神马品牌网地质灾害培训方案:如中hxdef100r内核级后门怎么清除?
来源:百度文库 编辑:神马品牌网 时间:2024/04/28 07:37:13
内核木马hxdef100r
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s0 2005-12-19 11:40 4 Byte Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s1 2005-12-19 11:40 4 Byte Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s2 2005-12-19 11:40 4 Byte Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\g0 2005-12-19 11:40 32 Byte Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\h0 2005-12-19 11:40 4 Byte Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 2006-8-6 11:54 0 Byte Hidden from Windows API.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\TA5O770C\CAMRO1KN.HTM 2006-8-18 7:50 1.04 KB Hidden from Windows API.
C:\Documents and Settings\Administrator\Recent\RootkitRevealer.lnk 2006-8-18 7:50 535 Byte Hidden from Windows API.
C:\Documents and Settings\Administrator\Recent\ 2006-8-17 7:11 575 Byte Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Administrator\Recent\ 2006-8-17 7:11 372 Byte Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Administrator\Recent\ 2006-8-18 7:50 788 Byte Hidden from Windows API.
==========================
这个是扫描出来的信息 看来C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\TA5O770C\CAMRO1KN.HTM这个是最亏祸首 但是我不记得从哪个网站打开的了。。。
现在换了N个软件都清除不了。。。看样子只有重装系统。。
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s0 2005-12-19 11:40 4 Byte Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s1 2005-12-19 11:40 4 Byte Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s2 2005-12-19 11:40 4 Byte Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\g0 2005-12-19 11:40 32 Byte Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\h0 2005-12-19 11:40 4 Byte Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 2006-8-6 11:54 0 Byte Hidden from Windows API.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\TA5O770C\CAMRO1KN.HTM 2006-8-18 7:50 1.04 KB Hidden from Windows API.
C:\Documents and Settings\Administrator\Recent\RootkitRevealer.lnk 2006-8-18 7:50 535 Byte Hidden from Windows API.
C:\Documents and Settings\Administrator\Recent\ 2006-8-17 7:11 575 Byte Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Administrator\Recent\ 2006-8-17 7:11 372 Byte Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Administrator\Recent\ 2006-8-18 7:50 788 Byte Hidden from Windows API.
==========================
这个是扫描出来的信息 看来C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\TA5O770C\CAMRO1KN.HTM这个是最亏祸首 但是我不记得从哪个网站打开的了。。。
现在换了N个软件都清除不了。。。看样子只有重装系统。。