大家看看我的日志有没有什么可疑的

显示全部楼层 · 发表于 2007-7-12 12:46:11

今天刚刚下载了新版本的sreng，发现启动项里多出了N多东东。是在搞不懂。
特此发上来，大家研究研究。

2007-07-12,12:34:04
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\windows\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE> [Eset ]
<FY_FireWall><C:\Program Files\FengYun\FYFireWall.exe> [www.218.cc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\windows\system32\klogon.dll> [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\System Safety Monitor]
<WinlogonNotify: System Safety Monitor><SSMWinlogonEx.dll> [(Verified)System Safety Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\windows\system32\Rundll32.exe C:\windows\system32\mscories.dll,Install> [Microsoft Corporation]
==================================
启动文件夹
N/A
==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Stopped/Disabled]
<F:\Program Files\anit-virus\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.>
[Machine Debug Manager / MDM][Stopped/Manual Start]
<"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"><Microsoft Corporation>
[NOD32 Kernel Service / NOD32krn][Running/Auto Start]
<"C:\Program Files\Eset\nod32krn.exe"><Eset>
[NVIDIA Display Driver Service / NVSvc][Stopped/Manual Start]
<C:\windows\system32\nvsvc32.exe><NVIDIA Corporation>
[Shadow System Service / ShadowSystemService][Stopped/Manual Start]
<C:\windows\system32\shadow\ShadowService.exe><N/A>
[WinTab Service / WinTabService][Stopped/Manual Start]
<"C:\windows\System32\Drivers\WTSRV.EXE"><Tablet Driver>
==================================
驱动程序
[AMON / AMON][Running/Auto Start]
<\SystemRoot\system32\drivers\amon.sys><Eset>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
<\??\F:\Program Files\anit-virus\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
<system32\drivers\cmuda.sys><C-Media Inc>
[dtscsi / dtscsi][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Running/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[Filseclab Dynamic Defense System Driver / filar][Running/System Start]
<\??\C:\PROGRA~1\COMMON~1\FILSEC~1\filar.sys><Filseclab Corporation>
[Filseclab Process Protection Driver / filpp][Stopped/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\FILSEC~1\filpp.sys><Filseclab Corporation>
[FYTdifltDrv / FYTdifltDrv][Running/System Start]
<\??\C:\Program Files\FengYun\FYTdiDrv.sys><N/A>
[GDTdiInterceptor / GDTdiInterceptor][Running/Auto Start]
<\??\C:\windows\system32\drivers\GDTdiIcpt.sys><>
[Filseclab Twister Kernel Module / IMMDRV][Stopped/Manual Start]
<\??\F:\PROGRA~1\ANIT-V~1\FILSEC~1\Twister\immdrv.sys><Filseclab Corp.>
[nod32drv / nod32drv][Running/System Start]
<\SystemRoot\system32\drivers\nod32drv.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[System Safety Monitor 2.0 Core Engine / safemon][Running/Boot Start]
<\SystemRoot\system32\drivers\safemon.sys><System Safety Limited>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[Serial Tablet Port Driver / Tablet2k][Stopped/Manual Start]
<"C:\windows\System32\Drivers\Tablet2k.sys"><Windows (R) 2000 DDK provider>
[Tablet Class Driver / TClass2k][Running/Manual Start]
<system32\DRIVERS\TClass2k.sys><Tablet Driver>
[HID Tablet Port Driver / UCTblHid][Running/Manual Start]
<system32\DRIVERS\UCTblHid.sys><Tablet Driver>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
==================================
浏览器加载项
[Thunder Browser Helper]
{00011267-E188-40DF-A514-835FCD78B1BF} <D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[IE7pro BHO]
{00011268-E188-40DF-A514-835FCD78B1BF} <C:\Program Files\IE7pro\IE7pro.dll, IE7pro.com>
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[IE7pro ToolsExt]
{0026439F-A980-4f18-8C95-4F1CBBF9C1D8} <C:\Program Files\IE7pro\IE7pro.dll, IE7pro.com>
[Office Genuine Advantage Validation Tool]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\windows\system32\OGACheckControl.DLL, >
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\windows\system32\wuweb.dll, Microsoft Corporation>
[Office Update Installation Engine]
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} <C:\windows\opuc.dll, Microsoft Corporation>
[Thunder Browser Helper]
{00011267-E188-40DF-A514-835FCD78B1BF} <D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[IE7pro BHO]
{00011268-E188-40DF-A514-835FCD78B1BF} <C:\Program Files\IE7pro\IE7pro.dll, IE7pro.com>
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
{06849E9D-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, N/A>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\windows\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\windows\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用迅雷下载]
<D:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
<D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[设为 Messenger Live 头像]
<C:\Program Files\MSNShell\Bin\SetMSNDP.htm, N/A>
==================================
正在运行的进程
[PID: 656][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 812][\??\C:\windows\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 912][\??\C:\windows\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows\system32\klogon.dll] [Kaspersky Lab, 7.0.0.120]
[C:\windows\system32\SSMWinlogonEx.dll] [System Safety Limited, 2.4.0.618]
[PID: 1020][C:\windows\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1032][C:\windows\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1240][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1364][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1396][C:\windows\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 1736][C:\Program Files\Eset\nod32krn.exe] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\nod32krr.dll] [Eset , 2, 70, 32 ]
[C:\Program Files\Eset\ps_amon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_amon.dll] [Eset , 2, 70, 16 ]
[C:\Program Files\Eset\ps_dmon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_dmon.dll] [N/A, ]
[C:\Program Files\Eset\ps_emon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_emon.dll] [N/A, ]
[C:\windows\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\Program Files\Eset\ps_nod32.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_nod32.dll] [Eset , 2, 70, 16 ]
[C:\Program Files\Eset\ps_upd.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_upd.dll] [N/A, ]
[PID: 632][C:\windows\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\FengYun\fymon.dll] [www.218.cc, 1.2.3.75]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Unlocker\UnlockerCOM.dll] [N/A, ]
[F:\Program Files\anit-virus\Filseclab\Twister\Twshlext.dll] [Filseclab Corp., 2, 0, 1, 988]
[C:\Program Files\Eset\nodshex.dll] [N/A, ]
[F:\Program Files\anit-virus\Dr.Web\drwsxtn.dll] [Doctor Web, Ltd., 4.33.0.200507180]
[C:\WINDOWS\system32\contmenu.dll] [N/A, ]
[F:\Program Files\anit-virus\AVK2006\ShellExt.dll] [, 10, 0, 0, 0]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.0.0.0]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 8.0.0.0]
[PID: 1420][C:\Program Files\Eset\nod32kui.exe] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\nod32rui.dll] [N/A, ]
[C:\Program Files\Eset\pu_amon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_amon.dll] [Eset , 2, 70, 16 ]
[C:\Program Files\Eset\pu_dmon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_dmon.dll] [N/A, ]
[C:\Program Files\Eset\pu_emon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_emon.dll] [N/A, ]
[C:\Program Files\Eset\pu_imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\Program Files\Eset\pu_nod32.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_nod32.dll] [Eset , 2, 70, 16 ]
[C:\Program Files\Eset\pu_upd.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_upd.dll] [N/A, ]
[C:\Program Files\FengYun\fymon.dll] [www.218.cc, 1.2.3.75]
[PID: 1672][C:\Program Files\FengYun\FYFireWall.exe] [www.218.cc, 1.2.5.1912]
[C:\Program Files\FengYun\arpinfo.dll] [N/A, ]
[C:\Program Files\FengYun\fymon.dll] [www.218.cc, 1.2.3.75]
[PID: 1696][C:\windows\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\FengYun\fymon.dll] [www.218.cc, 1.2.3.75]
[PID: 1860][D:\jcb_xyzq\TDXW.EXE] [, ]
[D:\jcb_xyzq\TCalc.dll] [, 1, 0, 0, 1]
[D:\jcb_xyzq\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[D:\jcb_xyzq\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[D:\jcb_xyzq\Viewthem.dll] [, 1, 0, 0, 1]
[D:\jcb_xyzq\invest.dll] [, 1.15]
[D:\jcb_xyzq\Dbf.dll] [N/A, ]
[D:\jcb_xyzq\Secure.dll] [通达信, 1.00.00]
[D:\jcb_xyzq\TTools.dll] [, 1.00]
[D:\jcb_xyzq\TList.dll] [, 1, 0, 0, 1]
[C:\Program Files\FengYun\fymon.dll] [www.218.cc, 1.2.3.75]
[D:\jcb_xyzq\calcer.dll] [, 1, 0, 0, 1]
[D:\jcb_xyzq\Advhq.dll] [, 1, 0, 0, 1]
[C:\windows\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 1108][D:\jcb_xyzq\WinWT.exe] [通达信电子科技有限公司, 4.32]
[D:\jcb_xyzq\Secure.dll] [通达信, 1.00.00]
[D:\jcb_xyzq\Dbf.dll] [N/A, ]
[D:\jcb_xyzq\WtCommon.dll] [N/A, ]
[D:\jcb_xyzq\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\Program Files\FengYun\fymon.dll] [www.218.cc, 1.2.3.75]
[C:\windows\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 1812][D:\jcb_xyzq\WinWT.exe] [通达信电子科技有限公司, 4.32]
[D:\jcb_xyzq\Secure.dll] [通达信, 1.00.00]
[D:\jcb_xyzq\Dbf.dll] [N/A, ]
[D:\jcb_xyzq\WtCommon.dll] [N/A, ]
[D:\jcb_xyzq\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\Program Files\FengYun\fymon.dll] [www.218.cc, 1.2.3.75]
[C:\windows\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 1660][D:\jcb_xyzq\WinWT.exe] [通达信电子科技有限公司, 4.32]
[D:\jcb_xyzq\Secure.dll] [通达信, 1.00.00]
[D:\jcb_xyzq\Dbf.dll] [N/A, ]
[D:\jcb_xyzq\WtCommon.dll] [N/A, ]
[D:\jcb_xyzq\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\Program Files\FengYun\fymon.dll] [www.218.cc, 1.2.3.75]
[C:\windows\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 684][D:\Program Files\Tencent\QQ\QQ.exe] [TENCENT, 7,0,313,1681]
[D:\Program Files\Tencent\CQQ50B3\CoralAssist.dll] [Coral Team, 5.0.0 build 20060829]
[D:\Program Files\Tencent\CQQ50B3\CoralQQ.dll] [Coral Team, 5.0 Build 20070309]
[D:\Program Files\Tencent\CQQ50B3\KQL.dll] [Coral Team, 5.0.0 build 20070301]
[D:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[D:\Program Files\Tencent\CQQ50B3\IPSearcher.dll] [, 1.0.0.4]
[D:\Program Files\Tencent\QQ\QQBaseClassInDll.dll] [TENCENT, 7,0,313,1681]
[D:\Program Files\Tencent\QQ\QQHelperDll.dll] [TENCENT, 7,0,313,1681]
[D:\Program Files\Tencent\QQ\BasicCtrlDll.dll] [TENCENT, 7, 0, 225, 1651]
[D:\Program Files\Tencent\CQQ50B3\ConfigHotkey.cqx] [Coral Team, 1.0]
[C:\Program Files\FengYun\fymon.dll] [www.218.cc, 1.2.3.75]
[D:\Program Files\Tencent\QQ\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1]
[D:\Program Files\Tencent\QQ\RICHED20.dll] [Microsoft Corporation, 5.31.23.1218]
[D:\Program Files\Tencent\QQ\QQAPI.dll] [TENCENT, 7,0,313,1681]
[D:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[D:\Program Files\Tencent\QQ\LoginCtrl.dll] [TENCENT, 7,0,313,1681]
[D:\Program Files\Tencent\QQ\LoginCtrlRes.dll] [TENCENT, 7,0,313,1681]
[D:\Program Files\Tencent\QQ\QQRes.dll] [TENCENT, 7,0,313,1681]
[D:\Program Files\Tencent\QQ\MailSummary.dll] [TENCENT, 7,0,313,1681]
[D:\Program Files\Tencent\QQ\QQMainFrame.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\CQQApplication.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[D:\Program Files\Tencent\QQ\NewSkin.dll] [TENCENT, 7,0,313,1681]
[D:\Program Files\Tencent\QQ\HostingMgr.dll] [TENCENT, 7,0,313,1681]
[D:\Program Files\Tencent\QQ\CameraDll.dll] [TENCENT, 7,0,313,1681]
[D:\Program Files\Tencent\CQQ50B3\CoralHotkey.cqx] [Coral Team, 1.0]
[D:\Program Files\Tencent\QQ\QQKnowledgeSearch.dll] [TENCENT, 7,0,313,1681]
[C:\windows\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\QQAllInOne.dll] [TENCENT, 7,0,313,1681]
[D:\Program Files\Tencent\QQ\SCCore.dll] [TENCENT, 1, 6, 0, 2]
[D:\Program Files\Tencent\QQ\QQSpace.dll] [TENCENT, 7,0,313,1681]
[D:\Program Files\Tencent\QQ\vbscript.dll] [Microsoft Corporation, 5.6.0.7426]
[C:\windows\system32\msdmo.dll] [, ]
[D:\Program Files\Tencent\QQ\QQGroupMng.dll] [TENCENT, 7,0,313,1681]
[D:\Program Files\Tencent\QQ\UserDefinedHead.dll] [TENCENT, 7,0,313,1681]
[D:\Program Files\Tencent\QQ\QQPlugin.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\QQConfigPlugin.dll] [TENCENT, 7,0,313,1681]
[D:\Program Files\Tencent\QQ\QQAvatar.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\QQCustomFace.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\QQPet.dll] [TENCENT, 7,0,313,1681]
[D:\Program Files\Tencent\QQ\LongConnection.dll] [TENCENT, 7,0,313,1681]
[D:\Program Files\Tencent\QQ\QRingMng.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\PhoneAPI.dll] [TENCENT, 7,0,313,1681]
[D:\Program Files\Tencent\QQ\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[D:\Program Files\Tencent\QQ\QQSysMsgMng.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\BQQApplication.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\CommercesMng.dll] [TENCENT, 7,0,313,1681]
[D:\Program Files\Tencent\QQ\PersonalDesktop.dll] [TENCENT, 7,0,313,1681]
[D:\Program Files\Tencent\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 310]
[D:\Program Files\Tencent\QQ\QQSceneMng.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\ImageOle.dll] [TENCENT, 7,0,313,1681]
[D:\Program Files\Tencent\QQ\QQLiveQMng.dll] [TENCENT, 7,0,313,1681]
[D:\Program Files\Tencent\QQ\QQMagicFace.dll] [TENCENT, 7,0,313,1681]
[D:\Program Files\Tencent\QQ\GroupConnection.dll] [TENCENT, 7,0,313,1681]
[D:\Program Files\Tencent\QQ\AddrSearch.dll] [腾讯科技（深圳）有限公司, 2, 1, 9, 93]
[C:\windows\system32\SOGOUPY.IME] [Sohu.com Inc., 3, 0, 0, 0]
[C:\windows\system32\dllMergeDict.dll] [Sogou.com Inc., 3, 0, 0, 0]
[C:\Program Files\SogouInput\Plugin\SgImeWord.dll] [, 1, 0, 0, 31]
[PID: 832][D:\Program Files\Tencent\QQ\TIMPlatform.exe] [TENCENT, 7,0,225,1651]
[C:\Program Files\FengYun\fymon.dll] [www.218.cc, 1.2.3.75]
[D:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[PID: 936][F:\Program Files\anit-virus\sreng\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\Program Files\FengYun\fymon.dll] [www.218.cc, 1.2.3.75]
[F:\Program Files\anit-virus\sreng\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\windows\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[F:\Program Files\anit-virus\sreng\Plugins\FILEDSV.SRE] [Smallfrogs Studio, 1, 1, 0, 20]
[F:\Program Files\anit-virus\sreng\Plugins\NWMON.SRE] [Smallfrogs Studio, 1, 0, 0, 8]
[F:\Program Files\anit-virus\sreng\Plugins\NTFSTREAM.SRE] [Smallfrogs Studio, 1, 0, 0, 5]
[F:\Program Files\anit-virus\sreng\Plugins\SRECXTMG.SRE] [Smallfrogs Studio, 1, 5, 0, 55]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\windows\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
NOD32 protected [AVSDA over [MSAFD Tcpip [TCP/IP]]]
C:\windows\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [AVSDA over [MSAFD Tcpip [UDP/IP]]]
C:\windows\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [RAW/IP]]
C:\windows\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP UDP Service Provider]
C:\windows\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP TCP Service Provider]
C:\windows\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32
C:\windows\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
218.30.108.145 igame.sina.com.cn
218.30.108.145 xyd.igame.sina.com.cn
218.30.108.145 bxqt.igame.sina.com.cn
218.30.108.145 xjz.igame.sina.com.cn
218.30.108.145 hdw.igame.sina.com.cn
218.30.108.145 tj2.igame.sina.com.cn
218.30.108.145 dmx.igame.sina.com.cn
218.30.108.145 xmcs.igame.sina.com.cn
218.30.108.145 xjjy.igame.sina.com.cn
==================================
进程特权扫描
特殊特权被允许： SeSystemtimePrivilege [PID = 632, C:\WINDOWS\EXPLORER.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 632, C:\WINDOWS\EXPLORER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 632, C:\WINDOWS\EXPLORER.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 1420, C:\PROGRAM FILES\ESET\NOD32KUI.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1420, C:\PROGRAM FILES\ESET\NOD32KUI.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1420, C:\PROGRAM FILES\ESET\NOD32KUI.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 1672, C:\PROGRAM FILES\FENGYUN\FYFIREWALL.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1672, C:\PROGRAM FILES\FENGYUN\FYFIREWALL.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1672, C:\PROGRAM FILES\FENGYUN\FYFIREWALL.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 1860, D:\JCB_XYZQ\TDXW.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1860, D:\JCB_XYZQ\TDXW.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1860, D:\JCB_XYZQ\TDXW.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 1108, D:\JCB_XYZQ\WINWT.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1108, D:\JCB_XYZQ\WINWT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1108, D:\JCB_XYZQ\WINWT.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 1812, D:\JCB_XYZQ\WINWT.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1812, D:\JCB_XYZQ\WINWT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1812, D:\JCB_XYZQ\WINWT.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 1660, D:\JCB_XYZQ\WINWT.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1660, D:\JCB_XYZQ\WINWT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1660, D:\JCB_XYZQ\WINWT.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 832, D:\PROGRAM FILES\TENCENT\QQ\TIMPLATFORM.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 832, D:\PROGRAM FILES\TENCENT\QQ\TIMPLATFORM.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 832, D:\PROGRAM FILES\TENCENT\QQ\TIMPLATFORM.EXE]
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================

复制代码

PS:TDXW.EXE是证券的行情，winwt是交易的

附上可疑文件

[ 本帖最后由拍黄瓜于 2007-7-12 12:50 编辑 ]

显示全部楼层 · 发表于 2007-7-12 13:13:14

一切正常！

显示全部楼层 · 发表于 2007-7-12 15:26:01

黄瓜的电脑是保密局用的吗，防护软件这么多。。。。。。

显示全部楼层 · 发表于 2007-7-12 15:54:15

不是保密局`

显示全部楼层 · 发表于 2007-7-12 16:19:31

建议格盘重装

显示全部楼层 · 发表于 2007-7-12 17:00:06

为什么啊

显示全部楼层 · 发表于 2007-7-13 03:45:16

没有任何问题

显示全部楼层 · 发表于 2007-7-13 07:42:43

日志没有问题。

[已解决] 大家看看我的日志有没有什么可疑的

本帖子中包含更多资源