返回信息流log和一个分析日志在后面
感觉问题比较大的有2个:
C:\WINDOWS\svchost.exe
这个进程应该在C:\WINDOWS\system32\svchost.exe
O4 - HKCU\..\Run: [system.exe] C:\WINDOWS\system32\system.exe不应该有这个启动项
怀疑系统中毒,求证&寻求解决办法
-----------------------------------------------------
log:
HijackThis_zww汉化版扫描日志 V1.99.1
保存于 0:56:39, 日期 2007-1-13
操作系统: Windows XP SP2 (WinNT 5.01.2600)
浏览器: Internet Explorer v7.00 (7.00.5730.0011)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Tencent\QQLive\MiniQQLive.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSNShell\BIN\MSNShell.exe
C:\Program Files\China Mobile\Fetion\VmDotNet\v2.0.50727\FetionVM.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Tencent\qq\QQ.exe
C:\Program Files\Tencent\qq\TIMPlatform.exe
C:\Program Files\Kingsoft\PowerWord 2006\XDICT.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\FlashFXP\FlashFXP.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\eMule\eMule.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
D:\software\HijackThis\HijackThis\HijackThis1991zww.exe
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - 启动项HKLM\\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - 启动项HKLM\\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - 启动项HKLM\\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - 启动项HKLM\\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - 启动项HKLM\\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - 启动项HKLM\\Run: [miniqqlive] "C:\Program Files\Tencent\QQLive\MiniQQLive.exe"
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - 启动项HKLM\\Run: [ASocksrv] SocksA.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\RunOnce: [360Safe] Rundll32.exe C:\PROGRA~1\360safe\AntiAdwa.dll,KillAdware
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSNShell] C:\Program Files\MSNShell\BIN\MSNShell.exe autorun
O4 - HKCU\..\Run: [Fetion] C:\Program Files\China Mobile\Fetion\Fetion.exe
O4 - HKCU\..\Run: [system.exe] C:\WINDOWS\system32\system.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O8 - IE右键菜单中的新增项目: 设为 Messenger Live 头像 - C:\Program Files\MSNShell\BIN\SetMSNDP.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.EXE
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cdnns.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: ImpsSensor - C:\WINDOWS\SYSTEM32\ImpsSensor.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - NT 服务: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - NT 服务: Distributed Application Client (BARCASE) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLL.EXE (file missing)
O23 - NT 服务: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - NT 服务: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - NT 服务: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
---------------------------------------------------------
这个是在版面一篇文章写的分析log网站分析结果
C:\WINDOWS\System32\smss.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\winlogon.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\services.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\lsass.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\svchost.exe
Safe
This entry was classified from our visitors as good.
C:\Program Files\Rising\Rav\CCenter.exe
Very safe
RAV AntiVirus
C:\WINDOWS\System32\svchost.exe
Very safe
This entry was classified from our visitors as good.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
Very safe
Intel Wireless Event Eng.
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Safe Not dangerous, but unnecessary.
NIC Driver for wireless adapters.
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Safe
This entry was classified from our visitors as good.
C:\Program Files\Rising\Rav\Ravmond.exe
Very safe This is a nasty process! You should fix it and try to delete it manually!
Added by a variant of the LOVGATE WORM!
C:\WINDOWS\system32\spoolsv.exe
Safe
This entry was classified from our visitors as good.
C:\Program Files\Rising\Rav\RavStub.exe
Very safe This is a unknown process.
C:\WINDOWS\Explorer.EXE
Very safe
This entry was classified from our visitors as good.
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
Safe
Intel Communications Service
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
Very safe
Intel NIC Configuration Tool
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
Very safe
Intel Wireless Tool
C:\WINDOWS\system32\hkcmd.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\igfxsrvc.exe
Safe This is a unknown process.
This entry was classified from our visitors as good.
C:\WINDOWS\system32\igfxpers.exe
Very safe
Intel Common User Interface Module
C:\WINDOWS\system32\wscntfy.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\stsystra.exe
Safe This is a unknown process.
This entry was classified from our visitors as good.
C:\Program Files\Tencent\QQLive\MiniQQLive.exe
This is a unknown process.
C:\Program Files\Rising\Rav\RavTask.exe
Safe This is a unknown process.
C:\Program Files\Rising\Rav\Ravmon.exe
RAV AntiVirus
C:\WINDOWS\system32\ctfmon.exe
Very safe
This entry was classified from our visitors as good.
C:\Program Files\Messenger\msmsgs.exe
Safe
This entry was classified from our visitors as good.
C:\Program Files\MSNShell\BIN\MSNShell.exe
Neutral This is a unknown process.
C:\Program Files\China Mobile\Fetion\VmDotNet\v2.0.50727\FetionVM.exe
This is a unknown process.
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
Very safe
Intel Wireless LAN Configuration
C:\WINDOWS\svchost.exe
Nasty This entry is not running from the System32 folder, so it is probably nasty.
Possibly nasty! According to our database this process runs normally in c:\windows\system32\! Check if you know this process and arrange a viruscheck where required.This entry was classified from our visitors as bad.
C:\Program Files\Tencent\qq\QQ.exe
Neutral
QQ Instant Messenger
C:\Program Files\Tencent\qq\TIMPlatform.exe
This is a unknown process.
C:\Program Files\Kingsoft\PowerWord 2006\XDICT.EXE
Very safe This is a unknown process.
C:\WINDOWS\system32\svchost.exe
Safe
This entry was classified from our visitors as good.
C:\Program Files\FlashFXP\FlashFXP.exe
C:\Program Files\Internet Explorer\iexplore.exe
Neutral
Internet Explorer - Wir empfehlen einen sichereren alternativen Browser zu verwenden. (z.B. Firefox)
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Checks for updates for RealPlayer
C:\Program Files\eMule\eMule.exe
Safe
Possibly nasty! According to our database this process runs normally in c:\emule0.46c\! Check if you know this process and arrange a viruscheck where required.eMule filesharing
C:\Program Files\Real\RealPlayer\RealPlay.exe
Neutral
D:\software\HijackThis\HijackThis\HijackThis1991zww.exe
This is a unknown process.
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
Jccatch.dll - FlashGet, http://www.amazesoft.com/
O3 - IE1¤??à?????: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
fgiebar.dll - FlashGet, http://www.amazesoft.com/
O4 - ???ˉ??HKLM\Run: [IMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
Not dangerous, but unnecessary.Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Korean and this one is Japanese)
O4 - ???ˉ??HKLM\Run: [PHIME2002ASync] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
Not dangerous, but unnecessary.Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE
O4 - ???ˉ??HKLM\Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
Not dangerous, but unnecessary.Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE
O4 - ???ˉ??HKLM\Run: [IntelZeroConfig] "C:Program FilesIntelWirelessbinZCfgSvc.exe"
Intel Wireless LAN Configuration
O4 - ???ˉ??HKLM\Run: [IntelWireless] "C:Program FilesIntelWirelessBinifrmewrk.exe" /tf Intel PROSet/Wireless
Intel Centrino WLAN
O4 - ???ˉ??HKLM\Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
Not dangerous, but unnecessary.Quick access to the control panel via a System Tray icon for graphics based upon the Intel chipsets (ie, i810). These chipsets are often included on motherboards. Available via Start -> Settings -> Control Panel
O4 - ???ˉ??HKLM\Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
Intel Hot Keys Command Module. Monitors the keyboard for the key-presses you specified in the program.
O4 - ???ˉ??HKLM\Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
Intel Graphics Common User Interface Module
O4 - ???ˉ??HKLM\Run: [SigmatelSysTrayApp] stsystra.exe
Unknown application.
O4 - ???ˉ??HKLM\Run: [miniqqlive] "C:Program FilesTencentQQLiveMiniQQLive.exe"
Unknown application.
O4 - ???ˉ??HKLM\Run: [RavTask] "C:Program FilesRisingRavRavTask.exe" -system
Unknown application.
O4 - ???ˉ??HKLM\Run: [MSConfig] C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
This is an entry that appears when you uncheck an item in the Startup group, and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode
O4 - ???ˉ??HKLM\Run: [ASocksrv] SocksA.exe
Unknown application.
O4 - ???ˉ??HKLM\Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
Part of RealPlayer
O4 - ???ˉ??HKLM\RunOnce: [360Safe] Rundll32.exe C:PROGRA~1360safeAntiAdwa.dll,KillAdware
Unknown application.
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
Office related
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
Windows Messenger utility. If you don\'t use Windows Messenger, this can be annoying. Available via Start -> Programs. Go to Windows Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts"
O4 - HKCU\..\Run: [MSNShell] C:\Program Files\MSNShell\BIN\MSNShell.exe autorun
Unknown application.
O4 - HKCU\..\Run: [Fetion] C:\Program Files\China Mobile\Fetion\Fetion.exe
Unknown application.
O4 - HKCU\..\Run: [system.exe] C:\WINDOWS\system32\system.exe
Must be fixed!Added as a result of various worms and trojans
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Not dangerous, but unnecessary.Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog
O8 - IEóò?ü2?μ¥?Dμ?D???????: é?′?μ?QQí???ó2?ì - C:\Program Files\Tencent\qq\AddToNetDisk.htm
To be fixed if the entry 'é?′?μ?QQí???ó2?ì' is unknown.Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed.
O8 - IEóò?ü2?μ¥?Dμ?D???????: ê1ó?KuGoo3????(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
To be fixed if the entry 'ê1ó?KuGoo3????(&K)' is unknown.Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed.
O8 - IEóò?ü2?μ¥?Dμ?D???????: ê1ó?í??ê?ì3μ???? - C:\PROGRA~1\FlashGet\jc_link.htm
To be fixed if the entry 'ê1ó?í??ê?ì3μ????' is unknown.Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed.
O8 - IEóò?ü2?μ¥?Dμ?D???????: ê1ó?í??ê?ì3μ????è?2?á′?ó - C:\PROGRA~1\FlashGet\jc_all.htm
To be fixed if the entry 'ê1ó?í??ê?ì3μ????è?2?á′?ó' is unknown.Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed.
O8 - IEóò?ü2?μ¥?Dμ?D???????: ìí?óμ?QQ×??¨ò???°? - C:\Program Files\Tencent\qq\AddPanel.htm
To be fixed if the entry 'ìí?óμ?QQ×??¨ò???°?' is unknown.Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed.
O8 - IEóò?ü2?μ¥?Dμ?D???????: ìí?óμ?QQ±í?é - C:\Program Files\Tencent\qq\AddEmotion.htm
To be fixed if the entry 'ìí?óμ?QQ±í?é' is unknown.Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed.
O8 - IEóò?ü2?μ¥?Dμ?D???????: ó?QQ2êD?·¢?í??í??? - C:\Program Files\Tencent\qq\SendMMS.htm
To be fixed if the entry 'ó?QQ2êD?·¢?í??í???' is unknown.Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed.
O8 - IEóò?ü2?μ¥?Dμ?D???????: éè?a Messenger Live í·?? - C:\Program Files\MSNShell\BIN\SetMSNDP.htm
The entry éè?a Messenger Live í·?? has been identified as safe.
O9 - ?ˉàà?÷??íaμ?°′?¥: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.EXE
The entry QQ has been identified as safe.
O9 - ?ˉàà?÷??íaμ??°1¤???±2?μ¥??: ìú??QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.EXE
The entry ìú??QQ has been identified as safe.
O9 - ?ˉàà?÷??íaμ?°′?¥: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
The entry FlashGet has been identified as safe.
O9 - ?ˉàà?÷??íaμ??°1¤???±2?μ¥??: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
The entry &FlashGet has been identified as safe.
O9 - ?ˉàà?÷??íaμ?°′?¥: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
The entry Messenger has been identified as safe.
O9 - ?ˉàà?÷??íaμ??°1¤???±2?μ¥??: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
The entry Windows Messenger has been identified as safe.
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cdnns.dll' missing
Check your hard disc drive with Spybot S&D from Kolla.de or LSPFix from Cexx.org.This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
O11 - Options group: [INTERNATIONAL] International*
Neutral Such entries should be fixed as a general rule.
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
Intel Graphic card
O20 - Winlogon Notify: ImpsSensor - C:\WINDOWS\SYSTEM32\ImpsSensor.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - NT ·t??: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
This service (Adobelmsvc.exe) was identified as a good one.
O23 - NT ·t??: Distributed Application Client (BARCASE) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLL.EXE (file missing)
This service (RUNDLL.EXE) was identified as a good one.
O23 - NT ·t??: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
This service (EvtEng.exe) was identified as a good one.
O23 - NT ·t??: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
This service (Macromedia Licensing.exe) was identified as a good one.
O23 - NT ·t??: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
This service (RegSrvc.exe) was identified as a good one.
O23 - NT ·t??: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
This service (CCenter.exe) was identified as a good one.
O23 - NT ·t??: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
This service (Ravmond.exe) seems to be nasty.
O23 - NT ·t??: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
This service (S24EvMon.exe) was identified as a good one.
O23 - NT ·t??: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
This service (WLKeeper.exe) was identified as a good one.
这是一条镜像帖。来源:北邮人论坛 / security / #7439同步于 2007/1/12
该镜像源已超过 30 天没有更新,可能在源站已被删除。
Security机器人发帖
hijackthis.log帮忙分析下
DarkIce
2007/1/12镜像同步10 回复
订阅后,新回复会通过你的通知中心匿名送达。
9 条回复
所以我先找网站分析过了,不想详细分析看看前面说的那2个问题吧
有这个问题的电脑我还没见到,不过估计见到了我也不知道拿那2个系统进程怎么办
【 在 zeroth (no0) 的大作中提到: 】
: 虽然鄙人不是很懂这个
: 多少看得出些东西
: lz还是看置顶吧
: ...................
你那个windows/svchost肯定是马,不用想了
诸如beast一类的老马么都拿这个开涮的
那个system.exe也是马,这两个是不是一个就无法确定了,总之给删了再看
注册表,结束进程,删文件,其实是不是非法的你可以用IS挂一下
IS是啥??
windows/svchost是怎么被启动的呢??
【 在 rebirthatsix (茫犭者) 的大作中提到: 】
: 你那个windows/svchost肯定是马,不用想了
: 诸如beast一类的老马么都拿这个开涮的
: 那个system.exe也是马,这两个是不是一个就无法确定了,总之给删了再看
: ...................
还有个问题就是卸载诺顿以后右键那个扫描病毒选项还在,不过已经不起作用了,怎么把右键菜单里面这个选项去掉呢??
【 在 DarkIce (承影≮饕餮军团≯) 的大作中提到: 】
: IS是啥??
: windows/svchost是怎么被启动的呢??
去 www.hijackthis.de 可以分析
【 在 DarkIce (承影≮饕餮军团≯) 的大作中提到: 】
: log和一个分析日志在后面
: 感觉问题比较大的有2个:
: C:\WINDOWS\svchost.exe
: ...................
后面的分析结果就是这个网站分析的
【 在 CO0LFANTASY (Cool |Scientist) 的大作中提到: 】
: 去 www.hijackthis.de 可以分析
【 在 rebirthatsix 的大作中提到: 】
: 另外说一句你的系统已经千疮百孔了,socka也在启动项目里
: 至于你问的那些问题去看置顶
比这个狠的系统我见多了。。。。。