9,506
社区成员
发帖
与我相关
我的任务
分享估计我已经中了灰鸽子0025,请高手看看ha_hijackthis_1991的扫描日志吧,高分感谢,不够再加!
Logfile of HijackThis v1.99.1
Scan saved at 8:51:18, on 2007-3-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\木马杀客\mmsk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\360safe\360Safe.exe
C:\Documents and Settings\jinli\Desktop\ha_hijackthis_1991\HijackThis.exe
R3 - Default URLSearchHook is missing
O2 - BHO: mslogin linker - {74BC093A-540E-4340-897B-4653A8EB2F47} - C:\WINDOWS\system32\mslink\mslink.dll
O2 - BHO: NavigatMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360safe\safemon\safemon.dll
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [360Safetray] C:\Program Files\360safe\safemon\360tray.exe
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - HKLM\..\RunOnce: [360Safe] Rundll32.exe C:\PROGRA~1\360safe\AntiAdwa.dll,KillAdware
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: 木马杀客2007.Lnk = ?
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: 访问瑞星网站 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} - http://www.rising.com.cn/?u=RSTB (file missing)
O9 - Extra button: 访问卡卡社区 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://www.ikaka.com/?u=RSTB (file missing)
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ncs.corp.int-ads
O17 - HKLM\Software\..\Telephony: DomainName = ncs.corp.int-ads
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ncs.corp.int-ads
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ncs.corp.int-ads
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - d:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HEWPSOOMRTNSB - Sysinternals - www.sysinternals.com - C:\DOCUME~1\jlcao\LOCALS~1\Temp\HEWPSOOMRTNSB.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MySql - Unknown owner - E:/DB/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - e:\Tomcat 5.0\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Windows Login - Unknown owner - C:\WINDOWS\system32\mslogin.exe
Scan saved at 8:51:18, on 2007-3-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\木马杀客\mmsk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\360safe\360Safe.exe
C:\Documents and Settings\jinli\Desktop\ha_hijackthis_1991\HijackThis.exe
R3 - Default URLSearchHook is missing
O2 - BHO: mslogin linker - {74BC093A-540E-4340-897B-4653A8EB2F47} - C:\WINDOWS\system32\mslink\mslink.dll
O2 - BHO: NavigatMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360safe\safemon\safemon.dll
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [360Safetray] C:\Program Files\360safe\safemon\360tray.exe
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - HKLM\..\RunOnce: [360Safe] Rundll32.exe C:\PROGRA~1\360safe\AntiAdwa.dll,KillAdware
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: 木马杀客2007.Lnk = ?
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: 访问瑞星网站 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} - http://www.rising.com.cn/?u=RSTB (file missing)
O9 - Extra button: 访问卡卡社区 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://www.ikaka.com/?u=RSTB (file missing)
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ncs.corp.int-ads
O17 - HKLM\Software\..\Telephony: DomainName = ncs.corp.int-ads
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ncs.corp.int-ads
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ncs.corp.int-ads
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - d:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HEWPSOOMRTNSB - Sysinternals - www.sysinternals.com - C:\DOCUME~1\jlcao\LOCALS~1\Temp\HEWPSOOMRTNSB.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MySql - Unknown owner - E:/DB/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - e:\Tomcat 5.0\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Windows Login - Unknown owner - C:\WINDOWS\system32\mslogin.exe
...全文
请发表友善的回复…
发表回复
裸男 2007-03-28
- 打赏
- 举报
http://www.huigezi.net/
裸男 2007-03-28
- 打赏
- 举报
你直接上灰鸽子网站,首面有一个灰鸽子清理的软件,下载下来用吧。
lhawk1980 2007-03-28
- 打赏
- 举报
强烈谴责瑞星,
进程里都看到scvhost在运行了,瑞星提供的专杀却说没有发现灰鸽子。
进程里都看到scvhost在运行了,瑞星提供的专杀却说没有发现灰鸽子。
lhawk1980 2007-03-28
- 打赏
- 举报
haha,我也中这个了,原来是灰鸽啊,瑞星好像有专杀,下载一个试试看。
programeyonger 2007-03-28
- 打赏
- 举报
没有啥症状,就是系统变慢,然后用了safe360查了一下恶意软件,就报了
" 2007-03-28 08:25
查杀恶意软件 - 灰鸽子变种0025 - 危险 - C:\WINDOWS\system32\scvhost.exe"!
" 2007-03-28 08:25
查杀恶意软件 - 灰鸽子变种0025 - 危险 - C:\WINDOWS\system32\scvhost.exe"!
beyondtc 2007-03-28
- 打赏
- 举报
但是你现在什么症状呢??自动运行?无法打开.exe?
你看看能不能删除那个文件。从目录和注册表等多个地方删除。
你看看能不能删除那个文件。从目录和注册表等多个地方删除。
javaprogramlover 2007-03-28
- 打赏
- 举报
没错,我用金山的专杀,在安全模式下删除了。一共是三个文件!
现在开机进入正常模式,safe360还是会提示,说有灰鸽子!
而且时常会跳出一个mslink.dll文件要“动作”,然后给safe360发现,提示我是否允许!!
现在开机进入正常模式,safe360还是会提示,说有灰鸽子!
而且时常会跳出一个mslink.dll文件要“动作”,然后给safe360发现,提示我是否允许!!
Bennyatt 2007-03-28
- 打赏
- 举报
鸽子07 基本已经被消灭了
最早 金山出的 专杀
其他的杀毒公司都拖后
你可以去金山看看
最早 金山出的 专杀
其他的杀毒公司都拖后
你可以去金山看看
w1984721 2007-03-28
- 打赏
- 举报
你直接上灰鸽子网站 http://www.huigezi.net/
上面有一个灰鸽子清理的软件
上面有一个灰鸽子清理的软件
javaprogramlover 2007-03-28
- 打赏
- 举报
会不会是safe360,误报呢?
我用灰鸽子官方网站提供的工具,竟然没有杀到有灰鸽子!!!
我用灰鸽子官方网站提供的工具,竟然没有杀到有灰鸽子!!!
