大虾进来看看。这是什么东西【求助】 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛大虾进来看看。这是什么东西【求助】

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

大虾进来看看。这是什么东西【求助】

hhkeen 初生襁褓狮帖子:6 注册: 2006-01-08 来自:	发表于： 2006-01-08 11:43 \| 只看楼主短消息资料字号：小中大 1楼大虾进来看看。这是什么东西【求助】昨天，别人用我的机器，不知道安装了什么软件，增加了一个服务，文件名字叫SVCHOSI.EXE。这是服务调用的dll文件列表：名称描述公司名称版本 advapi32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180 avicap32.dll AVI Capture window class Microsoft Corporation 5.01.2600.0000 c_1252.nls comctl32.dll Common Controls Library Microsoft Corporation 5.82.2900.2180 comctl32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2180 crypt32.dll Crypto API32 Microsoft Corporation 5.131.2600.218 ctype.nls dnsapi.dll DNS Client API DLL Microsoft Corporation 5.01.2600.2180 gdi32.dll GDI Client DLL Microsoft Corporation 5.01.2600.2818 imm32.dll Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.2180 index.dat index.dat index.dat iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2180 kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.2180 locale.nls lpk.dll Language Pack Microsoft Corporation 5.01.2600.2180 mpr.dll Multiple Provider Router DLL Microsoft Corporation 5.01.2600.2180 msasn1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.2180 MSCTFIME.IME Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.2180 msv1_0.dll Microsoft Authentication Package v1.0 Microsoft Corporation 5.01.2600.2180 msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180 msvfw32.dll Microsoft Video for Windows DLL Microsoft Corporation 5.01.2600.2180 mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.2180 netapi32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2180 ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180 ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726 oleaut32.dll Microsoft Corporation 5.01.2600.2180 rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.2180 rasapi32.dll Remote Access API Microsoft Corporation 5.01.2600.2180 rasman.dll Remote Access Connection Manager Microsoft Corporation 5.01.2600.2180 rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.2180 rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180 secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180 sensapi.dll SENS Connectivity API DLL Microsoft Corporation 5.01.2600.2180 shell32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.2763 shlwapi.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.2781 sortkey.nls sorttbls.nls SVCHOSI.EXE tapi32.dll Microsoft(R) Windows(TM) Telephony API Client DLL Microsoft Corporation 5.01.2600.2180 unicode.nls urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 6.00.2900.2790 user32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.2622 usp10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.218 uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180 version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180 wininet.dll Internet Extensions for Win32 Microsoft Corporation 6.00.2900.2781 winmm.dll MCI API DLL Microsoft Corporation 5.01.2600.2180 winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.01.2600.2180 wldap32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180 ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180 ws2help.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180 wsock32.dll Windows Socket 32-Bit DLL Microsoft Corporation 5.01.2600.2180 这是句柄：类型名称 Desktop \Default Directory \Windows Directory \BaseNamedObjects Directory \KnownDlls Event \BaseNamedObjects\crypt32LogoffEvent Event \BaseNamedObjects\DINPUTWINMM File \Device\Tcp File \Device\Tcp File \Device\Ip File \Device\Ip File \Device\Ip File \Device\Tcp File \Device\HarddiskVolume4\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat File \Device\NetBT_Tcpip_{EE16A716-FD7C-4C92-B19C-D428E1A96252} File \Device\HarddiskVolume4\Documents and Settings\LocalService\Cookies\index.dat File \Device\HarddiskVolume4\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat File \Device\HarddiskVolume4\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a... File \Device\NamedPipe\ROUTER File \Device\NamedPipe\ROUTER File \Device\KsecDD File \Device\HarddiskVolume4\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a... File \Device\HarddiskVolume4\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a... File \Device\HarddiskVolume4\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a... File \Device\HarddiskVolume4\WINDOWS\system32 File \Device\NamedPipe\net\NtControlPipe16 Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters Key HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Key HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Key HKLM\SOFTWARE\Microsoft\Tracing\RASAPI32 Key HKU Key HKU\.DEFAULT Key HKLM\SYSTEM\ControlSet001\Hardware Profiles\0001 Key HKLM Key HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder Key HKU\.DEFAULT Key HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings 2006-01-08 19:16:38
hhkeen 初生襁褓狮帖子:6 注册: 2006-01-08 来自:	分享到：

hhkeen 初生襁褓狮帖子:6 注册: 2006-01-08 来自:	发表于： 2006-01-08 11:44 \| 只看楼主短消息资料字号：小中大 2楼 HijackThis_815汉化版扫描日志 O2 - BH (no name) - {53707962-6F74-2D53-2644-206D7942484F} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BH Browster BrwIEConnector - {908A31E8-2A6E-4736-8E8A-AAF00C4AE38F} - e:\Program Files\Browster\Browster.dll O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - 启动项HKLM\\Run: [PHIME2002ASync] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - 启动项HKLM\\Run: [PHIME2002A] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - 启动项HKLM\\Run: [KAVPersonal50] "F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize O4 - 启动项HKLM\\Run: [IMSCMig] F:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE O4 - 启动项HKLM\\Run: [NEC e-Border Credential] e:\Program Files\NEC\s5credmgr.exe O4 - 启动项HKLM\\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office OneNote 2003 快速启动.lnk = D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: 卡巴斯基反黑客.lnk = F:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe O8 - IE右键菜单中的新增项目: Browster Prefetch On/Off - res://e:\Program Files\Browster\Browster.dll/CustomPrefetchMenu.htm O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\Program Files\浩方对战平台\GameClient.exe O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O10 - 未知的文件在 Winsock LSP: e:\program files\nec\s5spi.dll O10 - 未知的文件在 Winsock LSP: e:\program files\nec\s5spi.dll O10 - 未知的文件在 Winsock LSP: e:\program files\nec\s5spi.dll O10 - 未知的文件在 Winsock LSP: e:\program files\nec\s5spi.dll O10 - 未知的文件在 Winsock LSP: e:\program files\nec\s5spi.dll O10 - 未知的文件在 Winsock LSP: e:\program files\nec\s5spi.dll O10 - 未知的文件在 Winsock LSP: e:\program files\nec\s5spi.dll O23 - NT 服务: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe O23 - NT 服务: ewido security suite guard - ewido networks - E:\BT\木马查杀工具\security suite\ewidoguard.exe O23 - NT 服务: Windows Fing (Fingrwx) - Unknown owner - F:\Program Files\Internet Explorer\SVCHOSI.EXE O23 - NT 服务: kavsvc - Kaspersky Lab - F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe O23 - NT 服务: PDEngine - Raxco Software, Inc. - E:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - NT 服务: PDScheduler (PDSched) - Raxco Software, Inc. - E:\Program Files\Raxco\PerfectDisk\PDSched.exe --------------------------------------------------------------------------------------------- 这是SVCHOSI.EXE在进程中的显示： http://photo.163.com/openpic.php?user=hhkeen&pid=688597356&_dir=%2F27049180 这是服务启动的信息： http://photo.163.com/openpic.php?user=hhkeen&pid=688587703&_dir=%2F27049180 而且xp启动就出现这个错误： http://photo.163.com/openpic.php?user=hhkeen&pid=688587731&_dir=%2F27049180
hhkeen 初生襁褓狮帖子:6 注册: 2006-01-08 来自:

不言放弃社区嘉宾帖子:30678 注册: 2004-09-17 来自:蓝色星球	发表于： 2006-01-08 11:48 \| 短消息资料字号：小中大 3楼结束进程禁用服务删除文件
不言放弃社区嘉宾帖子:30678 注册: 2004-09-17 来自:蓝色星球

hhkeen 初生襁褓狮帖子:6 注册: 2006-01-08 来自:	发表于： 2006-01-08 11:58 \| 只看楼主短消息资料字号：小中大 4楼谢谢楼上的朋友，我删掉一次了，把注册表的全部删掉， xp重新启动后，无法登陆用户，也不是死机，一直在登陆，只好恢复了系统。 TCPview的连接信息： [System Process]:0 TCP 221.221.159.27:1309 66.102.7.18:80 TIME_WAIT [System Process]:0 TCP 221.221.159.27:1315 205.188.251.88:80 TIME_WAIT [System Process]:0 TCP 221.221.159.27:1316 66.102.7.18:80 TIME_WAIT [System Process]:0 TCP 221.221.159.27:1318 66.94.230.40:80 TIME_WAIT alg.exe:1532 TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING CCProxy.exe:1504 TCP 0.0.0.0:808 0.0.0.0:0 LISTENING CCProxy.exe:1504 TCP 0.0.0.0:1080 0.0.0.0:0 LISTENING CCProxy.exe:1504 UDP 0.0.0.0:53 : kavsvc.exe:1772 TCP 0.0.0.0:1032 0.0.0.0:0 LISTENING lsass.exe:688 UDP 0.0.0.0:500 : lsass.exe:688 UDP 0.0.0.0:4500 : svchost.exe:1036 UDP 0.0.0.0:4763 : svchost.exe:1036 UDP 0.0.0.0:4764 : svchost.exe:1036 UDP 0.0.0.0:4786 : svchost.exe:1036 UDP 0.0.0.0:4844 : svchost.exe:1036 UDP 0.0.0.0:4848 : svchost.exe:1092 UDP 127.0.0.1:1900 : svchost.exe:1092 UDP 192.168.1.8:1900 : svchost.exe:1092 UDP 221.221.154.175:1900 : svchost.exe:916 TCP 0.0.0.0:135 0.0.0.0:0 LISTENING System:4 TCP 192.168.1.8:139 0.0.0.0:0 LISTENING System:4 UDP 192.168.1.8:137 : System:4 UDP 192.168.1.8:138 : 感觉svchost.exe 开放的端口好像有点不正常
hhkeen 初生襁褓狮帖子:6 注册: 2006-01-08 来自:

不言放弃社区嘉宾帖子:30678 注册: 2004-09-17 来自:蓝色星球	发表于： 2006-01-08 12:04 \| 短消息资料字号：小中大 5楼若使用瑞星防火墙的话建议导入本论坛的防火墙规则
不言放弃社区嘉宾帖子:30678 注册: 2004-09-17 来自:蓝色星球

hhkeen 初生襁褓狮帖子:6 注册: 2006-01-08 来自:	发表于： 2006-01-08 12:07 \| 只看楼主短消息资料字号：小中大 6楼防火墙用的是卡巴，我把端口封掉了，问题应该不大。这个是什么病毒，有好的查杀工具或者办法？再次感谢。
hhkeen 初生襁褓狮帖子:6 注册: 2006-01-08 来自:

hhkeen 初生襁褓狮帖子:6 注册: 2006-01-08 来自:	发表于： 2006-01-08 19:16 \| 只看楼主短消息资料字号：小中大 7楼另外这几天资源管理器打开特别慢，ie却没有任何问题。刚开机可以正常关机，尽管感觉关机时间明显变长，而且经常出现关机画面，却不能关机。运行程序一段时间关闭计算机，系统停止响应，不出现关机画面，假死状态。
hhkeen 初生襁褓狮帖子:6 注册: 2006-01-08 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT