中科新闻网翻拍h版的经典影片:麻烦帮我分析下日志,谢谢
来源:百度文库 编辑:中科新闻网 时间:2024/04/30 23:36:17
Logfile of HijackThis v1.99.1
Scan saved at 19:50:35, on 2006-8-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.exe
D:\WINDOWS\system32\spoolsv.exe
C:\Rising\Rav\RavStub.exe
D:\WINDOWS\SMSS.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Rising\Rav\RavTask.exe
D:\Program Files\exploreru.exe
D:\Program Files\exploreb.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Sogou PXP\p2psvr.exe
D:\WINDOWS\system32\wscntfy.exe
C:\Rising\Rav\Ravmond.exe
D:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\Thunder\Program\Thunder5.exe
D:\WINDOWS\system32\conime.exe
D:\Program Files\Hercules\DFVSX.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.781\HijackThis.exe
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - D:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
R3 - URLSearchHook: Micrsoft SearchBar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - D:\Program Files\Micrsoft SearchBar\SearchBar.dll
F2 - REG:system.ini: Shell=Explorer.exe 1
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - D:\WINDOWS\system32\wmpdrm.dll (file missing)
O2 - BHO: Shockwave Flash Object - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} - D:\WINDOWS\system32\smflash.ocx
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - D:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4603.dll (file missing)
Scan saved at 19:50:35, on 2006-8-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.exe
D:\WINDOWS\system32\spoolsv.exe
C:\Rising\Rav\RavStub.exe
D:\WINDOWS\SMSS.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Rising\Rav\RavTask.exe
D:\Program Files\exploreru.exe
D:\Program Files\exploreb.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Sogou PXP\p2psvr.exe
D:\WINDOWS\system32\wscntfy.exe
C:\Rising\Rav\Ravmond.exe
D:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\Thunder\Program\Thunder5.exe
D:\WINDOWS\system32\conime.exe
D:\Program Files\Hercules\DFVSX.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.781\HijackThis.exe
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - D:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
R3 - URLSearchHook: Micrsoft SearchBar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - D:\Program Files\Micrsoft SearchBar\SearchBar.dll
F2 - REG:system.ini: Shell=Explorer.exe 1
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - D:\WINDOWS\system32\wmpdrm.dll (file missing)
O2 - BHO: Shockwave Flash Object - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} - D:\WINDOWS\system32\smflash.ocx
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - D:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4603.dll (file missing)
D:\Program Files\exploreru.exe
D:\Program Files\exploreb.exe 木马
“Agent变种sf”(Troj.Agent.sf)木马病毒,将盗取的帐号密码提交给指定的处理网页。
病毒特征:该病毒是一个盗号木马。
发作症状:该病毒在受感染系统中生成以下病毒文件:%SystemRoot%\system32\systemlb.dll%Program Files%\exploreb.exe,并添加注册表启动项。该病毒在系统中安装了类型为WH_MOUSE、WH_KEYBOARD两个消息钩子,监视鼠标和键盘消息,并将盗取的帐号密码提交给指定的处理网页
还有下面那个有(file missing)的都可以修复了
F2 - REG:system.ini: Shell=Explorer.exe 1 这个好象也有问题
建议下载360安全卫士清理恶意软件:
http://www.360safe.com