大侠帮我分析一下日志。。谢谢先 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛大侠帮我分析一下日志。。谢谢先

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

大侠帮我分析一下日志。。谢谢先

gufeng7822 初生襁褓狮帖子:1 注册: 2006-07-27 来自:	发表于： 2006-08-25 14:23 \| 只看楼主短消息资料字号：小中大 1楼大侠帮我分析一下日志。。谢谢先 Logfile of HijackThis v1.99.1 Scan saved at 13:15:09, on 2006-8-25 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\svchost.exe F:\工具\木马查杀软件\guard.exe C:\WINNT\System32\llssrv.exe C:\win32app\nsr\bin\nsrexecd.exe C:\WINNT\system32\nvsvc32.exe c:\orant\bin\oracle80.exe C:\orant\bin\OWASTsvr.exe C:\win32app\nsr\bin\portmap.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Dfssvc.exe C:\WINNT\system32\inetsrv\inetinfo.exe C:\WINNT\system32\msdtc.exe C:\orant\BIN\strtdb80.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\ctfmon.exe C:\WINNT\explorer.exe C:\WINNT\system32\conime.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINNT\system32\mdm.exe C:\WINNT\TEMP\oprar.exe C:\WINNT\System32\progman.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\oprar.exe C:\WINNT\system32\conime.exe C:\WINNT\System32\progman.exe C:\PROGRA~1\ULEADS~1\ULEADV~1.0\vstudio.exe G:\Hijackthis v1(本地扫描器)\HijackThis.exe F2 - REG:system.ini: Shell= O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v11.dll O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - E:\安装程序\KUGOO\KuGoo3\KuGoo3DownXControl.ocx O2 - BHO: DownloadBHO T2BHO - {B1D147E7-873E-4909-8127-695D9BB78728} - C:\WINNT\Downloaded Program Files\barhelp24.0.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\QQ\AddToNetDisk.htm O8 - Extra context menu item: 使用KuGoo3下载(&K) - E:\安装程序\KUGOO\KuGoo3\KuGoo3DownX.htm O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 添加到QQ自定义面板 - E:\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - E:\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\QQ\SendMMS.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O10 - Broken Internet access because of LSP provider 'c:\winnt\system32\cdnns.dll' missing O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1E2B2FC6-7E3A-4469-963B-D9246D9CB6B9}: NameServer = 219.146.0.130,202.96.64.68 O17 - HKLM\System\CS1\Services\Tcpip\..\{1E2B2FC6-7E3A-4469-963B-D9246D9CB6B9}: NameServer = 219.146.0.130,202.96.64.68 O17 - HKLM\System\CS2\Services\Tcpip\..\{1E2B2FC6-7E3A-4469-963B-D9246D9CB6B9}: NameServer = 219.146.0.130 O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - F:\工具\木马查杀软件\guard.exe O23 - Service: WebServer (GrayWebServer) - Unknown owner - C:\WINNT\service.com (file missing) O23 - Service: NetWorker Backup and Recover Server (nsrd) - Unknown owner - C:\win32app\nsr\bin\nsrd (file missing) O23 - Service: NetWorker Remote Exec Service (nsrexecd) - Unknown owner - C:\win32app\nsr\bin\nsrexecd (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: OracleAgent80 - oracle - C:\orant\agentbin\DBSNMP.EXE O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE O23 - Service: OracleCMAdminService80 - Unknown owner - C:\orant\BIN\CMADM80.EXE O23 - Service: OracleCManService80 - Unknown owner - C:\orant\BIN\CMGW80.EXE O23 - Service: OracleDataGatherer - Unknown owner - C:\orant\bin\vppdc.exe O23 - Service: OracleExtprocAgent - Unknown owner - C:\orant\BIN\EXTPROCT.EXE O23 - Service: OracleNamesService80 - Unknown owner - C:\orant\BIN\NAMES80.EXE O23 - Service: OracleServiceORCL - Oracle Corporation - c:\orant\bin\oracle80.exe O23 - Service: OracleStartORCL - Unknown owner - C:\orant\BIN\strtdb80.exe O23 - Service: OracleTNSListener80 - Unknown owner - C:\orant\BIN\TNSLSNR80.EXE O23 - Service: OracleWebAssistant - Oracle Corporation - C:\orant\bin\OWASTsvr.exe O23 - Service: Storage Management Portmapper (portmap) - Unknown owner - C:\win32app\nsr\bin\portmap (file missing) O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe 2006-08-25 14:23:47.123000000
gufeng7822 初生襁褓狮帖子:1 注册: 2006-07-27 来自:	分享到：

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT