瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 高手们帮忙看一下!查出有木马,可是杀不掉啊!

1   1  /  1  页   跳转

高手们帮忙看一下!查出有木马,可是杀不掉啊!

收藏
zhmiss
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2005-08-03
  • 来自:
发表于: 2007-08-17 11:14 | 只看楼主 短消息 资料
字号: 1楼

高手们帮忙看一下!查出有木马,可是杀不掉啊!

ijackThis_zww汉化版扫描日志 V1.99.1
保存于      10:56:59, 日期 2007-08-17
操作系统:  Windows XP SP2 (WinNT 5.01.2600)
浏览器:    Internet Explorer v7.00 (7.00.6000.16473)

当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
d:\Program Files\H3C\iNode Client\AuthenMngService.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

[用户系统信息]Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
最后编辑2007-08-17 11:05:35
分享到:
gototop
 
zhmiss
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2005-08-03
  • 来自:
发表于: 2007-08-17 11:15 | 只看楼主 短消息 资料
字号: 2楼

C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\Explorer.EXE
d:\Program Files\H3C\iNode Client\iNode Client.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Network Associates\VirusScan\shstat.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
D:\Program Files\IPMsg\ipmsg.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\DOCUME~1\zh\LOCALS~1\Temp\Rar$EX00.890\HijackThis1991zww.exe
gototop
 
zhmiss
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2005-08-03
  • 来自:
发表于: 2007-08-17 11:15 | 只看楼主 短消息 资料
字号: 3楼

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - d:\Program Files\Thunder

Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and

Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - d:\Program Files\Thunder

Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} -

C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef

/Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [TrackPointSrv] tp4serv.exe
O4 - 启动项HKLM\\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1

\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - 启动项HKLM\\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1

\BatLogEx.DLL,StartBattLog
O4 - 启动项HKLM\\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - 启动项HKLM\\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -

helper
O4 - 启动项HKLM\\Run: [TpShocks] TpShocks.exe
O4 - 启动项HKLM\\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - 启动项HKLM\\Run: [TP4EX] tp4ex.exe
O4 - 启动项HKLM\\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - 启动项HKLM\\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - 启动项HKLM\\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - 启动项HKLM\\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - 启动项HKLM\\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - 启动项HKLM\\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - 启动项HKLM\\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02

\bin\jusched.exe"
O4 - 启动项HKLM\\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - 启动项HKLM\\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - 启动项HKLM\\Run: [TVT Scheduler Proxy] C:\Program Files\Common

Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - 启动项HKLM\\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper

Corporation\Diskeeper\DkIcon.exe"
O4 - 启动项HKLM\\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - 启动项HKLM\\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - 启动项HKLM\\Run: [cssauth] "C:\Program Files\Lenovo\Client Security

Solution\cssauth.exe" silent
O4 - 启动项HKLM\\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - 启动项HKLM\\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE"

/STANDALONE
O4 - 启动项HKLM\\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common

Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - 启动项HKLM\\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common

Files\Network Associates\TalkBack\TBMon.exe"
O4 - 启动项HKLM\\Run: [ISUSPM] "C:\Program Files\Common

Files\Installshield\UpdateService\ISUSPM.exe" -scheduler
O4 - 启动项HKLM\\Run: [IBM Warranty Notification] "C:\Program Files\IBM\acp\ERTS0749

\ERTS0749.exe /nointro"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: QQ游戏启动加速程序.lnk = D:\Program Files\Tencent\QQGame\Accel.exe
O4 - Startup: 飞鸽传书.lnk = D:\Program Files\IPMsg\ipmsg.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0

\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用迅雷下载 - d:\Program Files\Thunder

Network\Thunder\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: 使用迅雷下载全部链接 - d:\Program Files\Thunder

Network\Thunder\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program

Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - 浏览器额外的“工具”菜单项: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-

969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - 浏览器额外的按钮: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - 浏览器额外的“工具”菜单项: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - 浏览器额外的按钮: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\Program

Files\Thunder Network\Thunder\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} -

d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1

\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program

Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} -

d:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program

Files\Lenovo\System Update\sulauncher.exe
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -

http://zhmisskiss.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} (Loader Class v3) -

http://128.32.96.172:8080/qcbin/Spider90.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E847C78C-C210-4195-8799-FBF3BF89797D} (金山毒霸在线产品升级) -

http://cu004.www.duba.net/duba/scan/Package/KOSInit.cab
O18 - 列举现有的协议: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1

\MSNMES~1\MSGRAP~1.DLL
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1

\MSGRAP~1.DLL
gototop
 
zhmiss
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2005-08-03
  • 来自:
发表于: 2007-08-17 11:15 | 只看楼主 短消息 资料
字号: 4楼

O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O23 - NT 服务: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program

Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - NT 服务: Access Connections Main Service (AcSvc) - Lenovo - C:\Program

Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - NT 服务: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper

Corporation\Diskeeper\DkService.exe
O23 - NT 服务: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program

Files\Intel\Wireless\Bin\EvtEng.exe
O23 - NT 服务: H3C iNode service (H3C_SVR_MNG_SERVICE) - Unknown owner - d:\Program

Files\H3C\iNode Client\AuthenMngService.exe
O23 - NT 服务: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32

\ibmpmsvc.exe
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - NT 服务: IPS 核心服务 (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - NT 服务: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program

Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - NT 服务: Network Associates McShield (McShield) - Network Associates, Inc. -

C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - NT 服务: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. -

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - NT 服务: OracleOraHome81ClientCache - Unknown owner - d:\oracle\ora81\BIN\ONRSD.EXE
O23 - NT 服务: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32

\PsaSrv.exe
O23 - NT 服务: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation -

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - NT 服务: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  -

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - NT 服务: System Update (SUService) -  - c:\program files\lenovo\system

update\suservice.exe
O23 - NT 服务: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program

Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - NT 服务: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. -

C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - NT 服务: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - NT 服务: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client

Security Solution\tvttcsd.exe
O23 - NT 服务: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue

and Recovery\rrservice.exe
O23 - NT 服务: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common

Files\Lenovo\Scheduler\tvtsched.exe
O23 - NT 服务: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and

Recovery\ADM\IUService.exe
gototop
 
zhmiss
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2005-08-03
  • 来自:
发表于: 2007-08-17 11:16 | 只看楼主 短消息 资料
字号: 5楼

帮帮忙吧,急啊!
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT