帮忙看看俺的日志呗看看有木马没有？

显示全部楼层 · 发表于 2007-8-29 13:56:13

帮忙看看俺的日志呗看看有木马没有？

2007-08-28,17:32:42
System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)NVIDIA Corporation]
<360Safetray><C:\Program Files\360safe\safemon\360Tray.exe /start> [奇虎网]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><zxhpri.dll> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{4FFAB213-ABCF-F421-FBA1-3FA352343214}><C:\WINDOWS\system32\wsdpri.dll> [N/A]
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
<{8A65498A-7653-9801-1647-987114AB7F48}><C:\WINDOWS\system32\zxhpri.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Corporation]
==================================
启动文件夹
N/A
==================================
服务
[Autodesk Licensing Service / Autodesk Licensing Service][Running/Auto Start]
<"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## / Bonjour Service][Running/Auto Start]
<"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Computer, Inc.>
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
<C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.>
[Help and Support / helpsvc][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[mental ray 3.5 Satellite (32-bit) / mi-raysat_3dsmax9_32][Stopped/Auto Start]
<"D:\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe"><N/A>
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Disabled]
<C:\WINDOWS\system32\mnmsrvc.exe><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[TSECleanUpAssist / TSECleanUpAssist][Stopped/Auto Start]
<C:\WINDOWS\system32\856.com><N/A>
==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[BaseTDI / BaseTDI][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[CdaC15BA / CdaC15BA][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[C-Media High Definition Audio Interface / cmudax][Running/Manual Start]
<system32\drivers\cmudax.sys><C-Media Inc.>
[Creative SBLive! Gameport / ctljystk][Stopped/Manual Start]
<system32\DRIVERS\ctljystk.sys><Creative Technology Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[Microsoft 用于 High Definition Audio 服务的 UAA 功能驱动程序 / HdAudAddService][Stopped/Manual Start]
<system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><Beijing Rising Technology Co., Ltd.>
[ATK0110 ACPI UTILITY / MTsensor][Running/Manual Start]
<system32\DRIVERS\ASACPI.sys><>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Stopped/Auto Start]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start]
<system32\DRIVERS\yk51x86.sys><Marvell>
==================================
浏览器加载项
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
{2F364305-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[FGCatchUrl]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch_1.dll, www.flashget.com>
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, >
[gFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Create Mobile Favorite]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <D:\MICROS~1\INetRepl.dll, Microsoft Corporation>
[Create Mobile Favorite]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <D:\MICROS~1\INetRepl.dll, Microsoft Corporation>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[快车]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\Program Files\FlashGet\FlashGet.exe, FlashGet.com>
[快车(FlashGet)]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\Program Files\FlashGet\fgiebar.dll, Amaze Soft>
[BitComet工具栏]
{3F1ABCDB-A875-46c1-8345-B72A4567E486} <C:\Program Files\BitComet\BitCometBar\BitCometBar0.6.dll, N/A>
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
{2F364305-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[FGCatchUrl]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch_1.dll, www.flashget.com>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360safe.com>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Vod Class]
{EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer_Now.dll, XunLei>
[gFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[FGCatchUrl]
{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <C:\Program Files\FlashGet\jccatch_1.dll, www.flashget.com>
[&使用快车(FlashGet)下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
==================================
正在运行的进程
[PID: 572][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 636][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\zxhpri.dll] [N/A, N/A]
[PID: 708][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\zxhpri.dll] [N/A, N/A]
[PID: 720][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\zxhpri.dll] [N/A, N/A]
[PID: 896][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\zxhpri.dll] [N/A, N/A]
[PID: 968][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\zxhpri.dll] [N/A, N/A]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[PID: 1084][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\zxhpri.dll] [N/A, N/A]
[PID: 1168][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\zxhpri.dll] [N/A, N/A]
[PID: 1288][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\zxhpri.dll] [N/A, N/A]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[PID: 1644][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\zxhpri.dll] [N/A, N/A]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[PID: 1720][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
[C:\PROGRAM FILES\RISING\RAV\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\WINDOWS\system32\zxhpri.dll] [N/A, N/A]
[PID: 1956][C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe] [Autodesk, 2.70.000]
[PID: 1992][C:\Program Files\Bonjour\mDNSResponder.exe] [Apple Computer, Inc., 1,0,3,1]
[C:\WINDOWS\system32\zxhpri.dll] [N/A, N/A]
[PID: 2016][C:\WINDOWS\system32\drivers\CDAC11BA.EXE] [Macrovision, 4.20.020]
[PID: 268][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[C:\WINDOWS\system32\zxhpri.dll] [N/A, N/A]
[PID: 416][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\zxhpri.dll] [N/A, N/A]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\WINDOWS\system32\wsdpri.dll] [N/A, N/A]
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 17.0.54.110]
[C:\Program Files\360safe\safemon\safemon.dll] [, 3, 5, 0, 1001]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.9147]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.9147]
[C:\WINDOWS\system32\nvapi.dll] [N/A, N/A]
[C:\WINDOWS\system32\nvshell.dll] [N/A, N/A]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\Program Files\Unlocker\UnlockerCOM.dll] [N/A, N/A]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.1.8]
[C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 4]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
[PID: 352][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.9147]
[C:\WINDOWS\system32\nvapi.dll] [N/A, N/A]
[C:\WINDOWS\system32\zxhpri.dll] [N/A, N/A]
[PID: 1524][C:\Program Files\360safe\safemon\360Tray.exe] [奇虎网, 3, 5, 2, 1001]
[C:\Program Files\360safe\safemon\safemon.dll] [, 3, 5, 0, 1001]
[C:\Program Files\360safe\safemon\SafeKrnl.dll] [奇虎网, 3, 5, 0, 1001]
[C:\Program Files\360safe\AntiAdwa.dll] [360Safe.com, 3, 5, 1, 1001]
[C:\WINDOWS\system32\zxhpri.dll] [N/A, N/A]
[C:\WINDOWS\system32\wsdpri.dll] [N/A, N/A]
[PID: 152][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 164][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wsdpri.dll] [N/A, N/A]
[C:\WINDOWS\system32\zxhpri.dll] [N/A, N/A]
[PID: 2472][C:\Program Files\Maxthon2\Maxthon.exe] [Maxthon International ltd., 2, 0, 3, 4020]
[C:\Program Files\Maxthon2\MxExt.dll] [N/A, N/A]
[C:\Program Files\Maxthon2\mxpp.dll] [Maxthon, 1, 0, 0, 61]
[C:\Program Files\Maxthon2\MxSk.dll] [Maxthon, 1, 0, 0, 119]
[C:\Program Files\Maxthon2\MxProxy2.dll] [, 1, 0, 0, 3528]
[C:\Program Files\Maxthon2\IMxWebBoost.dll] [Maxthon, 1, 0, 0, 67]
[C:\Program Files\Maxthon2\mxdb.dll] [N/A, N/A]
[C:\Program Files\Maxthon2\mxsafe.dll] [Maxthon, 1, 0, 0, 475]
[C:\WINDOWS\system32\zxhpri.dll] [N/A, N/A]
[C:\Program Files\360safe\safemon\safemon.dll] [, 3, 5, 0, 1001]
[C:\Program Files\Maxthon2\MxFav.dll] [Maxthon, 1, 0, 0, 220]
[C:\Program Files\Maxthon2\maxzlib.dll] [N/A, 1.2.3]
[C:\Program Files\Maxthon2\mxtool.dll] [, 1, 0, 0, 1]
[C:\Program Files\Maxthon2\mxfeedU.dll] [, 1, 0, 45, 82]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\WINDOWS\system32\wsdpri.dll] [N/A, N/A]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\FREEIME.IME] [Delphi Fan Studio, 4.00.950]
[C:\WINDOWS\system32\FOURI_M3.IME] [北京紫光华宇软件股份有限公司, 4.0.0.5027]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., N/A]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
[C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 3, 20]
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
[PID: 2888][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\zxhpri.dll] [N/A, N/A]
[PID: 2632][C:\Documents and Settings\Administrator\桌面\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\Program Files\360safe\safemon\safemon.dll] [, 3, 5, 0, 1001]
[C:\WINDOWS\system32\zxhpri.dll] [N/A, N/A]
[C:\WINDOWS\system32\wsdpri.dll] [N/A, N/A]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
API HOOK
N/A
==================================

复制代码

显示全部楼层 · 发表于 2007-8-29 14:43:35

把zxhpri.dl和wsdpri.dll打包发上来看看。应该是Trojan-Spy.Win32.Delf的变种。
856.com是Problem.856

显示全部楼层 · 发表于 2007-8-29 15:03:12

是病毒吧？

显示全部楼层 · 发表于 2007-8-29 15:05:39

闪人。，。。。。。。。。。。

显示全部楼层 · 发表于 2007-8-29 18:46:36

楼主你 07.1.04日注册的现在才混4点经验啊

显示全部楼层 · 发表于 2007-8-29 18:51:54

[quote]原帖由 shidi 于 2007-8-29 18:46 发表

楼主你 07.1.04日注册的现在才混4点经验啊]

楼上的不厚道啊！净揭人短。

楼主的电脑该清理一下了，这么多的插件，启动时得把机器拖死！！平时用的不嫌慢吗?

显示全部楼层 · 发表于 2007-8-29 20:13:45

单位电脑，我都不敢上QQ。。。。。。。使用时候莫名其妙的问题很多，开机总弹出2楼说的那2个文件还有别的什么玩意要修改注册表，要彻底清理怎么弄啊，重做系统啊

显示全部楼层 · 发表于 2007-8-29 21:07:09

还有这个，间谍，好像不是瑞星的。<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]

[已解决] 帮忙看看俺的日志呗看看有木马没有？

浏览过的版块