请帮我看看有没有问题！谢了 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛请帮我看看有没有问题！谢了

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

请帮我看看有没有问题！谢了

yang330924 初生襁褓狮帖子:14 注册: 2005-12-01 来自:	发表于： 2006-01-09 16:31 \| 显示全部短消息资料字号：小中大 1楼请帮我看看有没有问题！谢了日志如下： Logfile of HijackThis v1.99.1 Scan saved at 16:27:49, on 2006-1-9 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\KAV5\KAVSvc.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\Rundll32.exe C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe C:\WINNT\system32\rundll32.exe C:\KAV5\KAVSvcUI.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINNT\system32\msucom.exe C:\Program Files\SkyNet\FireWall\pfw.exe C:\WINNT\system32\internat.exe C:\WINNT\RTHDCPL.EXE C:\Program Files\Chinanet\VnetClient.exe C:\WINNT\system32\wuauclt.exe E:\ske\TrojanAssistant.exe E:\QQ\QQ.exe E:\QQ\TIMPlatform.exe E:\QQ\qqpet\qqpet.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\yy\LOCALS~1\Temp\Rar$EX00.187\HijackThis.exe O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\System32\xunleibho_v8.dll O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\downlo~1\CnsHook.dll O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: 金山毒霸 - {A9BE2902-C447-420A-BB7F-A5DE921E6138} - C:\KAV5\KAIEPlus.DLL O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [KAVRun] C:\KAV5\KAVRun.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [objupdate] C:\WINNT\system32\msucom.exe O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\Program Files\SkyNet\FireWall\pfw.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [helper.dll] C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32 O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINNT\downlo~1\CnsMin.dll,Rundll32 O4 - HKCU\..\Run: [Internat.exe] internat.exe O8 - Extra context menu item: &使用迅雷下载 - E:\Thunder\geturl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\Thunder\getallurl.htm O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\QQ\AddToNetDisk.htm O8 - Extra context menu item: 添加到QQ自定义面板 - E:\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - E:\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\QQ\SendMMS.htm O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246 O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing) O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing) O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=?allyesPara=816 (file missing) O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/?source=Cns (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing) O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing) O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing) O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing) O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing) O11 - Options group: [!CNS] 上网助手-地址栏搜索 O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/aliedit.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136284196062 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136304503125 O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect.shaiya.com/nProtect/KeyCrypt/npkcx.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{92F2088F-1838-433B-9E81-B5E8F8BF8A47}: NameServer = 218.2.135.1 61.147.37.1 O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Kingsoft AntiVirus Service (KAVSvc) - kingsoft Antivirus - C:\KAV5\KAVSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe 2006-01-09 17:46:04
yang330924 初生襁褓狮帖子:14 注册: 2005-12-01 来自:	分享到：

yang330924 初生襁褓狮帖子:14 注册: 2005-12-01 来自:	发表于： 2006-01-09 17:08 \| 显示全部短消息资料字号：小中大 2楼 This is a report processed by VirusTotal on 01/09/2006 at 10:07:13 (CET) after scanning the file "msucom.exe" file. Antivirus Version Update Result AntiVir 6.33.0.75 01.06.2006 no virus found Avast 4.6.695.0 01.06.2006 no virus found AVG 718 01.06.2006 no virus found Avira 6.33.0.75 01.06.2006 no virus found BitDefender 7.2 01.09.2006 BehavesLike:Win32.Backdoor CAT-QuickHeal 8.00 01.05.2006 (Suspicious) - DNAScan ClamAV devel-20051123 01.08.2006 no virus found DrWeb 4.33 01.09.2006 no virus found eTrust-Iris 7.1.194.0 01.08.2006 no virus found eTrust-Vet 12.4.1.0 01.09.2006 no virus found Ewido 3.5 01.08.2006 Proxy.Daemonize.bv Fortinet 2.54.0.0 01.07.2006 W32/Daemonize.BV!tr F-Prot 3.16c 01.07.2006 could be infected with an unknown virus Ikarus 0.2.59.0 01.09.2006 Backdoor.Win32.Rbot.GEN Kaspersky 4.0.2.24 01.09.2006 Trojan-Proxy.Win32.Daemonize.bv McAfee 4669 01.06.2006 Proxy-Daemonize NOD32v2 1.1356 01.08.2006 probably unknown NewHeur_PE virus Norman 5.70.10 01.06.2006 no virus found Panda 9.0.0.4 01.08.2006 Trj/Moli.DA Sophos 4.01.0 01.09.2006 Troj/Daemoni-T Symantec 8.0 01.09.2006 no virus found TheHacker 5.9.2.070 01.09.2006 no virus found UNA 1.83 01.08.2006 no virus found VBA32 3.10.5 01.08.2006 Backdoor.Win32.Rbot.gen VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.> Go to: Home Contact En español -------------------------------------------------------------------------------- www.virustotal.com :: ©Hispasec Sistemas 2004,05 :: e-mail info@virustotal.com
yang330924 初生襁褓狮帖子:14 注册: 2005-12-01 来自:

yang330924 初生襁褓狮帖子:14 注册: 2005-12-01 来自:	发表于： 2006-01-09 17:11 \| 显示全部短消息资料字号：小中大 3楼这是第一个，我就觉得那个文件不对，以前没见过这个文件！呵呵~我是菜鸟。
yang330924 初生襁褓狮帖子:14 注册: 2005-12-01 来自:

yang330924 初生襁褓狮帖子:14 注册: 2005-12-01 来自:	发表于： 2006-01-09 17:12 \| 显示全部短消息资料字号：小中大 4楼第二个是 Service load: 0% 100% File: msucom.exe Status: INFECTED/MALWARE MD5 96856efee07f68146624eddcd9355e32 Packers detected: PACKMAN Scanner results AntiVir Found nothing ArcaVir Found Trojan.Small.Hp.D2 Avast Found nothing AVG Antivirus Found nothing BitDefender Found BehavesLike:Win32.Backdoor (probable variant) ClamAV Found nothing Dr.Web Found Program.3Proxy F-Prot Antivirus Found unknown virus (probable variant) Fortinet Found W32/Daemonize.BV!tr Kaspersky Anti-Virus Found Trojan-Proxy.Win32.Daemonize.bv NOD32 Found probably unknown NewHeur_PE (probable variant) Norman Virus Control Found Sandbox: W32/Malware; [ General information ] * File length: 51256 bytes. [ Changes to filesystem ] * Creates file C:\WINDOWS\SYSTEM32\msucom.exe. [ Changes to registry ] * Creates value "objupdate"="C:\WINDOWS\SYSTEM32\MSUCOM.EXE" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run". * Creates key "HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List". [ Security issues ] * Possible backdoor functionality [UNKNOWN] port 9018. [ Process/window information ] * Creates a mutex psoft32___wmtx. * Will automatically restart after boot (I'll be back...). UNA Found nothing VBA32 Found Backdoor.Win32.Rbot.gen
yang330924 初生襁褓狮帖子:14 注册: 2005-12-01 来自:

yang330924 初生襁褓狮帖子:14 注册: 2005-12-01 来自:	发表于： 2006-01-09 17:15 \| 显示全部短消息资料字号：小中大 5楼怎么上报？
yang330924 初生襁褓狮帖子:14 注册: 2005-12-01 来自:

yang330924 初生襁褓狮帖子:14 注册: 2005-12-01 来自:	发表于： 2006-01-09 17:29 \| 显示全部短消息资料字号：小中大 6楼上报好了，我重起了，那个注册表的键也删除了
yang330924 初生襁褓狮帖子:14 注册: 2005-12-01 来自:

yang330924 初生襁褓狮帖子:14 注册: 2005-12-01 来自:	发表于： 2006-01-09 17:46 \| 显示全部短消息资料字号：小中大 7楼刚才进安全模式时我全删掉了，你再等等看看谁会中这个再叫他发给你吧，哈哈哈哈，我反正是不想再来一次了哟！！HOHO~~ 天使之剑谢啦现在注册表里也没有那个键了，应该没问题了
yang330924 初生襁褓狮帖子:14 注册: 2005-12-01 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT