发表于: 2006-08-12 21:31 | 显示全部 短消息 资料
字号: 1楼

请高手再帮我看看日志

日志我贴两份
这第一份是10分钟前装了瑞星的日志:
Logfile of HijackThis v1.99.1
Scan saved at 20:21:06, on 2006-8-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\kxmixer.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\Rav\Ravmon.exe
D:\155847200541134207\HijackThis.exe

O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\system32\kxmixer.exe --startup
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wmpcd32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wmpcd32.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{011B99A0-2BED-426F-B1E3-DBDAEC1262CF}: NameServer = 202.99.168.68,202.99.150.47
O17 - HKLM\System\CCS\Services\Tcpip\..\{D57B2A8F-F2B4-4231-8DEF-4DD269F2DC71}: NameServer = 61.166.150.101 61.166.15.170
O17 - HKLM\System\CS1\Services\Tcpip\..\{011B99A0-2BED-426F-B1E3-DBDAEC1262CF}: NameServer = 202.99.168.68,202.99.150.47
O17 - HKLM\System\CS2\Services\Tcpip\..\{011B99A0-2BED-426F-B1E3-DBDAEC1262CF}: NameServer = 202.99.168.68,202.99.150.47
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe


第二份是我将瑞星删除后的日志:
Logfile of HijackThis v1.99.1
Scan saved at 21:17:34, on 2006-8-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\kxmixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\Server.exe
C:\WINDOWS\WINLOGON.EXE
D:\155847200541134207\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe 1
O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\system32\kxmixer.exe --startup
O4 - HKLM\..\Run: [Systems32] C:\WINDOWS\system32\Server.exe
O4 - HKLM\..\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{011B99A0-2BED-426F-B1E3-DBDAEC1262CF}: NameServer = 202.99.168.68,202.99.150.47
O17 - HKLM\System\CCS\Services\Tcpip\..\{D57B2A8F-F2B4-4231-8DEF-4DD269F2DC71}: NameServer = 61.166.150.101 61.166.15.170
O17 - HKLM\System\CS1\Services\Tcpip\..\{011B99A0-2BED-426F-B1E3-DBDAEC1262CF}: NameServer = 202.99.168.68,202.99.150.47
O17 - HKLM\System\CS2\Services\Tcpip\..\{011B99A0-2BED-426F-B1E3-DBDAEC1262CF}: NameServer = 202.99.168.68,202.99.150.47
O20 - AppInit_DLLs: KB414546M.LOG


最后编辑2006-08-12 21:55:07