高手帮我看看日志，哪个是异常项？

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛高手帮我看看日志，哪个是异常项？

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1 / 1 页

跳转页

九天社区嘉宾帖子:6288 注册: 2003-02-22 来自:	发表于： 2006-04-10 21:23 \| 只看楼主短消息资料字号：小中大 1楼高手帮我看看日志，哪个是异常项？ Logfile of HijackThis v1.99.1 Scan saved at 21:20:42, on 2006-4-10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe I:\Rising\CCenter.exe C:\WINDOWS\System32\svchost.exe I:\Rising\Ravmond.exe i:\rising\rfw\rfwsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe I:\Rising\RavStub.exe i:\rising\rfw\RfwMain.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe I:\Rising\RavTask.exe I:\Rising\Ravmon.exe D:\Program Files\SkyNet\FireWall\pfw.exe I:\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe I:\Program Files\vbuzzer\vbuzzer.exe E:\绿鹰PC万能精灵\adam.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE E:\FLASHGET\flashget.exe C:\Program Files\WinRAR\WinRAR.exe C:\WINDOWS\system32\Notepad.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\thsiz\LOCALS~1\Temp\Rar$EX00.672\HijackThis.exe R3 - Default URLSearchHook is missing O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll O2 - BHO: NewWeb Controller - {9ACEEE30-143F-471A-AA45-72B061FE7D60} - C:\WINDOWS\system32\WinSC.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\FLASHGET\jccatch.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\FLASHGET\fgiebar.dll O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RfwMain] "i:\Rising\Rfw\rfwmain.exe" -Startup O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [RavTask] "I:\Rising\RavTask.exe" -system O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload O4 - HKLM\..\Run: [StormCodec_Helper] "e:\Ringz Studio\Storm Codec\StormSet.exe" /S /opti O4 - HKLM\..\Run: [SKYNET Personal FireWall] D:\Program Files\SkyNet\FireWall\pfw.exe O4 - HKLM\..\Run: [CdnCtr] ? O4 - HKLM\..\Run: [PCSuiteTrayApplication] I:\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE FAMETECH USB PC CAMERA O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer O4 - HKLM\..\Run: [Thunder] "E:\迅雷\ThunderShell.exe" /s O4 - HKLM\..\RunOnce: [RavStub] "I:\Rising\ravstub.exe" /RUNONCE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [vbuzzer] i:\Program Files\vbuzzer\vbuzzer.exe O4 - Global Startup: 绿鹰PC万能精灵.lnk = ? O8 - Extra context menu item: 使用网际快车下载 - E:\FLASHGET\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\FLASHGET\jc_all.htm O8 - Extra context menu item: 使用迅雷下载 - E:\迅雷\geturl.htm O8 - Extra context menu item: 使用迅雷下载全部链接 - E:\迅雷\getallurl.htm O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://F:\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 添加到QQ自定义面板 - E:\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - E:\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\QQ\SendMMS.htm O8 - Extra context menu item: 用比特精灵下载(&B) - E:\BitSpirit\bsurl.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FLASHGET\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FLASHGET\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab O16 - DPF: {EF9F1C48-1A63-495A-9317-B7B71B34A9CF} (Msp Class) - http://ddddl.dudu.com/ddd/update/plugin/dudumsp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{59886083-F905-40B6-8833-9308F5136020}: NameServer = 10.0.1.12,202.102.224.68 O17 - HKLM\System\CS1\Services\Tcpip\..\{59886083-F905-40B6-8833-9308F5136020}: NameServer = 10.0.1.12,202.102.224.68 O17 - HKLM\System\CS2\Services\Tcpip\..\{59886083-F905-40B6-8833-9308F5136020}: NameServer = 10.0.1.12,202.102.224.68 O23 - Service: PeanuthullCore - 广东网域 - e:\PeanutHull3\PhCore.exe O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - i:\rising\rfw\rfwproxy.exe O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - i:\rising\rfw\rfwsrv.exe O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - I:\Rising\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - I:\Rising\Ravmond.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 2006-04-10 23:58:06
九天社区嘉宾帖子:6288 注册: 2003-02-22 来自:	分享到：

独孤豪侠横据古稀狮帖子:11896 注册: 2005-08-10 来自:花果山	发表于： 2006-04-10 21:27 \| 短消息资料字号：小中大 2楼 O4 - HKLM\..\Run: [CdnCtr] ? O23 - Service: PeanuthullCore - 广东网域 - e:\PeanutHull3\PhCore.exe 这两个看上去怪怪的
独孤豪侠横据古稀狮帖子:11896 注册: 2005-08-10 来自:花果山

社区嘉宾

帖子:6288
注册: 2003-02-22
来自:

发表于： 2006-04-10 23:32 | 只看楼主 短消息资料

字号：小中大 3楼

引用:

【独孤豪侠的贴子】O4 - HKLM\..\Run: [CdnCtr] ?
O23 - Service: PeanuthullCore - 广东网域 - e:\PeanutHull3\PhCore.exe
这两个看上去怪怪的
...........................

O23 - Service: PeanuthullCore - 广东网域 - e:\PeanutHull3\PhCore.exe这个是花生壳，04就不知道了。

友好人士锋芒艾服狮帖子:1287 注册: 2005-12-21 来自:	发表于： 2006-04-10 23:58 \| 短消息资料字号：小中大 4楼 O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer 照单抓药吧药方在不言放弃的置顶帖
友好人士锋芒艾服狮帖子:1287 注册: 2005-12-21 来自:

<<上一主题|下一主题>>

1 / 1 页

跳转页

九天社区嘉宾帖子:6288 注册: 2003-02-22 来自:	发表于： 2006-04-10 21:23 \| 只看楼主短消息资料字号：小中大 1楼高手帮我看看日志，哪个是异常项？ Logfile of HijackThis v1.99.1 Scan saved at 21:20:42, on 2006-4-10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe I:\Rising\CCenter.exe C:\WINDOWS\System32\svchost.exe I:\Rising\Ravmond.exe i:\rising\rfw\rfwsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe I:\Rising\RavStub.exe i:\rising\rfw\RfwMain.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe I:\Rising\RavTask.exe I:\Rising\Ravmon.exe D:\Program Files\SkyNet\FireWall\pfw.exe I:\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe I:\Program Files\vbuzzer\vbuzzer.exe E:\绿鹰PC万能精灵\adam.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE E:\FLASHGET\flashget.exe C:\Program Files\WinRAR\WinRAR.exe C:\WINDOWS\system32\Notepad.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\thsiz\LOCALS~1\Temp\Rar$EX00.672\HijackThis.exe R3 - Default URLSearchHook is missing O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll O2 - BHO: NewWeb Controller - {9ACEEE30-143F-471A-AA45-72B061FE7D60} - C:\WINDOWS\system32\WinSC.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\FLASHGET\jccatch.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\FLASHGET\fgiebar.dll O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RfwMain] "i:\Rising\Rfw\rfwmain.exe" -Startup O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [RavTask] "I:\Rising\RavTask.exe" -system O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload O4 - HKLM\..\Run: [StormCodec_Helper] "e:\Ringz Studio\Storm Codec\StormSet.exe" /S /opti O4 - HKLM\..\Run: [SKYNET Personal FireWall] D:\Program Files\SkyNet\FireWall\pfw.exe O4 - HKLM\..\Run: [CdnCtr] ? O4 - HKLM\..\Run: [PCSuiteTrayApplication] I:\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE FAMETECH USB PC CAMERA O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer O4 - HKLM\..\Run: [Thunder] "E:\迅雷\ThunderShell.exe" /s O4 - HKLM\..\RunOnce: [RavStub] "I:\Rising\ravstub.exe" /RUNONCE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [vbuzzer] i:\Program Files\vbuzzer\vbuzzer.exe O4 - Global Startup: 绿鹰PC万能精灵.lnk = ? O8 - Extra context menu item: 使用网际快车下载 - E:\FLASHGET\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\FLASHGET\jc_all.htm O8 - Extra context menu item: 使用迅雷下载 - E:\迅雷\geturl.htm O8 - Extra context menu item: 使用迅雷下载全部链接 - E:\迅雷\getallurl.htm O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://F:\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 添加到QQ自定义面板 - E:\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - E:\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\QQ\SendMMS.htm O8 - Extra context menu item: 用比特精灵下载(&B) - E:\BitSpirit\bsurl.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FLASHGET\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FLASHGET\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab O16 - DPF: {EF9F1C48-1A63-495A-9317-B7B71B34A9CF} (Msp Class) - http://ddddl.dudu.com/ddd/update/plugin/dudumsp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{59886083-F905-40B6-8833-9308F5136020}: NameServer = 10.0.1.12,202.102.224.68 O17 - HKLM\System\CS1\Services\Tcpip\..\{59886083-F905-40B6-8833-9308F5136020}: NameServer = 10.0.1.12,202.102.224.68 O17 - HKLM\System\CS2\Services\Tcpip\..\{59886083-F905-40B6-8833-9308F5136020}: NameServer = 10.0.1.12,202.102.224.68 O23 - Service: PeanuthullCore - 广东网域 - e:\PeanutHull3\PhCore.exe O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - i:\rising\rfw\rfwproxy.exe O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - i:\rising\rfw\rfwsrv.exe O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - I:\Rising\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - I:\Rising\Ravmond.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 2006-04-10 23:58:06
九天社区嘉宾帖子:6288 注册: 2003-02-22 来自:	分享到：

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 高手帮我看看日志，哪个是异常项？

高手帮我看看日志，哪个是异常项？

高手帮我看看日志，哪个是异常项？

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛高手帮我看看日志，哪个是异常项？