9,506
社区成员
发帖
与我相关
我的任务
分享急.急...急...请大侠帮帮忙看下系统进程,有没有中木马,非常感谢了
我的系统老是有种不祥的东西,
比如说:本来系统有个是系统自带进程lsass.exe,
是而却出现了一个怪进程lsasa.exe,ntserver,netserver.exe这种远程控制的东东
但是怎么找又找不到这些EXE文件,在注册表可以找到,删了重启还是照样出来
今天还删了一个被"卖咖啡杀毒软件"叫做特洛伊林马病毒的文件"wuapi.exe"
所以现在有点担心电脑里藏有病毒
大侠们,帮我看下吧,下面是我用工具HijackThis.exe导出的日工资志
先在此说声音"非常感谢了~!!
Logfile of HijackThis v1.99.1
Scan saved at 22:13:09, on 2005-10-4
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\msdtc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\llssrv.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\mcshield.exe
D:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINNT\Explorer.EXE
D:\PROGRA~1\SKYNET\FIREWALL\pfw.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINNT\system32\internat.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\regedit.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\桌面\HijackThis.exe
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - d:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - d:\Program Files\NetTransport 2\NTIEHelper.dll
O2 - BHO: SFP Class - {F236CC5A-F6E4-4011-9EED-C52FDF51CE3D} - C:\WINNT\system32\Sbhoplin.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [SKYNET Personal FireWall] D:\PROGRA~1\SKYNET\FIREWALL\pfw.exe
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\qq2005_beta3\AddToNetDisk.htm
O8 - Extra context menu item: 使用影音传送带下载 - D:\Program Files\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - D:\Program Files\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 使用搜狗直通车下载 - C:\Program Files\P4P\dl.htm
O8 - Extra context menu item: 发送图片到手机 - C:\Program Files\P4P\cx.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\qq2005_beta3\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\qq2005_beta3\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\qq2005_beta3\SendMMS.htm
O9 - Extra button: 词霸 - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - d:\Program Files\金山词霸2003\XDictExB.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\qq2005_beta3\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\qq2005_beta3\QQ.EXE (file missing)
O16 - DPF: {48038521-20FB-11D8-BC64-00B0D07A8A19} (PortalCom Control 2.0) - http://61.154.8.173/PortalAX02.cab
O16 - DPF: {7253A666-8D4A-11D7-A4DC-00E04C504779} (BDC Control) - http://meiliao.com.cn/BDC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D9C9606-8A5A-43C0-9E74-9D10BE077719}: NameServer = 192.168.0.1
O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - d:\Program Files\金山词霸2003\XDictExB.dll (file missing)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINNT\system32\wuapi.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Framework 服务 (McAfeeFramework) - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\vstskmgr.exe
比如说:本来系统有个是系统自带进程lsass.exe,
是而却出现了一个怪进程lsasa.exe,ntserver,netserver.exe这种远程控制的东东
但是怎么找又找不到这些EXE文件,在注册表可以找到,删了重启还是照样出来
今天还删了一个被"卖咖啡杀毒软件"叫做特洛伊林马病毒的文件"wuapi.exe"
所以现在有点担心电脑里藏有病毒
大侠们,帮我看下吧,下面是我用工具HijackThis.exe导出的日工资志
先在此说声音"非常感谢了~!!
Logfile of HijackThis v1.99.1
Scan saved at 22:13:09, on 2005-10-4
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\msdtc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\llssrv.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\mcshield.exe
D:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINNT\Explorer.EXE
D:\PROGRA~1\SKYNET\FIREWALL\pfw.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINNT\system32\internat.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\regedit.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\桌面\HijackThis.exe
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - d:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - d:\Program Files\NetTransport 2\NTIEHelper.dll
O2 - BHO: SFP Class - {F236CC5A-F6E4-4011-9EED-C52FDF51CE3D} - C:\WINNT\system32\Sbhoplin.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [SKYNET Personal FireWall] D:\PROGRA~1\SKYNET\FIREWALL\pfw.exe
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\qq2005_beta3\AddToNetDisk.htm
O8 - Extra context menu item: 使用影音传送带下载 - D:\Program Files\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - D:\Program Files\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 使用搜狗直通车下载 - C:\Program Files\P4P\dl.htm
O8 - Extra context menu item: 发送图片到手机 - C:\Program Files\P4P\cx.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\qq2005_beta3\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\qq2005_beta3\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\qq2005_beta3\SendMMS.htm
O9 - Extra button: 词霸 - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - d:\Program Files\金山词霸2003\XDictExB.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\qq2005_beta3\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\qq2005_beta3\QQ.EXE (file missing)
O16 - DPF: {48038521-20FB-11D8-BC64-00B0D07A8A19} (PortalCom Control 2.0) - http://61.154.8.173/PortalAX02.cab
O16 - DPF: {7253A666-8D4A-11D7-A4DC-00E04C504779} (BDC Control) - http://meiliao.com.cn/BDC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D9C9606-8A5A-43C0-9E74-9D10BE077719}: NameServer = 192.168.0.1
O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - d:\Program Files\金山词霸2003\XDictExB.dll (file missing)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINNT\system32\wuapi.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Framework 服务 (McAfeeFramework) - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\vstskmgr.exe
...全文
请发表友善的回复…
发表回复
ghost122 2005-10-07
- 打赏
- 举报
自己UP,看有没有其它的意见的,谢谢了
luckytim 2005-10-05
- 打赏
- 举报
认认真真看过了,没有发现病毒。
wwyymm 2005-10-05
- 打赏
- 举报
启动到安全模式下搜索一下了,如果还是不行,就用DOS启动,然后在各个文件夹下找找。
从你上面所帖的来看,并没有哪一个是可疑的,因为我不知道你都安装了些什么东西。而你说有INTERNET EXPLORE BAR里发现的文件,如果没有具体路径的话,就是在SYSTEM32里面了。
从你上面所帖的来看,并没有哪一个是可疑的,因为我不知道你都安装了些什么东西。而你说有INTERNET EXPLORE BAR里发现的文件,如果没有具体路径的话,就是在SYSTEM32里面了。
ghost122 2005-10-05
- 打赏
- 举报
谁要是能看出个"真的木马"来我再送他 "一百分"
ghost122 2005-10-05
- 打赏
- 举报
sergey(飞行的灯笼裤 | Annihilus) ( ) 信誉:119
二楼的朋友,你说的文件夹选项设置我有设置
可就是找不到...然后在注册表的"internet explore bar"却有这个lsasa.exe,ntserver,netserver.exe东东
谢谢帮忙~~!
二楼的朋友,你说的文件夹选项设置我有设置
可就是找不到...然后在注册表的"internet explore bar"却有这个lsasa.exe,ntserver,netserver.exe东东
谢谢帮忙~~!
hreoghost 2005-10-05
- 打赏
- 举报
帮你UP...
猪儿滚滚 2005-10-04
- 打赏
- 举报
太多了东西.找个木马专杀工具清理下,打上最新的系统补丁,至于你说的找不到EXE文件,是因为他们自己设置为了系统文件,默认是隐藏的,需要的文件夹选项里去掉隐藏系统文件的选项
