, Inc., 6, 0, 0, 3]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 668][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4129]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2500]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1116][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.1.2003110300]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunExecuteHook.dll]  [Sunbelt Software, 1.02.0097]
    [C:\WINDOWS\system32\VB6CHT.DLL]  [Microsoft Corporation, 6.00.8988]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prremote.dll]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.1.360]
[PID: 1316][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1912][C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prremote.dll]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\FSSync.dll]  [Kaspersky Lab, 6.0.5.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\AVPGS.PPL]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\winreg.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\avpgui.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\basegui.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\thpimpl.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\qb.ppl]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\report.ppl]  [Kaspersky Lab, 6.0.1.360]
[PID: 392][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 452][C:\Program Files\Microsoft Chinese Date & Time\ICalClk.exe]  [Microsoft Corporation, 1.0.0129.0]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 2144][C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe]  [ACD Systems, Ltd., 3,1,40,0]
    [C:\Program Files\Common Files\ACD Systems\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\ACD Systems\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\ACD Systems\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 540][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1452][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.1.2003110300]
    [C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll]  [Xi, 1.60.11]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scrchpg.dll]  [Kaspersky Lab, 1.0.6.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prremote.dll]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.1.360]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.1.360]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\basegui.ppl]  [Kaspersky Lab, 6.0.1.360]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\winreg.ppl]  [Kaspersky Lab, 6.0.1.360]
[PID: 2892][C:\Program Files\Xi\NetTransport 2\NetTransport.exe]  [Xi, 1.87.258]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]
    [C:\Program Files\Xi\NetTransport 2\libssl.dll]  [Xi, 0.97c.14]
    [C:\Program Files\Xi\NetTransport 2\libssh.dll]  [Xi, 3.1.006]
[PID: 2240][C:\Documents and Settings\Administrator\桌面\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des]  [INCA Internet Co., Ltd., 2006, 10, 11, 1]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1       localhost

==================================
API HOOK
Warning! System Repair Engineer
remind you that following
functions have modified to
abnormal values by unknown
reasons:
Entry Error: NtLoadDriver
Entry Error: NtOpenProcess
Entry Error: NtQuerySystemInformation
Entry Error: NtTerminateProcess
Entry Error: NtTerminateThread
Entry Error: ZwOpenProcess
Entry Error: ZwTerminateProcess
Entry Error: ZwTerminateThread
Entry Error: LoadLibraryExW
Entry Error: MoveFileW
Entry Error: DeviceIoControl
Entry Error: ReadProcessMemory
Entry Error: WriteProcessMemory

==================================






以上LOG请大大帮忙,感恩 表情


献花 x0 回到顶端 [6 楼] From:台湾 | Posted:2006-12-29 22:30 |
upside 手机 葫芦墩家族
个人头像
个人文章 个人相簿 个人日记 个人地图
特殊贡献奖 社区建设奖 优秀管理员勋章
头衔:反病毒 反诈骗 反虐犬   反病毒 反诈骗 反虐犬  
版主
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片

看了一整晚 从报表中来看 并无异常
是否已被防毒程式删除
嗯 感觉是误判
请到安全模式下 将 C:\WINDOWS\SYSTEM32\CatRoot2
这个资料夹 档名 改成 CatRoot2TMP 再重新开机测试


[ 此文章被upside在2006-12-30 10:22重新编辑 ]


爸爸 你一路好走
献花 x0 回到顶端 [7 楼] From:台湾 | Posted:2006-12-30 10:15 |
南海人
数位造型
个人文章 个人相簿 个人日记 个人地图
路人甲
级别: 路人甲 该用户目前不上站
推文 x0 鲜花 x0
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片

下面是引用upside于2006-12-30 10:15发表的 :
看了一整晚 从报表中来看 并无异常
是否已被防毒程式删除
嗯 感觉是误判
请到安全模式下 将 C:\WINDOWS\SYSTEM32\CatRoot2
这个资料夹 档名 改成 CatRoot2TMP 再重新开机测试

我遵照大大的指示去做了一次(重新开机后,电脑又新建了CatRoot2),另外也做了一次变更CatRoot2资料夹中另二个资料夹的名字,不过都没效,它一样会再出现.我勒,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 表情


献花 x0 回到顶端 [8 楼] From:台湾 | Posted:2006-12-30 12:58 |
upside 手机 葫芦墩家族
个人头像
个人文章 个人相簿 个人日记 个人地图
特殊贡献奖 社区建设奖 优秀管理员勋章
头衔:反病毒 反诈骗 反虐犬   反病毒 反诈骗 反虐犬  
版主
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片

是防毒程式的警告 还是档案会再生
此资料夹是系统必备的
我的电脑中亦有此档案
删除后 重新开机仍会再生 是正常的


爸爸 你一路好走
献花 x0 回到顶端 [9 楼] From:台湾 | Posted:2006-12-30 13:33 |

<<   1   2   3  下页 >>(共 3 页)
首页  发表文章 发表投票 回覆文章
Powered by PHPWind v1.3.6
Copyright © 2003-04 PHPWind
Processed in 0.097972 second(s),query:16 Gzip disabled
本站由 瀛睿律师事务所 担任常年法律顾问 | 免责声明 | 本网站已依台湾网站内容分级规定处理 | 连络我们 | 访客留言