«1 2 » Pages: ( 2/2 total )
本页主题: [无聊]秀一下我自己现在正在用的本本的Hijackthis分析报告~ 打印 | 加为IE收藏 | 复制链接 | 收藏主题 | 上一主题 | 下一主题

bbsriver
杀人游戏MVP勋章I 杀人游戏MVP勋章II
级别: 管理员


精华: 52
发帖: 17391
威望: 8729 点
金钱: 7064 静电币
支持度: 19801 点
在线时间:13725(小时)
注册时间:2002-11-21
最后登录:2016-12-22

 

常在江湖漂,谁能不中招~
Posted: 2006-07-02 21:44 | 15 楼
dkwang
DK
级别: 贵宾


精华: 0
发帖: 4774
威望: 2110 点
金钱: -10 静电币
支持度: 2547 点
在线时间:2107(小时)
注册时间:2005-07-29
最后登录:2020-03-06

 

要学会解毒,必先中毒也。
DK
Posted: 2006-07-02 21:55 | 16 楼
singularity
级别: 骑士


精华: 0
发帖: 226
威望: 88 点
金钱: 654 静电币
支持度: 0 点
在线时间:119(小时)
注册时间:2006-01-17
最后登录:2006-10-01

 

呵呵 我的
闲来无事 可以帮我看看!
Logfile of HijackThis v1.99.1
Scan saved at 21:56:57, on 2006-7-2
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
D:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\Program Files\Logitech\iTouch\iTouch.exe
d:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Google\Google Talk\googletalk.exe
D:\Program Files\Maxthon\Maxthon.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\Tencent\QQ\TIMPlatform.exe
D:\Program Files\AutoCAD 2006\acad.exe
C:\DOCUME~1\SINGUL~1\LOCALS~1\Temp\AdskCleanup.0001
F:\download\ha_hijackthis_1991\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\XUNLEIBHO_002.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [zBrowser Launcher] d:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: CNC.lnk = ?
O8 - Extra context menu item: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27A02CC5-D0A7-4A9D-A7FF-6CEC90248604}: NameServer = 219.158.0.162 221.11.1.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD6FA0C1-6BCA-4117-86D3-B43F9D727664}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - D:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
不是精华,不签名!
Posted: 2006-07-02 21:56 | 17 楼
bbsriver
杀人游戏MVP勋章I 杀人游戏MVP勋章II
级别: 管理员


精华: 52
发帖: 17391
威望: 8729 点
金钱: 7064 静电币
支持度: 19801 点
在线时间:13725(小时)
注册时间:2002-11-21
最后登录:2016-12-22

 

Quote:
下面是引用冰湖小生于2006-07-02 15:56发表的:
O23 - NT 服务: Network Logon (NetWorkLogon) - Unknown owner - rundll32.exe,start (file missing)

这个是曾经中木马后留下的痕迹,病毒主体已经删掉了。整个木马真可恶,居然替换了正常的系统服务,让他指向了病毒。

很隐蔽,你不说的话不大容易想得到。
Posted: 2006-07-02 22:06 | 18 楼
冰湖小生
生前何必久睡, 死后自会长眠
级别: 论坛版主


精华: 0
发帖: 1120
威望: 401 点
金钱: 557 静电币
支持度: 11916 点
在线时间:200(小时)
注册时间:2005-05-27
最后登录:2011-11-25

 

Quote:
下面是引用bbsriver于2006-07-02 22:06发表的:
很隐蔽,你不说的话不大容易想得到。


我也是偶然发现的,因为Network Logon这个服务正常的情况下是不需要开的。
不过中招是我自己的原因,我把Windows系统文件保护功能给关了。。。
偶尔出来吓一回人也无妨。。。
电脑有问题?到『电脑全方位』来吧!专家会给您满意的答复
Posted: 2006-07-02 22:24 | 19 楼
«1 2 » Pages: ( 2/2 total )
帖子浏览记录 版块浏览记录
狗狗静电BBS - wwW.DoGGiEhoMe.CoM » 电脑全方位 Computer Guide

沪ICP备05008186号
Powered by PHPWind Styled by MagiColor