1   1  /  1  页   跳转

baohe版主,日志来了。

收藏
E的老公
头像
初生襁褓狮
  • 帖子:27
  • 注册: 2004-08-04
  • 来自:
发表于: 2005-10-17 16:16 | 只看楼主 短消息 资料
字号: 1楼

baohe版主,日志来了。

Logfile of HijackThis v1.99.1
Scan saved at 16:15:47, on 2005-10-17
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\internat.exe
C:\WINNT\system32\conime.exe
C:\Program Files\Tencent\QQ\TMDlls\TM.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\TouchNet\TouchNet.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINNT\system32\smres.exe
C:\Program Files\Microsoft Office\Office\POWERPNT.EXE
D:\专杀\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [iparmor] C:\Program Files\Iparmor\Iparmor.exe mini
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [smres] smres.exe
O4 - HKLM\..\RunServices: [smres] smres.exe
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /reboot{3CB41017-F5CA-4C56-934C-ED02156251E6} /z
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: 金山迷你背单词.lnk = C:\Program Files\Kingsoft\PowerWord 2005\ScrollWord.exe
O4 - Startup: 腾讯TM.lnk = C:\Program Files\Tencent\QQ\TMShell.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导入当前页到超星阅览器(&A) - C:\Program Files\SSREADER36\ss_all.htm
O8 - Extra context menu item: 导入选中部分到超星阅览器(&S) - C:\Program Files\SSREADER36\ss_select.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O10 - Unknown file in Winsock LSP: c:\winnt\vmaildog.dll
O10 - Unknown file in Winsock LSP: c:\winnt\vmaildog.dll
O10 - Unknown file in Winsock LSP: c:\winnt\vmaildog.dll
O10 - Unknown file in Winsock LSP: c:\winnt\vmaildog.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {3359C0B1-2363-40B3-AFCA-1ABC799AC486} (SSReaderPlug Control) - http://reg.ssreader.com/ssreaderplug.ocx
O16 - DPF: {ACFE8232-03C5-4AEC-AF5E-42B806724096} (KSHScan Control) - http://scan.kingsoft.com/scan/fangyi/KAllScan.CAB
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://pcaststatic.mop.com/dn/files/pCastCtl_1.0.0.71_20050929.cab
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: anckyqs - Unknown owner - \\10.36.31.32\E$\winlogin.exe" -service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod 服务 (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: klhrmid - Unknown owner - \\10.36.31.32\E$\winlogin.exe" -service (file missing)
O23 - Service: rizwqak - Unknown owner - \\10.36.31.32\E$\mstskmngr32.exe" -service (file missing)

最后编辑2005-10-18 10:30:35
分享到:
gototop
 
BlackStone
头像
叱咤花甲狮
  • 帖子:2616
  • 注册: 2005-09-27
  • 来自:
发表于: 2005-10-17 16:27 | 短消息 资料
字号: 2楼

C:\WINNT\system32\smres.exe

O23 - Service: klhrmid - Unknown owner - \\10.36.31.32\E$\winlogin.exe" -service (file missing)
O23 - Service: rizwqak - Unknown owner - \\10.36.31.32\E$\mstskmngr32.exe" -service (file missing)

O23 - Service: anckyqs - Unknown owner - \\10.36.31.32\E$\winlogin.exe" -service (file missing)
gototop
 
E的老公
头像
初生襁褓狮
  • 帖子:27
  • 注册: 2004-08-04
  • 来自:
发表于: 2005-10-17 16:33 | 只看楼主 短消息 资料
字号: 3楼

试过了,还是会出现
gototop
 
BlackStone
头像
叱咤花甲狮
  • 帖子:2616
  • 注册: 2005-09-27
  • 来自:
发表于: 2005-10-17 16:38 | 短消息 资料
字号: 4楼

引用:
【E的老公的贴子】试过了,还是会出现
...........................


出现啥
gototop
 
bobo无极限
头像
初生襁褓狮
  • 帖子:12325
  • 注册: 2005-07-08
  • 来自:
发表于: 2005-10-17 16:39 | 短消息 资料
字号: 5楼

删除
C:\WINNT\system32\smres.exe

修复
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [smres] smres.exe
O4 - HKLM\..\RunServices: [smres] smres.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe

O10 - Unknown file in Winsock LSP: c:\winnt\vmaildog.dll
O10 - Unknown file in Winsock LSP: c:\winnt\vmaildog.dll
O10 - Unknown file in Winsock LSP: c:\winnt\vmaildog.dll
O10 - Unknown file in Winsock LSP: c:\winnt\vmaildog.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: anckyqs - Unknown owner - \\10.36.31.32\E$\winlogin.exe" -service (file missing)
O23 - Service: klhrmid - Unknown owner - \\10.36.31.32\E$\winlogin.exe" -service (file missing)
O23 - Service: rizwqak - Unknown owner - \\10.36.31.32\E$\mstskmngr32.exe" -service (file missing)
gototop
 
BlackStone
头像
叱咤花甲狮
  • 帖子:2616
  • 注册: 2005-09-27
  • 来自:
发表于: 2005-10-17 16:39 | 短消息 资料
字号: 6楼

O4 - HKLM\..\Run: [smres] smres.exe
O4 - HKLM\..\RunServices: [smres] smres.exe
gototop
 
baohe
头像
大版主
  • 帖子:72578
  • 注册: 2003-04-10
  • 来自:
年度优秀版主奖端午辟邪香囊卡卡名人堂就爱不长大论坛9周年纪念09欢乐圣诞十周年年度风云人物2012我眼中的你们茶馆劳模瑞星金牌用户十一周年勋章
发表于: 2005-10-17 17:00 | 短消息 资料
字号: 7楼

【回复“E的老公”的帖子】
O23 - Service: anckyqs - Unknown owner - \\10.36.31.32\E$\winlogin.exe" -service (file missing)
O23 - Service: klhrmid - Unknown owner - \\10.36.31.32\E$\winlogin.exe" -service (file missing)
O23 - Service: rizwqak - Unknown owner - \\10.36.31.32\E$\mstskmngr32.exe" -service (file missing)
用HijackThis修复这几项。

如果你自己没安装代理软件,用LSPFIX修复O10项。

C:\WINNT\system32\smres.exe可能是个木马。请将此文件打包(包要加密码),发到:linbaohe@163.com
发送后,将解压密码告诉我。
gototop
 
E的老公
头像
初生襁褓狮
  • 帖子:27
  • 注册: 2004-08-04
  • 来自:
发表于: 2005-10-18 08:46 | 只看楼主 短消息 资料
字号: 8楼

已发出,请查收
gototop
 
baohe
头像
大版主
  • 帖子:72578
  • 注册: 2003-04-10
  • 来自:
年度优秀版主奖端午辟邪香囊卡卡名人堂就爱不长大论坛9周年纪念09欢乐圣诞十周年年度风云人物2012我眼中的你们茶馆劳模瑞星金牌用户十一周年勋章
发表于: 2005-10-18 10:30 | 短消息 资料
字号: 9楼

引用:
【E的老公的贴子】已发出,请查收
...........................

已经回复——http://forum.ikaka.com/topic.asp?board=28&artid=7310057
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT