【求助】每个文件下面有以exe结尾的记事本 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛【求助】每个文件下面有以exe结尾的记事本

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

【求助】每个文件下面有以exe结尾的记事本

bestzou 初生襁褓狮帖子:5 注册: 2006-08-26 来自:	发表于： 2006-08-26 17:44 \| 显示全部短消息资料字号：小中大 1楼【求助】每个文件下面有以exe结尾的记事本每个文件下面有以exe结尾的记事本，名称是字母和数字的随机组合，用瑞星最新版本也查不出，而且在杀毒过程经常死机。我看用瑞星防火墙看到异常的service.exe和ennwuan.exe，公司名称是一大串字母（erwiodfuarhlzhjxbjkzkxskksd) 而且开始有检测到要求更改service.exe，我点了拒绝啊，版主及高手帮忙 2006-08-27 22:36:54
bestzou 初生襁褓狮帖子:5 注册: 2006-08-26 来自:	分享到：

bestzou 初生襁褓狮帖子:5 注册: 2006-08-26 来自:	发表于： 2006-08-26 17:58 \| 显示全部短消息资料字号：小中大 2楼我在正常模式，安全模式下都试过了，还没有杀到一个就死机了，郁闷啊，病毒库也是最新的
bestzou 初生襁褓狮帖子:5 注册: 2006-08-26 来自:

bestzou 初生襁褓狮帖子:5 注册: 2006-08-26 来自:	发表于： 2006-08-26 18:02 \| 显示全部短消息资料字号：小中大 3楼 Logfile of HijackThis v1.99.1 Scan saved at 17:52:05, on 2006-8-26 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe e:\Program Files\Rising2\Rav\CCenter.exe C:\WINDOWS\System32\svchost.exe e:\Program Files\Rising2\Rav\Ravmond.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE E:\Program Files\Rising2\Rav\RavTask.exe E:\Program Files\Rising2\Rav\Ravmon.exe C:\WINDOWS\system32\ctfmon.exe E:\Program Files\Rising2\Rfw\rfwmain.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe e:\program files\rising2\rfw\rfwsrv.exe E:\Program Files\ADSL拨号王\HNMainUI.exe E:\Program Files\Maxthon\Maxthon.exe E:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe C:\Documents and Settings\jujumao\anavcran.exe E:\Program Files\Rising2\Rav\Rav.exe D:\ZDownloads\ha_hijackthis_1991\HijackThis.exe F3 - REG:win.ini: run=C:\WINDOWS\services.exe O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - E:\Program Files\Thunder Network\WebThunder\WebThunderBHO_011.dll O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - e:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\flashget\jccatch.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\flashget\fgiebar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [RavTask] "e:\Program Files\Rising2\Rav\RavTask.exe" -system O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe O4 - HKLM\..\RunServices: [services] C:\WINDOWS\services.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [services] C:\WINDOWS\services.exe O4 - HKCU\..\RunServices: [services] C:\WINDOWS\services.exe O8 - Extra context menu item: &使用迅雷下载 - e:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - e:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm O8 - Extra context menu item: Google 搜索(&G) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: 使用Web迅雷下载 - e:\Program Files\Thunder Network\WebThunder\GetUrl.htm O8 - Extra context menu item: 使用Web迅雷下载全部链接 - e:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\flashget\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\flashget\jc_all.htm O8 - Extra context menu item: 反向链接 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: 定位查看 GPS 卫星地图 - e:\Program Files\Opanda\IExif 2.25\IExifMap.htm O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: 查看 Exif 信息(&V) - res://e:\Program Files\Exif Show\ExShow.dll/EXSHOW.HTML O8 - Extra context menu item: 查看 Exif/GPS/IPTC 信息 - e:\Program Files\Opanda\IExif 2.25\IExifCom.htm O8 - Extra context menu item: 类似网页 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: 缓存的网页快照 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: 翻译英文字词(&T) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - e:\Program Files\Thunder Network\Thunder\Thunder.exe O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - e:\Program Files\Thunder Network\Thunder\Thunder.exe O9 - Extra button: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://tomatolei.com (file missing) O9 - Extra button: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing) O9 - Extra 'Tools' menuitem: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\flashget\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\flashget\flashget.exe O15 - Trusted Zone: http://www.icbc.com.cn O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab O16 - DPF: {52DF16E3-6C4F-4B22-8BAF-09263E463B48} (金山毒霸在线产品升级) - http://zs.kingsoft.com/KOSInit.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093505610780 O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cab O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{112D0099-2B0F-4908-9A75-81508E9151B0}: NameServer = 61.144.56.100 61.144.56.101 O17 - HKLM\System\CS2\Services\Tcpip\..\{112D0099-2B0F-4908-9A75-81508E9151B0}: NameServer = 61.144.56.100 61.144.56.101 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - e:\program files\rising2\rfw\rfwproxy.exe O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - e:\program files\rising2\rfw\rfwsrv.exe O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - e:\Program Files\Rising2\Rav\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - e:\Program Files\Rising2\Rav\Ravmond.exe
bestzou 初生襁褓狮帖子:5 注册: 2006-08-26 来自:

bestzou 初生襁褓狮帖子:5 注册: 2006-08-26 来自:	发表于： 2006-08-27 22:22 \| 显示全部短消息资料字号：小中大 4楼然后怎么做啊，怎么没人回答呢
bestzou 初生襁褓狮帖子:5 注册: 2006-08-26 来自:

bestzou 初生襁褓狮帖子:5 注册: 2006-08-26 来自:	发表于： 2006-08-27 22:44 \| 显示全部短消息资料字号：小中大 5楼好像根本杀不了啊
bestzou 初生襁褓狮帖子:5 注册: 2006-08-26 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT