|
查看: 551|回复: 1
|
[間諜:求助], Hijack Log 。
[复制链接]
|
|
|
求助...
Logfile of HijackThis v1.98.2
Scan saved at 3:28:37 PM, on 11/22/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\oracle\ora92\bin\omtsreco.exe
c:\oracle\ora92\bin\agntsrvc.exe
c:\oracle\ora92\Apache\Apache\apache.exe
C:\WINDOWS\system32\cmd.exe
c:\oracle\ora92\BIN\TNSLSNR.exe
c:\oracle\ora92\bin\ORACLE.EXE
c:\oracle\ora92\bin\ORACLE.EXE
c:\oracle\ora92\bin\ORACLE.EXE
C:\WINDOWS\System32\prfsvc.exe
C:\WINDOWS\Explorer.EXE
c:\oracle\ora92\bin\dbsnmp.exe
c:\oracle\ora92\Apache\Apache\apache.exe
c:\oracle\ora92\jdk\bin\java.exe
c:\oracle\ora92\jdk\bin\java.exe
c:\oracle\ora92\bin\isqlplus
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\systime.exe
C:\WINDOWS\System32\msrexe.exe
C:\WINDOWS\win.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\WINDOWS\System32\systime.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\esplorer.exe
C:\Program Files\WebSiteViewer\8855232temp.exe
C:\Program Files\WebSiteViewer\125021.exe
C:\Program Files\WebSiteViewer\125021.exe
C:\Program Files\WebSiteViewer\125021.exe
C:\DOCUME~1\sujatiah\LOCALS~1\Temp\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php |
|
|
|
|
|
|
|
|
|
|
|
发表于 22-11-2004 08:25 PM
|
显示全部楼层
可疑性比較高的是這幾個。可能有些不是adware/spyware、virus來的。
C:\WINDOWS\System32\prfsvc.exe
C:\WINDOWS\System32\systime.exe
C:\WINDOWS\System32\msrexe.exe
C:\WINDOWS\win.exe
C:\WINDOWS\System32\systime.exe
C:\WINDOWS\System32\esplorer.exe
C:\Program Files\WebSiteViewer\8855232temp.exe
C:\Program Files\WebSiteViewer\125021.exe
C:\Program Files\WebSiteViewer\125021.exe
C:\Program Files\WebSiteViewer\125021.exe
這些不是很確定是不是。最好連這些也掃一下。
c:\oracle\ora92\bin\agntsrvc.exe
c:\oracle\ora92\Apache\Apache\apache.exe
c:\oracle\ora92\bin\omtsreco.exe
c:\oracle\ora92\bin\dbsnmp.exe
c:\oracle\ora92\Apache\Apache\apache.exe
c:\oracle\ora92\jdk\bin\java.exe
c:\oracle\ora92\jdk\bin\java.exe
c:\oracle\ora92\bin\isqlplus |
|
|
|
|
|
|
|
|
|
| |
 本周最热论坛帖子
|
变色卡
千斤顶
1453 
27
