SRENG我的日志报告,请大家帮忙诊断!谢谢 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛 SRENG我的日志报告,请大家帮忙诊断!谢谢

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12 3

1 / 3 页

跳转页

SRENG我的日志报告,请大家帮忙诊断!谢谢

红色边疆初生襁褓狮帖子:20 注册: 2007-06-16 来自:	发表于： 2007-06-16 10:00 \| 只看楼主短消息资料字号：小中大 1楼 SRENG我的日志报告,请大家帮忙诊断!谢谢 CODE] 2007-06-16,09:16:51 System Repair Engineer 2.4.12.806 Smallfrogs (http://www.KZTechs.com) Windows XP Home Edition Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher] <P2kAutostart><> [N/A] <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows Publisher] <zbw0rh802iqfgdu><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\iexpl0re.exe> [N/A] <ravshell><C:\Progra~1\Eset\1explore.exe> [N/A] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] <bill><rundll32.exe "C:\WINDOWS\system32\winbill070330.dll" mymain> [N/A] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [N/A] <run><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher] <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher] <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher] <nwiz><nwiz.exe /installquiet /keeploaded /nodetect> [] <RTHDCPL><RTHDCPL.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <Alcmtr><ALCMTR.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <SysExplr><C:\Herosoft\HeroV8\SYSEXPLR.EXE> [] <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.] <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.] <Flashget><"D:\Program Files\FlashGet\FlashGet.exe" /min> [FlashGet.com] <StormCodec_Helper><"D:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [] <upxdnd><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\upxdnd.exe> [N/A] <PCSuiteTrayApplication><C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup> [Nokia] <runeip><C:\Program Files\Rising\KakaToolBar\runiep.exe> [Beijing Rising Technology Co., Ltd.] <ClientQyule><C:\Program Files\Qyule\Qyule.exe -autostart> [N/A] <WebThunder><C:\Program Files\Thunder Network\WebThunder\WebThunder.exe> [(Verified)ShenZhen Thunder Networking Technologies Ltd.] <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Publisher] <wosa><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\woso.exe> [] <ztsa><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\ztso.exe> [N/A] <mhsa><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\mhso.exe> [] <rxsa><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\rxso.exe> [] <qjsa><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\qjso.exe> [] <tlsa><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\tlso.exe> [] <wdsa><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\wdso.exe> [] <dasa><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\daso.exe> [] <wgsa><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\wgso.exe> [] <wlsa><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\wlso.exe> [] <wmsa><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\wmso.exe> [] <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A] <fysa><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\fyso.exe> [] <jtsa><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\jtso.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] <RavMon><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\RavMonD.exe> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows Publisher] <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.] <{2133B3FD-315E-4523-BD1A-22F723DFBCA3}><C:\WINDOWS\system32\jpqpri.dll> [N/A] <{0EA12C16-CDEF-6AC1-236E-CD3FE82F5213}><C:\Program Files\Internet Explorer\msvcrt.dll> [Microsoft Corporation] [HKEY_CURRENT_USER\Control Panel\Desktop] <SCRNSAVE.EXE><C:\Herosoft\HeroV8\豪杰多~1.SCR> [N/A] 2007-06-16 10:21:37
红色边疆初生襁褓狮帖子:20 注册: 2007-06-16 来自:	分享到：

有毒必问锋芒艾服狮帖子:1653 注册: 2005-02-13 来自:廣東	发表于： 2007-06-16 10:03 \| 短消息资料字号：小中大 2楼在安全糢式下刪除或脩復 <zbw0rh802iqfgdu><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\iexpl0re.exe> [N/A] <ravshell><C:\Progra~1\Eset\1explore.exe> [N/A <bill><rundll32.exe "C:\WINDOWS\system32\winbill070330.dll" mymain> [N/A] <upxdnd><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\upxdnd.exe> [N/A] <wosa><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\woso.exe> [] <ztsa><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\ztso.exe> [N/A] <mhsa><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\mhso.exe> [] <rxsa><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\rxso.exe> [] <qjsa><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\qjso.exe> [] <tlsa><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\tlso.exe> [] <wdsa><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\wdso.exe> [] <dasa><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\daso.exe> [] <wgsa><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\wgso.exe> [] <wlsa><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\wlso.exe> [] <wmsa><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\wmso.exe> [] <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A] <fysa><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\fyso.exe> [] <jtsa><C:\DOCUME~1\VC01E9~1\LOCALS~1\Temp\jtso.exe> [] 先做好相應的備份
有毒必问锋芒艾服狮帖子:1653 注册: 2005-02-13 来自:廣東

有毒必问锋芒艾服狮帖子:1653 注册: 2005-02-13 来自:廣東	发表于： 2007-06-16 10:04 \| 短消息资料字号：小中大 3楼還有其它的呢？
有毒必问锋芒艾服狮帖子:1653 注册: 2005-02-13 来自:廣東

HOSTのS 飘泊而立狮帖子:784 注册: 2007-06-10 来自:	发表于： 2007-06-16 10:08 \| 短消息资料字号：小中大 4楼日志不全
HOSTのS 飘泊而立狮帖子:784 注册: 2007-06-10 来自:

虚幻ヱ涟漪飘泊而立狮帖子:697 注册: 2007-04-15 来自:已经消失的地方	发表于： 2007-06-16 10:13 \| 短消息资料字号：小中大 5楼 http://hi.baidu.com/newcenturysun/blog/item/5b178f50e879276385352489.html 去看看！
虚幻ヱ涟漪飘泊而立狮帖子:697 注册: 2007-04-15 来自:已经消失的地方

红色边疆初生襁褓狮帖子:20 注册: 2007-06-16 来自:	发表于： 2007-06-16 10:15 \| 只看楼主短消息资料字号：小中大 6楼是的不全,太长,每次贴的时候都说验证码错误所以贴的不全.
红色边疆初生襁褓狮帖子:20 注册: 2007-06-16 来自:

红色边疆初生襁褓狮帖子:20 注册: 2007-06-16 来自:	发表于： 2007-06-16 10:16 \| 只看楼主短消息资料字号：小中大 7楼接上 ================================== 启动文件夹 [Adobe Reader Speed Launch] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N> [Microsoft Office] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [Microsoft Corporation]><N> [功能键盘] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\功能键盘.lnk --> C:\PROGRA~1\Legend\HotKey\HotKeyB.exe [联想电脑公司]><N> [腾讯QQ] <C:\Documents and Settings\v c\「开始」菜单\程序\启动\腾讯QQ.lnk --> C:\PROGRA~1\TENCENT\QQ\QQ.exe [TENCENT]><N> ==================================
红色边疆初生襁褓狮帖子:20 注册: 2007-06-16 来自:

红色边疆初生襁褓狮帖子:20 注册: 2007-06-16 来自:	发表于： 2007-06-16 10:17 \| 只看楼主短消息资料字号：小中大 8楼接上服务 [Application Management / AppMgmt][Stopped/Manual Start] <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A> [ASP.NET State Service / aspnet_state][Stopped/Manual Start] <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation> [Human Interface Device Access / HidServ][Stopped/Disabled] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [Machine Debug Manager / MDM][Running/Auto Start] <"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"><Microsoft Corporation> [NMIndexingService / NMIndexingService][Stopped/Disabled] <"C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"><N/A> [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation> [Rising Proxy Service / RfwProxySrv][Stopped/Manual Start] <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.> [Rising Personal Firewall Service / RfwService][Running/Auto Start] <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.> [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> [ServiceLayer / ServiceLayer][Running/Manual Start] <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><Nokia.> ==================================
红色边疆初生襁褓狮帖子:20 注册: 2007-06-16 来自:

红色边疆初生襁褓狮帖子:20 注册: 2007-06-16 来自:	发表于： 2007-06-16 10:18 \| 只看楼主短消息资料字号：小中大 9楼接上驱动程序 [abp480n5 / abp480n5][Running/Boot Start] <\SystemRoot\system32\DRIVERS\ABP480N5.SYS><Microsoft Corporation> [ADProt / ADProt][Stopped/System Start] <\SystemRoot\system32\drivers\ADProt.sys><N/A> [adpu160m / adpu160m][Running/Boot Start] <\SystemRoot\system32\DRIVERS\adpu160m.sys><Microsoft Corporation> [Aha154x / Aha154x][Running/Boot Start] <\SystemRoot\system32\DRIVERS\aha154x.sys><Microsoft Corporation> [aic78u2 / aic78u2][Running/Boot Start] <\SystemRoot\system32\DRIVERS\aic78u2.sys><Microsoft Corporation> [aic78xx / aic78xx][Running/Boot Start] <\SystemRoot\system32\DRIVERS\aic78xx.sys><Microsoft Corporation> [AliIde / AliIde][Running/Boot Start] <\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.> [AMD AGP Bus Filter Driver / amdagp][Running/Boot Start]
红色边疆初生襁褓狮帖子:20 注册: 2007-06-16 来自:

红色边疆初生襁褓狮帖子:20 注册: 2007-06-16 来自:	发表于： 2007-06-16 10:19 \| 只看楼主短消息资料字号：小中大 10楼接上 <\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.> [asc / asc][Running/Boot Start] <\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.> [asc3350p / asc3350p][Running/Boot Start] <\SystemRoot\system32\DRIVERS\asc3350p.sys><Microsoft Corporation> [asc3550 / asc3550][Running/Boot Start] <\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.> [Rising TDI Base Driver / BaseTDI][Running/Auto Start] <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.> [BdGuard / BdGuard][Running/Boot Start] <\SystemRoot\system32\drivers\BDGuard.SYS><> [BrPar / BrPar][Running/Auto Start] <\SystemRoot\System32\drivers\BrPar.sys><Brother Industries Ltd.> [cd20xrnt / cd20xrnt][Running/Boot Start] <\SystemRoot\system32\DRIVERS\cd20xrnt.sys><Microsoft Corporation> [CmdIde / CmdIde][Running/Boot Start] <\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.> [dac2w2k / dac2w2k][Running/Boot Start] <\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation> [dpti2o / dpti2o][Running/Boot Start] <\SystemRoot\system32\DRIVERS\dpti2o.sys><Microsoft Corporation> [Intel(R) PRO Network Connection Driver / E100B][Running/Manual Start] <system32\DRIVERS\e100b325.sys><Intel Corporation> [ExpScaner / ExpScaner][Running/Auto Start] <\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><> [Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start] <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider> [HookCont / HookCont][Running/Auto Start] <\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
红色边疆初生襁褓狮帖子:20 注册: 2007-06-16 来自:

<<上一主题|下一主题>>

12 3

1 / 3 页

跳转页

页面顶部

Powered by Discuz!NT