刚才我犯贱，救命

显示全部楼层 · 发表于 2007-12-6 23:58:07

刚才下载了个灰鸽子
为了测试，把EQ和小红伞的监控全部关闭了

中了后我手动清除
但不知道系统干净没有，我用网银的
麻烦大家帮我看看

2007-12-06,23:30:25
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<ATI><C:\Program Files\ATITool\ha_ATITool.exe> [http://atitool.techpowerup.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<avgnt><"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min /nosplash> [Avira GmbH]
<EQSysSecure><C:\Program Files\EQSysSecure\EQSysSecure.exe /background> [EQSecure]
<FY_FireWall><C:\Program Files\FengYun\FYFireWall.exe> [www.218.cc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
==================================
启动文件夹
N/A
==================================
服务
[AntiVir PersonalEdition Premium MailGuard / AntiVirMailService][Stopped/Disabled]
<"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe"><Avira GmbH>
[AntiVir PersonalEdition Premium Scheduler / AntiVirScheduler][Running/Auto Start]
<"C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe"><Avira GmbH>
[AntiVir PersonalEdition Premium Guard / AntiVirService][Running/Auto Start]
<"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe"><Avira GmbH>
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Disabled]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Disabled]
<C:\WINDOWS\system32\ati2sgag.exe><>
[AntiVir PersonalEdition Premium MailGuard helper service / AVEService][Stopped/Disabled]
<"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe"><Avira GmbH>
[EQService / EQService][Running/Auto Start]
<C:\Program Files\EQSysSecure\EQService.exe><EQSecure>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
==================================
驱动程序
[aeaudio / aeaudio][Running/Manual Start]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter / AN983][Running/Manual Start]
<system32\DRIVERS\AN983.sys><ADMtek Incorporated.>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[ATITool Overclocking Utility / ATITool][Running/System Start]
<system32\DRIVERS\ATITool.sys><>
[avgio / avgio][Running/System Start]
<\??\C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgio.sys><Avira GmbH>
[avgntflt / avgntflt][Running/Manual Start]
<\??\C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgntflt.sys><Avira GmbH>
[avipbb / avipbb][Running/System Start]
<system32\DRIVERS\avipbb.sys><AVIRA GmbH>
[EQSysSecure / EQSysSecure][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\EQSysSecure.sys><EQSecure>
[FYTdifltDrv / FYTdifltDrv][Running/System Start]
<\??\C:\Program Files\FengYun\FYTdiDrv.sys><N/A>
[MidiSyn / MidiSyn][Stopped/Manual Start]
<system32\drivers\MidiSyn.sys><Analog Devices Inc>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\drivers\npf.sys><Politecnico di Torino>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm][Running/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[ssmdrv / ssmdrv][Running/System Start]
<system32\DRIVERS\ssmdrv.sys><Avira GmbH>
[viaraid / viaraid][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaraid.sys><VIA Technologies inc,.ltd>
==================================
浏览器加载项
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\Thunder-AyuConfig\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[WangWangObj Class]
{6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <C:\Program Files\Alisoft\WangWang\WangWangX4.dll, 阿里巴巴软件(上海)有限公司>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[使用迅雷下载]
<D:\Thunder-AyuConfig\Program\geturl.htm, N/A>
==================================
正在运行的进程
[PID: 456][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 516][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 544][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4121]
[PID: 588][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 600][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 736][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 824][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 912][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 948][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1056][C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe] [Avira GmbH, 7.00.00.82]
[C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgio.dll] [Avira GmbH, 7.00.00.01]
[C:\Program Files\Avira\AntiVir PersonalEdition Premium\avevtlog.dll] [Avira GmbH, 7.00.00.20]
[C:\Program Files\Avira\AntiVir PersonalEdition Premium\guardmsg.dll] [Avira GmbH, 7.00.11.00]
[C:\Program Files\Avira\AntiVir PersonalEdition Premium\sqlite3.dll] [, 3, 3, 17, 1]
[C:\Program Files\Avira\AntiVir PersonalEdition Premium\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVPREF.DLL] [Avira GmbH, 7.00.02.02]
[C:\Program Files\Avira\AntiVir PersonalEdition Premium\SMTPLIB.DLL] [Avira GmbH, 1.02.00.17]
[C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVPACK32.DLL] [Avira GmbH, 7.03.00.15]
[C:\Program Files\Avira\AntiVir PersonalEdition Premium\unacev2.dll] [N/A, ]
[C:\Program Files\Avira\AntiVir PersonalEdition Premium\avipc.dll] [Avira GmbH, 1.00.00.04]
[C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVEWIN32.DLL] [Avira GmbH, 7.6.0.34]
[PID: 1224][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\FengYun\fymon.dll] [www.218.cc, 1.2.3.75]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Avira\AntiVir PersonalEdition Premium\shlext.dll] [Avira GmbH, 7.00.00.10]
[C:\Program Files\Avira\AntiVir PersonalEdition Premium\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Avira\AntiVir PersonalEdition Premium\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[PID: 1380][C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe] [Avira GmbH, 7.02.00.16]
[C:\Program Files\Avira\AntiVir PersonalEdition Premium\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Avira\AntiVir PersonalEdition Premium\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Avira\AntiVir PersonalEdition Premium\cclib.dll] [Avira GmbH, 7.02.00.03]
[C:\Program Files\Avira\AntiVir PersonalEdition Premium\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[c:\program files\avira\antivir personaledition premium\ccgen.dll] [Avira GmbH, 7.02.00.10]
[c:\program files\avira\antivir personaledition premium\ccgenrc.dll] [Avira GmbH, 7.02.04.02]
[c:\program files\avira\antivir personaledition premium\ccguard.dll] [Avira GmbH, 7.00.01.35]
[c:\program files\avira\antivir personaledition premium\ccgrdrc.dll] [Avira GmbH, 7.00.06.00]
[C:\Program Files\Avira\AntiVir PersonalEdition Premium\avipc.dll] [Avira GmbH, 1.00.00.04]
[c:\program files\avira\antivir personaledition premium\ccupdate.dll] [Avira GmbH, 7.02.00.04]
[c:\program files\avira\antivir personaledition premium\ccupdrc.dll] [Avira GmbH, 7.02.01.00]
[c:\program files\avira\antivir personaledition premium\cclic.dll] [Avira GmbH, 7.02.00.04]
[c:\program files\avira\antivir personaledition premium\cclicrc.dll] [Avira GmbH, 7.02.01.00]
[c:\program files\avira\antivir personaledition premium\ccmsg.dll] [Avira GmbH, 7.00.00.00]
[C:\Program Files\FengYun\fymon.dll] [www.218.cc, 1.2.3.75]
[PID: 1396][C:\Program Files\FengYun\FYFireWall.exe] [www.218.cc, 1.2.6.0]
[C:\Program Files\FengYun\arpinfo.dll] [N/A, ]
[C:\Program Files\FengYun\fymon.dll] [www.218.cc, 1.2.3.75]
[PID: 1404][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\FengYun\fymon.dll] [www.218.cc, 1.2.3.75]
[PID: 1412][C:\Program Files\ATITool\ha_ATITool.exe] [http://atitool.techpowerup.com, 0, 26, 0, 0]
[C:\Program Files\ATITool\ATITOOLHOOKS.dll] [N/A, ]
[C:\Program Files\FengYun\fymon.dll] [www.218.cc, 1.2.3.75]
[PID: 1592][C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe] [Avira GmbH, 7.00.00.62]
[C:\Program Files\Avira\AntiVir PersonalEdition Premium\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Avira\AntiVir PersonalEdition Premium\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Avira\AntiVir PersonalEdition Premium\schedr.dll] [Avira GmbH, 7.00.24.00]
[C:\Program Files\Avira\AntiVir PersonalEdition Premium\avevtlog.dll] [Avira GmbH, 7.00.00.20]
[C:\Program Files\Avira\AntiVir PersonalEdition Premium\sqlite3.dll] [, 3, 3, 17, 1]
[C:\Program Files\Avira\AntiVir PersonalEdition Premium\avipc.dll] [Avira GmbH, 1.00.00.04]
[PID: 1704][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] [Analog Devices, Inc., 3, 2, 6, 0]
[PID: 1728][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1892][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 160][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2016][D:\TENCENT\QQ2007DIY1201\QQ.exe] [TENCENT, 7,1,576,1763]
[D:\TENCENT\QQ2007DIY1201\QQBaseClassInDll.dll] [TENCENT, 7,1,576,1763]
[D:\TENCENT\QQ2007DIY1201\QQHelperDll.dll] [TENCENT, 7,1,576,1763]
[D:\TENCENT\QQ2007DIY1201\BasicCtrlDll.dll] [TENCENT, 7,1,576,1763]
[D:\TENCENT\QQ2007DIY1201\MSIMG32.dll] [N/A, ]
[C:\Program Files\FengYun\fymon.dll] [www.218.cc, 1.2.3.75]
[D:\TENCENT\QQ2007DIY1201\FinePlus.dll] [N/A, ]
[D:\TENCENT\QQ2007DIY1201\fphelper.dll] [N/A, ]
[D:\TENCENT\QQ2007DIY1201\QQAPI.dll] [TENCENT, 7,1,576,1763]
[D:\TENCENT\QQ2007DIY1201\LoginCtrl.dll] [TENCENT, 7,1,576,1763]
[D:\TENCENT\QQ2007DIY1201\LoginCtrlRes.dll] [TENCENT, 7,1,575,1761]
[D:\TENCENT\QQ2007DIY1201\QQRes.dll] [TENCENT, 7,1,576,1763]
[D:\TENCENT\QQ2007DIY1201\QQMainFrame.dll] [N/A, ]
[D:\TENCENT\QQ2007DIY1201\UnReadMsgMgr.dll] [N/A, ]
[D:\TENCENT\QQ2007DIY1201\CQQApplication.dll] [N/A, ]
[D:\TENCENT\QQ2007DIY1201\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[D:\TENCENT\QQ2007DIY1201\NewSkin.dll] [TENCENT, 7,1,576,1763]
[D:\TENCENT\QQ2007DIY1201\decode.dll] [N/A, ]
[D:\TENCENT\QQ2007DIY1201\aqing.dll] [Microsoft Corporation, 5.6.0.8825]
[D:\TENCENT\QQ2007DIY1201\MailSummary.dll] [TENCENT, 7,1,576,1763]
[D:\TENCENT\QQ2007DIY1201\QQSpace.dll] [TENCENT, 7,1,576,1763]
[D:\TENCENT\QQ2007DIY1201\vbscript.dll] [Microsoft Corporation, 5.6.0.8825]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[D:\TENCENT\QQ2007DIY1201\QQKnowledgeSearch.dll] [TENCENT, 7,1,576,1763]
[D:\TENCENT\QQ2007DIY1201\QQGroupMng.dll] [TENCENT, 7,1,576,1763]
[D:\TENCENT\QQ2007DIY1201\QQAllInOne.dll] [TENCENT, 7,1,576,1763]
[D:\TENCENT\QQ2007DIY1201\SCCore.dll] [TENCENT, 1, 6, 0, 2]
[D:\TENCENT\QQ2007DIY1201\CameraDll.dll] [TENCENT, 7,1,576,1763]
[D:\TENCENT\QQ2007DIY1201\QQPet.dll] [TENCENT, 7,1,576,1763]
[D:\TENCENT\QQ2007DIY1201\QQSysMsgMng.dll] [N/A, ]
[D:\TENCENT\QQ2007DIY1201\UserDefinedHead.dll] [TENCENT, 7,1,576,1763]
[D:\TENCENT\QQ2007DIY1201\QQPlugin.dll] [N/A, ]
[D:\TENCENT\QQ2007DIY1201\QQConfigPlugin.dll] [TENCENT, 7,1,576,1763]
[D:\TENCENT\QQ2007DIY1201\QQCustomFace.dll] [N/A, ]
[D:\TENCENT\QQ2007DIY1201\QQLiveQMng.dll] [TENCENT, 7,1,576,1763]
[D:\TENCENT\QQ2007DIY1201\QRingMng.dll] [N/A, ]
[D:\TENCENT\QQ2007DIY1201\QQAvatar.dll] [N/A, ]
[D:\TENCENT\QQ2007DIY1201\LongConnection.dll] [TENCENT, 7,1,576,1763]
[D:\TENCENT\QQ2007DIY1201\PhoneAPI.dll] [TENCENT, 7,1,576,1763]
[D:\TENCENT\QQ2007DIY1201\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[D:\TENCENT\QQ2007DIY1201\GroupConnection.dll] [TENCENT, 7,1,576,1763]
[D:\TENCENT\QQ2007DIY1201\BQQApplication.dll] [N/A, ]
[D:\TENCENT\QQ2007DIY1201\PersonalDesktop.dll] [TENCENT, 7,1,576,1763]
[D:\TENCENT\QQ2007DIY1201\CommercesMng.dll] [TENCENT, 7,1,576,1763]
[D:\TENCENT\QQ2007DIY1201\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 310]
[D:\TENCENT\QQ2007DIY1201\QQSceneMng.dll] [N/A, ]
[C:\WINDOWS\system32\UNISPIM6.IME] [北京紫光华宇软件股份有限公司, 6.0.0.6182]
[D:\TENCENT\QQ2007DIY1201\QQMagicFace.dll] [TENCENT, 7,1,576,1763]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[PID: 2752][D:\反病毒文件夹\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\Program Files\FengYun\fymon.dll] [www.218.cc, 1.2.3.75]
[D:\反病毒文件夹\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1056, C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION PREMIUM\AVGUARD.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 1380, C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION PREMIUM\AVGNT.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1380, C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION PREMIUM\AVGNT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1380, C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION PREMIUM\AVGNT.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 1396, C:\PROGRAM FILES\FENGYUN\FYFIREWALL.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1396, C:\PROGRAM FILES\FENGYUN\FYFIREWALL.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1396, C:\PROGRAM FILES\FENGYUN\FYFIREWALL.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 1412, C:\PROGRAM FILES\ATITOOL\HA_ATITOOL.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1412, C:\PROGRAM FILES\ATITOOL\HA_ATITOOL.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1412, C:\PROGRAM FILES\ATITOOL\HA_ATITOOL.EXE]
==================================
API HOOK
N/A
==================================
隐藏进程
[1389] C:\Program Files\EQSysSecure\EQSysSecure.exe
[1613] C:\Program Files\EQSysSecure\EQService.exe
==================================

复制代码

显示全部楼层 · 发表于 2007-12-7 00:00:08

很难说。。我建议你重装系统。。。

显示全部楼层 · 发表于 2007-12-7 00:01:25

这。。。。。。。。。。。

我再补充一个日志
麻烦大家了

显示全部楼层 · 发表于 2007-12-7 00:02:53

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 0:02:27, on 2007-12-7
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\FengYun\FYFireWall.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATITool\ha_ATITool.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\svchost.exe
D:\TENCENT\QQ2007DIY1201\QQ.exe
D:\Maxthon 1[1].6.1增强绿色版\Maxthon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
D:\反病毒文件夹\HiJackThis v2.0\HiJackThis v2.0.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min /nosplash
O4 - HKLM\..\Run: [EQSysSecure] C:\Program Files\EQSysSecure\EQSysSecure.exe /background
O4 - HKLM\..\Run: [FY_FireWall] C:\Program Files\FengYun\FYFireWall.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI] C:\Program Files\ATITool\ha_ATITool.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: 使用迅雷下载 - D:\Thunder-AyuConfig\Program\geturl.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{4464ECDE-2627-49AB-8294-14395B02CFC7}: NameServer = 202.103.24.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{4464ECDE-2627-49AB-8294-14395B02CFC7}: NameServer = 202.103.24.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{4464ECDE-2627-49AB-8294-14395B02CFC7}: NameServer = 202.103.24.68
O22 - SharedTaskScheduler: Browseui 预加载程序 - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: 组件类别缓存程序 - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: EQService - EQSecure - C:\Program Files\EQSysSecure\EQService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 3098 bytes

显示全部楼层 · 发表于 2007-12-7 00:10:39

楼主，你狠，这些东西，要测试的话，用虚拟机好了。

显示全部楼层 · 发表于 2007-12-7 00:13:07

小红伞，EQ，风云，东西还真不少咧
一个区区灰鸽子，让它折腾也折腾不起来吧

显示全部楼层 · 发表于 2007-12-7 00:17:22

原帖由 GBUser 于 2007-12-7 00:13 发表
小红伞，EQ，风云，东西还真不少咧
一个区区灰鸽子，让它折腾也折腾不起来吧

^_^，除了风云防护墙，红伞和EQ关闭监控后运行的

显示全部楼层 · 发表于 2007-12-7 00:18:03

不过看日志我觉得我应该清理干净了，还是要麻烦各位帮忙看看
是否有漏掉的

显示全部楼层 · 发表于 2007-12-7 00:44:39

看到头都晕~楼主的机子还是你熟点，有什么软件和程序你清楚点~不放心就用其他杀软（绿色）查查，楼主的装备也够强的。

显示全部楼层 · 发表于 2007-12-7 01:09:16

太强悍了……

[求助] 刚才我犯贱，救命