帮忙看看日志``谢谢 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛帮忙看看日志``谢谢

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12

2 / 2 页

跳转页

帮忙看看日志``谢谢

长风飘飘健康舞勺狮帖子:226 注册: 2006-09-21 来自:	发表于： 2008-01-06 13:21 \| 只看楼主短消息资料字号：小中大 11楼 Technologies\ATI.ACE\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll] [ATI Technologies Inc., 1.2.2285.36994] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysColour.Graphics.Dashboard.dll] [ATI Technologies Inc., 1.2.2285.37058] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.MMVideo.Graphics.Dashboard.dll] [ATI Technologies Inc., 1.2.2285.37044] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.VideoOverlay.Graphics.Dashboard.dll] [ATI Technologies Inc., 1.2.2285.37021] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll] [ATI Technologies Inc., 1.2.2285.37033] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.SmartGart.Graphics.Dashboard.dll] [ATI Technologies Inc., 1.2.2285.37024] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.VPURecover.Graphics.Dashboard.dll] [ATI Technologies Inc., 1.2.2285.37017] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.WorkstationConfig.Graphics.Dashboard.dll] [ATI Technologies Inc., 1.2.2285.37015] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.OverDrive3.Graphics.Dashboard.dll] [ATI Technologies Inc., 1.2.2285.37038] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.OverDrive2.Graphics.Dashboard.dll] [ATI Technologies Inc., 1.2.2285.37040] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Dashboard.dll] [ATI Technologies Inc., 1.2.2285.37046] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.MultiVPU2.Graphics.Dashboard.dll] [ATI Technologies Inc., 1.2.2285.36955] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.MultiVPU.Graphics.Dashboard.dll] [ATI Technologies Inc., 1.2.2285.37008] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.InfoCentre.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2208.29990] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2208.30002] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.VeryLargeDesktop.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2208.29993] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2208.29993] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCRT.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2236.29147] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceProperty.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2208.29987] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCRT2.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2236.29162] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceProperty2.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2208.29986] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceLCD.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2208.29994] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceLCD2.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2208.29993] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCV.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2236.29179] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCV2.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2236.29197] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceTV2.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2208.30001] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceTV.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2208.29993] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceDFP.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2236.29212] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceDFP2.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2236.29221] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.Radeon3D.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2232.28756] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.Radeon3DLegacy.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2232.28758] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2208.30007] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysColour.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2208.29990] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.MMVideo.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2208.30001] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.VideoOverlay.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2208.29989] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.PowerPlay3.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2208.29989] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.SmartGart.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2208.29990] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.VPURecover.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2208.29988] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.WorkstationConfig.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2208.29988] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.OverDrive3.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2231.27329] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.OverDrive2.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2208.29989] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2208.29988] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.MultiVPU2.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2208.29991] [C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.MultiVPU.Graphics.Shared.dll] [ATI Technologies Inc., 1.2.2208.30001] [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\b9cd39bcef1ded7c1292a7fe39f623f1\System.Web.ni.dll] [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)] [C:\WINDOWS\Fonts\hookhelp.dll] [N/A, ] [C:\WINDOWS\system32\kvdxsmma.dll] [N/A, ] [D:\我的游戏\卡卡\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12] [PID: 2412 / Administrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\kvdxsmma.dll] [N/A, ] [D:\我的游戏\卡卡\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12] [C:\WINDOWS\Fonts\hookhelp.dll] [N/A, ] [D:\Program Files\QQ2007\DShared.dll] [Tencent, 1, 6, 0, 3] [PID: 2216 / Administrator][D:\我的游戏\扫日志的\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\WINDOWS\Fonts\hookhelp.dll] [N/A, ] [C:\WINDOWS\system32\kvdxsmma.dll] [N/A, ] [D:\我的游戏\卡卡\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12] [C:\WINDOWS\Fonts\swrcgzc.dll] [N/A, ] [C:\WINDOWS\system32\rarjepi.dll] [N/A, ] [C:\WINDOWS\Fonts\avwljmn.dll] [N/A, ] [C:\WINDOWS\system32\ratbspi.dll] [N/A, ] [C:\WINDOWS\system32\rsmyjpm.dll] [N/A, ] [C:\WINDOWS\system32\wsmsezx.dll] [N/A, ] [C:\WINDOWS\system32\avwghmn.dll] [N/A, ] [C:\WINDOWS\system32\kawdizy.dll] [N/A, ] [C:\WINDOWS\system32\avzxmmn.dll] [N/A, ] [C:\WINDOWS\system32\kaqhlzy.dll] [N/A, ] [C:\WINDOWS\system32\okmhdzy.dll] [N/A, ] [D:\我的游戏\扫日志的\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost ================================== 进程特权扫描特殊特权被允许： SeDebugPrivilege [PID = 1144, C:\PROGRAM FILES\VISTA风格美化\VISTADRIVE\VSDRVRT.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1144, C:\PROGRAM FILES\VISTA风格美化\VISTADRIVE\VSDRVRT.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 1196, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1196, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 1408, C:\PROGRAM FILES\XOSD\XOSD.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1408, C:\PROGRAM FILES\XOSD\XOSD.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 1424, D:\我的游戏\卡卡\RUNIEP.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1424, D:\我的游戏\卡卡\RUNIEP.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 2320, C:\PROGRAM FILES\RALINK\COMMON\RAUI.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2320, C:\PROGRAM FILES\RALINK\COMMON\RAUI.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 3912, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3912, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 3924, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3924, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE] ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]
长风飘飘健康舞勺狮帖子:226 注册: 2006-09-21 来自:

长风飘飘健康舞勺狮帖子:226 注册: 2006-09-21 来自:	发表于： 2008-01-06 13:25 \| 只看楼主短消息资料字号：小中大 12楼他的电脑时间也被修改了
长风飘飘健康舞勺狮帖子:226 注册: 2006-09-21 来自:

aclangzi1314 初生襁褓狮帖子:22 注册: 2007-10-13 来自:	发表于： 2008-01-06 13:31 \| 短消息资料字号：小中大 13楼 [C:\WINDOWS\system32\kvdxsmma.dll] [N/A, ] [C:\WINDOWS\system32\okmhdzy.dll] [N/A, ] [C:\WINDOWS\system32\kaqhlzy.dll] [N/A, ] [C:\WINDOWS\system32\avzxmmn.dll] [N/A, ] [C:\WINDOWS\system32\kawdizy.dll] [N/A, ] [C:\WINDOWS\system32\avwghmn.dll] [N/A, ] [C:\WINDOWS\system32\wsmsezx.dll] [N/A, ] [C:\WINDOWS\system32\rsmyjpm.dll] [N/A, ] [C:\WINDOWS\system32\ratbspi.dll] [N/A, ] [C:\WINDOWS\Fonts\avwljmn.dll] [N/A, ] [C:\WINDOWS\system32\rarjepi.dll] [N/A, ] [C:\WINDOWS\Fonts\swrcgzc.dll] [N/A, ] ----------------------------------------- 如果判断没错的话上面几个文件应该是木马你可以到baidu上搜索上面的文件名
aclangzi1314 初生襁褓狮帖子:22 注册: 2007-10-13 来自:

长风飘飘健康舞勺狮帖子:226 注册: 2006-09-21 来自:	发表于： 2008-01-06 13:52 \| 只看楼主短消息资料字号：小中大 14楼那还有人帮忙没
长风飘飘健康舞勺狮帖子:226 注册: 2006-09-21 来自:

aclangzi1314 初生襁褓狮帖子:22 注册: 2007-10-13 来自:	发表于： 2008-01-06 13:56 \| 短消息资料字号：小中大 15楼参考资料http://bbs.iyaya.com/99/884171.htm
aclangzi1314 初生襁褓狮帖子:22 注册: 2007-10-13 来自:

长风飘飘健康舞勺狮帖子:226 注册: 2006-09-21 来自:	发表于： 2008-01-17 21:12 \| 只看楼主短消息资料字号：小中大 16楼解决不了
长风飘飘健康舞勺狮帖子:226 注册: 2006-09-21 来自:

agee 飘泊而立狮帖子:543 注册: 2007-01-26 来自:	发表于： 2008-01-17 22:19 \| 短消息资料字号：小中大 17楼删除以下启动项 <wsctf.exe><wsctf.exe> [N/A] <{E159854F-6971-3456-6941-10235412974E}><C:\WINDOWS\Fonts\hookhelp.dll> [] <{4A57CAD1-412F-9547-713F-9641FA3FC7A4}><C:\WINDOWS\system32\okmhdzy.dll> [] <{C7D81718-1314-5200-2597-58790101807C}><C:\WINDOWS\system32\kaqhlzy.dll> [] <{D859245F-345D-BC13-AC4F-145D47DA34FD}><C:\WINDOWS\system32\avzxmmn.dll> [] <{CD561258-45F3-A451-F908-A258458226DC}><C:\WINDOWS\system32\kvdxslma.dll> [N/A] <{CC87A354-ABC3-DEDE-FF33-3213FD7447CC}><C:\WINDOWS\system32\kvdxlma.dll> [N/A] <{9960356A-458E-DE24-BD50-268F589A56A9}><C:\WINDOWS\system32\avwlimn.dll> [N/A] <{98907901-1416-3389-9981-372178569989}><C:\WINDOWS\system32\kawdizy.dll> [] <{3FA10261-B890-F432-A453-69F1023513F3}><C:\WINDOWS\system32\gjcscyc.dll> [N/A] <{1D908534-AD45-920F-AC89-4024FA9D26D1}><C:\WINDOWS\system32\gjfhayc.dll> [N/A] <{8A1247C1-53DA-FF43-ABD3-345F323A48D8}><C:\WINDOWS\system32\avwghmn.dll> [] <{DD561258-45F3-A451-F908-A258458226DD}><C:\WINDOWS\system32\kvdxsmma.dll> [] <{778A7521-FA87-34AB-34C2-4893F3AD34C7}><C:\WINDOWS\system32\swrcfzc.dll> [N/A] <{792FADFA-BCDE-ACDF-CDEF-21054865CBA7}><C:\WINDOWS\system32\wsmsezx.dll> [] <{AE32FA58-3453-FA2D-BC49-F340348ACCEA}><C:\WINDOWS\system32\rsmyjpm.dll> [] <{47650011-3344-6688-4899-345FABCD1574}><C:\WINDOWS\system32\ratbspi.dll> [] <{A960356A-458E-DE24-BD50-268F589A56AA}><C:\WINDOWS\Fonts\avwljmn.dll> [] <{5598FF45-DA60-F48A-BC43-10AC47853D55}><C:\WINDOWS\system32\rarjepi.dll> [] <{878A7521-FA87-34AB-34C2-4893F3AD34C8}><C:\WINDOWS\Fonts\swrcgzc.dll> [] 删除以下驱动 [3n5yjrzwy / 3n5yjrzwy9][Stopped/Boot Start] <\SystemRoot\System32\DRIVERS\3n5yjrzwy9.sys><N/A> [GJ / GJ][Stopped/Manual Start] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp16.tmp><N/A> [MS / MS][Stopped/Manual Start] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp13.tmp><N/A> [PciHardDisk / PciHardDisk][Stopped/Manual Start] <\??\C:\WINDOWS\system32\fat32.sys><N/A> [WD / WD][Stopped/Manual Start] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp10.tmp><N/A> [ZHTU / ZHTU][Stopped/Manual Start] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpD.tmp><N/A> 并删除以下文件 [C:\WINDOWS\Fonts\hookhelp.dll] [N/A, ] [C:\WINDOWS\system32\okmhdzy.dll] [N/A, ] [C:\WINDOWS\system32\kaqhlzy.dll] [N/A, ] [C:\WINDOWS\system32\avzxmmn.dll] [N/A, ] [C:\WINDOWS\system32\kawdizy.dll] [N/A, ] [C:\WINDOWS\system32\avwghmn.dll] [N/A, ] [C:\WINDOWS\system32\kvdxsmma.dll] [N/A, ] [C:\WINDOWS\system32\wsmsezx.dll] [N/A, ] [C:\WINDOWS\system32\rsmyjpm.dll] [N/A, ] [C:\WINDOWS\system32\ratbspi.dll] [N/A, ] [C:\WINDOWS\Fonts\avwljmn.dll] [N/A, ] [C:\WINDOWS\system32\rarjepi.dll] [N/A, ] [C:\WINDOWS\Fonts\swrcgzc.dll] [N/A, ] 还有上面提到的未列出的，统统都删了，太多了，懒得贴了-_-!! 清空IE缓存
agee 飘泊而立狮帖子:543 注册: 2007-01-26 来自:

<<上一主题|下一主题>>

12

2 / 2 页

跳转页

页面顶部

Powered by Discuz!NT