1   1  /  1  页   跳转

[求助]遇到一个超困难的问题

收藏
流星1979
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2008-03-07
  • 来自:
发表于: 2008-03-08 00:19 | 只看楼主 短消息 资料
字号: 1楼

[求助]遇到一个超困难的问题

菜鸟求助,遇到一个相当棘手的问题.曾下过一个压缩包,瑞星报后门病毒,但未能清除.重启后再查杀就查不到了,在这之前曾浏览过一个网页,期间瑞星实时监控被关了,不知道是不是这个网站捣的鬼.我电脑装了瑞星正版,卡卡5.0,天网V3.0.0.01010,从那以后再也没有任何病毒的消息,但每次上网ADSL灯都会闪,频率不快,但我用另一台电脑上网和其他系统上网都没有这个症状.怀疑被人中了后门,但硬盘却不见可疑的访问.现把卡卡诊断帖上,希望高手给指点一二.
[smss.exe]
PID = 0x318
CommandLine =
    smss.exe
    0x48580000
    D:\WINDOWS\system32\smss.exe
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Windows NT Session Manager
    2006-12-14 06:29:30

    ntdll.dll
    0x7c920000
    D:\WINDOWS\system32\ntdll.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    NT Layer DLL
    2006-12-14 06:29:30




[csrss.exe]
PID = 0x360
CommandLine = D:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
    csrss.exe
    0x4a680000
    d:\windows\system32\csrss.exe
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Client Server Runtime Process
    2006-12-14 06:29:30

    ntdll.dll
    0x7c920000
    D:\WINDOWS\system32\ntdll.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    NT Layer DLL
    2006-12-14 06:29:30

    CSRSRV.dll
    0x75aa0000
    D:\WINDOWS\system32\csrsrv.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Client Server Runtime Process
    2006-12-14 06:29:30

    basesrv.dll
    0x75ab0000
    D:\WINDOWS\system32\basesrv.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Windows NT BASE API Server DLL
    2006-12-14 06:29:30

    winsrv.dll
    0x764e0000
    D:\WINDOWS\system32\winsrv.dll
    5.1.2600.3103 (xpsp_sp2_gdr.070316-1309)
    Microsoft Corporation
    Windows Server DLL
    2007-03-17 21:45:06

    GDI32.dll
    0x77ef0000
    D:\WINDOWS\system32\gdi32.dll
    5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)
    Microsoft Corporation
    GDI Client DLL
    2007-06-19 21:32:10

    KERNEL32.dll
    0x7c800000
    D:\WINDOWS\system32\kernel32.dll
    5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)
    Microsoft Corporation
    Windows NT BASE API Client DLL
    2007-04-16 23:54:26

    USER32.dll
    0x77d10000
    D:\WINDOWS\system32\user32.dll
    5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)
    Microsoft Corporation
    Windows XP USER API Client DLL
    2007-03-08 23:37:22

    LPK.DLL
    0x62c20000
    D:\WINDOWS\system32\lpk.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Language Pack
    2006-12-14 06:29:30

    USP10.dll
    0x73fa0000
    D:\WINDOWS\system32\usp10.dll
    1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Uniscribe Unicode script processor
    2006-12-14 06:29:30

    msvcrt.dll
    0x77be0000
    D:\WINDOWS\system32\msvcrt.dll
    7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Windows NT CRT DLL
    2006-12-14 06:29:30

    ADVAPI32.dll
    0x77da0000
    D:\WINDOWS\system32\advapi32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Advanced Windows 32 Base API
    2006-12-14 06:29:30

    RPCRT4.dll
    0x77e50000
    D:\WINDOWS\system32\rpcrt4.dll
    5.1.2600.3173 (xpsp_sp2_gdr.070709-0051)
    Microsoft Corporation
    Remote Procedure Call Runtime
    2007-07-09 21:09:42

    Secur32.dll
    0x77fc0000
    D:\WINDOWS\system32\secur32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Security Support Provider Interface
    2006-12-14 06:29:30

    sxs.dll
    0x75e00000
    D:\WINDOWS\system32\sxs.dll
    5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)
    Microsoft Corporation
    Fusion 2.5
    2006-10-20 09:37:48




[winlogon.exe]
PID = 0x378
CommandLine = winlogon.exe
    winlogon.exe
    0x1000000
    d:\windows\system32\winlogon.exe
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Windows NT Logon Application
    2006-12-14 06:29:30

    ntdll.dll
    0x7c920000
    D:\WINDOWS\system32\ntdll.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    NT Layer DLL
    2006-12-14 06:29:30

    kernel32.dll
    0x7c800000
    D:\WINDOWS\system32\kernel32.dll
    5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)
    Microsoft Corporation
    Windows NT BASE API Client DLL
    2007-04-16 23:54:26

    ADVAPI32.dll
    0x77da0000
    D:\WINDOWS\system32\advapi32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Advanced Windows 32 Base API
    2006-12-14 06:29:30

    RPCRT4.dll
    0x77e50000
    D:\WINDOWS\system32\rpcrt4.dll
    5.1.2600.3173 (xpsp_sp2_gdr.070709-0051)
    Microsoft Corporation
    Remote Procedure Call Runtime
    2007-07-09 21:09:42

    Secur32.dll
    0x77fc0000
    D:\WINDOWS\system32\secur32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Security Support Provider Interface
    2006-12-14 06:29:30

    AUTHZ.dll
    0x77fe0000
    D:\WINDOWS\system32\authz.dll
    5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)
    Microsoft Corporation
    Authorization Framework
    2005-03-03 02:10:06

    msvcrt.dll
    0x77be0000
    D:\WINDOWS\system32\msvcrt.dll
    7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Windows NT CRT DLL
    2006-12-14 06:29:30

    CRYPT32.dll
    0x765e0000
    D:\WINDOWS\system32\crypt32.dll
    5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Crypto API32
    2006-12-14 06:29:30

    USER32.dll
    0x77d10000
    D:\WINDOWS\system32\user32.dll
    5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)
    Microsoft Corporation
    Windows XP USER API Client DLL
    2007-03-08 23:37:22

    GDI32.dll
    0x77ef0000
    D:\WINDOWS\system32\gdi32.dll
    5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)
    Microsoft Corporation
    GDI Client DLL
    2007-06-19 21:32:10

    MSASN1.dll
    0x76db0000
    D:\WINDOWS\system32\msasn1.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    ASN.1 Runtime APIs
    2006-12-14 06:29:30

    NDdeApi.dll
    0x758a0000
    D:\WINDOWS\system32\nddeapi.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Network DDE Share Management APIs
    2006-12-14 06:29:30

    PROFMAP.dll
    0x75890000
    D:\WINDOWS\system32\profmap.d

[用户系统信息]Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; .NET CLR 2.0.50727)

附件附件:

下载次数:143
文件类型:application/octet-stream
文件大小:
上传时间:2008-3-8 0:19:30
描述:

最后编辑2008-03-08 11:03:03
分享到:
gototop
 
流星1979
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2008-03-07
  • 来自:
发表于: 2008-03-08 00:29 | 只看楼主 短消息 资料
字号: 2楼

附件是另一个详细的诊断日志,因为太大,只好发附件,请高手或是瑞星工作人员帮忙,我的杀毒软件至多三天升级一次,我用卡卡,瑞星,360安全卫士都不曾查到病毒,但很怀疑.
gototop
 
传奇世界53
头像
初生襁褓狮
  • 帖子:17
  • 注册: 2007-12-16
  • 来自:
发表于: 2008-03-08 05:12 | 短消息 资料
字号: 3楼

看不懂  希望来高手...
gototop
 
吃大餐去
头像
快乐黄口狮
  • 帖子:224
  • 注册: 2007-05-07
  • 来自:
发表于: 2008-03-08 11:14 | 短消息 资料
字号: 4楼

楼主把那个可疑文件直接删除或是上报瑞星分析!
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT