瑞星卡卡安全论坛

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      1:14:47, 日期 2007-6-25
操作系统：  Windows XP SP2, v.2096 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2096)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Kaspersky Lab\卡巴斯基反病毒软件 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE
C:\Program Files\Kaspersky Lab\卡巴斯基反病毒软件 6.0\avp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\conime.exe
D:\杀毒软件\HijackThis1[1].99.1\HijackThis1991zww.exe

R3 - 默认的URLSearchHook丢失。用HijackThis修复
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - C:\PROGRA~1\SUPERR~1\MagicSet\haokanbar.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - IE工具栏增项: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - C:\PROGRA~1\SUPERR~1\MagicSet\haokanbar.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - 启动项HKLM\\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - 启动项HKLM\\Run: [AVP] "C:\Program Files\Kaspersky Lab\卡巴斯基反病毒软件 6.0\avp.exe"
O4 - 启动项HKLM\\Run: [PPHIDPAD] ; C:\WINPENJR\Win32\pphidpad.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O9 - 浏览器额外的按钮: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 浏览器额外的按钮: Web反病毒保护 统计 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\卡巴斯基反病毒软件 6.0\scieplugin.dll
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - NT 服务: 卡巴斯基反病毒软件 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\卡巴斯基反病毒软件 6.0\avp.exe" -r (file missing)

2007-06-25,01:29:01

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2, v.2096 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <Super Rabbit IEPro><C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD>  [Super Rabbit Soft]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <AVP><"C:\Program Files\Kaspersky Lab\卡巴斯基反病毒软件 6.0\avp.exe">  [Kaspersky Lab]
    <PPHIDPAD><; C:\WINPENJR\Win32\pphidpad.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]

==================================
启动文件夹
N/A

==================================
服务
[卡巴斯基反病毒软件 6.0 / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\卡巴斯基反病毒软件 6.0\avp.exe" -r><Kaspersky Lab>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[ppmoucls / ppmoucls][Running/System Start]
  <System32\DRIVERS\ppmoucls.sys><Windows (R) 2000 DDK provider>
[PenPower Touchpad / pptchpad][Running/System Start]
  <System32\DRIVERS\pptchpd5.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>

==================================
浏览器加载项
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\PROGRA~1\SUPERR~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Web反病毒保护 统计]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\卡巴斯基反病毒软件 6.0\scieplugin.dll, Kaspersky Lab>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\PROGRA~1\SUPERR~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\swflash.ocx, Macromedia, Inc.>
[Thunder Browser Helper]
  {39F7E361-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll, BitComet>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\PROGRA~1\SUPERR~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\PROGRA~1\SUPERR~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360safe.com>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>

==================================
正在运行的进程
[PID: 484][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 540][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 564][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.2.615]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 608][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 620][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 788][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 1440][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\Program Files\Kaspersky Lab\卡巴斯基反病毒软件 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.615]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.3847]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3847]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3847]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3847]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3847]
    [C:\Program Files\Unlocker\UnlockerCOM.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\卡巴斯基反病毒软件 6.0\ShellEx.dll]  [Kaspersky Lab, 6.0.2.615]
    [C:\Program Files\Kaspersky Lab\卡巴斯基反病毒软件 6.0\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\Program Files\Kaspersky Lab\卡巴斯基反病毒软件 6.0\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[PID: 1516][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.00]
[PID: 1524][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3.0.0.3847]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3847]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3847]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3847]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3847]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.3847]
[PID: 1532][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.3847]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3847]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3847]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3847]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3.0.0.3847]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3847]
[PID: 1552][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 1560][C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE]  [Super Rabbit Soft, 7.99]
    [C:\WINDOWS\system32\msvbvm60.dll]  [Microsoft Corporation, 6.00.9690]
    [C:\WINDOWS\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8988]
    [C:\PROGRA~1\SUPERR~1\MagicSet\shlobj71.ocx]  [Sky Software (http://www.ssware.com), 7, 1, 0, 0]
    [C:\Program Files\Kaspersky Lab\卡巴斯基反病毒软件 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.615]
[PID: 288][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 1108][D:\杀毒软件\sreng2(1)\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\Program Files\Kaspersky Lab\卡巴斯基反病毒软件 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.615]
[PID: 536][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\Program Files\Kaspersky Lab\卡巴斯基反病毒软件 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.615]
    [C:\PROGRA~1\SUPERR~1\MagicSet\haokanbar.dll]  [Xiang Feng Technology, 2, 2, 0, 1612]
    [C:\Program Files\Kaspersky Lab\卡巴斯基反病毒软件 6.0\klscav.dll]  [Kaspersky Lab, 6.0.2.615]
    [C:\Program Files\Kaspersky Lab\卡巴斯基反病毒软件 6.0\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\Program Files\Kaspersky Lab\卡巴斯基反病毒软件 6.0\prremote.dll]  [Kaspersky Lab, 6.0.2.615]
    [C:\Program Files\Kaspersky Lab\卡巴斯基反病毒软件 6.0\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\Program Files\Kaspersky Lab\卡巴斯基反病毒软件 6.0\prloader.dll]  [Kaspersky Lab, 6.0.2.615]
    [C:\Program Files\Kaspersky Lab\卡巴斯基反病毒软件 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.2.615]
    [c:\program files\kaspersky lab\卡巴斯基反病毒软件 6.0\params.ppl]  [Kaspersky Lab, 6.0.2.615]
    [c:\program files\kaspersky lab\卡巴斯基反病毒软件 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.2.615]
    [c:\program files\kaspersky lab\卡巴斯基反病毒软件 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.2.615]
    [c:\program files\kaspersky lab\卡巴斯基反病毒软件 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.2.615]
    [c:\program files\kaspersky lab\卡巴斯基反病毒软件 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.2.615]
    [c:\program files\kaspersky lab\卡巴斯基反病毒软件 6.0\basegui.ppl]  [Kaspersky Lab, 6.0.2.615]
    [c:\program files\kaspersky lab\卡巴斯基反病毒软件 6.0\thpimpl.ppl]  [Kaspersky Lab, 6.0.2.615]
    [c:\program files\kaspersky lab\卡巴斯基反病毒软件 6.0\FSSync.dll]  [Kaspersky Lab, 6.0.5.615]
    [c:\program files\kaspersky lab\卡巴斯基反病毒软件 6.0\winreg.ppl]  [Kaspersky Lab, 6.0.2.615]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
GetVersion (危险等级: ,  被下面模块所HOOK: )
GetVersionExW (危险等级: ,  被下面模块所HOOK: )
DeleteFileW (危险等级: ,  被下面模块所HOOK: )
FindFirstFileExW (危险等级: ,  被下面模块所HOOK: )
RVA  错误： LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF0CFAAF0)
RVA  错误： LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF0CFACD0)
RVA  错误： LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF0CFAE30)
RVA  错误： LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF0CFABE0)
TerminateThread (危险等级: ,  被下面模块所HOOK: )
FindFirstChangeNotificationW (危险等级: ,  被下面模块所HOOK: )
GetCurrentProcess (危险等级: ,  被下面模块所HOOK: )
GetCurrentProcessId (危险等级: ,  被下面模块所HOOK: )
GetCurrentThread (危险等级: ,  被下面模块所HOOK: )
GetCurrentThreadId (危险等级: ,  被下面模块所HOOK: )
GetFileSizeEx (危险等级: ,  被下面模块所HOOK: )
GetFileInformationByHandle (危险等级: ,  被下面模块所HOOK: )
GetFileAttributesExW (危险等级: ,  被下面模块所HOOK: )
GetFileAttributesW (危险等级: ,  被下面模块所HOOK: )
ReadProcessMemory (危险等级: ,  被下面模块所HOOK: )
WriteProcessMemory (危险等级: ,  被下面模块所HOOK: )
RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xF0CFADE0)
OpenProcess (危险等级: ,  被下面模块所HOOK: )
OpenThread (危险等级: ,  被下面模块所HOOK: )

==================================
隐藏进程
N/A

帮帮忙啊各位~~

在线等！~急急急~~~~

帮帮忙啊各位~~
2e9e

日志没发现什么问题 说清你的问题

一开始是中了木马，杀完之后好象正常了，可是过后开机就提示“0x7c81ee”引用0x00000000的内存不能为“written”然后什么都显示不出来。一键恢复了之后问题解决。用段时间有这样了。

不是系统问题 可能是硬件问题

那是什么硬件问题呢？如果不是系统的问题，为什么恢复后可以正常使用，但是用了QQ之类的软件之后（QQ自动弹出的广告）就会出现异常？谢谢！！