大家帮忙看看我的系统有没什么问题
[code]2010-03-10,20:26:55
SysLog Scanner 3.0 - build 20091220
Arswp (http://www.arswp.com)
Windows XP Professional Service Pack 3 (build 2600)
================================================================
注册项
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<B6D8D07> <C:\WINDOWS\system32\E7D3D45.exe> []
<D3D0C64> <C:\WINDOWS\system32\E2C6D43.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon> <RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105) | (Verified)NVIDIA Corporation, 6.14.11.7824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
<killdummycom4> <"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\killer_dummycom.exe" -check> [2, 2, 0, 0]
<360safeKill> <"F:\新建文件夹\下载\killer_rodog\killer_rodog.exe" -runonce> [版权所有(C) 2008 360安全中心, 5, 2, 0, 0]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt]
<使用迅雷下载> <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm> [N/A]
<使用迅雷下载全部链接> <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm> [N/A]
================================================================
启动组
================================================================
任务计划
================================================================
组件
--------------------------------
Shell Extension
[Display Panning CPL Extension]
<{42071714-76d4-11d1-8b24-00a0c9068ff3}> <deskpan.dll> []
[HyperTerminal Icon Ext]
<{88895560-9AA2-1069-930E-00AA0030EBC8}> <C:\WINDOWS\system32\htic**.dll> [(Verified)Hilgraeve, Inc., 5.1.2600.0]
[任务栏和「开始」菜单]
<{0DF44EAA-FF21-4412-828E-260A8728E7F1}> <> []
[WinRAR shell extension]
<{B41DB860-8EE4-11D2-9906-E49FADC173CA}> <C:\Program Files\WinRAR\rarext.dll> [N/A]
[NvCpl DesktopContext Class]
<{A70C977A-BF00-412C-90B7-034C51DA2439}> <C:\WINDOWS\system32\nvcpl.dll> [(Verified)NVIDIA Corporation, 6.14.11.7824]
--------------------------------
Protocols
[]
<{6AC4FBC7-AA38-45EC-9634-D6D20B679EFC}> <C:\WINDOWS\system32\KuGoo3DownXControl.ocx> [酷狗, 5.2.4.4]
--------------------------------
Context Menu
[WinRAR]
<{B41DB860-8EE4-11D2-9906-E49FADC173CA}> <C:\Program Files\WinRAR\rarext.dll> [N/A]
--------------------------------
BrowserHelperObject
[ThunderAtOnce Class]
<{01443AEC-0FD1-40fd-9C87-E93D1494C233}> <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll> [Thunder Networking Technologies,LTD, 1.0.5.34]
[IEFXZ]
<{6A49F431-2A2E-41a5-9080-0F41D1A3AEC2}> <C:\PROGRA~1\IEfxz\iefxz.dll> [Copyright 2008, 1, 1, 2, 1]
[Thunder Browser Helper]
<{889D2FEB-5411-4565-8998-1DD2C5261283}> <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll> [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 120]
--------------------------------
ActiveX Extension
[ThunderAtOnce Class]
<{01443AEC-0FD1-40FD-9C87-E93D1494C233}> <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll> [Thunder Networking Technologies,LTD, 1.0.5.34]
[Thunder Agent Class]
<{485463B7-8FB2-4B3B-B29B-8B919B0EACCE}> <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll> [(Verified)Thunder Networking Technologies,LTD, 6, 0, 4, 42]
[IEFXZHelper]
<{6A49F431-2A2E-41a5-9080-0F41D1A3AEC1}> <C:\PROGRA~1\IEfxz\iefxz.dll> [Copyright 2008, 1, 1, 2, 1]
[360SafeLive]
<{87515F61-A66C-4319-A0E0-D416CB8059E3}> <C:\Program Files\360Safe\live.dll> [(Verified)360.cn, 1, 0, 1, 1029]
[Thunder Browser Helper]
<{889D2FEB-5411-4565-8998-1DD2C5261283}> <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll> [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 120]
[Shockwave Flash Object]
<{D27CDB6E-AE6D-11CF-96B8-444553540000}> <C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx> [(Verified)Adobe Systems, Inc., 10,0,12,36]
================================================================
服务
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
<C:\WINDOWS\system32\mnmsrvc.exe> []
[System Restore Service / srservice][Stopped/Disabled]
<%SystemRoot%\system32\svchost.exe -k netsvcs --> "C:\WINDOWS\system32\srsvc.dll"> [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
<C:\Program Files\StormII\stormliv.exe /asservice> [(Verified)**暴风网际科技有限公司, 3, 8, 3, 15]
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<%SystemRoot%\system32\nvsvc32.exe> [(Verified)NVIDIA Corporation, 6.14.11.7824]
================================================================
驱动
[0009d9f9 / 0009d9f9][Running/Manual Start]
<\??\C:\WINDOWS\system32\Drivers\0009d9f9.sys> []
[360webpro / 360webpro][Stopped/Manual Start]
<\??\C:\Program Files\360Safe\safemon\360webpro.sys> []
[EagleNT / EagleNT][Running/Manual Start]
<\??\C:\WINDOWS\system32\drivers\EagleNT.sys> []
[SATALink driver accelerator / SiFilter][Running/Boot Start]
<system32\drivers\SiWinAcc.sys> [Silicon Image, Inc., 1.0.0.11]
[System Restore Filter Driver / sr][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\sr.sys> []
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[360AntiArp / 360AntiArp][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\360AntiARP.sys> [(Verified)360安全中心, 1, 0, 1, 1009]
[360procmon / 360procmon][Running/Manual Start]
<\??\C:\Program Files\360Safe\safemon\360procmon.sys> [(Verified)版权所有 (C) 2006-2008 360.cn, 1, 0, 0, 1001]
[AtpKrnl / AtpKrnl][Running/Manual Start]
<System32\Drivers\AtpKrnl.sys> [(Verified)www.arswp.com, 3.00]
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys> [(Verified)Windows (R) Server 2003 DDK provider, 5.10.01.5013 built by: WinDDK]
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RtkHDAud.sys> [(Verified)Realtek Semiconductor Corp., 5.10.0.5717 built by: WinDDK]
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys> [(Verified)NVIDIA Corporation, 6.14.11.7824]
[DDK PACKET Protocol / Packet][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\ProtoDrv.sys> [(Verified)360安全中心, 1, 0, 1, 1002]
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys> [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148)]
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
<\??\C:\WINDOWS\system32\Drivers\safeboxkrnl.sys> [(Verified)360安全中心, 2, 3, 0, 1011]
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys> [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086]
[VMware Pointing Device / vmmouse][Running/Manual Start]
<system32\DRIVERS\vmmouse.sys> [(Verified)VMware, Inc., 12.4.0.2]
[NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start]
<system32\DRIVERS\yk51x86.sys> [(Verified)Marvell, 10.64.9.3 built by: WinDDK]
================================================================
活动进程
[PID: 708 / SYSTEM] \??\C:\WINDOWS\system32\winlogon.exe [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 752 / SYSTEM] C:\WINDOWS\system32\services.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 772 / SYSTEM] C:\WINDOWS\system32\lsass.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 952 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1016 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1112 / SYSTEM] C:\WINDOWS\System32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
C:\WINDOWS\System32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1192 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1276 / LOCAL SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1388 / SYSTEM] C:\WINDOWS\system32\spoolsv.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 252 / LOCAL SERVICE] C:\WINDOWS\System32\alg.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
C:\WINDOWS\System32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 276 / SYSTEM] C:\Program Files\StormII\stormliv.exe [(Verified)**暴风网际科技有限公司, 3, 8, 3, 15]
C:\Program Files\StormII\MSVCP60.dll [Microsoft Corporation, 6.02.3104.0]
C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 372 / SYSTEM] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [(Verified)Microsoft Corporation, 7.00.9466]
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll [Microsoft Corporation, 7.00.9466]
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MSDBG2.DLL [Microsoft Corporation, 7.00.9466]
[PID: 428 / SYSTEM] C:\WINDOWS\system32\nvsvc32.exe [(Verified)NVIDIA Corporation, 6.14.11.7824]
C:\WINDOWS\system32\nvapi.dll [(Verified)NVIDIA Corporation, 6.14.11.7824]
C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 488 / SYSTEM] C:\WINDOWS\system32\RUNDLL32.EXE [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
C:\WINDOWS\system32\ykx32mpcoinst.dll [(Verified)Marvell, 10.10.5.3]
[PID: 2768 / Administrator] F:\新建文件夹\下载\arswp3\ArSwp3.exe [(Verified)Windows 清理助手, 3.0.14.0130]
C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx [(Verified)Adobe Systems, Inc., 10,0,12,36]
C:\WINDOWS\DDRAW.dll [Microsoft Corporation, 5.03.2600.5512 (xpsp.080413-0845)]
C:\WINDOWS\system\TIMAE.DRV [N/A]
[PID: 2816 / SYSTEM] C:\WINDOWS\system32\msiexec.exe [(Verified)Microsoft Corporation, 4.5.6001.22159 (vistasp1_ldr.080415-1732)]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 2392 / NETWORK SERVICE] C:\WINDOWS\system32\wbem\wmiprvse.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 2736 / Administrator] C:\000C2C37\000E6C34.exe [N/A]
[PID: 3056 / Administrator] C:\WINDOWS\explorer.exe [(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 2996 / Administrator] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe [Adobe Systems, Inc., 10,0,12,36]
C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 2964 / Administrator] C:\WINDOWS\system32\ctfmon.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
================================================================
文件关联
================================================================
Autorun.Inf
================================================================
Winsock**者
================================================================
隐藏进程
================================================================
可疑文件
================================================================
HOSTS
127.0.0.1 gxgxy.net
127.0.0.1 c0mo.com
127.0.0.1 www.cike007.cn
127.0.0.1 www.exiao01.com
127.0.0.1 qqq.dzydhx.com
127.0.0.1 qqq.hao1658.com
127.0.0.1 www.333292.com
127.0.0.1 down.18dd.net
127.0.0.1 xxx.m111.biz
127.0.0.1 1.jopenqc.com
127.0.0.1 xxx.j41m.com
127.0.0.1 3.joppnqq.com
127.0.0.1 d.93se.com
127.0.0.1 1.jopenkk.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 new.749571.com
127.0.0.1 xtx.kv8.info
127.0.0.1 cao.kv8.info
127.0.0.1 1.jopmmqq.com
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopanqc.com
127.0.0.1 2.joppnqq.com
127.0.0.1 www.868wg.com
127.0.0.1 xxx.mmma.biz
127.0.0.1 ilove.com
127.0.0.1 www.22aaa.com
127.0.0.1 xx.exiao01.com
127.0.0.1 www.exiao01.com
127.0.0.1 tp.shpzhan.cn
127.0.0.1 www.tomwg.com
127.0.0.1 wg.47255.com
127.0.0.1 1.joppnqq.com
127.0.0.1 171817.171817.com
127.0.0.1 d2.llsging.com
127.0.0.1 down.malasc.cn
127.0.0.1 llboss.com
127.0.0.1 nx.51ylb.cn
127.0.0.1 my.531jx.cn
127.0.0.1 up.22x44.com
[/code] C:\WINDOWS\system32\E2C6D43.exe
这个文件发上来,然后删除!
页:
[1]