瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 郁闷半天,重装了系统一样有毒,附上日志,忘大虾解决一下,小弟不胜感激
swing求救 - 2006-8-28 18:05:00
2006-08-28,17:52:40

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <HupooShell><"C:\dwnSetup\HupShell.exe" >  []
    <Hupoo><"C:\WINDOWS\system32\Hupoo.exe " >  []
    <Torjan Program><C:\WINDOWS\WINLOGON.EXE>  [DzGerIKC4FT08YOJQ3Zo]
    <TProgram><C:\WINDOWS\SMSS.EXE>  [MUxv7zlg6nPw3CBVSE93]
    <RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
[office文件检索]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\office文件检索.exe><N>

==================================
服务
[Rising Process Communication Center / RsCCenter]
  <"d:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"d:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[]
  {295CD217-AD34-4B66-91BA-48D5EFD9CA20} <C:\WINDOWS\system32\NBBHO.dll, N/A>
[MSHlper Class]
  {721E6521-4CAD-4A8D-A7F1-4E230B31EF19} <C:\WINDOWS\system32\MSHLP.DLL, N/A>
[Java Enhancer]
  {AF098F95-7CEA-407A-8552-3846737CC4B2} <C:\WINDOWS\system32\funcwin.dll, Sun MicroSystems, Inc.>
[RealPlayer Control]
  {BDBFE1F2-14C7-42D3-ACC7-4C2757F27F55} <C:\WINDOWS\system32\rmod3260.dll, RealNetworks,Inc.>
[isObject Class]
  {BE0B5843-553A-48C2-9A42-258A1D791AFC} <C:\PROGRA~1\pcast\hbcast.dll, N/A>
[51导航]
  {D271A289-57EB-4D0E-9131-A0CD25D4D1F8} <C:\WINDOWS\system32\browsewmzero.dll, N/A>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[MMSAssistMenu]
  {6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, N/A>
[]
  {295CD217-AD34-4B66-91BA-48D5EFD9CA20} <C:\WINDOWS\system32\NBBHO.dll, N/A>
[MSHlper Class]
  {721E6521-4CAD-4A8D-A7F1-4E230B31EF19} <C:\WINDOWS\system32\MSHLP.DLL, N/A>
[Java Enhancer]
  {AF098F95-7CEA-407A-8552-3846737CC4B2} <C:\WINDOWS\system32\funcwin.dll, Sun MicroSystems, Inc.>
[RealPlayer Control]
  {BDBFE1F2-14C7-42D3-ACC7-4C2757F27F55} <C:\WINDOWS\system32\rmod3260.dll, RealNetworks,Inc.>
[isObject Class]
  {BE0B5843-553A-48C2-9A42-258A1D791AFC} <C:\PROGRA~1\pcast\hbcast.dll, N/A>
[51导航]
  {D271A289-57EB-4D0E-9131-A0CD25D4D1F8} <C:\WINDOWS\system32\browsewmzero.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[>>彩信发送<<]
  <res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm, N/A>
swing求救 - 2006-8-28 18:06:00
==================================
正在运行的进程
[PID: 544][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 604][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 628][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 672][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 684][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 844][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 908][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1004][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1056][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1292][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1428][C:\WINDOWS\Explorer.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
    [C:\WINDOWS\system32\SystemDll.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\NBBHO.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\funcwin.dll]  <Sun MicroSystems, Inc.><1, 0, 0, 1>
    [C:\WINDOWS\system32\rmod3260.dll]  <RealNetworks,Inc.><1, 0, 0, 1>
    [d:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [d:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [d:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
[PID: 1548][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1720][C:\WINDOWS\SMSS.EXE]  <MUxv7zlg6nPw3CBVSE93><0.00.0095>
[PID: 1844][C:\WINDOWS\WINLOGON.EXE]  <DzGerIKC4FT08YOJQ3Zo><0.00.0095>
[PID: 1988][C:\WINDOWS\system32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 1416][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 500][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\NBBHO.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\funcwin.dll]  <Sun MicroSystems, Inc.><1, 0, 0, 1>
    [C:\WINDOWS\system32\rmod3260.dll]  <RealNetworks,Inc.><1, 0, 0, 1>
    [d:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
[PID: 1816][G:\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================
swing求救 - 2006-8-28 18:07:00
自己顶自己希望大虾帮忙,江湖救急
swing求救 - 2006-8-28 18:07:00
自己顶自己希望大虾帮忙,江湖救急
swing求救 - 2006-8-28 18:08:00
自己顶自己希望大虾帮忙,江湖救急
swing求救 - 2006-8-28 18:08:00
自己顶自己希望大虾帮忙,江湖救急
swing求救 - 2006-8-28 18:09:00
自己顶自己希望大虾帮忙,江湖救急
swing求救 - 2006-8-28 18:10:00
自己顶自己希望大虾帮忙,江湖救急
swing求救 - 2006-8-28 18:32:00
自己顶自己希望大虾帮忙,江湖救急
1
查看完整版本: 郁闷半天,重装了系统一样有毒,附上日志,忘大虾解决一下,小弟不胜感激
© 2000 - 2026 Rising Corp. Ltd.