遇到过.......
能不能扫一个日志上来 大家好帮你分析
扫啥日志 对不起我不太知道 是漏洞攻击日志 还司注册表日志 或者是监控日志 病毒日志?
http://bbs.dngz.net/thread-11436-1-1.html 先看看这个贴吧
C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\Program Files\Rising\Rav\Ravmond.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe C:\windows\System32\svchost.exe F:\vmare\vmware-authd.exe C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\windows\System32\svchost.exe C:\windows\System32\svchost.exe C:\windows\Explorer.EXE C:\Program Files\Rising\Rav\RavTask.exe C:\windows\system32\ctfmon.exe C:\Program Files\Rising\Rav\Ravmon.exe C:\Program Files\ChinaNet\VnetClient.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe F:\web\WebThunder.exe G:\HijackThis.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system欢迎来到(www.dngz.net)
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O8 - Extra context menu item: 上传到QQ网络硬盘 - F:\qq\AddToNetDisk.htm O8 - Extra context menu item: 使用Web迅雷下载 - F:\web\GetUrl.htm O8 - Extra context menu item: 使用Web迅雷下载全部链接 - F:\web\GetAllUrl.htm O9 - Extra button: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing) O9 - Extra 'Tools' menuitem: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing) O17 - HKLM\System\CCS\Services\Tcpip\..\{2ADED840-4BE6-43A3-B151-3CAEFB3762F0}: NameServer = 202.102.192.68 202.96.209.133 O20 - Winlogon Notify: dimsntfy - C:\windows\SYSTEM32\dimsntfy.dll O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe O23 - Service: TuoACCOOS (TuoACCO) - Unknown owner - C:\Windows\system32\YGNVEMTAIPWE.EXE O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - F:\vmare\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe刚才我用个同名文件替换了ygnvemtaipwe 似乎暂时解决了问题 不过问题没有根治..
O23 - Service: TuoACCOOS (TuoACCO) - Unknown owner - C:\Windows\system32\YGNVEMTAIPWE.EXE 把C:\Windows\system32\YGNVEMTAIPWE.EXE里找到他,给删除掉 你装的是瑞星杀毒啊? 最好更新到最新版了!
谢谢4328028帮我解决问题 瑞星 我更新到最新的19.02 至于那个文件 我在那里删掉过好多次 但是之后还是存在....