瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 硬件故障,还是软件故障?
楚楚留香 - 2006-8-4 8:41:00
在一次发现病毒后几秒钟,电脑自动重新启动。且正常启动电脑时,屏幕上有蓝白相间的竖直线,启动至显示windows行进条后短暂蓝屏,然后又重新启动。如此反复!起初以为显卡接触不行,但重新插拔显卡,没得用。
按F8,仅安全模式可以进,且未出现花屏现象。用瑞星杀不到毒,而我的D盘(非系统盘)双击打不开,只能右键(多自动播放),发现pagefile文件。删除后重新进安全模式依然存在(正常启动不了)。同时系统盘发现不少可以文件。为何瑞星发现不了?
另smss进程是系统进程吗?
附日志文件
是硬件故障,还是软件故障?如何解决启动及花屏问题?谢谢
实在不行只能“抱”修了,费用大概多少? 因为我没修过电脑,怕被宰!

2006-08-03,21:22:16

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [Microsoft Corporation]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <TVTray><>  []
    <tvmaster><C:\Program Files\10Moons\10Moons TV Baby\Exe\SystemTray.exe>  []
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <BigDog303><C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)>  []
    <ToP><C:\WINDOWS\LSASS.exe>  [oJSni23Skjw5SD]
    <TProgram><C:\WINDOWS\SMSS.EXE>  [bH7ed8SjdCw7]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <alsmt.exe><C:\WINDOWS\System32\alsmt.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <TProgram><C:\WINDOWS\SMSS.EXE>  [bH7ed8SjdCw7]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\zhai\「开始」菜单\程序\启动\腾讯QQ.lnk><N>

==================================
服务
[C-DillaSrv / C-DillaSrv]
  <C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[iPod 服务 / iPodService]
  <C:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.>
[JMediaService / JMediaService]
  <C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\MMSASS~1\MMSSVER.DLL,Service><N/A>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy  Service / RfwProxySrv]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <C:\Program Files\Rising\Rfw\rfwsrv.exe><N/A>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
楚楚留香 - 2006-8-4 8:42:00
==================================
浏览器加载项
[Shareaza Web Download Hook]
  {0EEDB912-C5FA-486F-8334-57288578C627} <D:\超级BT下载软件\Plugins\RazaWebHook.dll, N/A>
[Vision]
  {6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <D:\FLASHGET\jccatch.dll, Amaze Soft>
[MMSAssistMenu]
  {6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[MMSAssistMenu]
  {6671A433-5C3D-463d-A7CF-5587F9B7E191}? <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263}? <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Tencent\QQ\QQ.EXE, TENCENT>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\FLASHGET\flashget.exe, Amaze Soft>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? <D:\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[金山快译(&K)]
  {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <D:\FastAIT 2005\IEBand.dll, 金山软件股份有限公司>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\FLASHGET\fgiebar.dll, Amaze Soft>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\System32\aliedit\AliEdit.dll, www.alipay.com>
[>>彩信发送<<]
  <res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm, N/A>
[Download with &Shareaza]
  <res://D:\超级BT下载软件\Plugins\RazaWebHook.dll/3000, N/A>
[上传到QQ网络硬盘]
  <D:\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <D:\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <D:\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <D:\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 148][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 196][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 220][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
[PID: 272][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
[PID: 284][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
[PID: 460][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
[PID: 492][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
[PID: 744][C:\WINDOWS\Explorer.exe]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[PID: 868][C:\WINDOWS\SMSS.EXE]  <bH7ed8SjdCw7><0.00.0087>
    [C:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1044][E:\安装程序\SREng(查看进程).exe]  <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

================================ 日志粘贴完毕。请大侠支招了。谢谢!==
龍███貳 - 2006-8-4 8:43:00
可能中了冲击波病毒了~
楚楚留香 - 2006-8-4 8:53:00
引用:
【龍███貳的贴子】可能中了冲击波病毒了~
………………

您是说可能? 有招使使吗? 排除硬件故障?
我瑞星杀毒,防火墙都安装都升级了还中了这老病毒?!
酷盖 - 2006-8-4 9:04:00
<ToP><C:\WINDOWS\LSASS.exe> [oJSni23Skjw5SD]
<TProgram><C:\WINDOWS\SMSS.EXE> [bH7ed8SjdCw7]
麻烦。。。
http://forum.ikaka.com/topic.asp?board=28&artid=7828861
http://forum.ikaka.com/topic.asp?board=28&artid=7828861

楚楚留香 - 2006-8-4 9:08:00
引用:
【酷盖的贴子】<ToP><C:\WINDOWS\LSASS.exe> [oJSni23Skjw5SD]
<TProgram><C:\WINDOWS\SMSS.EXE> [bH7ed8SjdCw7]
麻烦。。。
http://forum.ikaka.com/topic.asp?board=28&artid=7828861
http://forum.ikaka.com/topic.asp?board=28&artid=7828861


………………


还是中招了?  不是硬件故障了?
谢谢! 我都是正版杀毒。都天天更新,怎么还是中招了啊。
710207 - 2006-8-4 9:14:00
建议楼主重装
那两只马及其难杀,搞不好损坏所有EXE的可执行文件.......
楚楚留香 - 2006-8-4 9:19:00
谢谢你们

确定不是硬件问题的话。那我就重新装。
可以排除显卡问题吗?从来没听过中毒能花屏的啊!
楚楚留香 - 2006-8-4 9:38:00
能确定硬件没有问题吗?
楚楚留香 - 2006-8-4 12:14:00
中毒会导致花屏吗? 就是屏幕上有竖线。 蓝白相间 数目不多!
1
查看完整版本: 硬件故障,还是软件故障?
© 2000 - 2026 Rising Corp. Ltd.