请帮忙看下这个日志有无问题....

显示全部楼层 · 发表于 2007-5-17 18:26:00

[CODE]

2007-05-17,18:17:09

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>  [N/A]
<run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Vistadrv><C:\Program Files\Vista\systool\Vistadrive\vsdrv.exe>  []
<avgnt><"D:\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min>  [Avira GmbH]
<Super Rabbit Memory><D:\Super Rabbit\MagicSet\memdef.exe /LOAD>  []
<SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
<LinkScanner Monitor><C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerMonitor.exe /auto>  [(Verified)"Exploit Prevention Labs, Inc."]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<tzc02,0,tzchange.exe /F Pacific SA Standard Time /S 10 6 2 23 59 59 999 /E 3 6 2 23 59 59 999 /G><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>  [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><D:\KASPER~1\adialhk.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><LogonUI.EXE>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [Microsoft Corporation]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><D:\AVGAntiSpyware\shellexecutehook.dll>  [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [Microsoft Corporation]
<CDBurn><%SystemRoot%\system32\SHELL32.dll>  [Microsoft Corporation]
<WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
<SysTray><C:\WINDOWS\system32\stobject.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SafenSec]
<WinlogonNotify: SafenSec><snsntfy.dll>  [(Verified)"Protection Technology, Ltd."]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\system32\MA2_6.scr>  []

==================================
启动文件夹
[Y'z Toolbar]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\Y'z Toolbar.lnk --> C:\WINDOWS\Packs\CRYSTA~1\YZTOOL~1\YZTOOL~1.EXE [Y'z@Home]><N>

==================================
服务
[AntiVir PersonalEdition Premium MailGuard / AntiVirMailService][Stopped/Disabled]
  <D:\Avira\AntiVir PersonalEdition Premium\avmailc.exe><Avira GmbH>
[AntiVir PersonalEdition Premium Scheduler / AntiVirScheduler][Running/Auto Start]
  <D:\Avira\AntiVir PersonalEdition Premium\sched.exe><Avira GmbH>
[AntiVir PersonalEdition Premium Guard / AntiVirService][Running/Auto Start]
  <D:\Avira\AntiVir PersonalEdition Premium\avguard.exe><Avira GmbH>
[AntiVir PersonalEdition Premium MailGuard helper service / AVEService][Stopped/Disabled]
  <D:\Avira\AntiVir PersonalEdition Premium\avesvc.exe><Avira GmbH>
[卡巴斯基互联网安全套装6.0个人版 / AVP][Stopped/Manual Start]
  <"D:\Kaspersky Lab\avp.exe" -r><Kaspersky Lab>
[CHX Log Management Service / ChxLogsv][Running/Auto Start]
  <C:\WINDOWS\system32\ChxLogSv.exe><Third Brigade>
[CHX Remote Management Service / ChxRmtsv][Running/Auto Start]
  <C:\WINDOWS\system32\ChxRmtsv.exe><Third Brigade>
[DCOM Server Process Launcher / DcomLaunch][Running/Auto Start]
  <C:\WINDOWS\system32\svchost -k DcomLaunch-->%SystemRoot%\system32\rpcss.dll><Microsoft Corporation>
[DHCP Client / Dhcp][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\dhcpcsvc.dll><Microsoft Corporation>
[EQService / EQService][Stopped/Auto Start]
  <><N/A>
[COM+ Event System / EventSystem][Running/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\es.dll><Microsoft Corporation>
[Fast User Switching Compatibility / FastUserSwitchingCompatibility][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\shsvcs.dll><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Server / lanmanserver][Stopped/Disabled]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\srvsvc.dll><Microsoft Corporation>
[Workstation / lanmanworkstation][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\wkssvc.dll><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Stopped/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Remote Access Connection Manager / RasMan][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\rasmans.dll><Microsoft Corporation>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[Remote Procedure Call (RPC) / RpcSs][Running/Auto Start]
  <C:\WINDOWS\system32\svchost -k rpcss-->%SystemRoot%\system32\rpcss.dll><Microsoft Corporation>
[SafenSec / SafenSec][Running/Auto Start]
  <"C:\Program Files\S.N.Safe&Software\Safe'n'Sec\safensec.exe"><S.N.Safe&Software>
[Shell Hardware Detection / ShellHWDetection][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\shsvcs.dll><Microsoft Corporation>
[Print Spooler / Spooler][Stopped/Disabled]
  <C:\WINDOWS\system32\spoolsv.exe><Microsoft Corporation>
[Windows Image Acquisition (WIA) / stisvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k imgsvc-->%SystemRoot%\system32\wiaservc.dll><Microsoft Corporation>
[StyleXPService / StyleXPService][Running/Auto Start]
  <"C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"><>
[Telephony / TapiSrv][Running/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\tapisrv.dll><Microsoft Corporation>
[Themes / Themes][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\shsvcs.dll><Microsoft Corporation>
[WebClient / WebClient][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k LocalService-->%SystemRoot%\System32\webclnt.dll><Microsoft Corporation>

==================================
驱动程序
[360TimeProt / 360TimeProt][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\360TimeProt.sys><N/A>
[Microsoft Kernel Acoustic Echo Canceller / aec][Stopped/Manual Start]
  <system32\drivers\aec.sys><Microsoft Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[avgio / avgio][Running/System Start]
  <\??\D:\Avira\AntiVir PersonalEdition Premium\avgio.sys><Avira GmbH>
[avgntflt / avgntflt][Running/Manual Start]
  <\??\D:\Avira\AntiVir PersonalEdition Premium\avgntflt.sys><Avira GmbH>
[avipbb / avipbb][Running/System Start]
  <system32\DRIVERS\avipbb.sys><Avira GmbH>
[Chx-IM Filter Driver Service / Chxim][Running/Manual Start]
  <system32\DRIVERS\chxim.sys><Third Brigade>
[CHX Packet Filter Module Driver / ChxMpf][Running/Auto Start]
  <System32\DRIVERS\ChxMpf.sys><Third Brigade>
[CHX Payload Module Driver / ChxMpld][Running/Auto Start]
  <system32\drivers\chxmpld.sys><Third Brigade>
[EQSysSecure / EQSysSecure][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EQSysSecure.sys><EQSecure>
[Lavalys EVEREST Kernel Driver / EverestDriver][Stopped/Manual Start]
  <\??\D:\Everest\kerneld.wnt><N/A>
[FltMgr / FltMgr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\fltMgr.sys><Microsoft Corporation>
[HTTP / HTTP][Stopped/Manual Start]
  <System32\Drivers\HTTP.sys><Microsoft Corporation>
[IP Network Address Translator / IpNat][Stopped/Manual Start]
  <system32\DRIVERS\ipnat.sys><Microsoft Corporation>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[Microsoft Kernel Wave Audio Mixer / kmixer][Running/Manual Start]
  <system32\drivers\kmixer.sys><Microsoft Corporation>
[MRxSmb / MRxSmb][Running/System Start]
  <system32\DRIVERS\mrxsmb.sys><Microsoft Corporation>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[oreans32 / oreans32][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\oreans32.sys><N/A>
[p2pfilter / p2pfilter][Stopped/Manual Start]
  <\??\D:\网管\netsense\p2pfilter.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rdbss / Rdbss][Running/System Start]
  <system32\DRIVERS\rdbss.sys><Microsoft Corporation>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SafenSec Base System Events Provider v2.0 / sfcorevt][Running/System Start]
  <SYSTEM32\Drivers\sfcorevt.sys><S.N.Safe&Software>
[Microsoft Kernel Audio Splitter / splitter][Stopped/Manual Start]
  <system32\drivers\splitter.sys><Microsoft Corporation>
[Srv / Srv][Stopped/Manual Start]
  <system32\DRIVERS\srv.sys><Microsoft Corporation>
[ssmdrv / ssmdrv][Stopped/Manual Start]
  <system32\DRIVERS\ssmdrv.sys><Avira GmbH>
[StyleXPHelper / StyleXPHelper][Running/System Start]
  <\??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe><Windows (R) 2000 DDK provider>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[Microcode Update Driver / Update][Running/Manual Start]
  <system32\DRIVERS\update.sys><Microsoft Corporation>
[Microsoft WINMM WDM Audio Compatibility Driver / wdmaud][Running/Manual Start]
  <system32\drivers\wdmaud.sys><Microsoft Corporation>
[WoptiGwiopm / WoptiGwiopm][Stopped/Manual Start]
  <\??\D:\Wopti\WoptiUtilities\WoptiGwiopm.sys><Wopti>
[xAntiArpSpoof Service / xAntiArp][Stopped/Manual Start]
  <system32\DRIVERS\xAntiArp.sys><N/A>

显示全部楼层 · 发表于 2007-5-17 18:27:16

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\Thunder Network\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {2F364305-AA45-47B5-9F9D-39A8B94E7EF7} <D:\Thunder Network\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\FlashGet\jccatch.dll, www.flashget.com>
[XPL LinkScannerIE]
  {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} <C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerIE.dll, Exploit Prevention Labs, Inc.>
[FlashGet GetFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <D:\FlashGet\getflash.dll, www.flashget.com>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\Thunder Network\Thunder.exe, Thunder Networking Technologies,LTD>
[Web反病毒统计]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\Kaspersky Lab\scieplugin.dll, Kaspersky Lab>
[快车]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\FlashGet\FlashGet.exe, FlashGet.com>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[XUploadFiles Control]
  {18B9E4BF-F21F-46B9-AD50-5CA62145426A} <C:\WINDOWS\DOWNLO~1\XUPLOA~1.OCX, www.blue999.com>
[Office Update Installation Engine]
  {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\flash8.ocx, Macromedia, Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\Thunder Network\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[XUploadFiles Control]
  {18B9E4BF-F21F-46B9-AD50-5CA62145426A} <C:\WINDOWS\DOWNLO~1\XUPLOA~1.OCX, www.blue999.com>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {2F364305-AA45-47B5-9F9D-39A8B94E7EF7} <D:\Thunder Network\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\FlashGet\jccatch.dll, www.flashget.com>
[XPL LinkScannerIE]
  {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} <C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerIE.dll, Exploit Prevention Labs, Inc.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[CoTGT_BHO Class]
  {C333CF63-767F-4831-94AC-E683D962C63C} <C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll, N/A>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Msxml]
  {CFC399AF-D876-11D0-9C10-00C04FC99C8E} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\flash8.ocx, Macromedia, Inc.>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[FlashGet GetFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <D:\FlashGet\getflash.dll, www.flashget.com>
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML HTTP 3.0]
  {F5078F35-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[FGAutoLive]
  {F90D830D-C175-4bbe-82C7-FF94669A4C42} <D:\FlashGet\fgupdate.dll, www.flashget.com>
[FGCatchUrl]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <D:\FlashGet\jccatch.dll, www.flashget.com>
[&使用快车(FlashGet)下载]
  <D:\FlashGet\jc_link.htm, N/A>
[使用迅雷下载]
  <D:\Thunder Network\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\Thunder Network\Program\getallurl.htm, N/A>

显示全部楼层 · 发表于 2007-5-17 18:27:42

==================================
正在运行的进程
[PID: 860][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1028][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\winsrv.dll]  [Microsoft Corporation, 5.1.2600.3103 (xpsp_sp2_gdr.070316-1309)]
[C:\WINDOWS\system32\KERNEL32.dll]  [Microsoft Corporation, 5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)]
[C:\WINDOWS\system32\sxs.dll]  [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
[PID: 1116][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)]
[C:\WINDOWS\system32\AUTHZ.dll]  [Microsoft Corporation, 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)]
[C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
[C:\WINDOWS\system32\MSGINA.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
[C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3086 (xpsp_sp2_gdr.070218-2314)]
[C:\WINDOWS\system32\COMCTL32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
[C:\WINDOWS\system32\SHSVCS.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
[C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
[C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]
[C:\WINDOWS\system32\iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)]
[C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1224][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)]
[C:\WINDOWS\system32\AUTHZ.dll]  [Microsoft Corporation, 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)]
[C:\WINDOWS\system32\umpnpmgr.dll]  [Microsoft Corporation, 5.1.2600.2744 (xpsp_sp2_gdr.050822-1647)]
[C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
[C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
[C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
[C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3086 (xpsp_sp2_gdr.070218-2314)]
[C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
[PID: 1236][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)]
[C:\WINDOWS\system32\LSASRV.dll]  [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
[C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
[C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
[C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
[C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
[C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3086 (xpsp_sp2_gdr.070218-2314)]
[C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
[C:\WINDOWS\system32\kerberos.dll]  [Microsoft Corporation, 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522)]
[C:\WINDOWS\system32\iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)]
[C:\WINDOWS\system32\wdigest.dll]  [Microsoft Corporation, 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516)]
[C:\Program Files\ExPLabs.com\LinkScanner\wrnetdrv.dll]  [Exploit Prevention Labs, Inc., 2.6.2.68]
[C:\Program Files\ExPLabs.com\LinkScanner\NetProcTrack.dll]  [Exploit Prevention Labs, Inc., 2.6.2.68]
[C:\Program Files\ExPLabs.com\LinkScanner\SiteBlocker.dll]  [Exploit Prevention Labs, Inc., 2.6.2.68]
[C:\Program Files\ExPLabs.com\LinkScanner\SploitChecker.dll]  [Exploit Prevention Labs, Inc., 2.6.2.68]
[C:\Program Files\ExPLabs.com\LinkScanner\zlib1.dll]  [, 1.2.3]
[PID: 1812][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)]
[C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3086 (xpsp_sp2_gdr.070218-2314)]
[C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
[C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
[C:\WINDOWS\system32\BROWSEUI.dll]  [Microsoft Corporation, 6.00.2900.3086 (xpsp_sp2_gdr.070218-2314)]
[C:\WINDOWS\system32\SHDOCVW.dll]  [Microsoft Corporation, 6.00.2900.3086 (xpsp_sp2_gdr.070218-2314)]
[C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
[C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
[C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]
[C:\WINDOWS\system32\themeui.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Kaspersky Lab\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\system32\ntshrui.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\LINKINFO.dll]  [Microsoft Corporation, 5.1.2600.2751 (xpsp_sp2_gdr.050831-1520)]
[C:\WINDOWS\system32\MLANG.dll]  [Microsoft Corporation, 6.00.2900.2530 (xpsp.040919-1030)]
[C:\WINDOWS\Packs\Crystal XP\YzToolbar\YzToolbar.dll]  [, 1, 3, 0, 0]
[C:\WINDOWS\system32\stobject.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NETSHELL.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\credui.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)]
[C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll]  [Nero AG, 2, 0, 0, 8]
[C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.8466]
[C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.8466]
[C:\WINDOWS\system32\nvshell.dll]  [, ]
[D:\AVGAntiSpyware\shellexecutehook.dll]  [Anti-Malware Development a.s., 7, 5, 0, 47]
[C:\WINDOWS\system32\SXS.DLL]  [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
[PID: 1972][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)]
[C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
[C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
[C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3086 (xpsp_sp2_gdr.070218-2314)]
[C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]
[C:\WINDOWS\Packs\Crystal XP\YzToolbar\YzToolbar.dll]  [, 1, 3, 0, 0]
[PID: 836][D:\Avira\AntiVir PersonalEdition Premium\avgnt.exe]  [Avira GmbH, 7.00.04.05]
[C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)]
[C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3086 (xpsp_sp2_gdr.070218-2314)]
[D:\Avira\AntiVir PersonalEdition Premium\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
[D:\Avira\AntiVir PersonalEdition Premium\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
[C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
[C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
[D:\Avira\AntiVir PersonalEdition Premium\avgcmxp.dll]  [Avira GmbH, 7.00.04.00]
[D:\Avira\AntiVir PersonalEdition Premium\AVWINLL.DLL]  [Avira GmbH, 1.0.0.7]
[C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
[C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]
[C:\Program Files\ExPLabs.com\LinkScanner\wrnetdrv.dll]  [Exploit Prevention Labs, Inc., 2.6.2.68]
[C:\Program Files\ExPLabs.com\LinkScanner\NetProcTrack.dll]  [Exploit Prevention Labs, Inc., 2.6.2.68]
[C:\Program Files\ExPLabs.com\LinkScanner\SiteBlocker.dll]  [Exploit Prevention Labs, Inc., 2.6.2.68]
[C:\Program Files\ExPLabs.com\LinkScanner\SploitChecker.dll]  [Exploit Prevention Labs, Inc., 2.6.2.68]
[C:\Program Files\ExPLabs.com\LinkScanner\zlib1.dll]  [, 1.2.3]
[C:\WINDOWS\Packs\Crystal XP\YzToolbar\YzToolbar.dll]  [, 1, 3, 0, 0]
[PID: 876][D:\Super Rabbit\MagicSet\memdef.exe]  [, 4.0.0.0]
[C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)]
[C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3086 (xpsp_sp2_gdr.070218-2314)]
[C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
[C:\WINDOWS\system32\shell32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
[C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]
[C:\WINDOWS\Packs\Crystal XP\YzToolbar\YzToolbar.dll]  [, 1, 3, 0, 0]
[PID: 884][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 43]
[C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)]
[C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
[C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3086 (xpsp_sp2_gdr.070218-2314)]
[C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
[C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
[C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]
[C:\WINDOWS\Packs\Crystal XP\YzToolbar\YzToolbar.dll]  [, 1, 3, 0, 0]
[PID: 892][C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerMonitor.exe]  [Exploit Prevention Labs, Inc., 2.6.2.68]
[C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)]
[C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3086 (xpsp_sp2_gdr.070218-2314)]
[C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
[C:\WINDOWS\system32\oledlg.dll]  [Microsoft Corporation, 1.0 (xpsp_sp2_gdr.061016-0148)]
[C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
[C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]
[C:\WINDOWS\Packs\Crystal XP\YzToolbar\YzToolbar.dll]  [, 1, 3, 0, 0]
[C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
[D:\Kaspersky Lab\adialhk.dll]  [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\system32\iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)]
[C:\WINDOWS\system32\rasadhlp.dll]  [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
[C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
[C:\Program Files\ExPLabs.com\LinkScanner\wrnetdrv.dll]  [Exploit Prevention Labs, Inc., 2.6.2.68]
[C:\Program Files\ExPLabs.com\LinkScanner\NetProcTrack.dll]  [Exploit Prevention Labs, Inc., 2.6.2.68]
[C:\Program Files\ExPLabs.com\LinkScanner\SiteBlocker.dll]  [Exploit Prevention Labs, Inc., 2.6.2.68]
[C:\Program Files\ExPLabs.com\LinkScanner\SploitChecker.dll]  [Exploit Prevention Labs, Inc., 2.6.2.68]
[C:\Program Files\ExPLabs.com\LinkScanner\zlib1.dll]  [, 1.2.3]
[PID: 1068][C:\WINDOWS\Packs\Crystal XP\YzToolbar\YzToolbar.exe]  [Y'z@Home, 1, 3, 0, 0]
[C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)]
[C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
[C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3086 (xpsp_sp2_gdr.070218-2314)]
[C:\WINDOWS\Packs\Crystal XP\YzToolbar\Languages\English.lang]  [ , 1, 0, 0, 0]
[C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
[C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]
[C:\WINDOWS\Packs\Crystal XP\YzToolbar\YzToolbar.dll]  [, 1, 3, 0, 0]
[PID: 1180][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.672\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
[C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)]
[C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3086 (xpsp_sp2_gdr.070218-2314)]
[C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
[C:\WINDOWS\system32\oledlg.dll]  [Microsoft Corporation, 1.0 (xpsp_sp2_gdr.061016-0148)]
[C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
[C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\RICHED20.DLL]  [Microsoft Corporation, 5.30.23.1228]
[C:\WINDOWS\Packs\Crystal XP\YzToolbar\YzToolbar.dll]  [, 1, 3, 0, 0]
[C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]
[C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\netapi32.dll]  [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
WRProvider over [MSAFD Tcpip [TCP/IP]]
C:\Program Files\ExPLabs.com\LinkScanner\wrnetdrv.dll(Exploit Prevention Labs, Inc., LinkScanner LSP)
WRProvider over [MSAFD Tcpip [UDP/IP]]
C:\Program Files\ExPLabs.com\LinkScanner\wrnetdrv.dll(Exploit Prevention Labs, Inc., LinkScanner LSP)
WRProvider over [MSAFD Tcpip [RAW/IP]]
C:\Program Files\ExPLabs.com\LinkScanner\wrnetdrv.dll(Exploit Prevention Labs, Inc., LinkScanner LSP)
WRProvider over [RSVP UDP Service Provider]
C:\Program Files\ExPLabs.com\LinkScanner\wrnetdrv.dll(Exploit Prevention Labs, Inc., LinkScanner LSP)
WRProvider over [RSVP TCP Service Provider]
C:\Program Files\ExPLabs.com\LinkScanner\wrnetdrv.dll(Exploit Prevention Labs, Inc., LinkScanner LSP)
WRProvider
C:\Program Files\ExPLabs.com\LinkScanner\wrnetdrv.dll(Exploit Prevention Labs, Inc., LinkScanner LSP)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1    localhost

==================================
API HOOK
RVA  错误： CreateServiceA (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0x00380208)
RVA  错误： CreateServiceW (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0x003802C8)
RVA  错误： LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF4745AF0)
RVA  错误： LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF4745CD0)
RVA  错误： LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF4745E30)
RVA  错误： LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF4745BE0)
RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xF4745DE0)

==================================
隐藏进程
[188] C:\Program Files\Internet Explorer\iexplore.exe
[1172] C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerConnect.exe

==================================

[/CODE]

显示全部楼层 · 发表于 2007-5-17 18:43:03

你扫描报告的时候开着网页吗？
[188] C:\Program Files\Internet Explorer\iexplore.exe
[1172] C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerConnect.exe
这2个隐藏进程！！
第二个是你安装的什么安全工具把但是第一个你要是没开IE的话危险但是你就是开IE也不应该是隐藏进程啊！你用冰刃删除试试！！

还有你有上传文件管理器？ www.blue999.com的那个？

我水平有限只能帮到你这些了呵呵

[ 本帖最后由 zhaonimm 于 2007-5-17 18:44 编辑 ]

[已解决] 请帮忙看下这个日志有无问题....