瑞星卡卡安全论坛技术交流区系统软件 菜鸟求助~~日志以导出

1   1  /  1  页   跳转

菜鸟求助~~日志以导出

菜鸟求助~~日志以导出

我的电脑现在一从启就出现安装Widows Installe
完了就自动从启,点完取消一会机器还是会从启,完了系统就自检
Logfile of HijackThis v1.99.1
Scan saved at 18:05:17, on 2006-3-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Srever.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
F:\hijackthis\HijackThis.exe

O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll (file missing)
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [KernelFaultCheck] ; %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [CDNCLIENT]  中文上网
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://et.263.net/realplayer/pCastCtl_et.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31F20CF9-C38A-4BAC-8FF7-B84DC7F0771E}: NameServer = 202.98.0.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB2FED0D-F3C0-4443-BA15-B4606BA15B94}: NameServer = 202.98.0.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBD5DB95-F36B-4541-8340-CA727213EFA1}: NameServer = 202.98.5.68 202.98.0.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{31F20CF9-C38A-4BAC-8FF7-B84DC7F0771E}: NameServer = 202.98.0.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{31F20CF9-C38A-4BAC-8FF7-B84DC7F0771E}: NameServer = 202.98.0.68
O18 - Filter: text/html - {83DFBFF3-1455-4538-8036-39D2057787DF} - C:\WINDOWS\gsSecurity1.dll
O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\WINDOWS\Hacker.com.cn.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NTService (NetService) - Ceramiche Ariostea - C:\WINDOWS\system32\ntservice.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Srever - Unknown owner - C:\WINDOWS\system32\Srever.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
最后编辑2006-03-14 20:04:27
分享到:
gototop
 

【回复“徐杨”的帖子】
C:\WINDOWS\system32\Srever.exe——找到这个文件,用WINRAR打包,发到:baohelin@yahoo.com.cn。我觉得这是个木马。
gototop
 

谢谢了~~系统已经从做了
哈哈
gototop
 
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT