【求助】请高手帮忙看看日志

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛【求助】请高手帮忙看看日志

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1 / 1 页

跳转页

春柳初生襁褓狮帖子:37 注册: 2004-12-02 来自:	发表于： 2006-04-13 12:38 \| 只看楼主短消息资料字号：小中大 1楼【求助】请高手帮忙看看日志 Logfile of HijackThis v1.99.1 Scan saved at 12:28:35, on 2006-4-13 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE d:\program files\rising\rfw\rfwsrv.exe D:\Program Files\Rising\Rav\Ravmond.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe d:\program files\rising\rfw\RfwMain.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Program Files\Rising\Rav\RavStub.exe C:\WINDOWS\SOUNDMAN.EXE D:\Program Files\Rising\Rav\RavTask.exe D:\Program Files\Rising\Rav\Ravmon.exe C:\Program Files\XJIMS\星际直航网络客户端\Client.exe E:\Program Files\Netease\popo2004\popo.exe C:\WINDOWS\system32\rundll32.exe E:\Program Files\Tencent\QQ\QQ.exe E:\Program Files\Tencent\QQ\TIMPlatform.exe E:\Program Files\Tencent\QQ\QQ.exe E:\Program Files\Tencent\QQ\QQ.exe D:\Program Files\Maxthon\Max.exe D:\Program Files\SuperSoft\RdfSnap\RdfSnap.exe C:\WINDOWS\System32\svchost.exe D:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\刘祖春\LOCALS~1\Temp\Rar$EX01.718\HijackThis.exe F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - D:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~1.DLL O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll O3 - Toolbar: CyberArticle Express - {769A6A36-ED24-4376-BC7C-80225BF35698} - E:\Program Files\CyberArticle\CAExp.dll O3 - Toolbar: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - D:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~1.DLL O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RavTask] "D:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKLM\..\Run: [RfwMain] "D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup O4 - HKLM\..\RunOnce: [RavStub] "D:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: 核新SSL通讯安全代理.lnk = G:\Program Files\hexin\sslproxy\SSLCnt.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: 使用KuGoo3下载(&K) - E:\Program Files\KuGoo3\KuGoo3DownX.htm O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: 使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\geturl.htm O8 - Extra context menu item: 使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\getallurl.htm O8 - Extra context menu item: 添加到我的和讯网摘 - http://bookmark.hexun.com/inc/PostPage.aspx O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\Tencent\QQ\SendMMS.htm O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra 'Tools' menuitem: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cdnns.dll' missing O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt03.com/dialer/int_ver32b.CAB O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://cn.download.yahoo.com/dl/install/yinst0401.cab O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/14962046b8916df88505/netzip/RdxIE601.cab O16 - DPF: {99888952-AC62-437C-AFC6-7B5CF05A7F2F} (IEDown Class) - http://download.ourgame.com/IEDown.cab O16 - DPF: {AB89C9BF-9250-473B-BE49-D34F615CB678} (Chaos Filter) - http://download.mysee.com/Chaos.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: hpdj - Unknown owner - (no file) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\Ravmond.exe O23 - Service: Network Management Center Task (W32Tasks) - Unknown owner - C:\WINDOWS\system32\taskman32.exe 2006-04-13 21:08:23
春柳初生襁褓狮帖子:37 注册: 2004-12-02 来自:	分享到：

不言放弃社区嘉宾帖子:30678 注册: 2004-09-17 来自:蓝色星球	发表于： 2006-04-13 12:45 \| 短消息资料字号：小中大 2楼【回复“春柳”的帖子】修复 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O23 - Service: Network Management Center Task (W32Tasks) - Unknown owner - C:\WINDOWS\system32\taskman32.exe 开始－－控制面板－－性能和维护－－管理工具－－服务禁用Network Management Center Task (W32Tasks) 进入注册表展开[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services] 找到后删除W32Tasks文件夹删除 C:\WINDOWS\system32\taskman32.exe
不言放弃社区嘉宾帖子:30678 注册: 2004-09-17 来自:蓝色星球

春柳初生襁褓狮帖子:37 注册: 2004-12-02 来自:	发表于： 2006-04-13 13:31 \| 只看楼主短消息资料字号：小中大 3楼谢谢高手－不言放弃！我已按上法进注删了灰鸽子。但“禁用Network Management Center Task (W32Tasks)”，在“服务”里没有找到这个项目，另外这个我也不懂是什么，怎么修复 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present 我很菜，高手见笑了！
春柳初生襁褓狮帖子:37 注册: 2004-12-02 来自:

zq77 雄霸杖朝狮帖子:16648 注册: 2006-02-24 来自:江苏	发表于： 2006-04-13 13:47 \| 短消息资料字号：小中大 4楼 W32Tasks照不言删除就可以在HijackThis中给其打勾然后点下面的修复
zq77 雄霸杖朝狮帖子:16648 注册: 2006-02-24 来自:江苏

大版主

帖子:72578
注册: 2003-04-10
来自:

发表于： 2006-04-13 14:51 | 短消息资料

字号：小中大 5楼

引用:

【春柳的贴子】谢谢高手－不言放弃！
我已按上法进注删了灰鸽子。
但“禁用Network Management Center Task (W32Tasks)”，在“服务”里没有找到这个项目，另外这个我也不懂是什么，怎么修复
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
我很菜，高手见笑了！
...........................

O23 - Service: Network Management Center Task (W32Tasks) - Unknown owner - C:\WINDOWS\system32\taskman32.exe
最直接、有效的办法——用注册表编辑器删除W32Tasks。
操作流程：
点击“开始”、“运行”，键入regedit，按回车。
依次点击：HKEY_LOCAL_MACHINE、SYSTEM、CURRENTCONTROLSET、SERVICES，在左栏中找到W32Tasks，删除之。
重启系统。
显示隐藏文件。
删除C:\WINDOWS\system32\taskman32.exe。

macrozhou 初生襁褓狮帖子:7 注册: 2006-04-13 来自:	发表于： 2006-04-13 16:37 \| 短消息资料字号：小中大 6楼应该只有这个有问题： O23 - Service: Network Management Center Task (W32Tasks) - Unknown owner - C:\WINDOWS\system32\taskman32.exe
macrozhou 初生襁褓狮帖子:7 注册: 2006-04-13 来自:

春柳初生襁褓狮帖子:37 注册: 2004-12-02 来自:	发表于： 2006-04-13 21:08 \| 只看楼主短消息资料字号：小中大 7楼谢谢上面各位高手，我已按你们的办法做了，再次谢谢！这个是什么，我还想问问，不是病毒当然最好了。 O23 - Service: hpdj - Unknown owner - (no file)
春柳初生襁褓狮帖子:37 注册: 2004-12-02 来自:

<<上一主题|下一主题>>

1 / 1 页

跳转页

春柳初生襁褓狮帖子:37 注册: 2004-12-02 来自:	发表于： 2006-04-13 12:38 \| 只看楼主短消息资料字号：小中大 1楼【求助】请高手帮忙看看日志 Logfile of HijackThis v1.99.1 Scan saved at 12:28:35, on 2006-4-13 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE d:\program files\rising\rfw\rfwsrv.exe D:\Program Files\Rising\Rav\Ravmond.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe d:\program files\rising\rfw\RfwMain.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Program Files\Rising\Rav\RavStub.exe C:\WINDOWS\SOUNDMAN.EXE D:\Program Files\Rising\Rav\RavTask.exe D:\Program Files\Rising\Rav\Ravmon.exe C:\Program Files\XJIMS\星际直航网络客户端\Client.exe E:\Program Files\Netease\popo2004\popo.exe C:\WINDOWS\system32\rundll32.exe E:\Program Files\Tencent\QQ\QQ.exe E:\Program Files\Tencent\QQ\TIMPlatform.exe E:\Program Files\Tencent\QQ\QQ.exe E:\Program Files\Tencent\QQ\QQ.exe D:\Program Files\Maxthon\Max.exe D:\Program Files\SuperSoft\RdfSnap\RdfSnap.exe C:\WINDOWS\System32\svchost.exe D:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\刘祖春\LOCALS~1\Temp\Rar$EX01.718\HijackThis.exe F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - D:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~1.DLL O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll O3 - Toolbar: CyberArticle Express - {769A6A36-ED24-4376-BC7C-80225BF35698} - E:\Program Files\CyberArticle\CAExp.dll O3 - Toolbar: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - D:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~1.DLL O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RavTask] "D:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKLM\..\Run: [RfwMain] "D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup O4 - HKLM\..\RunOnce: [RavStub] "D:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: 核新SSL通讯安全代理.lnk = G:\Program Files\hexin\sslproxy\SSLCnt.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: 使用KuGoo3下载(&K) - E:\Program Files\KuGoo3\KuGoo3DownX.htm O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: 使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\geturl.htm O8 - Extra context menu item: 使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\getallurl.htm O8 - Extra context menu item: 添加到我的和讯网摘 - http://bookmark.hexun.com/inc/PostPage.aspx O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\Tencent\QQ\SendMMS.htm O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra 'Tools' menuitem: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cdnns.dll' missing O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt03.com/dialer/int_ver32b.CAB O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://cn.download.yahoo.com/dl/install/yinst0401.cab O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/14962046b8916df88505/netzip/RdxIE601.cab O16 - DPF: {99888952-AC62-437C-AFC6-7B5CF05A7F2F} (IEDown Class) - http://download.ourgame.com/IEDown.cab O16 - DPF: {AB89C9BF-9250-473B-BE49-D34F615CB678} (Chaos Filter) - http://download.mysee.com/Chaos.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: hpdj - Unknown owner - (no file) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\Ravmond.exe O23 - Service: Network Management Center Task (W32Tasks) - Unknown owner - C:\WINDOWS\system32\taskman32.exe 2006-04-13 21:08:23
春柳初生襁褓狮帖子:37 注册: 2004-12-02 来自:	分享到：

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】请高手帮忙看看日志

【求助】请高手帮忙看看日志

【求助】请高手帮忙看看日志

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛【求助】请高手帮忙看看日志