谢谢！中了木马，请帮忙看看！！ - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛谢谢！中了木马，请帮忙看看！！

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

谢谢！中了木马，请帮忙看看！！

kdstz 初生襁褓狮帖子:16 注册: 2006-02-08 来自:	发表于： 2006-05-06 16:26 \| 只看楼主短消息资料字号：小中大 1楼谢谢！中了木马，请帮忙看看！！谢谢！请您帮我看看，在安全模式下的扫描 Logfile of HijackThis v1.99.1 Scan saved at 16:15:57, on 2006-5-6 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\crypserv.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\drivers\KodakCCS.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINNT\system32\nvsvc32.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\WINNT\system32\wuauclt.exe C:\Documents and Settings\Administrator\桌面\HijackThis.exe R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Startup: 腾讯qq.lnk = C:\Program Files\Tencent\QQ\QQ.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NETANTS\NAGet.htm O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NETANTS\NAGetAll.htm O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O14 - IERESET.INF: SEARCH_PAGE_URL= O14 - IERESET.INF: START_PAGE_URL= O17 - HKLM\System\CCS\Services\Tcpip\..\{5549BB32-F22A-4E14-9C63-53057D2A4BB4}: NameServer = 202.96.134.133,202.96.128.166 O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll O23 - Service: Crypkey License - Unknown owner - C:\WINNT\SYSTEM32\crypserv.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe 在非安全模式下的扫描！！！ Logfile of HijackThis v1.99.1 Scan saved at 16:15:57, on 2006-5-6 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\crypserv.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\drivers\KodakCCS.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINNT\system32\nvsvc32.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\WINNT\system32\wuauclt.exe C:\Documents and Settings\Administrator\桌面\HijackThis.exe R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Startup: 腾讯qq.lnk = C:\Program Files\Tencent\QQ\QQ.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NETANTS\NAGet.htm O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NETANTS\NAGetAll.htm O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O14 - IERESET.INF: SEARCH_PAGE_URL= O14 - IERESET.INF: START_PAGE_URL= O17 - HKLM\System\CCS\Services\Tcpip\..\{5549BB32-F22A-4E14-9C63-53057D2A4BB4}: NameServer = 202.96.134.133,202.96.128.166 O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll O23 - Service: Crypkey License - Unknown owner - C:\WINNT\SYSTEM32\crypserv.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe 请您帮我看看，非常感谢！！！！！！！！！！！！！！！！！ 2006-05-06 17:19:09
kdstz 初生襁褓狮帖子:16 注册: 2006-02-08 来自:	分享到：

ceshi123 快乐黄口狮帖子:221 注册: 2006-05-04 来自:	发表于： 2006-05-06 16:37 \| 短消息资料字号：小中大 2楼 crypserv.exe 是什么？
ceshi123 快乐黄口狮帖子:221 注册: 2006-05-04 来自:

kdstz 初生襁褓狮帖子:16 注册: 2006-02-08 来自:	发表于： 2006-05-06 16:46 \| 只看楼主短消息资料字号：小中大 3楼【回复“ceshi123”的帖子】 8知道啊！！！！！！！！！！！！！！
kdstz 初生襁褓狮帖子:16 注册: 2006-02-08 来自:

kdstz 初生襁褓狮帖子:16 注册: 2006-02-08 来自:	发表于： 2006-05-06 16:48 \| 只看楼主短消息资料字号：小中大 4楼请帮忙！！！！！！！！！！！
kdstz 初生襁褓狮帖子:16 注册: 2006-02-08 来自:

kdstz 初生襁褓狮帖子:16 注册: 2006-02-08 来自:	发表于： 2006-05-06 17:07 \| 只看楼主短消息资料字号：小中大 5楼是不是只能重装系统了？哪位有时间帮看看，谢谢您了！！！！
kdstz 初生襁褓狮帖子:16 注册: 2006-02-08 来自:

轩辕小聪卡卡技术团队帖子:8368 注册: 2006-01-09 来自:	发表于： 2006-05-06 17:09 \| 短消息资料字号：小中大 6楼中了什么木马？不要语焉不详的。说清楚木马病毒名、病毒文件名称与具体路径。
轩辕小聪卡卡技术团队帖子:8368 注册: 2006-01-09 来自:

kdstz 初生襁褓狮帖子:16 注册: 2006-02-08 来自:	发表于： 2006-05-06 17:14 \| 只看楼主短消息资料字号：小中大 7楼【回复“kdstz”的帖子】谢谢，不好意思！！！请您看看 2006-5-6 15:57zasd[1].htaDownloader.Trojan文件保留在隔离区中不操作C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OP0NKVOJ\受感染隔离区清除文件中的病毒不操作（仅记录）Defwatch 扫描 2006-5-6 14:2113083323[1].jpgTrojan Horse文件不操作C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\DGK75LKH\受感染C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\DGK75LKH\清除文件中的病毒隔离受感染的文件实时扫描 2006-4-11 21:00ie[1].htaTrojan.Dropper文件不操作C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CTARA70T\受感染C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CTARA70T\清除文件中的病毒隔离受感染的文件实时扫描 2006-4-11 21:00ie[1].htaTrojan.Dropper文件不操作C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KH2ZCXEB\受感染C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KH2ZCXEB\清除文件中的病毒隔离受感染的文件实时扫描 2006-4-4 18:58zasd[1].htaDownloader.Trojan文件不操作C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OP0NKVOJ\受感染C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OP0NKVOJ\清除文件中的病毒隔离受感染的文件实时扫描 2006-4-4 18:58zasd[1].htaDownloader.Trojan文件隔离C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OP0NKVOJ\受感染隔离区清除文件中的病毒隔离受感染的文件实时扫描 2006-4-4 18:58zasd[1].htaDownloader.Trojan文件不操作C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\U9G7ALU1\受感染C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\U9G7ALU1\清除文件中的病毒隔离受感染的文件实时扫描
kdstz 初生襁褓狮帖子:16 注册: 2006-02-08 来自:

轩辕小聪卡卡技术团队帖子:8368 注册: 2006-01-09 来自:	发表于： 2006-05-06 17:17 \| 短消息资料字号：小中大 8楼安全模式下清空C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\文件夹的所有内容。为了这个重装系统？开玩笑
轩辕小聪卡卡技术团队帖子:8368 注册: 2006-01-09 来自:

kdstz 初生襁褓狮帖子:16 注册: 2006-02-08 来自:	发表于： 2006-05-06 17:17 \| 只看楼主短消息资料字号：小中大 9楼【回复“kdstz”的帖子】重发文件名病毒名称原始位置状态 zasd[1].htaDownloader.TrojanC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OP0NKVOJ\受感染 13083323[1].jpgTrojan Horse C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\DGK75LKH\受感染 ie[1].htaTrojan.Dropper C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CTARA70T\受感染 ie[1].htaTrojan.Dropper C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KH2ZCXEB\受感染 zasd[1].htaDownloader.TrojanC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OP0NKVOJ\受感染 zasd[1].htaDownloader.TrojanC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OP0NKVOJ\受感染 zasd[1].htaDownloader.TrojanC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\U9G7ALU1\受感染
kdstz 初生襁褓狮帖子:16 注册: 2006-02-08 来自:

kdstz 初生襁褓狮帖子:16 注册: 2006-02-08 来自:	发表于： 2006-05-06 17:19 \| 只看楼主短消息资料字号：小中大 10楼【回复“kdstz”的帖子】谢谢您了！！！！！！！！！
kdstz 初生襁褓狮帖子:16 注册: 2006-02-08 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT