【求助】一上网就掉线，是不是黑客攻击造成的？ bbs.ikaka.com

didi2005 - 2007-6-20 13:56:00

[CODE]

2007-06-20,13:40:24

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<nwiz><nwiz.exe /install> [NVIDIA Corporation]
<XFILTER><"C:\Program Files\Filseclab\xfilter\xfilter.exe" -a> [费尔安全实验室]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\SYSTEM32\Userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\System Safety Monitor]
<WinlogonNotify: System Safety Monitor><SSMWinlogonEx.dll> [(Verified)System Safety Limited]

==================================
启动文件夹
[费尔消息服务]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\费尔消息服务.lnk --> C:\PROGRA~1\COMMON~1\FILSEC~1\FilMsg.exe [费尔安全实验室]><N>

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>

==================================
驱动程序
[aeaudio / aeaudio][Running/Manual Start]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[IdeBusDr / IdeBusDr][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
[Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
[IntelC51 / IntelC51][Running/Manual Start]
<system32\DRIVERS\IntelC51.sys><Intel Corporation>
[IntelC52 / IntelC52][Running/Manual Start]
<system32\DRIVERS\IntelC52.sys><Intel Corporation>
[IntelC53 / IntelC53][Running/Manual Start]
<system32\DRIVERS\IntelC53.sys><Intel Corporation>
[mohfilt / mohfilt][Running/Manual Start]
<system32\DRIVERS\mohfilt.sys><Intel Corporation>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[System Safety Monitor 2.0 Core Engine / safemon][Running/Boot Start]
<\SystemRoot\system32\drivers\safemon.sys><System Safety Limited>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm][Running/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Filseclab Packet Filter / XPacket][Running/Boot Start]
<\SystemRoot\System32\xpacket.sys><Filseclab Corporation>

==================================
浏览器加载项
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>

==================================
正在运行的进程
[PID: 424][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 492][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 516][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.2]
[C:\WINDOWS\system32\tssoft32.acm] [DSP GROUP, INC., 1.01]
[C:\WINDOWS\system32\tsd32.dll] [N/A, N/A]
[C:\WINDOWS\system32\sl_anet.acm] [Sipro Lab Telecom Inc., 3.02]
[C:\WINDOWS\system32\iac25_32.ax] [Intel Corporation, 2.05.53]
[C:\WINDOWS\system32\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
[C:\WINDOWS\system32\SSMWinlogonEx.dll] [System Safety Limited, 2.0.8.584]
[PID: 560][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.2]
[PID: 584][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.2]
[C:\Program Files\Filseclab\xfilter\XFILTER.DLL] [Filseclab Corporation, 3, 0, 0, 3644]
[PID: 728][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.2]
[PID: 796][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.2]
[C:\Program Files\Filseclab\xfilter\XFILTER.DLL] [Filseclab Corporation, 3, 0, 0, 3644]
[PID: 848][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.2]
[C:\Program Files\Filseclab\xfilter\XFILTER.DLL] [Filseclab Corporation, 3, 0, 0, 3644]
[PID: 892][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.2]
[C:\Program Files\Filseclab\xfilter\XFILTER.DLL] [Filseclab Corporation, 3, 0, 0, 3644]
[PID: 928][C:\WINDOWS\system32\svchost.exe] [Microsoft

didi2005 - 2007-6-20 13:56:00

Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.2]
[C:\Program Files\Filseclab\xfilter\XFILTER.DLL] [Filseclab Corporation, 3, 0, 0, 3644]
[PID: 1048][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.2]
[PID: 1168][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.13.10.3100]
[PID: 1240][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] [Analog Devices, Inc., 3, 2, 5, 0]
[PID: 1716][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.2]
[C:\WINDOWS\system32\icm32.dll] [Microsoft Corporation, 5.1.2600.2709 (xpsp_sp2_gdr.050628-1518)]
[PID: 1756][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.2]
[PID: 1916][C:\Program Files\Filseclab\xfilter\xfilter.exe] [费尔安全实验室, 3.0]
[C:\Program Files\Filseclab\xfilter\XFILTER.DLL] [Filseclab Corporation, 3, 0, 0, 3644]
[PID: 1964][C:\WINDOWS\system32\wscntfy.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 172][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.2]
[PID: 756][C:\Program Files\Common Files\Filseclab\FilMsg.exe] [费尔安全实验室, 4, 0, 3, 999]
[C:\Program Files\Common Files\Filseclab\twsupdate.dll] [Filseclab Corp., 1, 0, 1, 497]
[C:\Program Files\Common Files\Filseclab\W32Tools.dll] [Filseclab Corp., 1, 0, 2, 1642]
[C:\Program Files\Common Files\Filseclab\FAPIConv.dll] [Filseclab Corp., 1, 0, 0, 45]
[C:\Program Files\Common Files\Filseclab\mdcoder.dll] [Filseclab Corp., 1, 0, 0, 21]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.2]
[PID: 844][C:\WINDOWS\NOTEPAD.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.2]
[PID: 1220][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Filseclab\xfilter\XFILTER.DLL] [Filseclab Corporation, 3, 0, 0, 3644]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.2]
[C:\WINDOWS\system32\macromed\flash\flash.ocx] [Macromedia, Inc., 6,0,79,0]
[PID: 2172][G:\aNews\REGfix\installer unused\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.2]
[C:\Program Files\Filseclab\xfilter\XFILTER.DLL] [Filseclab Corporation, 3, 0, 0, 3644]

==================================
文件关联
.TXT Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. [C:\WINDOWS\hh.exe %1]
.HLP Error. [C:\WINDOWS\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
C:\Program Files\Filseclab\xfilter\XFILTER.DLL(Filseclab Corporation, Filseclab Personal Firewall)
MSAFD Tcpip [UDP/IP]
C:\Program Files\Filseclab\xfilter\XFILTER.DLL(Filseclab Corporation, Filseclab Personal Firewall)
MSAFD Tcpip [RAW/IP]
C:\Program Files\Filseclab\xfilter\XFILTER.DLL(Filseclab Corporation, Filseclab Personal Firewall)
RSVP UDP Service Provider
C:\Program Files\Filseclab\xfilter\XFILTER.DLL(Filseclab Corporation, Filseclab Personal Firewall)
RSVP TCP Service Provider
C:\Program Files\Filseclab\xfilter\XFILTER.DLL(Filseclab Corporation, Filseclab Personal Firewall)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 about-blank.cc
127.0.0.1 hao.allxun.com
127.0.0.1 kzxf.com
127.0.0.1 vod.mmdy.org
127.0.0.1 www.123wa.com
127.0.0.1 www.4199.com
127.0.0.1 www.71791.com
127.0.0.1 www.7939.com
127.0.0.1 www.9505.com
127.0.0.1 www.feixue.net
127.0.0.1 www.kzxf.com
127.0.0.1 www.my123.com
127.0.0.1 www.piaoxue.com
127.0.0.1 www.xfkz.com
127.0.0.1 xfkz.com

==================================
API HOOK
N/A

==================================

[/CODE]

瑞星卡卡安全论坛