急!!!谁帮帮我,电脑不停重启 bbs.ikaka.com

爻爻x - 2007-3-14 11:15:00

电脑还没有启动进入,启动到一半就重启动,用瑞星在安全模式杀毒,杀到了毒,但仍旧重启,谁能告诉我怎么办?急!!!!

姑苏残月 - 2007-3-14 12:03:00

下载SRENG,去安全模式,扫描日志发上来

爻爻x - 2007-3-14 16:40:00

[CODE]

2007-03-14,16:20:14

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Advanced Server Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><ctfmon.exe> [Microsoft Corporation]
<ravshell><C:\WINNT\system32\SVCH0ST.EXE> [N/A]
<svc><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sysonling.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NeroCheck><C:\WINNT\system32\NeroCheck.exe> [Ahead Software Gmbh]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe> [Tencent]
<runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
<mss3><C:\WINNT\mss3.exe> [N/A]
<mppds><C:\WINNT\mppds.exe> []
<upxdnd><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TIMPLATF0RM.exe> []
<mhs3><C:\WINNT\mhs3.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<RavStub><"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE> [Beijing Rising Technology Co., Ltd.]
<KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<twin><C:\WINNT\system32\ctfnom.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher]
<Userinit><C:\WINNT\system32\UserInit.exe,rundll32.exe C:\WINNT\system32\winsys16_070308.dll start> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows 2000 Publisher]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<Network.ConnectionTray><C:\WINNT\system32\NETSHELL.dll> [(Verified)Microsoft Windows 2000 Publisher]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher]
<SysTray><stobject.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
<WinlogonNotify: wzcnotif><wzcdlg.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<自定义浏览器><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A5110B5-E14B-4268-A065-EF89FF33C325}]
<EnableRevocation><regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINNT\system32\ssbezier.scr> [(Verified)Microsoft Windows 2000 Publisher]

爻爻x - 2007-3-14 16:41:00

==================================
启动文件夹
N/A

==================================
服务
[2DE93FC9 / 2DE93FC9][Stopped/Auto Start]
<C:\WINNT\system32\2DE93FC9.EXE -service><N/A>
[9511121A / 9511121A][Stopped/Auto Start]
<C:\WINNT\system32\9511121A.EXE -service><Microsoft Corporation>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[edfscv / edfscv][Stopped/Auto Start]
<C:\WINNT\system32\fgdfsdf.exe -service><Microsoft Corporation>
[MSDTC / MSDTC][Stopped/Manual Start]
<C:\MSSQL\BINN\msdtc.exe><Microsoft Corporation>
[MSSQLServer / MSSQLServer][Stopped/Auto Start]
<C:\MSSQL\BINN\SQLSERVR.EXE><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SQLExecutive / SQLExecutive][Stopped/Auto Start]
<C:\MSSQL\BINN\SQLEXEC.EXE><Microsoft Corporation>

==================================
驱动程序
[aic78xx / aic78xx][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[Rising TDI Base Driver / BaseTDI][Stopped/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[ExpScaner / ExpScaner][Stopped/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[WAN Miniport Driver For PPPoE Protocol / GNetPPPoE][Stopped/Manual Start]
<system32\DRIVERS\PPPoE.SYS><Guangdong Data Communications Network Co.Ltd.>
[HookCont / HookCont][Stopped/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Stopped/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Stopped/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[IdeBusDr / IdeBusDr][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
[Intel(r) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
[kmsinput / kmsinput][Stopped/Manual Start]
<\??\C:\WINNT\system32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN][Stopped/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[New0 / New0][Stopped/Auto Start]
<\??\C:\WINNT\system32\new.sys><N/A>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Stopped/Auto Start]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv4 / nv4][Stopped/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[StarForce Protection Environment Driver v5 / prodrv05][Stopped/System Start]
<\SystemRoot\System32\drivers\prodrv05.sys><N/A>
[StarForce Protection Helper Driver v1 / prohlp01][Stopped/Boot Start]
<\SystemRoot\System32\drivers\prohlp01.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Stopped/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Disabled]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Stopped/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[smwdm / smwdm][Stopped/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[SyGate for NT, Wg1n / WG1N][Stopped/Auto Start]
<\SystemRoot\SYSTEM32\Drivers\Wg1n.sys><Sygate Technologies, Inc.>
[SyGate for NT, Wg2n / WG2N][Stopped/Auto Start]
<\SystemRoot\SYSTEM32\Drivers\Wg2n.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg4n / wg4n][Stopped/Auto Start]
<\SystemRoot\SYSTEM32\Drivers\wg4n.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg5n / wg5n][Stopped/Auto Start]
<\SystemRoot\SYSTEM32\Drivers\wg5n.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg6n / wg6n][Stopped/Auto Start]
<\SystemRoot\SYSTEM32\Drivers\wg6n.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg8n / wg8n][Stopped/Auto Start]
<\SystemRoot\SYSTEM32\Drivers\wg8n.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg9n / wg9n][Stopped/Auto Start]
<\SystemRoot\SYSTEM32\Drivers\wg9n.sys><Sygate Technologies, Inc.>
[SyGate for NT, Wsdrv / Wsdrv][Running/Boot Start]
<\SystemRoot\\SystemRoot\SYSTEM32\Drivers\Wsdrv.sys><N/A>

爻爻x - 2007-3-14 16:44:00

浏览器加载项
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINNT\system32\CMBEdit.dll, >
[Update Class]
{9F1C11AA-197B-4942-BA54-47A8489BB47F} <C:\WINNT\System32\iuctl.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[PBActiveX40 Control]
{F2EB8999-766E-4BF6-AAAD-188D398C0D0B} <C:\WINNT\system32\CmbPb40.ocx, China Merchants Bank>

==================================
正在运行的进程
[PID: 124][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\ntdll.dll] [Microsoft Corporation, 5.00.2195.6899]
[C:\WINNT\System32\sfcfiles.dll] [Microsoft Corporation, 5.00.2195.6894]
[PID: 152][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\ntdll.dll] [Microsoft Corporation, 5.00.2195.6899]
[C:\WINNT\system32\CSRSRV.dll] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\basesrv.dll] [Microsoft Corporation, 5.00.2195.6824]
[C:\WINNT\system32\winsrv.dll] [Microsoft Corporation, 5.00.2195.6826]
[C:\WINNT\system32\USER32.dll] [Microsoft Corporation, 5.00.2195.6897]
[C:\WINNT\system32\KERNEL32.DLL] [Microsoft Corporation, 5.00.2195.6897]
[C:\WINNT\system32\GDI32.DLL] [Microsoft Corporation, 5.00.2195.6898]
[C:\WINNT\system32\LPK.DLL] [Microsoft Corporation, 5.00.2195.6692]
[C:\WINNT\system32\USP10.dll] [Microsoft Corporation, 1.0325.2195.6692]
[C:\WINNT\system32\ADVAPI32.dll] [Microsoft Corporation, 5.00.2195.6876]
[C:\WINNT\system32\RPCRT4.DLL] [Microsoft Corporation, 5.00.2195.6802]
[PID: 432][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690]
[C:\WINNT\system32\ntdll.dll] [Microsoft Corporation, 5.00.2195.6899]
[C:\WINNT\system32\ADVAPI32.DLL] [Microsoft Corporation, 5.00.2195.6876]
[C:\WINNT\system32\KERNEL32.DLL] [Microsoft Corporation, 5.00.2195.6897]
[C:\WINNT\system32\RPCRT4.DLL] [Microsoft Corporation, 5.00.2195.6802]
[C:\WINNT\system32\GDI32.DLL] [Microsoft Corporation, 5.00.2195.6898]
[C:\WINNT\system32\USER32.DLL] [Microsoft Corporation, 5.00.2195.6897]
[C:\WINNT\system32\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1400]
[C:\WINNT\system32\msvcrt.dll] [Microsoft Corporation, 6.10.9844.0]
[C:\WINNT\system32\COMCTL32.DLL] [Microsoft Corporation, 5.81]
[C:\WINNT\system32\IMM32.DLL] [Microsoft Corporation, 5.00.2195.6655]
[C:\WINNT\system32\LPK.DLL] [Microsoft Corporation, 5.00.2195.6692]
[C:\WINNT\system32\USP10.dll] [Microsoft Corporation, 1.0325.2195.6692]
[C:\WINNT\system32\SHELL32.dll] [Microsoft Corporation, 5.00.3700.6705]
[C:\WINNT\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINNT\system32\OLE32.DLL] [Microsoft Corporation, 5.00.2195.6810]
[C:\WINNT\system32\CLBCATQ.DLL] [Microsoft Corporation, 2000.2.3504.0]
[C:\WINNT\system32\OLEAUT32.dll] [Microsoft Corporation, 2.40.4522]
[C:\WINNT\system32\SHDOCVW.DLL] [Microsoft Corporation, 6.00.2800.1400]
[C:\WINNT\system32\browseui.dll] [Microsoft Corporation, 6.00.2800.1400]
[C:\WINNT\system32\MPR.DLL] [Microsoft Corporation, 5.00.2195.6824]
[C:\WINNT\system32\USERENV.DLL] [Microsoft Corporation, 5.00.2195.6794]
[C:\WINNT\system32\mydocs.dll] [Microsoft Corporation, 5.00.3502.6601]
[C:\WINNT\System32\ntlanman.dll] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\System32\NETUI0.DLL] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\System32\NETUI1.DLL] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\System32\NETAPI32.DLL] [Microsoft Corporation, 5.00.2195.6897]
[C:\WINNT\System32\SECUR32.DLL] [Microsoft Corporation, 5.00.2195.6695]
[C:\WINNT\System32\NETRAP.DLL] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\System32\SAMLIB.DLL] [Microsoft Corporation, 5.00.2195.6897]
[C:\WINNT\System32\WS2_32.DLL] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\System32\WS2HELP.DLL] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\WLDAP32.DLL] [Microsoft Corporation, 5.00.2195.6666]
[C:\WINNT\System32\DNSAPI.DLL] [Microsoft Corporation, 5.00.2195.6824]
[C:\WINNT\System32\WSOCK32.DLL] [Microsoft Corporation, 5.00.2195.6603]
[C:\WINNT\system32\MSI.DLL] [Microsoft Corporation, 3.0.3790.2538]
[C:\WINNT\system32\ntshrui.dll] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\ATL.DLL] [Microsoft Corporation, 3.00.9435]
[C:\WINNT\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\WINNT\system32\WININET.dll] [Microsoft Corporation, 6.00.2800.1400]
[C:\WINNT\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2195.6824]
[C:\WINNT\system32\MSASN1.DLL] [Microsoft Corporation, 5.00.2195.6905]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\WINNT\system32\LINKINFO.DLL] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\version.dll] [Microsoft Corporation, 5.00.2195.6623]
[C:\WINNT\system32\LZ32.DLL] [Microsoft Corporation, 5.00.2195.6611]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\WINNT\system32\browselc.dll] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINNT\system32\urlmon.dll] [Microsoft Corporation, 6.00.2800.1400]
[C:\WINNT\system32\WINMM.dll] [Microsoft Corporation, 5.00.2161.1]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\WINNT\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINNT\system32\diskcopy.dll] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\comdlg32.dll] [Microsoft Corporation, 5.00.3700.6693]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\WINNT\system32\msxml3.dll] [Microsoft Corporation, 8.30.9926.0]
[C:\WINNT\System32\mstask.dll] [Microsoft Corporation, 4.71.2195.6704]
[C:\WINNT\system32\query.dll] [Microsoft Corporation, 5.00.2195.6664]
[C:\WINNT\System32\docprop2.dll] [Microsoft Corporation, 5.00.2178.1]
[C:\WINNT\System32\MSVFW32.DLL] [Microsoft Corporation, 5.00.2195.6612]
[C:\WINNT\System32\AVIFIL32.DLL] [Microsoft Corporation, 5.00.2195.6612]
[C:\WINNT\System32\MSACM32.dll] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\faxshell.dll] [Microsoft Corporation, 5.00.2134.1]
[C:\Program Files\Microsoft Office\Office10\msohev.dll] [Microsoft Corporation, 10.0.2609]
[C:\WINNT\system32\cscui.dll] [Microsoft Corporation, 5.00.2195.6705]
[C:\WINNT\system32\CSCDLL.DLL] [Microsoft Corporation, 5.00.2195.6713]
[C:\WINNT\system32\actxprxy.dll] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINNT\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\WINNT\system32\CfgMgr32.dll] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\setupapi.dll] [Microsoft Corporation, 5.00.2195.6622]

爻爻x - 2007-3-14 16:46:00

[PID: 504][C:\program files\internet explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINNT\system32\ntdll.dll] [Microsoft Corporation, 5.00.2195.6899]
[C:\WINNT\system32\msvcrt.dll] [Microsoft Corporation, 6.10.9844.0]
[C:\WINNT\system32\KERNEL32.dll] [Microsoft Corporation, 5.00.2195.6897]
[C:\WINNT\system32\USER32.dll] [Microsoft Corporation, 5.00.2195.6897]
[C:\WINNT\system32\GDI32.DLL] [Microsoft Corporation, 5.00.2195.6898]
[C:\WINNT\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1400]
[C:\WINNT\system32\ADVAPI32.dll] [Microsoft Corporation, 5.00.2195.6876]
[C:\WINNT\system32\RPCRT4.DLL] [Microsoft Corporation, 5.00.2195.6802]
[C:\WINNT\system32\SHDOCVW.dll] [Microsoft Corporation, 6.00.2800.1400]
[C:\WINNT\system32\IMM32.DLL] [Microsoft Corporation, 5.00.2195.6655]
[C:\WINNT\system32\LPK.DLL] [Microsoft Corporation, 5.00.2195.6692]
[C:\WINNT\system32\USP10.dll] [Microsoft Corporation, 1.0325.2195.6692]
[C:\WINNT\system32\comctl32.dll] [Microsoft Corporation, 5.81]
[C:\WINNT\system32\SHELL32.dll] [Microsoft Corporation, 5.00.3700.6705]
[C:\WINNT\system32\ole32.dll] [Microsoft Corporation, 5.00.2195.6810]
[C:\WINNT\system32\BROWSEUI.dll] [Microsoft Corporation, 6.00.2800.1400]
[C:\WINNT\system32\browselc.dll] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINNT\system32\CLBCATQ.DLL] [Microsoft Corporation, 2000.2.3504.0]
[C:\WINNT\system32\OLEAUT32.dll] [Microsoft Corporation, 2.40.4522]
[C:\WINNT\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINNT\system32\upengine.dll] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINNT\system32\cscui.dll] [Microsoft Corporation, 5.00.2195.6705]
[C:\WINNT\system32\CSCDLL.DLL] [Microsoft Corporation, 5.00.2195.6713]
[C:\WINNT\system32\urlmon.dll] [Microsoft Corporation, 6.00.2800.1400]
[C:\WINNT\system32\VERSION.dll] [Microsoft Corporation, 5.00.2195.6623]
[C:\WINNT\system32\LZ32.DLL] [Microsoft Corporation, 5.00.2195.6611]
[C:\WINNT\system32\mshtml.dll] [Microsoft Corporation, 6.00.2800.1400]
[C:\WINNT\system32\WININET.dll] [Microsoft Corporation, 6.00.2800.1400]
[C:\WINNT\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2195.6824]
[C:\WINNT\system32\MSASN1.DLL] [Microsoft Corporation, 5.00.2195.6905]
[C:\WINNT\system32\winsys32_070308.dll] [N/A, ]
[C:\WINNT\system32\winmm.dll] [Microsoft Corporation, 5.00.2161.1]
[C:\WINNT\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINNT\system32\mlang.dll] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINNT\system32\c_is2022.dll] [Microsoft Corporation, 5.00.2195.6688]
[C:\WINNT\System32\msimtf.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\System32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\WINNT\system32\MSLS31.DLL] [Microsoft Corporation, 3.10.337.0]
[C:\Program Files\Microsoft Office\Office10\msohev.dll] [Microsoft Corporation, 10.0.2609]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINNT\system32\vbscript.dll] [Microsoft Corporation, 5.6.0.7426]
[C:\WINNT\system32\jscript.dll] [Microsoft Corporation, 5.6.0.8513]
[C:\WINNT\system32\wsock32.dll] [Microsoft Corporation, 5.00.2195.6603]
[C:\WINNT\system32\WS2_32.DLL] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\WS2HELP.DLL] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\RASAPI32.DLL] [Microsoft Corporation, 5.00.2195.6625]
[C:\WINNT\system32\RASMAN.DLL] [Microsoft Corporation, 5.00.2195.6604]
[C:\WINNT\system32\TAPI32.DLL] [Microsoft Corporation, 5.00.2195.6664]
[C:\WINNT\system32\RTUTILS.DLL] [Microsoft Corporation, 5.00.2168.1]
[C:\WINNT\system32\USERENV.DLL] [Microsoft Corporation, 5.00.2195.6794]
[C:\WINNT\system32\netapi32.dll] [Microsoft Corporation, 5.00.2195.6897]
[C:\WINNT\system32\SECUR32.DLL] [Microsoft Corporation, 5.00.2195.6695]
[C:\WINNT\system32\NETRAP.DLL] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\SAMLIB.DLL] [Microsoft Corporation, 5.00.2195.6897]
[C:\WINNT\system32\WLDAP32.DLL] [Microsoft Corporation, 5.00.2195.6666]
[C:\WINNT\system32\DNSAPI.DLL] [Microsoft Corporation, 5.00.2195.6824]
[C:\WINNT\system32\msafd.dll] [Microsoft Corporation, 5.00.2195.6602]
[C:\WINNT\System32\wshtcpip.dll] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\System32\rnr20.dll] [Microsoft Corporation, 5.00.2195.6603]
[C:\WINNT\system32\iphlpapi.dll] [Microsoft Corporation, 5.00.2195.6602]
[C:\WINNT\system32\ICMP.DLL] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\MPRAPI.DLL] [Microsoft Corporation, 5.00.2181.1]
[C:\WINNT\system32\ACTIVEDS.DLL] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\ADSLDPC.DLL] [Microsoft Corporation, 5.00.2195.6701]
[C:\WINNT\system32\SETUPAPI.DLL] [Microsoft Corporation, 5.00.2195.6622]
[C:\WINNT\system32\DHCPCSVC.DLL] [Microsoft Corporation, 5.00.2195.6685]
[C:\WINNT\System32\winrnr.dll] [Microsoft Corporation, 5.00.2160.1]
[C:\WINNT\system32\rasadhlp.dll] [Microsoft Corporation, 5.00.2168.1]
[C:\WINNT\system32\imgutil.dll] [Microsoft Corporation, 6.00.2800.1106]
[PID: 564][C:\WINNT\system32\ctfmon.exe] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]

爻爻x - 2007-3-14 16:46:00

[C:\WINNT\system32\ntdll.dll] [Microsoft Corporation, 5.00.2195.6899]
[C:\WINNT\system32\ADVAPI32.dll] [Microsoft Corporation, 5.00.2195.6876]
[C:\WINNT\system32\KERNEL32.DLL] [Microsoft Corporation, 5.00.2195.6897]
[C:\WINNT\system32\RPCRT4.DLL] [Microsoft Corporation, 5.00.2195.6802]
[C:\WINNT\system32\USER32.dll] [Microsoft Corporation, 5.00.2195.6897]
[C:\WINNT\system32\GDI32.DLL] [Microsoft Corporation, 5.00.2195.6898]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\WINNT\system32\MSUTB.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\system32\IMM32.DLL] [Microsoft Corporation, 5.00.2195.6655]
[C:\WINNT\system32\LPK.DLL] [Microsoft Corporation, 5.00.2195.6692]
[C:\WINNT\system32\USP10.dll] [Microsoft Corporation, 1.0325.2195.6692]
[C:\WINNT\system32\ole32.dll] [Microsoft Corporation, 5.00.2195.6810]
[C:\WINNT\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINNT\system32\COMCTL32.dll] [Microsoft Corporation, 5.81]
[C:\WINNT\system32\SHELL32.dll] [Microsoft Corporation, 5.00.3700.6705]
[C:\WINNT\system32\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1400]
[C:\WINNT\system32\msvcrt.dll] [Microsoft Corporation, 6.10.9844.0]
[C:\WINNT\system32\version.dll] [Microsoft Corporation, 5.00.2195.6623]
[C:\WINNT\system32\LZ32.DLL] [Microsoft Corporation, 5.00.2195.6611]
[C:\WINNT\mui\fallback\0804\msutb.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\WINNT\system32\vdmdbg.dll] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\OLEAUT32.DLL] [Microsoft Corporation, 2.40.4522]
[PID: 292][C:\downloads\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\WINNT\system32\ntdll.dll] [Microsoft Corporation, 5.00.2195.6899]
[C:\WINNT\system32\kernel32.dll] [Microsoft Corporation, 5.00.2195.6897]
[C:\WINNT\system32\USER32.dll] [Microsoft Corporation, 5.00.2195.6897]
[C:\WINNT\system32\GDI32.DLL] [Microsoft Corporation, 5.00.2195.6898]
[C:\WINNT\system32\comdlg32.dll] [Microsoft Corporation, 5.00.3700.6693]
[C:\WINNT\system32\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1400]
[C:\WINNT\system32\msvcrt.dll] [Microsoft Corporation, 6.10.9844.0]
[C:\WINNT\system32\ADVAPI32.dll] [Microsoft Corporation, 5.00.2195.6876]
[C:\WINNT\system32\RPCRT4.DLL] [Microsoft Corporation, 5.00.2195.6802]
[C:\WINNT\system32\COMCTL32.DLL] [Microsoft Corporation, 5.81]
[C:\WINNT\system32\SHELL32.DLL] [Microsoft Corporation, 5.00.3700.6705]
[C:\WINNT\system32\WINSPOOL.DRV] [Microsoft Corporation, 5.00.2195.6659]
[C:\WINNT\system32\MPR.DLL] [Microsoft Corporation, 5.00.2195.6824]
[C:\WINNT\system32\oledlg.dll] [Microsoft Corporation, 1.0]
[C:\WINNT\system32\OLE32.DLL] [Microsoft Corporation, 5.00.2195.6810]
[C:\WINNT\system32\OLEAUT32.dll] [Microsoft Corporation, 2.40.4522]
[C:\WINNT\system32\VERSION.dll] [Microsoft Corporation, 5.00.2195.6623]
[C:\WINNT\system32\LZ32.DLL] [Microsoft Corporation, 5.00.2195.6611]
[C:\WINNT\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2195.6824]
[C:\WINNT\system32\MSASN1.DLL] [Microsoft Corporation, 5.00.2195.6905]
[C:\WINNT\system32\WINMM.dll] [Microsoft Corporation, 5.00.2161.1]
[C:\WINNT\system32\WS2_32.dll] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\WS2HELP.DLL] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\WININET.dll] [Microsoft Corporation, 6.00.2800.1400]
[C:\WINNT\system32\IMM32.DLL] [Microsoft Corporation, 5.00.2195.6655]
[C:\WINNT\system32\LPK.DLL] [Microsoft Corporation, 5.00.2195.6692]
[C:\WINNT\system32\USP10.dll] [Microsoft Corporation, 1.0325.2195.6692]
[C:\WINNT\system32\RICHED20.DLL] [Microsoft Corporation, 5.30.23.1215]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\WINNT\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\WINNT\system32\sfc.dll] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\sfcfiles.dll] [Microsoft Corporation, 5.00.2195.6894]
[C:\WINNT\system32\Sensapi.dll] [Microsoft Corporation, 5.00.2195.6627]
[C:\WINNT\system32\wsock32.dll] [Microsoft Corporation, 5.00.2195.6603]
[C:\WINNT\system32\RASAPI32.DLL] [Microsoft Corporation, 5.00.2195.6625]
[C:\WINNT\system32\RASMAN.DLL] [Microsoft Corporation, 5.00.2195.6604]
[C:\WINNT\system32\TAPI32.DLL] [Microsoft Corporation, 5.00.2195.6664]
[C:\WINNT\system32\RTUTILS.DLL] [Microsoft Corporation, 5.00.2168.1]
[C:\WINNT\system32\USERENV.DLL] [Microsoft Corporation, 5.00.2195.6794]
[C:\WINNT\system32\netapi32.dll] [Microsoft Corporation, 5.00.2195.6897]
[C:\WINNT\system32\SECUR32.DLL] [Microsoft Corporation, 5.00.2195.6695]
[C:\WINNT\system32\NETRAP.DLL] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\SAMLIB.DLL] [Microsoft Corporation, 5.00.2195.6897]
[C:\WINNT\system32\WLDAP32.DLL] [Microsoft Corporation, 5.00.2195.6666]
[C:\WINNT\system32\DNSAPI.DLL] [Microsoft Corporation, 5.00.2195.6824]
[C:\WINNT\System32\rnr20.dll] [Microsoft Corporation, 5.00.2195.6603]
[C:\WINNT\system32\iphlpapi.dll] [Microsoft Corporation, 5.00.2195.6602]
[C:\WINNT\system32\ICMP.DLL] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\MPRAPI.DLL] [Microsoft Corporation, 5.00.2181.1]
[C:\WINNT\system32\ACTIVEDS.DLL] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\ADSLDPC.DLL] [Microsoft Corporation, 5.00.2195.6701]
[C:\WINNT\system32\SETUPAPI.DLL] [Microsoft Corporation, 5.00.2195.6622]
[C:\WINNT\system32\DHCPCSVC.DLL] [Microsoft Corporation, 5.00.2195.6685]
[C:\WINNT\System32\winrnr.dll] [Microsoft Corporation, 5.00.2160.1]
[C:\WINNT\system32\rasadhlp.dll] [Microsoft Corporation, 5.00.2168.1]
[C:\WINNT\system32\urlmon.dll] [Microsoft Corporation, 6.00.2800.1400]
[C:\WINNT\system32\msafd.dll] [Microsoft Corporation, 5.00.2195.6602]
[C:\WINNT\System32\wshtcpip.dll] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\wintrust.dll] [Microsoft Corporation, 5.131.2195.6824]
[C:\WINNT\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.00.2195.6613]
[C:\WINNT\system32\rsaenh.dll] [Microsoft Corporation, 5.00.2195.6611]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

爻爻x - 2007-3-14 16:47:00

高手们看看是什么原因？

姑苏求败 - 2007-3-14 16:53:00

<ravshell><C:\WINNT\system32\SVCH0ST.EXE> [N/A]
<svc><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sysonling.exe> [Microsoft Corporation]
<mss3><C:\WINNT\mss3.exe> [N/A]
<mppds><C:\WINNT\mppds.exe> []
<upxdnd><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TIMPLATF0RM.exe> []
<mhs3><C:\WINNT\mhs3.exe> []

这些都被病毒动了。

爻爻x - 2007-3-14 17:01:00

怎么办?用瑞星安全模式杀不到呀.

weimmary - 2007-3-14 17:13:00

将样本发到我的邮箱我看看吧,weimmary@126.com

阿轲看剑 - 2007-3-14 17:18:00

也不能排除是你硬件故障引起的重启现象..

爻爻x - 2007-3-14 17:21:00

发过去了,您看看.

爻爻x - 2007-3-14 17:59:00

硬件没问题,安全模式可以进去,是中毒了

瑞星卡卡安全论坛