freeway - 2006-8-30 19:46:00
系统事件:启动项目中发现木马!
木马名称:Trojan-Spy.Win32.Agent.nw.18978
木马启动项:alsmt.exe
木马从启动项目中清除成功!
c:\windows\system32\alsmt.exe
木马在硬盘清除成功!
c:\windows\system32\alsmt.exe
系统事件:已发现木马!
木马名称:Trojan-Spy.Win32.Agent.nw.18978
木马路径:C:\WINDOWS\system32\alsmt.exe
处理方式:删除 成功
系统事件:已发现木马!
木马名称:Trojan-Spy.Win32.Agent.nw.18978
木马路径:C:\WINDOWS\system32\alsmt.exe
处理方式:删除 成功
系统事件:已发现木马!
木马名称:Win32.ADWARE.DesktopMedia.e.22346
木马路径:C:\WINDOWS\system32\drivers\Albus.SYS
处理方式:删除 成功
系统事件:已发现木马!
木马名称:Win32.ADWARE.DesktopMedia.e.22346
木马路径:C:\WINDOWS\system32\drivers\Albus.SYS
处理方式:删除 成功
系统事件:已发现木马!
木马名称:Script.Unescape.Exploit.14715
木马路径:C:\Documents and Settings\yb\Local Settings\Temporary Internet Files\Content.IE5\FJHV7LCS\stat_code[1].htm
处理方式:删除 成功
系统事件:已发现木马!
木马名称:AdWare.Win32.Boran.s .21697
木马路径:C:\Program Files\MMSAssist\Mmsass~1.dll
处理方式:删除 成功
系统事件:已发现木马!
木马名称:AdWare.Win32.Boran.s .21697
木马路径:C:\Program Files\MMSAssist\Mmsass~1.dll
处理方式:删除 成功
系统事件:已发现木马!
木马名称:AdWare.Win32.Boran.s .21697
木马路径:C:\Program Files\MMSAssist\MMSSVER.DLL
处理方式:删除 成功
系统事件:已发现木马!
木马名称:AdWare.Win32.Boran.s .21697
木马路径:C:\Program Files\MMSAssist\MMSSVER.DLL
处理方式:删除 成功
系统事件:已发现木马!
木马名称:Trojan-Spy.Win32.Agent.nw.18978
木马路径:C:\WINDOWS\system32\alsmt.exe
处理方式:删除 成功
系统事件:已发现木马!
木马名称:Trojan-Spy.Win32.Agent.nw.18978
木马路径:C:\WINDOWS\system32\alsmt.exe
处理方式:删除 成功
系统事件:已发现木马!
木马名称:Win32.ADWARE.DesktopMedia.e.22346
木马路径:C:\WINDOWS\system32\drivers\Albus.SYS
处理方式:删除 成功
系统事件:已发现木马!
木马名称:Win32.ADWARE.DesktopMedia.e.22346
木马路径:C:\WINDOWS\system32\drivers\Albus.SYS
处理方式:删除 成功
这是日志
Logfile of HijackThis v1.99.1
Scan saved at 19:30:18, on 2006-8-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\Lenovo\幸福一键通\Kbdriver.exe
C:\Program Files\Lenovo\幸福一键通\FlyShuttle.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\mmsk\木马杀客\mmsk.exe
C:\Downloads\HijackThis.exe
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\迅雷5\ComDlls\XunLeiBHO_002.dll
O4 - HKLM\..\Run: [Lskbdrv] C:\Program Files\Lenovo\幸福一键通\Kbdriver.exe
O4 - HKLM\..\Run: [LenSoft] C:\Program Files\Lenovo\幸福一键通\FlyShuttle.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RfwMain] C:\Program Files\Rising\Rfw\rfwmain.exe
O4 - HKLM\..\Run: [YDTMain.exe] C:\PROGRA~1\YDT\YDTMain.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [NMGameX_AutoRun] C:\WINDOWS\system32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - HKLM\..\Run: [Mysee Alert] "C:\Program Files\GAOV\Mysee Alert\Mysee Alert.exe" -notray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SDO2005] C:\Program Files\盛大圈圈\SDOLauncher.exe -s"-s 3"
O4 - HKCU\..\Run: [eMuleAutoStart] D:\3\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [pbmini] C:\Program Files\pcast\PodcastbarMini\PodcastBarMiniStater.exe
O4 - HKCU\..\Run: [Stamp] "E:\naruto\rap\Stamp\Stamp.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用迅雷下载 - E:\迅雷5\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\迅雷5\Program\GetAllUrl.htm
O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - E:\迅雷5\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - E:\迅雷5\Thunder.exe
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.legend.com
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://vod.ruyi.com/plugin/PowerPlr.ocx
O16 - DPF: {3676996C-D8C6-4356-B4BE-3A80400C606E} ({3676996C-D8C6-4356-B4BE-3A80400C606E}) - http://www.vod588.com/BoBo_ActiveX_1.19b.ocx
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://s4.liaoliao.com:1995/talk.cab
O16 - DPF: {A8C3B40D-5384-44AD-ACC4-504B4D8A85F5} (BoBo_V2 Control) - http://www.vod588.com/BoBo_ActiveX_V2.ocx
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.80_20060123.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7735B24-4C12-4700-A95A-BCC75B09DAA1}: NameServer = 61.166.150.101 61.166.150.101
O21 - SSODL: themeadp - {64274C93-3CE7-4663-9C8D-CD2DC8A3590B} - C:\WINDOWS\system32\themeadp.dll
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
© 2000 - 2025 Rising Corp. Ltd.