日志中异常项目如下:
==================================
启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<HBService32><System.exe> [N/A]
<SysSafe><C:\WINDOWS\system32\Cache\SysSafe.exe> [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<dlnajjbdfa><C:\WINDOWS\system\llwzjy081006.exe> [File is missing]
==================================
驱动程序
[ADProt / ADProt][Stopped/System Start]
<\SystemRoot\system32\drivers\ADProt.sys><N/A>
[BdGuard / BdGuard][Stopped/Boot Start]
<\SystemRoot\system32\drivers\BDGuard.SYS><N/A>
[NTGDT / NTGDT][Running/System Start]
<\??\C:\WINDOWS\system32\Drivers\NTGDT.SYS><N/A>
==================================
浏览器加载项
[NaviHelperObj Class]
{3E422F49-1566-40D3-B43D-077EF739AC32} <C:\WINDOWS\system32\NaviHelper.dll, N/A>
[SearchHook Class]
{635A7AFA-FB22-4A4E-8AB8-C85CFAB14626} <C:\PROGRA~1\snav\Snav.dll, N/A>
[]
{F6A454AE-156A-415E-9F89-3795677A8A91} <C:\Program Files\Internet Explorer\53u1ttMe.2ys, N/A>
[百度工具栏]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, (Signed) Baidu.com, Inc.>
[NaviHelperObj Class]
{3E422F49-1566-40D3-B43D-077EF739AC32} <C:\WINDOWS\system32\NaviHelper.dll, N/A>
[SearchHook Class]
{635A7AFA-FB22-4A4E-8AB8-C85CFAB14626} <C:\PROGRA~1\snav\Snav.dll, N/A>
[百度工具栏]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, (Signed) Baidu.com, Inc.>
[]
{F6A454AE-156A-415E-9F89-3795677A8A91} <C:\Program Files\Internet Explorer\53u1ttMe.2ys, N/A>
==================================
正在运行的进程
[PID: 920][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
==================================
HOSTS 文件
60.191.64.73
www.baidu,com==================================
注:C:\WINDOWS\system32\ctfmon.exe这个系统文件可能被病毒感染,建议发http://www.virscan.org检测一下。
