请各路高手看看这个日志,那个才是灰鸽子 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛请各路高手看看这个日志,那个才是灰鸽子

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第四十七次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

请各路高手看看这个日志,那个才是灰鸽子

无名嘎初生襁褓狮帖子:3 注册: 2005-10-27 来自:	发表于： 2005-10-27 22:29 \| 只看楼主短消息资料字号：小中大 1楼请各路高手看看这个日志,那个才是灰鸽子 Logfile of HijackThis v1.99.1 Scan saved at 18:42:59, on 2005-10-27 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\装机\RISING\RAV\Ravmond.exe D:\装机\rising\Rfw\rfwsrv.exe D:\装机\RISING\RAV\RavStub.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\tp4mon.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\WINDOWS\AGRSMMSG.exe D:\装机\rising\Rfw\rfwmain.exe D:\装机\RISING\RAV\RAVTIMER.EXE D:\装机\RISING\RAV\RAVMON.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe D:\装机\RISING\RAV\CCENTER.EXE D:\装机\RISING\RAV\Rav.exe D:\装机\qq\QQ.exe D:\装机\qq\TIMPlatform.exe D:\装机\TT\TTraveler.exe D:\155847200541134207\HijackThis.exe O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v5.dll O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll O2 - BHO: Infofo 工具栏 - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll (file missing) O2 - BHO: InsIII - {DDDE2452-AF9E-4577-AE6C-465DBCB54D49} - C:\WINDOWS\system32\obdc32tg.dll O3 - Toolbar: Infofo 工具栏 - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll (file missing) O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [RfwMain] "D:\装机\rising\Rfw\rfwmain.exe" -Startup O4 - HKLM\..\Run: [RavTimer] D:\装机\RISING\RAV\RAVTIMER.EXE O4 - HKLM\..\Run: [RavMon] D:\装机\RISING\RAV\RAVMON.EXE -SYSTEM O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32 O4 - HKLM\..\RunServices: [RavMon] D:\装机\rising\rav\RavMon.exe /AUTO O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\装机\qq\AddToNetDisk.htm O8 - Extra context menu item: 使用Kugoo下载 - D:\装机\KUGOO2\KugooDownX.htm O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 导出当前页到超星阅览器(&A) - D:\装机\SSREADER36\ss_all.htm O8 - Extra context menu item: 导出选中部分到超星阅览器(&S) - D:\装机\SSREADER36\ss_select.htm O8 - Extra context menu item: 添加到QQ自定义面板 - D:\装机\qq\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - D:\装机\qq\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\装机\qq\SendMMS.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_04\bin\npjpi141_04.dll O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_04\bin\npjpi141_04.dll O9 - Extra button: Infofo 工具栏 - {8507326C-B5C1-4559-BB91-0919E753836F} - C:\Program Files\Infofo Bar\infofobar.dll (file missing) O9 - Extra 'Tools' menuitem: Infofo 工具栏 - {8507326C-B5C1-4559-BB91-0919E753836F} - C:\Program Files\Infofo Bar\infofobar.dll (file missing) O17 - HKLM\System\CCS\Services\Tcpip\..\{CE4C925E-BA43-47AD-A4C9-78E4CC842E6C}: NameServer = 202.96.128.68,172.16.3.3 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: DNS TIMER CONTROL - Unknown owner - C:\WINDOWS\DNS.exe (file missing) O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - D:\装机\rising\Rfw\rfwsrv.exe O23 - Service: Rising Process Communication Center (RsCCenter) - rising - D:\装机\RISING\RAV\CCENTER.EXE O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\装机\RISING\RAV\Ravmond.exe 2005-10-27 22:41:33
无名嘎初生襁褓狮帖子:3 注册: 2005-10-27 来自:	分享到：

飞跃迷离社区嘉宾帖子:7351 注册: 2004-10-15 来自:	发表于： 2005-10-27 22:41 \| 短消息资料字号：小中大 2楼 O23 - Service: DNS TIMER CONTROL - Unknown owner - C:\WINDOWS\DNS.exe (file missing) 请参考：灰鸽子2005手工查杀方法总结 http://forum.ikaka.com/topic.asp?board=28&artid=5666824
飞跃迷离社区嘉宾帖子:7351 注册: 2004-10-15 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT