帮忙!!急!!logogo.exe inudhya.dll 病毒!! bbs.ikaka.com

look病毒 - 2007-9-2 17:51:00

下载 System Repair Engineer系统扫描工具软件，下载地址如下：
http://www.kztechs.com/sreng/download.html
扫描和上传日志的方法：
1、解压缩所下载的sreng2.zip压缩包；
2、打开已经解压缩的SRENG文件夹，双击运行其中的SREng.exe（如果不能运行，请删除已经解压的SRENG文件夹和其包含的所有文件，重新下载新的压缩包或用已下载的压缩包重新解压，解压时请将解压后的文件夹名改为111，解压后，进入111文件夹，不要运行其中的SREng.exe这个可执行文件，先将其直接改名为111.bat、111.scr、111.com或111.pif，或者改为111.exe，然后再双击运行）；
3、依次按“智能扫描”、“扫描”、“保存报告”，将日志保存到硬盘上；
4、找到并打开日志，把日志中的内容用“复制”--“粘贴”命令拷贝到帖子上，不要修改地传上来（日志很长，一个帖子搞不完，请手动将全部内容分多个回复帖子传上来）。
友情提示：
扫描日志前关闭所有手工打开的软件和窗口。
注意在没有进一步提示前，请勿用SRENG工具胡乱修复，否则系统可能变的情况更糟。

发贴时间:2007-9-2 15:30:34

look病毒 - 2007-9-2 17:55:00

如果上面说的不行```我建议你重装下系统```任何病毒木马都不见```最好自己买个系统``我们这里一般的是5元``10元到15元的算很好了```不知道你们那里多少钱``这样的话```如果中毒和很深就可以自己装系统了```不需要请电脑公司的了```认为我说的好加我QQ493114178``认为我说的不好就算了

wzh8877 - 2007-9-2 18:09:00

[CODE]

2007-09-02,17:53:24

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows XP Publisher]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<IntelliPoint><"C:\Program Files\Microsoft IntelliPoint\point32.exe"> [Microsoft Corporation]
<BigDogPath><C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera> [N/A]
<RemoteControl><"F:\cyberlink dvd\PowerDVD\PDVDServ.exe"> [Cyberlink Corp.]
<MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto> [(Verified)Microsoft Windows XP Publisher]
<AVP><"F:\New Folder\avp.exe"> [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<twin><C:\WINDOWS\System32\ctfnom.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><fycpri.dll> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><> [N/A]
<{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt> [N/A]
<{3495D328-661A-4FB0-BA67-8ACDD1704D1E}><C:\WINDOWS\System32\jh.dll> []
<{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\System64.Sys> [N/A]
<{12311A42-AC1B-158F-FD32-5674345F23A1}><C:\WINDOWS\System32\dhapri.dll> [N/A]
<{26368135-64FA-BC34-DA32-DCF4FD431C92}><C:\WINDOWS\System32\qhbpri.dll> [N/A]
<{014A26F5-FBAD-4549-9CA1-C38210704BD1}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\System16.ins> [N/A]
<{613AF41A-21B1-131B-1BFC-D2A90DF4A2B6}><C:\WINDOWS\System32\xyepri.dll> [N/A]
<{713AF41A-21B1-131B-1BFC-D2A90DF4A2B7}><C:\WINDOWS\System32\xyfpri.dll> [N/A]
<{40117B96-998D-4D80-8F89-5E9DBD9F3460}><C:\Program Files\Internet Explorer\PLUGINS\SysWin64.Sys> [N/A]
<{3562452F-FA36-BA4F-892A-FF5FBBAC5313}><C:\WINDOWS\System32\mycpri.dll> [N/A]
<{1182C1EB-375C-573D-1F5E-234552345211}><C:\WINDOWS\System32\wldpri.dll> [N/A]
<{22311A42-AC1B-158F-FD32-5674345F23A2}><C:\WINDOWS\System32\dhbpri.dll> [N/A]
<{112BC423-3713-224D-3F55-32B35C62B111}><C:\WINDOWS\System32\tllpri.dll> [N/A]
<{559AFD5B-159F-ACD8-954C-ACD545FA6585}><C:\WINDOWS\System32\jzepri.dll> [N/A]
<{212BC423-3713-224D-3F55-32B35C62B112}><C:\WINDOWS\System32\tlmpri.dll> [N/A]
<{52311A42-AC1B-158F-FD32-5674345F23A5}><C:\WINDOWS\System32\dhepri.dll> [N/A]
<{2231A43A-1642-641A-64FD-146ADAB223B2}><C:\WINDOWS\System32\mxbman.dll> [N/A]
<{352D2432-37A2-324F-2A54-21BF5CF2F1A3}><C:\WINDOWS\System32\jhbpri.dll> [N/A]
<{A12BC423-3713-224D-3F55-32B35C62B11A}><C:\WINDOWS\System32\tlupri.dll> [N/A]
<{8562452F-FA36-BA4F-892A-FF5FBBAC5318}><C:\WINDOWS\System32\myhpri.dll> [N/A]
<{5182C1EB-375C-573D-1F5E-234552345215}><C:\WINDOWS\System32\wlhpri.dll> [N/A]
<{46368135-64FA-BC34-DA32-DCF4FD431C94}><C:\WINDOWS\System32\qhdpri.dll> [N/A]
<{725AB2F3-234A-7469-2F43-E341713ABFA7}><C:\WINDOWS\System32\wggpri.dll> [N/A]
<{33472AF2-174F-AC37-197C-CAC3BCA146C3}><C:\WINDOWS\System32\fycpri.dll> [N/A]
<{959AFD5B-159F-ACD8-954C-ACD545FA6589}><C:\WINDOWS\System32\jzipri.dll> [N/A]

wzh8877 - 2007-9-2 18:09:00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\System32\klogon.dll> [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\reset5]
<WinlogonNotify: reset5><reset5.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
<N/A><"C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<cmdbcs><; C:\WINDOWS\cmdbcs.exe> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<eMuleAutoStart><; F:\emule\emule.exe -AutoStart> [http://www.emule-project.net]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<H2O><; C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe> [Team H2O]
<KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
<Load><; ?矵??矵??矵???苠> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<logogo><; C:\WINDOWS\system\logogo.exe> [N/A]
<mhs3><; C:\WINDOWS\mhs3.exe> [N/A]
<Microsoft Autorun11><; C:\WINDOWS\System32\nwizwlwzs.exe> [N/A]
<Microsoft Autorun5><; C:\WINDOWS\System32\mosou.exe> [N/A]
<Microsoft Autorun7><; C:\WINDOWS\System32\nwiztlbu.exe> [N/A]
<Microsoft Autorun9><; C:\WINDOWS\System32\Ravasktao.exe> [N/A]
<mppds><; C:\WINDOWS\mppds.exe> [N/A]
<msccrt><; C:\WINDOWS\msccrt.exe> [N/A]
<PCSuiteTrayApplication><; F:\nokia\NOKIAP~1\LAUNCH~1.EXE -startup> [Nokia]

wzh8877 - 2007-9-2 18:10:00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<PcSync><; F:\nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog> [Time Information Services Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows XP Publisher]
<PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows XP Publisher]
<RAV008C><; C:\WINDOWS\System32\RAV008C.exe> [N/A]
<RAV0094><; C:\WINDOWS\System32\RAV0094.exe> [N/A]
<RAV009B><; C:\WINDOWS\System32\RAV009B.exe> [N/A]
<RAV00A0><; C:\WINDOWS\System32\RAV00A0.exe> [N/A]
<RAV00AE><; C:\WINDOWS\System32\RAV00AE.exe> [N/A]
<RAV00CF><; C:\WINDOWS\System32\RAV00CF.exe> [N/A]
<RAV0138><; C:\WINDOWS\System32\RAV0138.exe> [N/A]
<ravdhmon><; C:\Program Files\NetMeeting\ravdhmon.exe> [N/A]
<ravmsmon><; C:\Program Files\NetMeeting\ravmsmon.exe> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ravshell><; C:\WINDOWS\rund1132.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<stup.exe><; C:\PROGRA~1\TENCENT\Adplus\stup.exe> [N/A]
<TIMHost><; C:\WINDOWS\TIMHost.exe> [N/A]
<WinForm><; C:\WINDOWS\WinForm.exe> []

wzh8877 - 2007-9-2 18:11:00

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\System32\Ati2evxx.exe><>
[卡巴斯基互联网安全套装6.0个人版 / AVP][Running/Auto Start]
<F:\New Folder\avp.exe -r><Kaspersky Lab>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
<C:\WINDOWS\System32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[Reset 5 / Reset 5][Running/Auto Start]
<C:\WINDOWS\system32\srvany.exe><N/A>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
<"C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe"><Nokia.>
[Ulead Burning Helper / UleadBurningHelper][Running/Auto Start]
<C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>

wzh8877 - 2007-9-2 18:11:00

==================================
驱动程序
[ADProt / ADProt][Stopped/System Start]
<\SystemRoot\system32\drivers\ADProt.sys><N/A>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
<system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag][Running/Manual Start]
<System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Team H2O CLEDX service / CLEDX][Running/Manual Start]
<System32\DRIVERS\cledx.sys><Team H2O>
[Sony Ericsson USB Flash Driver / ggsemc][Stopped/Manual Start]
<System32\DRIVERS\ggsemc.sys><Sony Ericsson Mobile Communications>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
<\??\G:\INSTALL\GMSIPCI.SYS><N/A>
[HOOKAPI / HOOKAPI][Stopped/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HOOKAPI.SYS><N/A>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
<\??\C:\WINDOWS\System32\drivers\klif.sys><Kaspersky Lab>
[New0 / New0][Running/Auto Start]
<\??\C:\WINDOWS\System32\new.sys><N/A>
[Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start]
<system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start]
<system32\drivers\nmwcdcm.sys><Nokia>
[Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start]
<system32\drivers\nmwcd.sys><Nokia>
[Nokia USB Port / Nokia USB Port][Stopped/Manual Start]
<system32\drivers\nmwcdcj.sys><Nokia>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\E:\qq3\npkcrypt.sys><INCA Internet Co., Ltd.>
[Padus ASPI Shell / pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver / RTL8023][Running/Manual Start]
<System32\DRIVERS\Rtlnic51.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<System32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[TSP / TSP][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\drivers\klif.sys><Kaspersky Lab>
[Sony Ericsson W300 Driver driver (WDM) / w300bus][Stopped/Manual Start]
<System32\DRIVERS\w300bus.sys><MCCI>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[VIMICRO USB PC Camera / ZSMC302][Running/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>

wzh8877 - 2007-9-2 18:12:00

==================================
浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <F:\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[启动迅雷]
{0062C9BD-B349-40DE-91A0-755F37ACD559} <F:\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <C:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[Web反病毒统计]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <F:\New Folder\scieplugin.dll, Kaspersky Lab>
[豪杰超级解霸V8]
{367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\Herosoft\HeroV8\STHSDVD.EXE, N/A>
[Yahoo 3.5G电邮]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[名品折扣]
{59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[雅虎WIDGET]
{6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\qq3\QQ.EXE, TENCENT>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[WebActivater Control]
{3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\System32\WEBACT~1.OCX, QQ>
[Tencent Safety Online Base Module]
{C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\System32\TSOBase\TSOBase.ocx, Tencent Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
<F:\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<F:\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
<E:\qq3\AddToNetDisk.htm, N/A>
[使用网际快车下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
<E:\qq3\AddPanel.htm, N/A>
[添加到QQ表情]
<E:\qq3\AddEmotion.htm, N/A>
[添加到反广告黑名单]
<F:\New Folder\ie_banner_deny.htm, N/A>
[添加到雅虎订阅(&Y)]
<, N/A>
[用QQ彩信发送该图片]
<E:\qq3\SendMMS.htm, N/A>
[百度Flash搜索]
<res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/FLASHSEARCH.HTM, N/A>
[百度mp3搜索]
<res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUMP3.HTM, N/A>
[百度信息快递搜索]
<res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIE.HTM, N/A>
[百度图片搜索]
<res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIMG.HTM, N/A>
[百度搜索]
<res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUSEARCH.HTM, N/A>
[百度新闻搜索]
<res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUNEWS.HTM, N/A>
[豪杰超级解霸V8实时播放]
<C:\Herosoft\HeroV8\MPURLGET.HTM, N/A>

wzh8877 - 2007-9-2 18:14:00

==================================
正在运行的进程
[PID: 496 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 564 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 588 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\klogon.dll] [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\system32\reset5.dll] [N/A, ]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 632 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 644 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 812 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 836 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[F:\New Folder\adialhk.dll] [Kaspersky Lab, 6.0.2.621]
[PID: 908 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 920 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1092 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\system32\EBPMON2.DLL] [SEIKO EPSON CORPORATION, 2, 30, 0, 0]
[PID: 1224 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[F:\New Folder\adialhk.dll] [Kaspersky Lab, 6.0.2.621]
[PID: 1240 / SYSTEM][C:\WINDOWS\System32\Ati2evxx.exe] [, ]
[PID: 1420 / SYSTEM][C:\WINDOWS\system32\srvany.exe] [N/A, ]
[C:\WINDOWS\System32\RemoteDbg.dll] [N/A, ]
[PID: 1448 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\RemoteDbg.dll] [N/A, ]
[PID: 1468 / SYSTEM][C:\WINDOWS\system32\resetservice.exe] [N/A, ]
[C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9237]
[C:\WINDOWS\System32\RemoteDbg.dll] [N/A, ]
[PID: 1476 / SYSTEM][C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe] [Ulead Systems, Inc., 1, 0, 0, 4]
[C:\WINDOWS\System32\RemoteDbg.dll] [N/A, ]
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 1800 / wzh][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\RemoteDbg.dll] [N/A, ]
[F:\New Folder\scrchpg.dll] [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\System32\jh.dll] [N/A, ]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system\inudhya.dll] [N/A, ]
[C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx] [, 1, 0, 0, 1]
[F:\Thunder\ComDlls\XunLeiBHO_002.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
[C:\PROGRA~1\FLASHGET\jccatch.dll] [Amaze Soft, 1, 1, 4, 0]
[F:\New Folder\adialhk.dll] [Kaspersky Lab, 6.0.2.621]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[C:\Program Files\ACDSee\picaview.dll] [ACD Systems, Ltd., 2, 0, 0, 78]
[C:\Program Files\ACDSee\PlugIns\IDE_ACDStd.apl] [ACD Systems, Ltd., 1, 3, 4, 22]
[F:\New Folder\ShellEx.dll] [Kaspersky Lab, 6.0.2.621]
[PID: 2024 / wzh][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.0.24]
[C:\WINDOWS\System32\RemoteDbg.dll] [N/A, ]
[C:\WINDOWS\system\inudhya.dll] [N/A, ]
[C:\WINDOWS\System32\jh.dll] [N/A, ]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[PID: 2036 / wzh][C:\Program Files\Microsoft IntelliPoint\point32.exe] [Microsoft Corporation, 5.00.174.0]
[C:\Program Files\Microsoft IntelliPoint\point32.dll] [Microsoft Corporation, 5.00.174.0]
[C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll] [Microsoft Corporation, 5.00.174.0]
[C:\WINDOWS\System32\RemoteDbg.dll] [N/A, ]
[C:\Program Files\Microsoft IntelliPoint\ipres.dll] [Microsoft Corporation, 5.00.154.0]
[C:\Program Files\Microsoft IntelliPoint\srres.dll] [Microsoft Corporation, 5.00.154.0]
[C:\WINDOWS\System32\jh.dll] [N/A, ]
[C:\WINDOWS\system\inudhya.dll] [N/A, ]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[PID: 2044 / wzh][C:\WINDOWS\VM_STI.EXE] [BIGDOG, 4, 2, 610, 4]
[C:\WINDOWS\System32\RemoteDbg.dll] [N/A, ]
[C:\WINDOWS\System32\msdmo.dll] [, ]
[C:\WINDOWS\System32\VM31bPrp.Ax] [Vimicro, 1.00.01.00]
[C:\WINDOWS\System32\jh.dll] [N/A, ]
[C:\WINDOWS\system\inudhya.dll] [N/A, ]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[PID: 192 / wzh][F:\cyberlink dvd\PowerDVD\PDVDServ.exe] [Cyberlink Corp., 5.00.0000]
[C:\WINDOWS\System32\RemoteDbg.dll] [N/A, ]
[C:\Program Files\CyberLink\Shared Files\CLRCEngine2.dll] [CyberLink Corp., 3.20.0000]
[C:\WINDOWS\system\inudhya.dll] [N/A, ]
[C:\WINDOWS\System32\jh.dll] [N/A, ]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[PID: 396 / wzh][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\RemoteDbg.dll] [N/A, ]
[C:\WINDOWS\system\inudhya.dll] [N/A, ]
[C:\WINDOWS\System32\jh.dll] [N/A, ]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[PID: 3296 / wzh][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]

wzh8877 - 2007-9-2 18:15:00

[C:\WINDOWS\System32\RemoteDbg.dll] [N/A, ]
[F:\New Folder\scrchpg.dll] [Kaspersky Lab, 6.0.2.621]
[C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx] [, 1, 0, 0, 1]
[F:\Thunder\ComDlls\XunLeiBHO_002.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
[C:\PROGRA~1\FLASHGET\jccatch.dll] [Amaze Soft, 1, 1, 4, 0]
[F:\New Folder\adialhk.dll] [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\System32\jh.dll] [N/A, ]
[F:\New Folder\klscav.dll] [Kaspersky Lab, 6.0.2.621]
[F:\New Folder\prremote.dll] [Kaspersky Lab, 6.0.2.621]
[F:\New Folder\prloader.dll] [Kaspersky Lab, 6.0.2.621]
[F:\New Folder\prkernel.ppl] [Kaspersky Lab, 6.0.2.621]
[f:\new folder\params.ppl] [Kaspersky Lab, 6.0.2.621]
[f:\new folder\pxstub.ppl] [Kaspersky Lab, 6.0.2.621]
[f:\new folder\tempfile.ppl] [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[f:\new folder\nfio.ppl] [Kaspersky Lab, 6.0.2.621]
[f:\new folder\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.2.621]
[f:\new folder\basegui.ppl] [Kaspersky Lab, 6.0.2.621]
[f:\new folder\thpimpl.ppl] [Kaspersky Lab, 6.0.2.621]
[f:\new folder\FSSync.dll] [Kaspersky Lab, 6.0.5.621]
[f:\new folder\winreg.ppl] [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\System32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[PID: 3812 / wzh][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\RemoteDbg.dll] [N/A, ]
[F:\New Folder\scrchpg.dll] [Kaspersky Lab, 6.0.2.621]
[C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx] [, 1, 0, 0, 1]
[F:\Thunder\ComDlls\XunLeiBHO_002.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
[C:\PROGRA~1\FLASHGET\jccatch.dll] [Amaze Soft, 1, 1, 4, 0]
[F:\New Folder\adialhk.dll] [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\System32\jh.dll] [N/A, ]
[F:\New Folder\klscav.dll] [Kaspersky Lab, 6.0.2.621]
[F:\New Folder\prremote.dll] [Kaspersky Lab, 6.0.2.621]
[F:\New Folder\prloader.dll] [Kaspersky Lab, 6.0.2.621]
[F:\New Folder\prkernel.ppl] [Kaspersky Lab, 6.0.2.621]
[f:\new folder\params.ppl] [Kaspersky Lab, 6.0.2.621]
[f:\new folder\pxstub.ppl] [Kaspersky Lab, 6.0.2.621]
[f:\new folder\tempfile.ppl] [Kaspersky Lab, 6.0.2.621]
[f:\new folder\nfio.ppl] [Kaspersky Lab, 6.0.2.621]
[f:\new folder\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.2.621]
[f:\new folder\basegui.ppl] [Kaspersky Lab, 6.0.2.621]
[f:\new folder\thpimpl.ppl] [Kaspersky Lab, 6.0.2.621]
[f:\new folder\FSSync.dll] [Kaspersky Lab, 6.0.5.621]
[f:\new folder\winreg.ppl] [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[PID: 2868 / wzh][C:\Program Files\FlashGet\flashget.exe] [Amaze Soft, 1, 6, 5, 0]
[C:\WINDOWS\System32\RemoteDbg.dll] [N/A, ]
[F:\New Folder\adialhk.dll] [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\System32\jh.dll] [N/A, ]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[PID: 444 / wzh][F:\Thunder\Program\Thunder5.exe] [Thunder Networking Technologies,LTD, 5.3.0.220]
[F:\Thunder\Program\UpdateDownload.dll] [Thunder Networking Technologies,LTD, 1, 0, 1, 8]
[F:\Thunder\Program\download_interface.dll] [Thunder Networking Technologies,LTD, 1, 0, 4, 71]
[F:\Thunder\Program\log4cplus.dll] [, 1, 0, 2, 1]
[F:\Thunder\Program\stlport_vc646.dll] [STLport Consulting, Inc., 4.6.2003.1031]
[F:\Thunder\Program\asyn_dns.dll] [N/A, ]
[F:\Thunder\Program\msgmanage.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 15]
[F:\Thunder\Program\historyinfo_manage.dll] [Thunder Networking Technologies,LTD, 5, 2, 0, 148]
[C:\WINDOWS\System32\RemoteDbg.dll] [N/A, ]
[F:\Thunder\Program\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 1, 0, 18]
[F:\Thunder\Program\FloatBar.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
[F:\New Folder\adialhk.dll] [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\System32\jh.dll] [N/A, ]
[F:\Thunder\Components\InMedia\iEmbedShell.dll] [　, 1, 0, 0, 11]
[F:\Thunder\Components\InMedia\iEmbed04.dll] [　, 2, 3, 0, 37]
[F:\Thunder\Components\P4PClient\P4PClient.dll] [Thunder Networking Technologies,LTD, 1, 0, 3, 8]
[F:\New Folder\scrchpg.dll] [Kaspersky Lab, 6.0.2.621]
[F:\Thunder\Program\iTargetAd.dll] [Thunder Networking Technologies,LTD, 1, 0, 1, 55]
[F:\New Folder\klscav.dll] [Kaspersky Lab, 6.0.2.621]
[F:\New Folder\prremote.dll] [Kaspersky Lab, 6.0.2.621]
[F:\New Folder\prloader.dll] [Kaspersky Lab, 6.0.2.621]
[F:\New Folder\prkernel.ppl] [Kaspersky Lab, 6.0.2.621]
[f:\new folder\params.ppl] [Kaspersky Lab, 6.0.2.621]
[f:\new folder\pxstub.ppl] [Kaspersky Lab, 6.0.2.621]
[f:\new folder\tempfile.ppl] [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\System32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[PID: 272 / wzh][C:\WINDOWS\System32\conime.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\RemoteDbg.dll] [N/A, ]
[C:\WINDOWS\System32\jh.dll] [N/A, ]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[PID: 1496 / wzh][C:\Documents and Settings\wzh\桌面\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\System32\RemoteDbg.dll] [N/A, ]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]

wzh8877 - 2007-9-2 18:16:00

文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

wzh8877 - 2007-9-2 18:16:00

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
OPEN=setup.exe
shellexecute=setup.exe
shell\打开(&O)\command=setup.exe

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
进程特权扫描
特殊特权被允许： SeSystemtimePrivilege [PID = 1468, C:\WINDOWS\SYSTEM32\RESETSERVICE.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2036, C:\PROGRAM FILES\MICROSOFT INTELLIPOINT\POINT32.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2036, C:\PROGRAM FILES\MICROSOFT INTELLIPOINT\POINT32.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2044, C:\WINDOWS\VM_STI.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2044, C:\WINDOWS\VM_STI.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 192, F:\CYBERLINK DVD\POWERDVD\PDVDSERV.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 192, F:\CYBERLINK DVD\POWERDVD\PDVDSERV.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2868, C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2868, C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 444, F:\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 444, F:\THUNDER\PROGRAM\THUNDER5.EXE]

==================================
API HOOK
RVA 错误： LoadLibraryA (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\System32\drivers\klif.sys)
RVA 错误： LoadLibraryExA (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\System32\drivers\klif.sys)
RVA 错误： LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\System32\drivers\klif.sys)
RVA 错误： LoadLibraryW (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\System32\drivers\klif.sys)
RVA 错误： GetProcAddress (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\System32\drivers\klif.sys)

==================================
隐藏进程
N/A

==================================

瑞星卡卡安全论坛