帮我看日志 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛帮我看日志

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

帮我看日志

pgvjigijhogk 拙长孩提狮帖子:107 注册: 2005-08-29 来自:	发表于： 2006-01-07 10:05 \| 只看楼主短消息资料字号：小中大 1楼帮我看日志 Logfile of HijackThis v1.99.1 Scan saved at 10:02:55, on 2006-1-7 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lenovo\TimerService\LenovoTimer.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Lenovo\Legend Standard Keyboard\skdaemon.exe C:\Program Files\NewRemoteControl\NewRmtService.exe C:\Program Files\Lenovo\TimerService\TimerClient.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Lenovo\RemoteControlCenter\ControlCenter.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\LocalService.NT AUTHORITY\My Documents\HijackThis.exe R3 - Default URLSearchHook is missing O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v10.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SKDaemon] C:\Program Files\Lenovo\Legend Standard Keyboard\skdaemon.exe O4 - HKLM\..\Run: [NewRmtService ] C:\Program Files\NewRemoteControl\NewRmtService.exe O4 - HKLM\..\Run: [TimerClient.exe] "C:\Program Files\Lenovo\TimerService\TimerClient.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ControlCenter.exe] "C:\Program Files\Lenovo\RemoteControlCenter\ControlCenter.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm O8 - Extra context menu item: 使用超级解霸播放 - E:\1\MPURLGET.HTM O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: 江民在线杀毒 - {06926B30-424E-4f1c-8EE3-543CD96573DC} - http://online.jiangmin.com/online.asp (file missing) O9 - Extra button: 豪杰超级解霸9 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - E:\1\STHSDVD.EXE O9 - Extra 'Tools' menuitem: 豪杰超级解霸9 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - E:\1\STHSDVD.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com O16 - DPF: _{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4613/mcfscan.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (趋势科技在线扫毒程序) - http://www.trendmicro.com.cn/housecall/xscan53.cab O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/shared/McMySec/en-us/1,0,0,2/mcmysec.cab O16 - DPF: {EF6205C1-3F17-4829-BCB5-1336ED89E356} - http://club.jiangmin.com/kvscan/KvDown.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LenovoTimerService - Unknown owner - C:\Program Files\Lenovo\TimerService\LenovoTimer.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus 自动防护服务 (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\3\WinStylerThemeSvc.exe 有问题吗 2006-02-03 01:08:36
pgvjigijhogk 拙长孩提狮帖子:107 注册: 2005-08-29 来自:	分享到：

魔法学徒卡卡技术团队帖子:11465 注册: 2004-10-03 来自:	发表于： 2006-01-07 12:35 \| 短消息资料字号：小中大 2楼您有什么问题？
魔法学徒卡卡技术团队帖子:11465 注册: 2004-10-03 来自:

pgvjigijhogk 拙长孩提狮帖子:107 注册: 2005-08-29 来自:	发表于： 2006-02-02 22:41 \| 只看楼主短消息资料字号：小中大 3楼 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP170\A0042904.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP171\A0042964.dll/YDTMain.exe 感染：Trojan-Downloader.Win32.Agent.pm 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP171\A0042964.dll/ydtmain.dll 感染：Trojan-Downloader.Win32.Agent.pm 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP171\A0042964.dll CAB: 被感染 - 2 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP171\A0042972.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP171\A0042980.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP171\A0042995.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP172\A0043005.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP180\A0043291.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP180\A0043302.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP181\A0043336.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP182\A0043366.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP183\A0043390.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP183\A0043398.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP184\A0043421.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP184\A0043448.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP184\A0044470.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP185\A0044500.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP185\A0044516.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP186\A0044541.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP186\A0044549.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP186\A0044565.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP186\A0044575.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP187\A0045586.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP187\A0046586.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP187\A0046597.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP187\A0046603.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP187\A0046610.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP187\A0046626.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP188\A0047620.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP189\A0047634.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP189\A0047684.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP189\A0047697.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP190\A0047715.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP190\A0047729.dll 感染：Trojan-Downloader.Win32.Small.bme 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP191\A0047810.dll/YDTMain.exe 感染：Trojan-Downloader.Win32.Agent.pm 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP191\A0047810.dll/ydtmain.dll 感染：Trojan-Downloader.Win32.Agent.pm 跳过 C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP191\A0047810.dll CAB: 被感染 - 2 跳过我用卡巴在线扫毒查了一次，这个绝对是关了系统还原的，我是在系统还原的设置中/所有硬盘上关闭系统还原前打勾以后扫描的，为什么还有病毒呢？系统还原文件夹不是在关闭后清空了吗？
pgvjigijhogk 拙长孩提狮帖子:107 注册: 2005-08-29 来自:

魔法学徒卡卡技术团队帖子:11465 注册: 2004-10-03 来自:	发表于： 2006-02-03 01:08 \| 短消息资料字号：小中大 4楼日志显示您的系统还原文件夹并未清空您确定已关闭系统还原的话，可以进入C:\System Volume Information手动删除里面的所有文件
魔法学徒卡卡技术团队帖子:11465 注册: 2004-10-03 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT