瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 急~~~快来救命啊!!!(有日志)

1   1  /  1  页   跳转

急~~~快来救命啊!!!(有日志)

收藏
渴望毒毒
头像
初生襁褓狮
  • 帖子:67
  • 注册: 2007-01-07
  • 来自:
发表于: 2007-01-12 21:51 | 只看楼主 短消息 资料
字号: 1楼

急~~~快来救命啊!!!(有日志)

[CODE]

2007-01-12,21:26:23

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Intel Corporation]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Intel Corporation]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Avance Logic, Inc.]
    <C:\WINDOWS\sna1006.exe><C:\WINDOWS\sna1006.exe>  [N/A]
    <wdfmgr32><C:\WINDOWS\system32\wdfmgr32.exe>  [N/A]
    <IMSCMIG.exe><C:\WINDOWS\system32\IMSCMIG.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070109.dll start>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Error Reporting Service / ERSvc][Stopped/Auto Start]
  <2 - 系统找不到指定的文件。
><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Vsn qvxx Service / qvxx][Running/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\wbaa\aihh.dll,Service><Microsoft Corporation>
[E6D1FA3C / E6D1FA3C][Stopped/Auto Start]
  <C:\WINDOWS\system32\E6D1FA3C.EXE -service><Microsoft Corporation>
[786047CB / 786047CB][Stopped/Auto Start]
  <C:\WINDOWS\system32\786047CB.EXE -service><Microsoft Corporation>
[RestoreServices / RestoreServices][Stopped/Auto Start]
  <C:\WINDOWS\system32\Svchost.exe -k RestoreServices-->C:\WINDOWS\system32\drivers\restore.dll><Microsoft Corporation All rights reserved>
[Windows Media Connect Service / WmdmPmSp][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\WmdmPmSp.dll><LINKMEDIA Tech>

==================================
驱动程序
[Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>

==================================
浏览器加载项
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush.dll, N/A>
[]
  {1F48640D-67C5-435F-9605-DD6135891AAC} <C:\WINDOWS\system32\obubvuwlvrskoai.dll, N/A>
[nvuu]
  {3758515F-31DC-4860-83EB-DAD685343EF7} <C:\PROGRA~1\wbaa\xfee.dll, >
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[Navigator Class]
  {96FC3938-C6CA-475D-8D3B-45F323A6B62B} <C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Office\NAVDATA\webnav_2018.dll, >
[]
  {E9020D2E-DEC9-4EBE-B38D-E1E6AE13D13F} <C:\WINDOWS\system32\jedwmusuxmkkn.dll, N/A>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush.dll, N/A>
[]
  {1F48640D-67C5-435F-9605-DD6135891AAC} <C:\WINDOWS\system32\obubvuwlvrskoai.dll, N/A>
[nvuu]
  {3758515F-31DC-4860-83EB-DAD685343EF7} <C:\PROGRA~1\wbaa\xfee.dll, >
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[Navigator Class]
  {96FC3938-C6CA-475D-8D3B-45F323A6B62B} <C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Office\NAVDATA\webnav_2018.dll, >
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[]
  {E9020D2E-DEC9-4EBE-B38D-E1E6AE13D13F} <C:\WINDOWS\system32\jedwmusuxmkkn.dll, N/A>
最后编辑2007-01-12 21:58:31
分享到:
gototop
 
渴望毒毒
头像
初生襁褓狮
  • 帖子:67
  • 注册: 2007-01-07
  • 来自:
发表于: 2007-01-12 21:52 | 只看楼主 短消息 资料
字号: 2楼

==================================
正在运行的进程
[PID: 424][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 476][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 500][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 544][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 556][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 708][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 768][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 832][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\wmdmpmsp.dll]  [LINKMEDIA Tech, 1, 5, 0, 4]
[PID: 924][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1000][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1152][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1304][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\obubvuwlvrskoai.dll]  [N/A, N/A]
    [C:\PROGRA~1\wbaa\xfee.dll]  [, 1, 2, 0, 8]
    [C:\WINDOWS\system32\jedwmusuxmkkn.dll]  [N/A, N/A]
[PID: 1496][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3.0.0.4342]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4342]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.4342]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4342]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4342]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4342]
[PID: 1504][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.4342]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4342]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.4342]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4342]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3.0.0.4342]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4342]
[PID: 1520][C:\WINDOWS\SOUNDMAN.EXE]  [Avance Logic, Inc., 5, 0, 0, 0]
[PID: 1536][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 324][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1696][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\wbaa\aihh.dll]  [, 1, 2, 0, 8]
[PID: 1836][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 464][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4064][F:\tools\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[D:\]
[autorun]
open=d:\mplay.com

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================


[/CODE]
gototop
 
渴望毒毒
头像
初生襁褓狮
  • 帖子:67
  • 注册: 2007-01-07
  • 来自:
发表于: 2007-01-12 21:53 | 只看楼主 短消息 资料
字号: 3楼

救命啊,老是自动弹出网页~~~
gototop
 
渴望毒毒
头像
初生襁褓狮
  • 帖子:67
  • 注册: 2007-01-07
  • 来自:
发表于: 2007-01-12 21:55 | 只看楼主 短消息 资料
字号: 4楼

还是刚装的系统呢.本来还不会的呢!!!好失望啊~~~
gototop
 
渴望毒毒
头像
初生襁褓狮
  • 帖子:67
  • 注册: 2007-01-07
  • 来自:
发表于: 2007-01-12 22:07 | 只看楼主 短消息 资料
字号: 5楼

天啊,没人可以帮下我吗!?高手啊,大虾啊,快快显身吧,我的贴都沉了...
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT