这个毒怎么杀啊瑞星听诊信息4.3+hijackthis.log - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛这个毒怎么杀啊瑞星听诊信息4.3+hijackthis.log

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12

2 / 2 页

跳转页

这个毒怎么杀啊瑞星听诊信息4.3+hijackthis.log

烂笔头1 健康舞勺狮帖子:229 注册: 2005-12-22 来自:	发表于： 2006-06-30 17:14 \| 只看楼主短消息资料字号：小中大 11楼 + NdisWanRemote Access NDIS WAN DriverMicrosoft Corporationc:\winnt\system32\drivers\ndiswan.sys + NetBTNetBios over TcpipMicrosoft Corporationc:\winnt\system32\drivers\netbt.sys + NetDetectNetwork Card Detection driverMicrosoft Corporationc:\winnt\system32\drivers\netdtect.sys + New0File not found: C:\WINNT\System32\new.sys + NPFnpfCACE Technologiesc:\winnt\system32\drivers\npf.sys + nvNVIDIA Compatible Windows 2000 Miniport Driver, Version 76.10 NVIDIA Corporationc:\winnt\system32\drivers\nv4_mini.sys + NwlnkFltIPX Traffic Filter DriverMicrosoft Corporationc:\winnt\system32\drivers\nwlnkflt.sys + NwlnkFwdIPX Traffic Forwarder DriverMicrosoft Corporationc:\winnt\system32\drivers\nwlnkfwd.sys + P1C1394File not found: C:\WINNT\System32\Drivers\p1c1394.sys + ParallelParallel Printer DriverMicrosoft Corporationc:\winnt\system32\drivers\parallel.sys + ParportParallel Port DriverMicrosoft Corporationc:\winnt\system32\drivers\parport.sys + PCINT Plug and Play PCI EnumeratorMicrosoft Corporationc:\winnt\system32\drivers\pci.sys + PCIIdeGeneric PCI IDE Bus DriverMicrosoft Corporationc:\winnt\system32\drivers\pciide.sys + pfcPadus(R) ASPI ShellPadus, Inc.c:\winnt\system32\drivers\pfc.sys + PptpMiniportWAN Miniport (PPTP)Microsoft Corporationc:\winnt\system32\drivers\raspptp.sys + PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\winnt\system32\drivers\ptilink.sys + RasAcdRemote Access Auto Connection DriverMicrosoft Corporationc:\winnt\system32\drivers\rasacd.sys + Rasl2tpWAN Miniport (L2TP)Microsoft Corporationc:\winnt\system32\drivers\rasl2tp.sys + RasptiDirect ParallelMicrosoft Corporationc:\winnt\system32\drivers\raspti.sys + RCARCA filterMicrosoft Corporationc:\winnt\system32\drivers\rca.sys + rtl8139NDIS 5.0 driver Realtek Semiconductor Corporation c:\winnt\system32\drivers\rtl8139.sys + serenumSerial Port EnumeratorMicrosoft Corporationc:\winnt\system32\drivers\serenum.sys + SerialSerial Device DriverMicrosoft Corporationc:\winnt\system32\drivers\serial.sys + SfloppySCSI Floppy DriverMicrosoft Corporationc:\winnt\system32\drivers\sfloppy.sys + SLIPMicrosoft Slip Deframing Filter MinidriverMicrosoft Corporationc:\winnt\system32\drivers\slip.sys + SMBiosIntel(R) System Management BIOS DriverIntel Corporationc:\winnt\system32\drivers\smbios.sys + streamipMicrosoft IP DriverMicrosoft Corporationc:\winnt\system32\drivers\streamip.sys + swenumPlug and Play Software Device EnumeratorMicrosoft Corporationc:\winnt\system32\drivers\swenum.sys + TcpipTCP/IP Protocol DriverMicrosoft Corporationc:\winnt\system32\drivers\tcpip.sys + uhcdUniversal Host Controller DriverMicrosoft Corporationc:\winnt\system32\drivers\uhcd.sys + UpdateUpdate DriverMicrosoft Corporationc:\winnt\system32\drivers\update.sys + usbhubDefault Hub Driver for USBMicrosoft Corporationc:\winnt\system32\drivers\usbhub.sys + USBSTORUSB Mass Storage Class DriverMicrosoft Corporationc:\winnt\system32\drivers\usbstor.sys + VgaSaveVGA/Super VGA Video DriverMicrosoft Corporationc:\winnt\system32\drivers\vga.sys + WanarpRemote Access IP ARP DriverMicrosoft Corporationc:\winnt\system32\drivers\wanarp.sys + WSTCODECWDM WST Codec DriverMicrosoft Corporationc:\winnt\system32\drivers\wstcodec.sys HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute + autocheck autochk *Auto Check UtilityMicrosoft Corporationc:\winnt\system32\autochk.exe HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options + Your Image File Name Here without a pathSymbolic Debugger for Windows 2000Microsoft Corporationc:\winnt\system32\ntsd.exe HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls + advapi32Advanced Windows 32 Base APIMicrosoft Corporationc:\winnt\system32\advapi32.dll + comdlg32Common Dialogs DLLMicrosoft Corporationc:\winnt\system32\comdlg32.dll + gdi32GDI Client DLLMicrosoft Corporationc:\winnt\system32\gdi32.dll + imagehlpWindows NT Image HelperMicrosoft Corporationc:\winnt\system32\imagehlp.dll + kernel32Windows NT BASE API Client DLLMicrosoft Corporationc:\winnt\system32\kernel32.dll + lz32LZ Expand/Compress API DLLMicrosoft Corporationc:\winnt\system32\lz32.dll + ole32Microsoft OLE for WindowsMicrosoft Corporationc:\winnt\system32\ole32.dll + oleaut32Microsoft Corporationc:\winnt\system32\oleaut32.dll + olecli32Object Linking and Embedding Client LibraryMicrosoft Corporationc:\winnt\system32\olecli32.dll + olecnv32Microsoft OLE for WindowsMicrosoft Corporationc:\winnt\system32\olecnv32.dll + olesvr32Object Linking and Embedding Server LibraryMicrosoft Corporationc:\winnt\system32\olesvr32.dll + olethk32Microsoft OLE for WindowsMicrosoft Corporationc:\winnt\system32\olethk32.dll + rpcrt4Remote Procedure Call RuntimeMicrosoft Corporationc:\winnt\system32\rpcrt4.dll + shell32Windows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll + urlInternet Shortcut Shell Extension DLLMicrosoft Corporationc:\winnt\system32\url.dll + urlmonOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll + user32Windows 2000 USER API Client DLLMicrosoft Corporationc:\winnt\system32\user32.dll + versionVersion Checking and File Installation LibrariesMicrosoft Corporationc:\winnt\system32\version.dll + wininetInternet Extensions for Win32Microsoft Corporationc:\winnt\system32\wininet.dll + wldap32Win32 LDAP API DLLMicrosoft Corporationc:\winnt\system32\wldap32.dll HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify + crypt32chainCrypto API32Microsoft Corporationc:\winnt\system32\crypt32.dll + cryptnetCrypto Network Related APIMicrosoft Corporationc:\winnt\system32\cryptnet.dll + cscdllOffline Network AgentMicrosoft Corporationc:\winnt\system32\cscdll.dll + sclgntfySecondary Logon Service Notification DLLMicrosoft Corporationc:\winnt\system32\sclgntfy.dll + SensLognCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\winnt\system32\wlnotify.dll + wzcnotifWireless Zero Configuration Service UIMicrosoft Corporationc:\winnt\system32\wzcdlg.dll HKCU\Control Panel\Desktop\Scrnsave.exe + (无)File not found: (无) HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 + MSAFD NetBIOS [\Device\NetBT_Tcpip_{3897F4D1-1B14-4D69-AA01-D854D9462047}] DATAGRAM 1Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll + MSAFD NetBIOS [\Device\NetBT_Tcpip_{3897F4D1-1B14-4D69-AA01-D854D9462047}] SEQPACKET 1Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll + MSAFD NetBIOS [\Device\NetBT_Tcpip_{4C6A3D68-285E-4C89-A6EF-6CE3BD59BB71}] DATAGRAM 0Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll + MSAFD NetBIOS [\Device\NetBT_Tcpip_{4C6A3D68-285E-4C89-A6EF-6CE3BD59BB71}] SEQPACKET 0Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll + MSAFD NetBIOS [\Device\NetBT_Tcpip_{E2F6506B-CC73-4935-9FE8-6A5643DC7B2B}] DATAGRAM 2Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll + MSAFD NetBIOS [\Device\NetBT_Tcpip_{E2F6506B-CC73-4935-9FE8-6A5643DC7B2B}] SEQPACKET 2Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll + MSAFD Tcpip [RAW/IP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll + MSAFD Tcpip [TCP/IP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll + MSAFD Tcpip [UDP/IP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll + RSVP TCP Service ProviderMicrosoft Windows Rsvp 1.0 Service ProviderMicrosoft Corporationc:\winnt\system32\rsvpsp.dll + RSVP UDP Service ProviderMicrosoft Windows Rsvp 1.0 Service ProviderMicrosoft Corporationc:\winnt\system32\rsvpsp.dll HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors + Adobe PDF PortAcrobat ? PDF PortAdobe Systems Incorporated.c:\winnt\system32\adobepdf.dll + BJ Language MonitorLangage Monitor for Canon Bubble-Jet PrinterMicrosoft Corporationc:\winnt\system32\cnbjmon.dll + HPLJ1020LMSpooler Language Monitor for HP LaserJet Series 1020/2600Zenographics, Inc.c:\winnt\system32\zlhp1020.dll + Local PortLocal Spooler DLLMicrosoft Corporationc:\winnt\system32\localspl.dll + PJL Language MonitorSpooler Setup DLLMicrosoft Corporationc:\winnt\system32\pjlmon.dll + Standard TCP/IP PortStandard TCP/IP Port Monitor DLLMicrosoft Corporationc:\winnt\system32\tcpmon.dll + USB MonitorStandard USB printing Port Monitor DLLMicrosoft Corporationc:\winnt\system32\usbmon.dll HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages + msv1_0Microsoft Authentication Package v1.0Microsoft Corporationc:\winnt\system32\msv1_0.dll HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages + scecliWindows Security Configuration Editor Client EngineMicrosoft Corporationc:\winnt\system32\scecli.dll HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages + kerberosKerberos Security PackageMicrosoft Corporationc:\winnt\system32\kerberos.dll + msv1_0Microsoft Authentication Package v1.0Microsoft Corporationc:\winnt\system32\msv1_0.dll + schannelTLS / SSL Security ProviderMicrosoft Corporationc:\winnt\system32\schannel.dll
烂笔头1 健康舞勺狮帖子:229 注册: 2005-12-22 来自:

轩辕小聪卡卡技术团队帖子:8368 注册: 2006-01-09 来自:	发表于： 2006-06-30 17:19 \| 短消息资料字号：小中大 12楼楼主似乎没有仔细看回帖…… 做完回帖所说的东西之后，重启，再导日志。而且Autoruns要先隐藏微软项目，要不然导出的日志中的项目中十有八九是系统项目，冗长无比。
轩辕小聪卡卡技术团队帖子:8368 注册: 2006-01-09 来自:

烂笔头1 健康舞勺狮帖子:229 注册: 2005-12-22 来自:	发表于： 2006-06-30 17:24 \| 只看楼主短消息资料字号：小中大 13楼 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + \\lambda\EPSON Stylus C67 SeriesEPSON Status Monitor 3SEIKO EPSON CORPORATIONc:\winnt\system32\spool\drivers\w32x86\3\e_fatiaap.exe + Acrobat Assistant 7.0AcroTrayAdobe Systems Inc.d:\program files\adobe\acrobat 7.0\distillr\acrotray.exe + downsbcnetc:\winnt\system32\downs.exe + NvCplDaemonNVIDIA Display Properties ExtensionNVIDIA Corporationc:\winnt\system32\nvcpl.dll + nwizNVIDIA nView Wizard, Version 105.10 NVIDIA Corporationc:\winnt\system32\nwiz.exe + RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravmon.exe + RavTimerRavTimerBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravtimer.exe + RavTrayRavNet TrayRisingd:\program files\rising\rav\ravtray.exe + spoolsv傲讯浏览器辅助工具广州傲讯信息科技有限公司c:\winnt\system32\spoolsv\spoolsv.exe C:\Documents and Settings\All Users.WINNT\「开始」菜单\程序\启动 + Adobe Acrobat Speed Launcher.lnkc:\winnt\installer\{ac76ba86-2052-0000-7760-100000000002}\sc_acrobat.exe + Adobe Gamma Loader.lnkAdobe Gamma LoaderAdobe Systems, Inc.c:\program files\common files\adobe\calibration\adobe gamma loader.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run + KernelFaultCheckFile not found: C:\WINNT\system32\msime.exe HKLM\System\CurrentControlSet\Services + NVSvcProvides system and desktop level support to the NVIDIA display driverNVIDIA Corporationc:\winnt\system32\nvsvc32.exe + RavService瑞星杀毒软件网络版客户端通讯代理Beijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravservice.exe + RsRavMonRavMonBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravmond.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks + system.sysc:\program files\internet explorer\plugins\system.sys HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved + "RISING"Rising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\winnt\system32\ravext.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects + AcroIEHlprObj ClassAdobe Acrobat IE Helper Version 7.0 for ActiveXAdobe Systems Incorporatedd:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll + BandIE ClassBaiduBar ModuleBaidu.com, Inc.c:\program files\baidu\bar\baidubar.dll + wmpdrm傲讯浏览器辅助工具Allsum Info. Tech. Ltd.c:\winnt\system32\wmpdrm.dll HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls + DllDirectoryc:\winnt\system32 HKCU\Control Panel\Desktop\Scrnsave.exe + (无)File not found: (无)
烂笔头1 健康舞勺狮帖子:229 注册: 2005-12-22 来自:

烂笔头1 健康舞勺狮帖子:229 注册: 2005-12-22 来自:	发表于： 2006-06-30 17:25 \| 只看楼主短消息资料字号：小中大 14楼不好意思，没注意看，找了个汉化版的 + downs bcnet c:\winnt\system32\downs.exe 估计有问题如何处理?
烂笔头1 健康舞勺狮帖子:229 注册: 2005-12-22 来自:

BlackStone 叱咤花甲狮帖子:2616 注册: 2005-09-27 来自:	发表于： 2006-06-30 17:39 \| 短消息资料字号：小中大 15楼 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + downsbcnetc:\winnt\system32\downs.exe + spoolsv傲讯浏览器辅助工具广州傲讯信息科技有限公司c:\winnt\system32\spoolsv\spoolsv.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run + KernelFaultCheckFile not found: C:\WINNT\system32\msime.exe HKLM\System\CurrentControlSet\Services HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks + system.sysc:\program files\internet explorer\plugins\system.sys + wmpdrm傲讯浏览器辅助工具Allsum Info. Tech. Ltd.c:\winnt\system32\wmpdrm.dll 删除启动项重启删除相应的文件
BlackStone 叱咤花甲狮帖子:2616 注册: 2005-09-27 来自:

烂笔头1 健康舞勺狮帖子:229 注册: 2005-12-22 来自:	发表于： 2006-06-30 17:45 \| 只看楼主短消息资料字号：小中大 16楼嗯，最后谢谢轩辕小聪 BlackStone 发自肺腑的
烂笔头1 健康舞勺狮帖子:229 注册: 2005-12-22 来自:

<<上一主题|下一主题>>

12

2 / 2 页

跳转页

页面顶部

Powered by Discuz!NT