【求助】帮忙分析分析我的hijackthis日志.. - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛【求助】帮忙分析分析我的hijackthis日志..

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

【求助】帮忙分析分析我的hijackthis日志..

刘十九飘泊而立狮帖子:663 注册: 2002-06-22 来自:	发表于： 2006-09-09 00:31 \| 只看楼主短消息资料字号：小中大 1楼【求助】帮忙分析分析我的hijackthis日志.. Logfile of HijackThis v1.99.1 Scan saved at 0:19:01, on 2006-9-9 Platform: Windows 2003 SP1 (WinNT 5.02.3790) MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\conime.exe C:\WINDOWS\System32\tssdis.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\igfxsrvc.exe D:\flserver\QzServer.exe D:\新建文件夹\QQNetbar\QQNetBar.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Documents and Settings\Administrator\桌面\ha_hijackthis_1991\HijackThis.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O1 - Hosts: QZSER 192.168.1.201 O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll (file missing) O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Telnet] C:\WINDOWS\system32\Telnet.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [QQNetbar] D:\新建文件夹\QQNetbar\QQNetBar.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: 沸蓝连锁网吧在线更新平台服务端4.0.lnk = ? O8 - Extra context menu item: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - d:\Program Files\Thunder Network\Thunder\Thunder.exe O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - d:\Program Files\Thunder Network\Thunder\Thunder.exe O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_api60.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_api60.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_api60.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_api60.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_api60.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_api60.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_api60.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_api60.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_api60.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_api60.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_api60.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_api60.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_api60.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_api60.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_api60.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_api60.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_api60.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_api60.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{618C0E03-DA1A-492F-8B9B-1A4E4C7D644A}: NameServer = 218.74.122.74,218.74.122.75 O17 - HKLM\System\CS1\Services\Tcpip\..\{618C0E03-DA1A-492F-8B9B-1A4E4C7D644A}: NameServer = 218.74.122.74,218.74.122.75 O17 - HKLM\System\CS2\Services\Tcpip\..\{618C0E03-DA1A-492F-8B9B-1A4E4C7D644A}: NameServer = 218.74.122.74,218.74.122.75 O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: McAfee Framework 服务 (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: Remote Administrator Service (r_server) - Unknown owner - D:\radmin3.2\r_server.exe" /service (file missing) 2006-09-09 00:25:08
刘十九飘泊而立狮帖子:663 注册: 2002-06-22 来自:	分享到：

刘十九飘泊而立狮帖子:663 注册: 2002-06-22 来自:	发表于： 2006-09-09 00:33 \| 只看楼主短消息资料字号：小中大 2楼 2006-9-821:30:09已清除 QZSER\qxwbSystem:RemoteD:\flserver\用户生成器.exeW32/HLLP.Philis.aq (病毒)192.168.1.165 2006-9-823:35:45已删除 QZSER\administratorexplorer.exeC:\RECYCLER\S-1-5-21-342803161-986935586-1236542369-500\Dc4.exePWS-WoW (特洛伊) 2006-9-823:35:45已删除 QZSER\administratorexplorer.exeC:\RECYCLER\S-1-5-21-342803161-986935586-1236542369-500\Dc5.exePWS-Lineage (特洛伊) 2006-9-823:37:08已清除 QZSER\qxwbSystem:RemoteD:\flserver\CreateUser.exeW32/HLLP.Philis.aq (病毒)192.168.1.165 2006-9-823:37:12已清除 QZSER\qxwbSystem:RemoteD:\flserver\QzCacls.exeW32/HLLP.Philis.aq (病毒)192.168.1.165 2006-9-823:37:17已清除 QZSER\qxwbSystem:RemoteD:\flserver\Snapshot.exeW32/HLLP.Philis.aq (病毒)192.168.1.165 2006-9-823:37:21已清除 QZSER\qxwbSystem:RemoteD:\flserver\uninstall.exeW32/HLLP.Philis.aq (病毒)192.168.1.165 2006-9-823:37:26已清除 QZSER\qxwbSystem:RemoteD:\flserver\UpdateSelf.exeW32/HLLP.Philis.aq (病毒)192.168.1.165 看这个,,网吧整天有W32/HLLP.Philis.aq 病毒,而且是多个变种.. 因为网吧需要用到共享,所以server一直开着..
刘十九飘泊而立狮帖子:663 注册: 2002-06-22 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT