12
返回列表 发新帖
楼主: jojoliuxiao
收起左侧

今日第二帖:下午系统被劫持——晕,这种事情终于让我给碰上了

[复制链接]
xpn282
发表于 2007-4-2 20:42:03 | 显示全部楼层
事后,我检查了一下麦咖啡的监控日志。发现,
2007-3-28        11:30:36        已由访问保护规则禁止         HSIAO\Owner        C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe        C:\Program Files\Common Files\Network Associates\TalkBack\Data\TalkBack.ini        防病毒爆发控制:将所有共享项设为只读        已阻止的操作: 写入
2007-4-1        10:16:05        已由访问保护规则禁止         HSIAO\Owner        C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe        C:\Program Files\Common Files\Network Associates\TalkBack\Data\TalkBack.ini        防病毒爆发控制:将所有共享项设为只读        已阻止的操作: 写入

警报,由此可见,这家伙几天之前就试图给我装talkback.exe这个软件,但由于规则阻挡没有成功,昨天又又给我装还是没有成功。肯定后来由于我把规则停掉,终于成功,侵入我的电脑。




这些都是正常行为...Network Associates里的东西都是MDF的

[ 本帖最后由 xpn282 于 2007-4-2 20:55 编辑 ]
wooyard
发表于 2007-4-2 21:40:11 | 显示全部楼层
有意思,等待事件进展。。。
zea10t
发表于 2007-4-2 22:18:20 | 显示全部楼层

回复 #10 jojoliuxiao 的帖子


你的报告没贴完吧?没有驱动和服务。

不过看你贴的这些貌似没什么问题,还是等高手来看吧。
kaigoal
发表于 2007-4-2 22:35:33 | 显示全部楼层
我还没有遇到过这种情况。
jojoliuxiao
头像被屏蔽
 楼主| 发表于 2007-4-3 10:57:16 | 显示全部楼层
服务
[System Performance Monitor / AotoLogon][Stopped/Auto Start]
  <><N/A>
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  <d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[McAfee Desktop Firewall Service / FireSvc][Running/Auto Start]
  <d:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe><McAfee, Inc.>
[McAfee Framework Service / McAfeeFramework][Running/Auto Start]
  <"D:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart><McAfee, Inc.>
[McAfee McShield / McShield][Running/Auto Start]
  <"D:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe"><McAfee, Inc.>
[McAfee Task Manager / McTaskManager][Running/Auto Start]
  <"D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe"><McAfee, Inc.>
jojoliuxiao
头像被屏蔽
 楼主| 发表于 2007-4-3 10:57:39 | 显示全部楼层
驱动程序
[Lenovo Virtual Power Controller Driver / ACPIVPC][Running/Manual Start]
  <system32\DRIVERS\AcpiVpc.sys><Lenovo Corporation>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  <\??\d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[Lenovo EasyCamera / Cam5603D][Running/Manual Start]
  <System32\Drivers\BisonCam.sys><Bison Electronics. Inc.>
[McAfee Desktop Firewall / FireHook][Running/System Start]
  <\??\C:\WINDOWS\system32\Drivers\Firehk5x.sys><McAfee, Inc.>
[firelm01 / firelm01][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\firelm01.sys><N/A>
[McAfee Desktop Firewall Policy Manager Driver / FirePM][Running/Boot Start]
  <\SystemRoot\System32\Drivers\FirePM.sys><McAfee, Inc.>
[McAfee Desktop Firewall TDI Driver / FireTDI][Running/System Start]
  <\??\C:\WINDOWS\system32\Drivers\FireTDI.sys><McAfee, Inc.>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Running/Manual Start]
  <system32\drivers\CHDAud.sys><Conexant Systems Inc.>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HSFHWAZL / HSFHWAZL][Running/Manual Start]
  <system32\DRIVERS\HSFHWAZL.sys><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
  <system32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[McAfee Inc. / mfeapfk][Running/Manual Start]
  <system32\drivers\mfeapfk.sys><McAfee, Inc.>
[McAfee Inc. / mfeavfk][Running/Manual Start]
  <system32\drivers\mfeavfk.sys><McAfee, Inc.>
[McAfee Inc. / mfebopk][Running/Manual Start]
  <system32\drivers\mfebopk.sys><McAfee, Inc.>
[McAfee Inc. / mfehidk][Running/Manual Start]
  <system32\drivers\mfehidk.sys><McAfee, Inc.>
[VSCore mferkdk / mferkdk][Running/System Start]
  <\??\D:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys><McAfee, Inc.>
[McAfee Inc. / mfetdik][Running/System Start]
  <system32\drivers\mfetdik.sys><McAfee, Inc.>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkcusb / npkcusb][Running/Auto Start]
  <\??\D:\Program Files\Tencent\QQ\npkcusb.sys><INCA Internet Co., Ltd.>
[PCANDIS5 Protocol Driver / PCANDIS5][Stopped/Manual Start]
  <\??\D:\PROGRA~1\WIRELE~1\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SMC IrCC Miniport Device Driver / SMCIRDA][Running/Manual Start]
  <system32\DRIVERS\smcirda.sys><SMC>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[tifm21 / tifm21][Running/Manual Start]
  <system32\drivers\tifm21.sys><Texas Instruments>
[Conexant Setup API / UIUSys][Stopped/Manual Start]
  <system32\DRIVERS\UIUSYS.SYS><Conexant Systems, Inc>
[Intel(R) PRO/Wireless 3945ABG Adapter Driver / w39n51][Running/Manual Start]
  <system32\DRIVERS\w39n51.sys><Intel? Corporation>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Stopped/Manual Start]
  <system32\DRIVERS\yk51x86.sys><Marvell>
[17403625 / 17403625][Running/]
  <2 - 系统找不到指定的文件。
><N/A>
jojoliuxiao
头像被屏蔽
 楼主| 发表于 2007-4-3 11:05:09 | 显示全部楼层

回复 #13 zea10t 的帖子

我想着那两个报告就能看出问题来。昨晚又无法上网了,为了安全起见,我直接就把网络关掉了。

请问高手,有没有可能是因为我用了不明的无线网络,对方是利用局域网的可用的漏洞,例如原理类似网络执法官的东东弄的?

我准备考虑重新下载小邪邪版主的加强版的规则了
jojoliuxiao
头像被屏蔽
 楼主| 发表于 2007-4-3 11:11:53 | 显示全部楼层

回复 #14 kaigoal 的帖子

我以前也是觉得这种事情离我很远,要不是游戏里出现的问题,我也没有意识到电脑被黑了。我现在担心的是电脑里的东西已经被掏空了。然后他才现身。如果对方没有动静,或许我们永远不知道有个人在利用网络监视你的一举一动
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-23 12:48 , Processed in 0.083458 second(s), 14 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表