是病毒吗?为什么会这样!!! - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛是病毒吗?为什么会这样!!!

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

是病毒吗?为什么会这样!!!

色彩泥土初生襁褓狮帖子:2 注册: 2006-02-27 来自:	发表于： 2006-02-27 23:51 \| 只看楼主短消息资料字号：小中大 1楼是病毒吗?为什么会这样!!! sorry,我不是现瑞星用户，不过我想这论坛有高手 ------------------------------------------------------------------------- 我现在不能关机，否则就不能上网！又要ghost了：（如果你们需要什么数据，告诉我方法，我传上来，另外卡巴不能用了！它告诉我可能染毒了！请版主帮忙分析!!! ------------------------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 22:32:58, on 2006-2-27 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\System32\svchost.exe C:\WINDOWS.0\Explorer.EXE C:\WINDOWS.0\system32\spoolsv.exe C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe C:\WINDOWS.0\VM_STI.EXE C:\Program Files\木马杀客\mmsk.exe C:\WINDOWS.0\system32\ctfmon.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\Palm\HOTSYNC.EXE C:\WINDOWS.0\MWW32\MANAGER\MWMDMSVC.EXE C:\WINDOWS.0\MWW32\MANAGER\MWSSW32.EXE C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\wuauclt.exe C:\Program Files\Maxthon\maxthon.exe C:\Documents and Settings\Administrator\桌面\HijackThis.exe O1 - Hosts: 207.142.131.239 wikipedia.org O1 - Hosts: 207.142.131.239 www.wikipedia.org O1 - Hosts: 207.142.131.239 ar.wikipedia.org O1 - Hosts: 207.142.131.239 ca.wikipedia.org O1 - Hosts: 207.142.131.239 cs.wikipedia.org O1 - Hosts: 207.142.131.239 da.wikipedia.org O1 - Hosts: 207.142.131.239 de.wikipedia.org O1 - Hosts: 207.142.131.239 en.wikipedia.org O1 - Hosts: 207.142.131.239 eo.wikipedia.org O1 - Hosts: 207.142.131.239 es.wikipedia.org O1 - Hosts: 207.142.131.239 fi.wikipedia.org O1 - Hosts: 207.142.131.239 fr.wikipedia.org O1 - Hosts: 207.142.131.239 he.wikipedia.org O1 - Hosts: 207.142.131.239 hu.wikipedia.org O1 - Hosts: 207.142.131.239 it.wikipedia.org O1 - Hosts: 207.142.131.239 ja.wikipedia.org O1 - Hosts: 207.142.131.239 ko.wikipedia.org O1 - Hosts: 207.142.131.239 nl.wikipedia.org O1 - Hosts: 207.142.131.239 no.wikipedia.org O1 - Hosts: 207.142.131.239 pl.wikipedia.org O1 - Hosts: 207.142.131.239 pt.wikipedia.org O1 - Hosts: 207.142.131.239 ro.wikipedia.org O1 - Hosts: 207.142.131.239 ru.wikipedia.org O1 - Hosts: 207.142.131.239 sk.wikipedia.org O1 - Hosts: 207.142.131.239 sl.wikipedia.org O1 - Hosts: 207.142.131.239 sq.wikipedia.org O1 - Hosts: 207.142.131.239 sv.wikipedia.org O1 - Hosts: 207.142.131.239 zh.wikipedia.org O1 - Hosts: 207.142.131.239 simple.wikipedia.org O1 - Hosts: 207.142.131.239 sep11.wikipedia.org O1 - Hosts: 207.142.131.239 species.wikipedia.org O1 - Hosts: 207.142.131.239 wikibooks.org O1 - Hosts: 207.142.131.239 www.wikibooks.org O1 - Hosts: 207.142.131.239 ar.wikibooks.org O1 - Hosts: 207.142.131.239 ca.wikibooks.org O1 - Hosts: 207.142.131.239 cs.wikibooks.org O1 - Hosts: 207.142.131.239 da.wikibooks.org O1 - Hosts: 207.142.131.239 de.wikibooks.org O1 - Hosts: 207.142.131.239 en.wikibooks.org O1 - Hosts: 207.142.131.239 eo.wikibooks.org O1 - Hosts: 207.142.131.239 es.wikibooks.org O1 - Hosts: 207.142.131.239 fi.wikibooks.org O1 - Hosts: 207.142.131.239 fr.wikibooks.org O1 - Hosts: 207.142.131.239 he.wikibooks.org O1 - Hosts: 207.142.131.239 hu.wikibooks.org O1 - Hosts: 207.142.131.239 it.wikibooks.org O1 - Hosts: 207.142.131.239 ja.wikibooks.org O1 - Hosts: 207.142.131.239 ko.wikibooks.org O1 - Hosts: 207.142.131.239 nl.wikibooks.org O1 - Hosts: 207.142.131.239 no.wikibooks.org O1 - Hosts: 207.142.131.239 pl.wikibooks.org O1 - Hosts: 207.142.131.239 pt.wikibooks.org O1 - Hosts: 207.142.131.239 ro.wikibooks.org O1 - Hosts: 207.142.131.239 ru.wikibooks.org O1 - Hosts: 207.142.131.239 sk.wikibooks.org O1 - Hosts: 207.142.131.239 sl.wikibooks.org O1 - Hosts: 207.142.131.239 sq.wikibooks.org O1 - Hosts: 207.142.131.239 sv.wikibooks.org O1 - Hosts: 207.142.131.239 zh.wikibooks.org O1 - Hosts: 207.142.131.239 wikinews.org O1 - Hosts: 207.142.131.239 www.wikinews.org O1 - Hosts: 207.142.131.239 ar.wikinews.org O1 - Hosts: 207.142.131.239 ca.wikinews.org O1 - Hosts: 207.142.131.239 cs.wikinews.org O1 - Hosts: 207.142.131.239 da.wikinews.org O1 - Hosts: 207.142.131.239 de.wikinews.org O1 - Hosts: 207.142.131.239 en.wikinews.org O1 - Hosts: 207.142.131.239 eo.wikinews.org O1 - Hosts: 207.142.131.239 es.wikinews.org O1 - Hosts: 207.142.131.239 fi.wikinews.org O1 - Hosts: 207.142.131.239 fr.wikinews.org O1 - Hosts: 207.142.131.239 he.wikinews.org O1 - Hosts: 207.142.131.239 hu.wikinews.org O1 - Hosts: 207.142.131.239 it.wikinews.org O1 - Hosts: 207.142.131.239 ja.wikinews.org O1 - Hosts: 207.142.131.239 ko.wikinews.org O1 - Hosts: 207.142.131.239 nl.wikinews.org O1 - Hosts: 207.142.131.239 no.wikinews.org O1 - Hosts: 207.142.131.239 pl.wikinews.org O1 - Hosts: 207.142.131.239 pt.wikinews.org O1 - Hosts: 207.142.131.239 ro.wikinews.org O1 - Hosts: 207.142.131.239 ru.wikinews.org O1 - Hosts: 207.142.131.239 sk.wikinews.org O1 - Hosts: 207.142.131.239 sl.wikinews.org O1 - Hosts: 207.142.131.239 sq.wikinews.org O1 - Hosts: 207.142.131.239 sv.wikinews.org O1 - Hosts: 207.142.131.239 zh.wikinews.org O1 - Hosts: 207.142.131.239 wikiquote.org O1 - Hosts: 207.142.131.239 www.wikiquote.org O1 - Hosts: 207.142.131.239 ar.wikiquote.org O1 - Hosts: 207.142.131.239 ca.wikiquote.org O1 - Hosts: 207.142.131.239 cs.wikiquote.org O1 - Hosts: 207.142.131.239 da.wikiquote.org O1 - Hosts: 207.142.131.239 de.wikiquote.org O1 - Hosts: 207.142.131.239 en.wikiquote.org O1 - Hosts: 207.142.131.239 eo.wikiquote.org O1 - Hosts: 207.142.131.239 es.wikiquote.org O1 - Hosts: 207.142.131.239 fi.wikiquote.org O1 - Hosts: 207.142.131.239 fr.wikiquote.org O1 - Hosts: 207.142.131.239 he.wikiquote.org O1 - Hosts: 207.142.131.239 hu.wikiquote.org O2 - BH ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS.0\system32\xunleibho_v13.dll O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti O4 - HKLM\..\Run: [Modem Update Reminder] C:\WINDOWS.0\MWW32\manager\mwremind.exe autorun O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS.0\VM_STI.EXE Teclast WE PC Camera O4 - HKLM\..\Run: [mmsk] C:\Program Files\木马杀客\mmsk.exe O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe O4 - HKLM\..\RunServices: [mmsk] C:\Program Files\木马杀客\mmsk.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe O4 - Global Startup: ThinkPad Modem Copyright.lnk = C:\WINDOWS.0\MWW32\manager\mwcpyrt.exe O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm O15 - Trusted Zone: http://www.icbc.com.cn O17 - HKLM\System\CCS\Services\Tcpip\..\{EAA440B5-5D46-4BB1-BB82-DCF2D8FD7FBA}: NameServer = 202.96.128.86,61.144.56.101 O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe O23 - Service: ThinkPad Modem Service (ThinkPadModemService) - IBM Corporation - C:\WINDOWS.0\MWW32\MANAGER\MWMDMSVC.EXE 谢谢了附件: 文件名:6654642006227235110.JPG 下载次数:239 文件类型:image/pjpeg 文件大小: 上传时间:2006-2-27 23:51:10 描述: 2006-02-28 07:54:53
色彩泥土初生襁褓狮帖子:2 注册: 2006-02-27 来自:	分享到：

色彩泥土初生襁褓狮帖子:2 注册: 2006-02-27 来自:	发表于： 2006-02-27 23:56 \| 只看楼主短消息资料字号：小中大 2楼谢谢,我关机后开机会断开网络连接，我用ghost恢复！开机上网又是这样！我想问是不是中了什么新的病毒？用ghost恢复几次后上网都是这样！卡巴被kill了！（可启动可程序不能用）开机后ip为127.0.0.1,发送接收都为0 附图（是模拟的）附件: 文件名:6654642006227235644.JPG 下载次数:237 文件类型:image/pjpeg 文件大小: 上传时间:2006-2-27 23:56:44 描述:
色彩泥土初生襁褓狮帖子:2 注册: 2006-02-27 来自:

小小杯垫初生襁褓狮帖子:29 注册: 2006-02-27 来自:	发表于： 2006-02-28 01:17 \| 短消息资料字号：小中大 3楼 C:\Program Files\Palm\HOTSYNC.EXE C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe 这两个是什么程序来的?有可疑哦~~~
小小杯垫初生襁褓狮帖子:29 注册: 2006-02-27 来自:

南宫古竑自信弱冠狮帖子:450 注册: 2005-12-16 来自:	发表于： 2006-02-28 02:13 \| 短消息资料字号：小中大 4楼进程文件： DvzIncMsgr or DvzIncMsgr.exe 进程名称： DataViz Messenger 进程类别：存在安全风险的进程英文描述： DvzIncMsgr.exe is a process associated with Documents To Go from DataViz Inc. Documents To Go is a document management solution for Symbian and Palm OS. 中文参考：对不起，暂时没有中文参考！出品者：DataViz Inc 属于：DataViz Documents To Go 系统进程：No 后台程序：No 网络相关：Yes 常见错误：N/A 内存使用：N/A 安全等级 (0-5): 0 间谍软件：No 广告软件：No 病毒：No 木马：No 进程文件： hotsync or hotsync.exe 进程名称： HotSync Manager 进程类别：存在安全风险的进程英文描述： hotsync.exe is a process which is deals with the Synchronisation of Palm-based PDAs to your computer. Set to start automatically, this application is always resident by default and should not be disabled where regular use of the PocketPC is concerned. 中文参考： hotsync.exe是Palm掌上电脑与电脑PC同步程序。出品者：Palm Inc. 属于：Palm Inc. 系统进程：No 后台程序：Yes 网络相关：No 常见错误：N/A 内存使用：N/A 安全等级 (0-5): 0 间谍软件：No 广告软件：No 病毒：No 木马：No （网上收集）
南宫古竑自信弱冠狮帖子:450 注册: 2005-12-16 来自:

南宫古竑自信弱冠狮帖子:450 注册: 2005-12-16 来自:	发表于： 2006-02-28 02:14 \| 短消息资料字号：小中大 5楼瑞星建个进程数据库就好了。
南宫古竑自信弱冠狮帖子:450 注册: 2005-12-16 来自:

读来毒网飘泊而立狮帖子:610 注册: 2004-04-18 来自:	发表于： 2006-02-28 02:18 \| 短消息资料字号：小中大 6楼修复所有01项
读来毒网飘泊而立狮帖子:610 注册: 2004-04-18 来自:

不言放弃社区嘉宾帖子:30678 注册: 2004-09-17 来自:蓝色星球	发表于： 2006-02-28 07:54 \| 短消息资料字号：小中大 7楼修复所有的01项另外不知TCPIP协议及系统SOCK是否受到破坏建议向网络提供商咨询一下不知是否存在网络不通这种情况
不言放弃社区嘉宾帖子:30678 注册: 2004-09-17 来自:蓝色星球

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT