瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 谁帮我看下日志看看有没有病毒啊。。。

1   1  /  1  页   跳转

谁帮我看下日志看看有没有病毒啊。。。

收藏
cainiao12
头像
初生襁褓狮
  • 帖子:1
  • 注册: 2008-03-31
  • 来自:
发表于: 2008-03-31 14:11 | 只看楼主 短消息 资料
字号: 1楼

谁帮我看下日志看看有没有病毒啊。。。

========Content========
<\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[gdrv / gdrv][Stopped/Manual Start]
  <\??\C:\WINNT\gdrv.sys><Windows (R) Codename Longhorn DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ROCKEYNT / ROCKEYNT][Running/Auto Start]
  <\??\C:\WINNT\system32\drivers\Rockeynt.sys><FeiTian Tech Co.,Ltd>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Realtek 10/100/1000 PCI-E NIC Family NT Driver / RTLE8023][Running/Manual Start]
  <system32\DRIVERS\Rtenic.sys><Realtek Semiconductor Corporation>
[Sentinel / Sentinel][Running/Auto Start]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><Rainbow Technologies, Inc.>
[Superk5 / Superk5][Running/Auto Start]
  <\SystemRoot\System32\drivers\superk5.sys><Microsoft Corporation>
[TesSafe / TesSafe][Stopped/Manual Start]
  <\??\C:\WINNT\system32\TesSafe.sys><TENCENT>
[WINIO / WINIO][Stopped/Manual Start]
  <\??\H:\winio.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINNT\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <G:\360安全卫士\360safe\live.dll, 360safe.com>

==================================
正在运行的进程
[PID: 196][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 220][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 240][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
[PID: 268][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 280][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
[PID: 492][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 528][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
[PID: 592][C:\WINNT\system32\drivers\CDAC11BA.EXE]  [Macrovision, 4.20.020]
[PID: 636][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\unimdm.tsp]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\kmddsp.tsp]  [Microsoft Corporation, 5.00.2150.1]
    [C:\WINNT\system32\ndptsp.tsp]  [Microsoft Corporation, 5.00.2143.1]
    [C:\WINNT\system32\ipconf.tsp]  [Microsoft Corporation, 5.00.2143.1]
    [C:\WINNT\system32\h323.tsp]  [Microsoft Corporation, 5.00.2195.6901]
[PID: 676][C:\WINNT\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.9371]
    [C:\WINNT\system32\nvapi.dll]  [N/A, ]
[PID: 724][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 760][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6972]
    [C:\WINNT\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
[PID: 928][C:\WINNT\system32\spool\ugplot\ugiipqd.exe]  [Unigraphics Solutions, Inc, 2.0.0.21]
    [C:\WINNT\system32\spool\ugplot\MSVCR70.dll]  [Microsoft Corporation, 7.00.9466.0]
    [C:\WINNT\system32\spool\ugplot\libplotq.dll]  [Unigraphics Solutions, Inc, 2.0.0.21]
    [C:\WINNT\system32\spool\ugplot\libsyss.dll]  [Unigraphics Solutions, Inc, 2.0.0.21]
[PID: 980][C:\Program Files\EDS\License Servers\UGNXFLEXlm\lmgrd.exe]  [Macrovision Corporation, 8, 3, 2, 0]
[PID: 1012][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 1024][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1048][C:\Program Files\EDS\License Servers\UGNXFLEXlm\uglmd.exe]  [N/A, ]
[PID: 252][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\AppPatch\AcLayers.DLL]  [Microsoft Corporation, 5.00.2195.6717]
    [C:\WINNT\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.0.0.86]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [C:\WINNT\system32\wmploc.dll]  [Microsoft Corporation, 9.00.00.2980]
    [C:\WINNT\system32\msdmo.dll]  [, ]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[PID: 1256][C:\WINNT\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\NvMcTray.dll]  [NVIDIA Corporation, 6.14.10.9371]
    [C:\WINNT\system32\nvapi.dll]  [N/A, ]
    [C:\WINNT\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9371]
[PID: 1648][C:\WINNT\RTHDCPL.EXE]  [Realtek Semiconductor Corp., 2.1.3.2]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1168][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.22]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
[PID: 912][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
[PID: 600][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.9]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 1856][G:\QQ2007\qq\TXPlatform.exe]  [Tencent, 1, 0, 170, 0]
[PID: 1772][C:\WINNT\system32\conime.exe]  [Microsoft Corporation, 5.00.2195.6655]
[PID: 940][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106]
    [C:\WINNT\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\WINNT\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [C:\WINNT\system32\PINTLGNT.IME]  [Microsoft Corporation, 4.2.32]
    [C:\WINNT\system32\winpy.ime]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\winzm.ime]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\winabc.ime]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 1740][G:\sreng2.zip\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [G:\sreng2.zip\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINNT\system32\MSISIP.DLL]  [Microsoft Corporation, 3.1.4000.1823]
    [C:\WINNT\system32\wshCHS.DLL]  [Microsoft Corporation, 5.6.0.8515]

==================================
文件关联
.TXT  Error. [C:\WINNT\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  Error. [AutoCADScriptFile]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINNT\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1  www.cike007.cn
127.0.0.1  www.exiao01.com
127.0.0.1  qqq.dzydhx.com
127.0.0.1  qqq.hao1658.com
127.0.0.1  www.333292.com
127.0.0.1  down.18dd.net
127.0.0.1  xxx.m111.biz
127.0.0.1  1.jopenqc.com
127.0.0.1  xxx.j41m.com
127.0.0.1  3.joppnqq.com
127.0.0.1  d.93se.com
127.0.0.1  1.jopenkk.com
127.0.0.1  xxx.vh7.biz
127.0.0.1  new.749571.com
127.0.0.1  xtx.kv8.info
127.0.0.1  cao.kv8.info
127.0.0.1  1.jopmmqq.com
127.0.0.1  yu.8s7.net
127.0.0.1  1.jopanqc.com
127.0.0.1  2.joppnqq.com
127.0.0.1  www.868wg.com
127.0.0.1  xxx.mmma.biz
127.0.0.1  ilove.com
127.0.0.1  www.22aaa.com
127.0.0.1  xx.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  tp.shpzhan.cn
127.0.0.1  www.tomwg.com
127.0.0.1  wg.47255.com
127.0.0.1  1.joppnqq.com
127.0.0.1  171817.171817.com
127.0.0.1  d2.llsging.com
127.0.0.1  down.malasc.cn
127.0.0.1  llboss.com
127.0.0.1  nx.51ylb.cn
127.0.0.1  my.531jx.cn
127.0.0.1  up.22x44.com

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 928, C:\WINNT\SYSTEM32\SPOOL\UGPLOT\UGIIPQD.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 980, C:\PROGRAM FILES\EDS\LICENSE SERVERS\UGNXFLEXLM\LMGRD.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1048, C:\PROGRAM FILES\EDS\LICENSE SERVERS\UGNXFLEXLM\UGLMD.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
最后编辑2008-03-31 14:07:12
分享到:
gototop
 
天月来了
头像
版主
  • 帖子:76904
  • 注册: 2007-02-06
  • 来自:
发表于: 2008-03-31 14:19 | 短消息 资料
字号: 2楼

日志没看出什么
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT