请大家帮我分析一下日志。谢谢！ - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛请大家帮我分析一下日志。谢谢！

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

请大家帮我分析一下日志。谢谢！

晓风暮雨初生襁褓狮帖子:4 注册: 2005-10-14 来自:	发表于： 2005-10-15 08:03 \| 显示全部短消息资料字号：小中大 1楼请大家帮我分析一下日志。谢谢！ Logfile of HijackThis v1.99.1 Scan saved at 08:10:47, on 2005-10-15 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\LEXBCES.EXE D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\LEXPPS.EXE D:\Program Files\AVPersonal\AVWUPSRV.EXE D:\WINDOWS\System32\GEARSEC.EXE D:\WINDOWS\Explorer.EXE D:\Program Files\Copy Handler\Copy Handler.exe D:\Program Files\Filseclab\xfilter\xfilter.exe D:\WINDOWS\System32\ctfmon.exe D:\Program Files\AvaFind\AvaFind.exe D:\Program Files\Switch Off\swoff.exe D:\Program Files\ClocX\ClocX.exe D:\Program Files\GreenBrowserGB\GreenBrowser.exe D:\My download files\下载的程序\hijackthis1991\HijackThis.exe O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - D:\WINDOWS\System32\xunleibho_v8.dll O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - D:\Program Files\Foxie Suite\foxietoolbaru.dll O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - D:\Program Files\Foxie Suite\foxiecoreu.dll O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - D:\Program Files\Foxie Suite\foxiecoreu.dll O4 - HKLM\..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Copy handler] D:\Program Files\Copy Handler\Copy Handler.exe O4 - HKLM\..\Run: [XFILTER] "D:\Program Files\Filseclab\xfilter\xfilter.exe" -a O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [AvaFind] "D:\Program Files\AvaFind\AvaFind.exe" /minimized O4 - HKCU\..\Run: [Switch Off] D:\Program Files\Switch Off\swoff.exe O4 - Startup: 快捷方式到 ClocX.exe.lnk = D:\Program Files\ClocX\ClocX.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\geturl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\getallurl.htm O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - D:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm O9 - Extra 'Tools' menuitem: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - D:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - D:\Program Files\Foxie Suite\Cleaner.exe O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - D:\Program Files\Foxie Suite\Cleaner.exe O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - D:\Program Files\Foxie Suite\Sweeper.exe O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - D:\Program Files\Foxie Suite\Sweeper.exe O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.exe O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.exe O9 - Extra button: FlashGet - {D8CFA4D4-F19E-4ADA-812F-E780C0ACE3E7} - C:\Program Files\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: FlashGet - {D8CFA4D4-F19E-4ADA-812F-E780C0ACE3E7} - C:\Program Files\FlashGet\flashget.exe O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - D:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - D:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: d:\program files\filseclab\xfilter\xfilter.dll O10 - Unknown file in Winsock LSP: d:\program files\filseclab\xfilter\xfilter.dll O10 - Unknown file in Winsock LSP: d:\program files\filseclab\xfilter\xfilter.dll O10 - Unknown file in Winsock LSP: d:\program files\filseclab\xfilter\xfilter.dll O10 - Unknown file in Winsock LSP: d:\program files\filseclab\xfilter\xfilter.dll O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://vod.58028.net/plugin/PowerPlr.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111321194223 O16 - DPF: {C50341E9-CDC1-4377-AB88-3486CCD0FDA1} (cycnset Class) - http://ms1.cyworld.com.cn/music/package/cycnset.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: GEARSecurity - GEAR Software - D:\WINDOWS\System32\GEARSEC.EXE O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE O23 - Service: pms (Portable Media Serial) - Unknown owner - D:\WINDOWS\G_Server.exe 2005-10-15 08:50:01
晓风暮雨初生襁褓狮帖子:4 注册: 2005-10-14 来自:	分享到：

晓风暮雨初生襁褓狮帖子:4 注册: 2005-10-14 来自:	发表于： 2005-10-15 08:14 \| 显示全部短消息资料字号：小中大 2楼谢谢！我先试一下。
晓风暮雨初生襁褓狮帖子:4 注册: 2005-10-14 来自:

晓风暮雨初生襁褓狮帖子:4 注册: 2005-10-14 来自:	发表于： 2005-10-15 08:32 \| 显示全部短消息资料字号：小中大 3楼已试，好像还不错。谢谢版主！！
晓风暮雨初生襁褓狮帖子:4 注册: 2005-10-14 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT