请高手帮我 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛请高手帮我

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第四十七次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

3 / 4 页

跳转页

请高手帮我

天使之剑社区嘉宾帖子:2961 注册: 2005-09-15 来自:	发表于： 2005-09-15 14:16 \| 短消息资料字号：小中大 21楼【回复“hu888”的帖子】是不是要求您进行什么注册？搜索注册表，看看有没有关于abc.265.com的项目。有的话删除。另外建议打开HijackThis的混合工具箱，将启动列表全部贴上来。
天使之剑社区嘉宾帖子:2961 注册: 2005-09-15 来自:

hu888 拙长孩提狮帖子:96 注册: 2005-05-19 来自:金华	发表于： 2005-09-15 16:55 \| 只看楼主短消息资料字号：小中大 22楼怎样搜注册表?昨天已经按要求在注册表里把abc.265.com删掉了, 启动项报告： 2005-9-15, 16:44:23 启动项扫描器版本： 1.52.2 开始于： F:\4483172005322235527\HijackThis1991汉化版\HijackThis1991zww.EXE 系统检测： Windows XP SP2 (WinNT 5.01.2600) 系统检测： Internet Explorer v6.00 SP2 (6.00.2900.2180) * 使用默认选项 * 选择“列出全部(全面)”方式 ================================================== 当前运行的进程： C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRAM FILES\RISING\RAV\Ravmond.exe C:\PROGRAM FILES\RISING\RAV\RavStub.exe c:\program files\rising\rfw\rfwsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Rising\Rfw\rfwmain.exe C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Founder\FZ_Support\UpdTray.exe C:\PROGRA~1\RISING\RAV\RAVMON.EXE C:\Q2\Fahid.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE C:\Program Files\Founder\Emergency Center\Hotkey.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\阿里巴巴\贸易通\AliTalk.exe C:\Program Files\阿里巴巴\贸易通\AliTalk.exe C:\Program Files\阿里巴巴\贸易通\MultiMedia\AliViewer.exe C:\Program Files\Tencent\qq\QQ.exe C:\Program Files\Tencent\qq\QQ.exe C:\Program Files\Tencent\qq\TIMPlatform.exe C:\WINDOWS\System32\svchost.exe C:\Q2\PAD32.EXE C:\Program Files\Rising\Rav\RsAgent.exe C:\WINDOWS\msagent\AgentSvr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Q2\Fwrite32.exe C:\Q2\SMART32.EXE F:\4483172005322235527\HijackThis1991汉化版\HijackThis1991zww.exe -------------------------------------------------- 文件夹中的启动项 Shell folders Startup: [C:\Documents and Settings\dy\「开始」菜单\程序\启动] No files Shell folders AltStartup: Folder not found User shell folders Startup: Folder not found User shell folders AltStartup: Folder not found Shell folders Common Startup: [C:\Documents and Settings\All Users\「开始」菜单\程序\启动] No files Shell folders Common AltStartup: Folder not found User shell folders Common Startup: Folder not found User shell folders Alternate Common Startup: Folder not found -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] * 未找到相关注册表键值 * [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] * 未找到相关注册表键值 * [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] * 未找到相关注册表键值 * -------------------------------------------------- 注册表中的启动项: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SoundMan = SOUNDMAN.EXE RfwMain = "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup RavTimer = C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE IgfxTray = C:\WINDOWS\System32\igfxtray.exe HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe FZC = C:\Program Files\Founder\FZ_Support\UpdTray.exe RavMon = C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM Super Rabbit SRRestore = C:\Program Files\Super Rabbit\MagicSet\srrest.exe /autosave FAhid = C:\Q2\Fahid.exe -------------------------------------------------- 注册表中的启动项: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce * 未找到值 * -------------------------------------------------- 注册表中的启动项: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx * 未找到值 * -------------------------------------------------- 注册表中的启动项: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices * 未找到相关注册表键值 * -------------------------------------------------- 注册表中的启动项: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce * 未找到相关注册表键值 * -------------------------------------------------- 注册表中的启动项: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe -------------------------------------------------- 注册表中的启动项: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce * 未找到值 * -------------------------------------------------- 注册表中的启动项: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx * 未找到相关注册表键值 * -------------------------------------------------- 注册表中的启动项: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices * 未找到相关注册表键值 * -------------------------------------------------- 注册表中的启动项: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce * 未找到相关注册表键值 * -------------------------------------------------- 注册表中的启动项: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run * 未找到相关注册表键值 * -------------------------------------------------- 注册表中的启动项: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run * 未找到相关注册表键值 * -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] * 未找到值 * -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce No subkeys found -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx No subkeys found -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices * 未找到相关注册表键值 * -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce * 未找到相关注册表键值 * -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run No subkeys found -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce No subkeys found -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx * 未找到相关注册表键值 * -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices * 未找到相关注册表键值 * -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce * 未找到相关注册表键值 * -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run * 未找到相关注册表键值 * -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run * 未找到相关注册表键值 * --------------------------------------------------
hu888 拙长孩提狮帖子:96 注册: 2005-05-19 来自:金华

hu888 拙长孩提狮帖子:96 注册: 2005-05-19 来自:金华	发表于： 2005-09-15 16:57 \| 只看楼主短消息资料字号：小中大 23楼 -------------------------------------------------- 文件打开方式关联 for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (黙认) = "%1" %* -------------------------------------------------- 文件打开方式关联 for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (黙认) = "%1" %* -------------------------------------------------- 文件打开方式关联 for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (黙认) = "%1" %* -------------------------------------------------- 文件打开方式关联 for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (黙认) = "%1" %* -------------------------------------------------- 文件打开方式关联 for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (黙认) = "%1" /S -------------------------------------------------- 文件打开方式关联 for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (黙认) = C:\WINDOWS\System32\mshta.exe "%1" %* -------------------------------------------------- 文件打开方式关联 for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (黙认) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps * 未找到相关注册表键值 * -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=* 未找到INI相关项目值 * run=* 未找到INI相关项目值 * Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 * HKLM\..\Windows NT\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 * HKLM\..\Windows\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 * HKLM\..\Windows\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 * HKCU\..\Windows NT\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 * HKCU\..\Windows NT\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 * HKCU\..\Windows\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 * HKCU\..\Windows\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 * HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run= HKLM\..\Windows NT\CurrentVersion\Windows: load= HKLM\..\Windows NT\CurrentVersion\Windows: run= HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- 外壳扩展和屏幕保护程序的键值从 C:\WINDOWS\SYSTEM.INI: Shell=* 未找到INI相关项目值 * SCRNSAVE.EXE=* 未找到INI相关项目值 * drivers=* 未找到INI相关项目值 * 外壳扩展和屏幕保护程序的键值从注册表 Shell=Explorer.exe SCRNSAVE.EXE=* 未找到相关注册表键值 * drivers=* 未找到相关注册表键值 * Policies Shell key: HKCU\..\Policies: Shell=* 未找到相关注册表键值 * HKLM\..\Policies: Shell=* 未找到相关注册表键值 * -------------------------------------------------- 列举IE浏览器辅助对象(BHO模块): * 没有发现 BHO 模块 * -------------------------------------------------- 列举“计划任务”服务: bat dat.job -------------------------------------------------- 列举下载的程序文件： [DirectAnimation Java Classes] CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd [Microsoft XML Parser for Java] CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [KXHCM10 Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\kxhcm10.ocx CODEBASE = http://furari-miti.awa.jp/kxhcm10.ocx [WebActivater Control] InProcServer32 = C:\WINDOWS\System32\WEBACT~1.OCX CODEBASE = http://game.qq.com/QQGame2.cab [Office Update Installation Engine] InProcServer32 = C:\WINDOWS\opuc.dll CODEBASE = http://office.microsoft.com/officeupdate/content/opuc2.cab [WUWebControl Class] InProcServer32 = C:\WINDOWS\System32\wuweb.dll CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122456466031 [MUWebControl Class] InProcServer32 = C:\WINDOWS\System32\muweb.dll CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122507035984 [BL_Camera] InProcServer32 = C:\WINDOWS\DOWNLO~1\BL_CAM~1.OCX CODEBASE = http://gvshop.cmauto.com:8003/bl_camera.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash.OCX CODEBASE = file://D:\Herosoft\HeroV8\DVDSkin\defskin\HTML\swflash.cab -------------------------------------------------- 列举 Winsock LSP 文件： NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll Protocol #18: C:\WINDOWS\system32\mswsock.dll Protocol #19: C:\WINDOWS\system32\mswsock.dll Protocol #20: C:\WINDOWS\system32\mswsock.dll Protocol #21: C:\WINDOWS\system32\mswsock.dll Protocol #22: C:\WINDOWS\system32\mswsock.dll Protocol #23: C:\WINDOWS\system32\mswsock.dll Protocol #24: C:\WINDOWS\system32\mswsock.dll Protocol #25: C:\WINDOWS\system32\mswsock.dll Protocol #26: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: No scripts set to run Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: * 未找到相关注册表键值 * -------------------------------------------------- 列举 ShellServiceObjectDelayLoad 项目： PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- 注册表中的启动项: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run * 未找到相关注册表键值 * -------------------------------------------------- 注册表中的启动项: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run * 未找到相关注册表键值 * -------------------------------------------------- 报告完毕，共 15,197 字节报告生成用时：0.360秒 Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only
hu888 拙长孩提狮帖子:96 注册: 2005-05-19 来自:金华

天使之剑社区嘉宾帖子:2961 注册: 2005-09-15 来自:	发表于： 2005-09-15 17:22 \| 短消息资料字号：小中大 24楼【回复“hu888”的帖子】 C:\Q2\Fahid.exe这个您认识吗？
天使之剑社区嘉宾帖子:2961 注册: 2005-09-15 来自:

hu888 拙长孩提狮帖子:96 注册: 2005-05-19 来自:金华	发表于： 2005-09-15 20:25 \| 只看楼主短消息资料字号：小中大 25楼高手你们好,这个[C:\Q2\Fahid.exe]是联想的手写板,我不会其他的输入法,用它输入文字的,买电脑时一起买的,[www,265.com]这个问题是这半月内开始的,一开始时我还不注意,后来在网页的地址栏内输入搜索而常常跑到www.265.com网页去了呢?用百度搜索和Google搜索都可以搜到,谢谢,
hu888 拙长孩提狮帖子:96 注册: 2005-05-19 来自:金华

天使之剑社区嘉宾帖子:2961 注册: 2005-09-15 来自:	发表于： 2005-09-15 20:33 \| 短消息资料字号：小中大 26楼【回复“hu888”的帖子】请参考： http://community.rising.com.cn/Forum/msg_read.asp?FmID=67&SubjectID=4720648&page=1。
天使之剑社区嘉宾帖子:2961 注册: 2005-09-15 来自:

天使之剑社区嘉宾帖子:2961 注册: 2005-09-15 来自:	发表于： 2005-09-15 20:34 \| 短消息资料字号：小中大 27楼【回复“hu888”的帖子】也就是说请您卸载万能五笔。
天使之剑社区嘉宾帖子:2961 注册: 2005-09-15 来自:

hu888 拙长孩提狮帖子:96 注册: 2005-05-19 来自:金华	发表于： 2005-09-15 22:35 \| 只看楼主短消息资料字号：小中大 28楼我没有安装过万能五笔,这电脑我一人用,我用手写板的,有时用一下装在电脑上数字五笔,跟手机打字差不多.我把它也卸了,一搜网页,还不是到www.265.com去了
hu888 拙长孩提狮帖子:96 注册: 2005-05-19 来自:金华

hu888 拙长孩提狮帖子:96 注册: 2005-05-19 来自:金华	发表于： 2005-09-15 22:39 \| 只看楼主短消息资料字号：小中大 29楼如没有其他方法,我就下载Google工具栏用用,那也不烦人了,呵呵....
hu888 拙长孩提狮帖子:96 注册: 2005-05-19 来自:金华

hu888 拙长孩提狮帖子:96 注册: 2005-05-19 来自:金华	发表于： 2005-09-16 10:38 \| 只看楼主短消息资料字号：小中大 30楼 ?,,,,,,,,,,,
hu888 拙长孩提狮帖子:96 注册: 2005-05-19 来自:金华

<<上一主题|下一主题>>

3 / 4 页

跳转页

页面顶部

Powered by Discuz!NT