我无邪在吗？帮忙看下日志谢谢了！ - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛我无邪在吗？帮忙看下日志谢谢了！

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

我无邪在吗？帮忙看下日志谢谢了！

白光虎001 初生襁褓狮帖子:66 注册: 2006-06-03 来自:	发表于： 2006-10-14 17:50 \| 只看楼主短消息资料字号：小中大 1楼我无邪在吗？帮忙看下日志谢谢了！刚才扫描发现了30多个 Trojan.PSW.Misc.kfc 病毒。怎么回事啊？Logfile of HijackThis v1.99.1 Scan saved at 17:36:36, on 2006-10-14 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\Program Files\Rising\Rav\Ravmond.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Rising\Rav\RavStub.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Rising\Rav\RavTask.exe C:\Program Files\Internet Explorer\explorer.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Rising\Rav\RsAgent.exe C:\WINDOWS\msagent\AgentSvr.exe C:\DOCUME~1\clp\LOCALS~1\Temp\0.exe C:\WINDOWS\System32\conime.exe C:\Program Files\INTERNET EXPLORER\IEXPLORE.EXE C:\Program Files\Tencent\QQ\TIMPlatform.exe C:\Program Files\Rising\Rav\RsLogVw.exe E:\工具\HijackThis.exe F3 - REG:win.ini: load=C:\WINDOWS\rundl132.exe O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FLASHGET\jccatch.dll O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FLASHGET\getflash.dll O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKLM\..\Run: [msmsgs] C:\Program Files\Internet Explorer\explorer.exe O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O14 - IERESET.INF: START_PAGE_URL=about:blank O17 - HKLM\System\CCS\Services\Tcpip\..\{5F43CCD2-D021-44BA-8DF0-94AF816BE9FC}: NameServer = 221.98.192.3,61.233.65.3 O23 - Service: ELSA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 2006-10-14 18:11:21
白光虎001 初生襁褓狮帖子:66 注册: 2006-06-03 来自:	分享到：

白光虎001 初生襁褓狮帖子:66 注册: 2006-06-03 来自:	发表于： 2006-10-14 17:53 \| 只看楼主短消息资料字号：小中大 2楼 QQ的快捷方式也打不开了
白光虎001 初生襁褓狮帖子:66 注册: 2006-06-03 来自:

轩辕小聪卡卡技术团队帖子:8368 注册: 2006-01-09 来自:	发表于： 2006-10-14 17:58 \| 短消息资料字号：小中大 3楼结束进程C:\DOCUME~1\clp\LOCALS~1\Temp\0.exe 修复： F3 - REG:win.ini: load=C:\WINDOWS\rundl132.exe O4 - HKLM\..\Run: [msmsgs] C:\Program Files\Internet Explorer\explorer.exe 找到C:\WINDOWS\rundl132.exe，发到http://www.virustotal.com/en/indexf.html检测一下是什么病毒（希望不是威金……）删除： C:\WINDOWS\rundl132.exe C:\Program Files\Internet Explorer\explorer.exe 安全模式下清空C:\DOCUME~1\clp\LOCALS~1\Temp文件夹。
轩辕小聪卡卡技术团队帖子:8368 注册: 2006-01-09 来自:

白光虎001 初生襁褓狮帖子:66 注册: 2006-06-03 来自:	发表于： 2006-10-14 18:08 \| 只看楼主短消息资料字号：小中大 4楼谢谢了
白光虎001 初生襁褓狮帖子:66 注册: 2006-06-03 来自:

白光虎001 初生襁褓狮帖子:66 注册: 2006-06-03 来自:	发表于： 2006-10-14 18:17 \| 只看楼主短消息资料字号：小中大 5楼检测结果 Antivirus Version Update Result AntiVir 7.2.0.30 10.13.2006 TR/Philis.A Authentium 4.93.8 10.13.2006 no virus found Avast 4.7.892.0 10.13.2006 Win32:Delf-BTL AVG 386 10.13.2006 no virus found BitDefender 7.2 10.14.2006 Dropped:Trojan.Philis.A CAT-QuickHeal 8.00 10.14.2006 (Suspicious) - DNAScan ClamAV devel-20060426 10.13.2006 no virus found DrWeb 4.33 10.14.2006 Win32.HLLW.Gavir.38 eTrust-InoculateIT 23.73.22 10.13.2006 Win32/Looked.Variant!DLL!Worm eTrust-Vet 30.3.3131 10.13.2006 Win32/Lineage!generic Ewido 4.0 10.13.2006 Worm.Viking.bb Fortinet 2.82.0.0 10.14.2006 suspicious F-Prot 3.16f 10.13.2006 no virus found F-Prot4 4.2.1.29 10.13.2006 no virus found Ikarus 0.2.65.0 10.13.2006 no virus found Kaspersky 4.0.2.24 10.14.2006 Worm.Win32.Viking.bb McAfee 4873 10.13.2006 no virus found Microsoft 1.1603 10.14.2006 no virus found NOD32v2 1.1803 10.13.2006 Win32/Viking.BJ Norman 5.80.02 10.13.2006 W32/Suspicious_U.gen Panda 9.0.0.4 10.14.2006 Suspicious file Sophos 4.10.0 10.13.2006 Mal/Packer TheHacker 6.0.1.098 10.14.2006 no virus found UNA 1.83 10.13.2006 no virus found VBA32 3.11.1 10.13.2006 suspected of Embedded.Worm.Win32.Viking.BD VirusBuster 4.3.7:9 10.13.2006 no virus found Aditional Information File size: 33925 bytes
白光虎001 初生襁褓狮帖子:66 注册: 2006-06-03 来自:

不想一个人玩初生襁褓狮帖子:378 注册: 2006-09-22 来自:	发表于： 2006-10-14 18:19 \| 短消息资料字号：小中大 6楼 C:\WINDOWS\rundl132.exe 凶多吉少了...
不想一个人玩初生襁褓狮帖子:378 注册: 2006-09-22 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT