瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 系统占用内存很大~请高手来看看日志~中了什么病毒~

1   1  /  1  页   跳转

系统占用内存很大~请高手来看看日志~中了什么病毒~

收藏
55300680
头像
初生襁褓狮
  • 帖子:28
  • 注册: 2006-08-11
  • 来自:
发表于: 2007-05-15 06:18 | 只看楼主 短消息 资料
字号: 1楼

系统占用内存很大~请高手来看看日志~中了什么病毒~

[CODE]

2007-05-15,06:04:27

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <Super Rabbit IEPro><; E:\超级兔子\MagicSet\SRIECLI.EXE /LOAD>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><; nwiz.exe /install>  []
    <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SoundMan><; SOUNDMAN.EXE>  [(Verified)Microsoft Windows Publisher]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]
    <AVP><"D:\卡巴斯基个人版6.0\avp.exe">  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\UserInit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><"logonui.exe">  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]

==================================
启动文件夹
N/A

==================================
服务
[卡巴斯基反病毒6.0个人版 / AVP][Running/Auto Start]
  <D:\卡巴斯基个人版6.0\avp.exe -r><Kaspersky Lab>
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
  <C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[kavsvc / kavsvc][Stopped/Auto Start]
  <"d:\杀毒软件\kavsvc.exe"><N/A>
[MySql / MySql][Stopped/Auto Start]
  <F:/游戏/单机游戏/劲舞团单机/bin/mysqld-nt.exe><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[CdaC15BA / CdaC15BA][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[d347bus / d347bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[HOSTNT / HOSTNT][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\hostnt.sys><N/A>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[MHDRV / MHDRV][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\mhdrv.sys><Rainbow China Co., Ltd.>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nvata / nvata][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvata.sys><NVIDIA Corporation>
[nvatabus / nvatabus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvatabus.sys><NVIDIA Corporation>
[NVIDIA Disk Cache Filter Driver / nvcchflt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvcchflt.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
  <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RCMHDOG / RCMHDOG][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\rcmhdog.sys><Rainbow China Co., Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[USB PC Camera (SNPSTD3) / SNPSTD3][Running/Manual Start]
  <system32\DRIVERS\snpstd3.sys><>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[Web反病毒统计]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\卡巴斯基个人版6.0\scieplugin.dll, Kaspersky Lab>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\迅雷\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <, N/A>
[WebThunder Class]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <, N/A>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <, N/A>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[上传到QQ网络硬盘]
  <D:\QQ\AddToNetDisk.htm, N/A>
[使用Web迅雷下载]
  <D:\迅雷\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <D:\迅雷\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\办公软件\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <D:\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\QQ\SendMMS.htm, N/A>
最后编辑2007-05-15 12:55:11
分享到:
gototop
 
55300680
头像
初生襁褓狮
  • 帖子:28
  • 注册: 2006-08-11
  • 来自:
发表于: 2007-05-15 06:18 | 只看楼主 短消息 资料
字号: 2楼

==================================
正在运行的进程
[PID: 680][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 768][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 792][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 844][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 856][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1012][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1072][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1176][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1564][D:\啊哦~\新建文件夹\HFEE\啊哦.EXE]  [, 3000.0.0.0]
[PID: 1580][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [D:\卡巴斯基个人版6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.0.0.86]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.8198]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.8198]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [D:\办公软件\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [D:\删除软件\Unlocker\UnlockerCOM.dll]  [N/A, ]
    [D:\winrar\rarext.dll]  [N/A, ]
    [D:\卡巴斯基个人版6.0\ShellEx.dll]  [Kaspersky Lab, 6.0.2.621]
    [D:\卡巴斯基个人版6.0\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [D:\卡巴斯基个人版6.0\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [D:\办公软件\OFFICE11\MCPS.DLL]  [Microsoft Corporation, 11.0.6357]
[PID: 228][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.40]
[PID: 248][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3760]
[PID: 292][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2248][D:\迅雷\WebThunder.exe]  [深圳市迅雷网络技术有限公司, 1, 7, 2, 107]
    [D:\迅雷\taskmanage.dll]  [Thunder Networking Technologies,LTD, 1, 7, 2, 107]
    [D:\迅雷\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 14, 2, 79]
    [D:\迅雷\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [D:\迅雷\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 14, 2, 79]
    [D:\迅雷\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 13, 4, 58]
    [D:\迅雷\historyinfo_manage.dll]  [Thunder Networking Technologies,LTD, 5, 3, 0, 228]
    [D:\卡巴斯基个人版6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
    [D:\迅雷\iEmbedShell.dll]  [ , 1, 0, 0, 17]
    [D:\迅雷\iEmbed09.dll]  [ , 3, 3, 0, 78]
    [D:\卡巴斯基个人版6.0\klscav.dll]  [Kaspersky Lab, 6.0.2.621]
    [D:\卡巴斯基个人版6.0\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [D:\卡巴斯基个人版6.0\prremote.dll]  [Kaspersky Lab, 6.0.2.621]
    [D:\卡巴斯基个人版6.0\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [D:\卡巴斯基个人版6.0\prloader.dll]  [Kaspersky Lab, 6.0.2.621]
    [D:\卡巴斯基个人版6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\卡巴斯基个人版6.0\params.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\卡巴斯基个人版6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\卡巴斯基个人版6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.2.621]
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  [Macromedia, Inc., 8,0,22,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.0.0.86]
[PID: 1456][D:\超级兔子\MagicSet\srgui.exe]  [Super Rabbit Soft, 7.98]
    [C:\WINDOWS\system32\msvbvm60.dll]  [Microsoft Corporation, 6.00.9690]
    [C:\WINDOWS\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8988]
[PID: 3716][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\卡巴斯基个人版6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [D:\办公软件\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\卡巴斯基个人版6.0\klscav.dll]  [Kaspersky Lab, 6.0.2.621]
    [D:\卡巴斯基个人版6.0\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [D:\卡巴斯基个人版6.0\prloader.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  [Macromedia, Inc., 8,0,22,0]
[PID: 3344][C:\WINDOWS\system32\NOTEPAD.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1340][D:\扫描日志软件\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
RVA  错误: LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF5393AF0)
RVA  错误: LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF5393CD0)
RVA  错误: LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF5393E30)
RVA  错误: LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF5393BE0)
RVA  错误: GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xF5393DE0)

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
女校男生
头像
社区嘉宾
  • 帖子:38072
  • 注册: 2006-01-22
  • 来自:闭关修行暂不现身
论坛8周年活动礼物论坛9周年纪念09欢乐圣诞世界杯勋章
发表于: 2007-05-15 09:10 | 短消息 资料
字号: 3楼

卸在QQ 重新换一个版本的QQ
gototop
 
55300680
头像
初生襁褓狮
  • 帖子:28
  • 注册: 2006-08-11
  • 来自:
发表于: 2007-05-15 13:05 | 只看楼主 短消息 资料
字号: 4楼

就换个QQ就好了 我的系统有没有什么问题或病毒啊~
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT