瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 帮忙看看explorer有没问题,附扫描日志【求助】

1   1  /  1  页   跳转

帮忙看看explorer有没问题,附扫描日志【求助】

收藏
安全再安全吧
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2006-12-11
  • 来自:
发表于: 2006-12-11 13:41 | 只看楼主 短消息 资料
字号: 1楼

帮忙看看explorer有没问题,附扫描日志【求助】

刚买电脑没几天,杀毒软件有三个正版的,瑞星(正版刚买),卡巴(奇虎申请半年),江民(电脑爱好者合订本送),准备一个一个试一下,现在正用卡巴+天网。
    今天在学校的ftp上下载音乐,用IE打开ftp(因为网速度快没专门用FTP工具),复制了一个mp3文件,突然我的天网提示说explorer.exe要访问网络,二话没说拒绝了。我当时卡巴的主动防是开着的,其中的“线程插入”是开着的,没报有什么插入线程。
    于是担心就用IceSword扫了一下,没发现什么,不过发现SSDT中有很多红的,名字是两个,一个是klif.sys和skyprocs.sys,网上百度了一下,说klif.sys是卡巴5.0中的底层驱动,但6.0中是怎么回事,大家没人说清,skyprocs.sys这个应该是天网的。
最后还是用System Repair Engineer扫描了一下,请大家帮忙看看:

关于我电脑上用的一些软件和硬件:
显卡用的ati的,在扫描中出现在它的进程,应该正常
用的网易popo,腾讯TT浏览器,卡巴杀毒6.0,天网防火墙,学校上网认证用锐捷(进程中的8021x.exe是它,还有RuijieSupplicant.exe在别的地方出现也是)

谢谢指点,不胜感激!
最后编辑2006-12-11 14:03:20
分享到:
gototop
 
安全再安全吧
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2006-12-11
  • 来自:
发表于: 2006-12-11 13:42 | 只看楼主 短消息 资料
字号: 2楼

===================================
2006-12-11,12:56:09

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <kav><"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
    <SKYNET Personal FireWall><D:\Program Files\SkyNet\FireWall\pfw.exe>  [广州众达天网技术有限公司]
    <Supplicant><d:\program files\锐捷网络\ruijie supplicant\8021x.exe>  [锐捷网络]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[卡巴斯基反病毒6.0 / AVP]
  <"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NetMeeting Remote Desktop Sharing / mnmsrvc]
  <C:\WINDOWS\system32\mnmsrvc.exe><N/A>

==================================
驱动程序
[ati2mtag / ati2mtag]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[AVG Anti-Spyware Clean Driver / AvgAsCln]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[kl1 / kl1]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[npkcrypt / npkcrypt]
  <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Service for NVIDIA(R) nForce(TM) Audio Enumerator / nvax]
  <system32\drivers\nvax.sys><NVIDIA Corporation>
[NVIDIA Disk Cache Filter Driver / nvcchflt]
  <\SystemRoot\system32\DRIVERS\nvcchflt.sys><NVIDIA Corporation>
[Service for NVIDIA(R) nForce(TM) Audio / nvnforce]
  <system32\drivers\nvapu.sys><NVIDIA Corporation>
[PnpWmkDrv / PnpWmkDrv]
  <\??\C:\WINDOWS\system32\drivers\PnpWmkDrv.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><Macrovision Europe Ltd>
[SKNFW / SKNFW]
  <\??\C:\WINDOWS\system32\Drivers\SKNFW.sys><N/A>
[SkyProcs / SkyProcs]
  <\??\D:\Program Files\SkyNet\FireWall\SkyProcs.sys><N/A>

==================================
浏览器加载项
[Shockwave ActiveX Control]
  {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\macromed\Director\SwDir.dll, Adobe Systems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[使用网际快车下载]
  <D:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <D:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
gototop
 
安全再安全吧
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2006-12-11
  • 来自:
发表于: 2006-12-11 13:43 | 只看楼主 短消息 资料
字号: 3楼

==================================
正在运行的进程
[PID: 484][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 564][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 592][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 636][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 648][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 784][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4140]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2503]
[PID: 812][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 904][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 968][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1028][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1112][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1352][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\FREEWB.IME]  [Delphi Fan Studio, 5.1]
    [D:\Program Files\freewb\plugin\date.plg]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\dfshim.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 1504][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1544][D:\program files\锐捷网络\ruijie supplicant\8021x.exe]  [锐捷网络, 2, 56, 0, 0]
    [C:\WINDOWS\system32\W32N50.dll]  [Printing Communications Assoc., Inc. (PCAUSA), 5.03.16.54]
[PID: 1648][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1244][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1508][D:\Program Files\popo2004\popo.exe]  [网易(163.com), 1, 0, 0, 1]
    [D:\Program Files\popo2004\XGDI.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\popo2004\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [D:\Program Files\popo2004\XFile.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\popo2004\P2PMgr.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\popo2004\XComm.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\popo2004\Trace.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\popo2004\Updater.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\popo2004\UNZIP32.dll]  [Info-ZIP, 5.5]
    [D:\Program Files\popo2004\ResLoc.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\popo2004\MailChecker.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\popo2004\ExtraEditor.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\popo2004\XMP.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\popo2004\fmod.dll]  [Firelight Technologies Pty, Ltd, 3.73]
    [D:\Program Files\popo2004\UrlObj.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\popo2004\WebService.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\popo2004\Bobo.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\popo2004\SOX.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\popo2004\share.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\popo2004\XVideo.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\popo2004\VCodec.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\popo2004\XVoice.dll]  [, 1, 0, 0, 2]
    [D:\Program Files\popo2004\GIPSVoiceEngineDLL.dll]  [Global IP Sound, 2, 0, 4, 0]
    [D:\Program Files\popo2004\XEmotion.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\popo2004\MsgHis.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\popo2004\plugins\MSN.DLL]  [, 1, 0, 0, 1]
    [D:\Program Files\popo2004\plugins\LIBCURL.dll]  [N/A, N/A]
    [D:\Program Files\popo2004\plugins\SSLEAY32.dll]  [N/A, N/A]
    [D:\Program Files\popo2004\plugins\LIBEAY32.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\FREEWB.IME]  [Delphi Fan Studio, 5.1]
    [D:\Program Files\freewb\plugin\date.plg]  [, 1, 0, 0, 1]
[PID: 340][D:\Program Files\Tencent\TT\TTraveler.exe]  [腾讯公司, 3.1.0.261]
    [D:\Program Files\Tencent\TT\Plugins\TWeather\TWeather.dll]  [, 1, 0, 0, 3]
    [D:\Program Files\Tencent\TT\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 4]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\PNCRT.dll]  [Real Networks, Inc, 6.0.0.0]
    [C:\Program Files\Common Files\Real\Common\pnrs3260.dll]  [RealNetworks, Inc., 6.0.9.4317]
    [C:\WINDOWS\system32\FREEWB.IME]  [Delphi Fan Studio, 5.1]
    [D:\Program Files\freewb\plugin\date.plg]  [, 1, 0, 0, 1]
[PID: 3896][D:\Program Files\FlashGet\flashget.exe]  [Amaze Soft, 1, 7, 1, 0]
[PID: 2568][D:\Program Files\Tencent\TT\TCPlus.exe]  [腾讯公司, 1, 0, 0, 5]
    [D:\Program Files\Tencent\TT\QQDownload.dll]  [Tencent Technology (Shenzhen) Company Limited, 1, 0, 101, 28]
    [D:\Program Files\Tencent\TT\TNProxy.dll]  [Tencent Technology(Shenzhen) Company Limited, 2, 1, 101, 60]
[PID: 2300][D:\Downloads\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================

===================================
gototop
 
不言放弃
头像
社区嘉宾
  • 帖子:30678
  • 注册: 2004-09-17
  • 来自:蓝色星球
发表于: 2006-12-11 14:02 | 短消息 资料
字号: 4楼

【回复“安全再安全吧”的帖子】
日志没有问题

但是有一点需要提示楼主:
[NetMeeting Remote Desktop Sharing / mnmsrvc]
<C:\WINDOWS\system32\mnmsrvc.exe><N/A>
这是NetMeeting的远程桌面服务
也算是一个比较危险的服务吧

若楼主没有开通的话
建议禁用
gototop
 
安全再安全吧
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2006-12-11
  • 来自:
发表于: 2006-12-11 14:12 | 只看楼主 短消息 资料
字号: 5楼

嗯,谢谢不言~~
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT