【求助】电脑是不是中了rootkit病毒? - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛【求助】电脑是不是中了rootkit病毒?

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第四十七次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

【求助】电脑是不是中了rootkit病毒?

网络笨羊初生襁褓狮帖子:740 注册: 2005-11-05 来自:	发表于： 2005-11-18 10:00 \| 只看楼主短消息资料字号：小中大 1楼【求助】电脑是不是中了rootkit病毒? 我的电脑是不是中了ＲＯＯＴＫＩＴ？下面是我用ＲＯＯＴＫＩＴＲＥＶＥＡＬ．ＥＸＥ扫描的日志．请哪位看看，有没有问题？ 2005-11-18 12:08:22
网络笨羊初生襁褓狮帖子:740 注册: 2005-11-05 来自:	分享到：

网络笨羊初生襁褓狮帖子:740 注册: 2005-11-05 来自:	发表于： 2005-11-18 10:01 \| 只看楼主短消息资料字号：小中大 2楼日志: C:\Documents and Settings\Bluewater\Application Data\Kingsoft\PowerWord2005-11-17 21:500 bytesHidden from Windows API. C:\Documents and Settings\Bluewater\Application Data\Kingsoft\PowerWord\UserDict2005-11-17 21:500 bytesHidden from Windows API. C:\Documents and Settings\Bluewater\Application Data\Microsoft\Speech2005-11-17 21:500 bytesHidden from Windows API. C:\Documents and Settings\Bluewater\Application Data\Microsoft\Speech\Files2005-11-17 21:500 bytesHidden from Windows API. C:\Documents and Settings\Bluewater\Application Data\Microsoft\Speech\Files\UserLexicons2005-11-17 21:500 bytesHidden from Windows API. C:\Documents and Settings\Bluewater\Application Data\Microsoft\Speech\Files\UserLexicons\SP_DEDAAEFC9782454699780984CF00E000.dat2005-11-17 21:50940 bytesHidden from Windows API. C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\DIAXNLVV\sysinternals[1].htm2005-11-17 21:5212.36 KBHidden from Windows API. C:\Documents and Settings\Bluewater\Local Settings\Temporary I
网络笨羊初生襁褓狮帖子:740 注册: 2005-11-05 来自:

网络笨羊初生襁褓狮帖子:740 注册: 2005-11-05 来自:	发表于： 2005-11-18 10:03 \| 只看楼主短消息资料字号：小中大 3楼对不起,前面的日志贴得不完整,这个才是完整的: HKLM\SOFTWARE\Classes\\shellex\ContextMenuHandlers\ 2005-11-16 12:23 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\\shellex\ContextMenuHandlers\ 2005-8-18 9:20 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\BDATuner. 2005-9-18 22:18 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\BDATuner. 2005-9-18 22:18 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\Save 2005-8-18 9:20 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-9-18 22:58 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:20 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:20 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:20 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:20 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:20 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:20 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:20 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:20 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:20 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:20 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:20 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:20 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:20 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:20 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Classes\ 2005-8-18 9:22 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Lenovo\ 2005-9-18 17:28 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Lenovo\ 2005-9-18 17:21 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Lenovo\ 2005-9-18 17:34 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Lenovo\ 2005-9-18 17:07 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Lenovo\ 2005-8-18 10:00 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Lenovo\ 2005-9-18 17:05 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^ 2005-11-17 11:33 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Adobe Photoshop 7.0 2005-9-25 0:02 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\ 2003-10-20 11:34 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Photoshop 7.0 2005-9-19 21:41 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed 2005-11-17 21:21 4 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful 2005-11-17 21:21 4 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\ODBC\ODBCINST.INI\Conversor de p 2005-9-18 17:24 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\ODBC\ODBCINST.INI\MS Code Page- 2005-9-18 17:24 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\Ulead Systems\ 2005-9-18 17:33 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\YingSoft\YingInstall\http://www.mmsk.cn\ 2005-11-17 11:33 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\ 2005-8-18 9:31 0 bytes Key name contains embedded nulls () HKLM\SOFTWARE\ 2005-8-18 10:01 0 bytes Key name contains embedded nulls () C:\Documents and Settings\Bluewater\Application Data\Kingsoft 2005-11-17 21:50 0 bytes Hidden from Windows API. C:\Documents and Settings\Bluewater\Application Data\Kingsoft\PowerWord 2005-11-17 21:50 0 bytes Hidden from Windows API. C:\Documents and Settings\Bluewater\Application Data\Kingsoft\PowerWord\UserDict 2005-11-17 21:50 0 bytes Hidden from Windows API. C:\Documents and Settings\Bluewater\Application Data\Microsoft\Speech 2005-11-17 21:50 0 bytes Hidden from Windows API. C:\Documents and Settings\Bluewater\Application Data\Microsoft\Speech\Files 2005-11-17 21:50 0 bytes Hidden from Windows API. C:\Documents and Settings\Bluewater\Application Data\Microsoft\Speech\Files\UserLexicons 2005-11-17 21:50 0 bytes Hidden from Windows API. C:\Documents and Settings\Bluewater\Application Data\Microsoft\Speech\Files\UserLexicons\SP_DEDAAEFC9782454699780984CF00E000.dat 2005-11-17 21:50 940 bytes Hidden from Windows API. C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\DIAXNLVV\sysinternals[1].htm 2005-11-17 21:52 12.36 KB Hidden from Windows API. C:\Documents and Settings\Bluewater\Local Settings\Temporary I
网络笨羊初生襁褓狮帖子:740 注册: 2005-11-05 来自:

BlackStone 叱咤花甲狮帖子:2616 注册: 2005-09-27 来自:	发表于： 2005-11-18 10:36 \| 短消息资料字号：小中大 4楼从日志上看没问题
BlackStone 叱咤花甲狮帖子:2616 注册: 2005-09-27 来自:

网络笨羊初生襁褓狮帖子:740 注册: 2005-11-05 来自:	发表于： 2005-11-18 10:49 \| 只看楼主短消息资料字号：小中大 5楼【回复“BlackStone”的帖子】 C:\Documents and Settings\Bluewater\Application Data\Kingsoft 2005-11-17 21:50 0 bytes Hidden from Windows API. C:\Documents and Settings\Bluewater\Application Data\Kingsoft\PowerWord 2005-11-17 21:50 0 bytes Hidden from Windows API. C:\Documents and Settings\Bluewater\Application Data\Kingsoft\PowerWord\UserDict 2005-11-17 21:50 0 bytes Hidden from Windows API. C:\Documents and Settings\Bluewater\Application Data\Microsoft\Speech 2005-11-17 21:50 0 bytes Hidden from Windows API. C:\Documents and Settings\Bluewater\Application Data\Microsoft\Speech\Files 2005-11-17 21:50 0 bytes Hidden from Windows API. C:\Documents and Settings\Bluewater\Application Data\Microsoft\Speech\Files\UserLexicons 2005-11-17 21:50 0 bytes Hidden from Windows API. C:\Documents and Settings\Bluewater\Application Data\Microsoft\Speech\Files\UserLexicons\SP_DEDAAEFC9782454699780984CF00E000.dat 2005-11-17 21:50 940 bytes Hidden from Windows API. C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\DIAXNLVV\sysinternals[1].htm 2005-11-17 21:52 12.36 KB Hidden from Windows API. 这几项是怎么回事?看不明白.哪位能指点一下?另外哪位斑竹或高手能撰文详细介绍一下,怎么识别有没有rootkit?
网络笨羊初生襁褓狮帖子:740 注册: 2005-11-05 来自:

BlackStone 叱咤花甲狮帖子:2616 注册: 2005-09-27 来自:	发表于： 2005-11-18 10:52 \| 短消息资料字号：小中大 6楼去作者社区看看 http://www.sysinternals.com/forum/forum_topics.asp?FID=15
BlackStone 叱咤花甲狮帖子:2616 注册: 2005-09-27 来自:

网络笨羊初生襁褓狮帖子:740 注册: 2005-11-05 来自:	发表于： 2005-11-18 11:02 \| 只看楼主短消息资料字号：小中大 7楼【回复“BlackStone”的帖子】不好意思啊!刚刚上了你推荐的网站,可那是个英文站点啊老兄!我的英文还没到那个水平啊!能不能把相关文章翻译一下呢?拜托了!我想许多人肯定和我一样的!帮帮忙啊!先谢谢你了!
网络笨羊初生襁褓狮帖子:740 注册: 2005-11-05 来自:

网络笨羊初生襁褓狮帖子:740 注册: 2005-11-05 来自:	发表于： 2005-11-18 12:08 \| 只看楼主短消息资料字号：小中大 8楼有没有哪位高手详细说明的?
网络笨羊初生襁褓狮帖子:740 注册: 2005-11-05 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT