hijackthis 扫描出来的东西。看不懂哩。帮忙吗~各位！ bbs.ikaka.com

romer - 2005-11-28 20:39:00

Logfile of HijackThis v1.99.0
Scan saved at 20:31:21, on 2005-11-28
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\KAV2005\KWatch.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\system32\svchost.exe
C:\KAV2005\KPfwSvc.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\SOUNDMAN.EXE
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\KAV2005\KAVPFW.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\explorer.exe
L:\movie\1\Tencent\QQLive\QQLive.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\cdmdownld\xdotnbtort.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX02.172\HijackThis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - _{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: yPhtb - _{33BBE430-0E42-4f12-B075-8D21ACB10DCB} - (no file)
O2 - BHO: Anti Fish - _{38928D50-8A48-44C2-945F-D2F23F771410} - (no file)
O2 - BHO: (no name) - _{4D666C23-7BA2-A154-933C-CAEA3036C4D2} - (no file)
O2 - BHO: YDragSearch - _{62EED7C6-9F02-42f9-B634-98E2899E147B} - (no file)
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll (file missing)
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - L:\movie\1\Tencent\QQ\QQIEHelper.dll
O2 - BHO: (no name) - {CB8892F5-524F-7030-0796-3412787E3850} - C:\WINNT\system32\cdmdownld\xdotnbtort.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Management Instrumentation] rem wmimgr.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [KavPFW] "C:\KAV2005\KAVPFW.EXE"
O8 - Extra context menu item: 上传到QQ网络硬盘 - L:\movie\1\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - L:\movie\1\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - L:\movie\1\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - L:\movie\1\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/246
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - L:\movie\1\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - L:\movie\1\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - L:\movie\1\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - L:\movie\1\Tencent\QQ\QQIEHelper.dll
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=4809
O16 - DPF: {C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} (Kingsoft DUBA OnlineScan) - http://zs.kingsoft.com/duba/OCX/KAVClean.CAB
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O16 - DPF: {F138084D-84D7-48CD-BEA8-04772457516E} (VqqSpeedDlProxy Class) - http://218.85.138.27/vqqsdl1009.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B478A723-522C-48CC-AC80-B48FC5788749}: NameServer = 192.168.1.1,202.96.134.134
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare NT Utilities 2.6 - DameWare Development LLC - C:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - Service: DameWare Mini Remote Control - DameWare Development - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: Kingsoft Personal Firewall Service - Kingsoft Corporation - C:\KAV2005\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service - Kingsoft Corporation - C:\KAV2005\KWatch.EXE
O23 - Service: psidaemon - Unknown - C:\padspwr\Security\License_Management\LMGRD.EXE
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: System Startup Service - Unknown - C:\WINNT\svcproc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

151940216 - 2005-11-28 23:07:00

kv?

baohe - 2005-11-28 23:40:00

【回复“romer”的帖子】
O23 - Service: System Startup Service - Unknown - C:\WINNT\svcproc.exe————一只木马。
——————————————————
O4 - HKLM\..\Run: [Windows Management Instrumentation] rem wmimgr.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
不知道这两项是什么。

漂亮妹妹1989 - 2005-11-29 0:59:00

进程文件：Ssk 或者 Ssk.exe
进程名称： SurfSideKick Adware

描述：
Ssk.exe是SurfSideKick广告软件的一部分。该程序会显示不同类型的广告，包括弹出广告。基于保护隐私起见，建议删除该进程。

出品者：未知N/A
属于： SurfSideKick Adware

系统进程：否
后台程序：是
使用网络：否
硬件相关：否
常见错误：未知N/A
内存使用：未知N/A
安全等级 (0-5): 2
间谍软件：是
Adware: 是
病毒：否
木马: 否

漂亮妹妹1989 - 2005-11-29 1:11:00

建议楼主点此链接学习怎样杀毒，很详细。
爱虫病毒的变种？。。。

sunwei5337 - 2005-11-29 3:09:00

进程文件： Ssk or Ssk.exe
进程名称： SurfSideKick Adware
进程类别：系统进程
英文描述：
Ssk.exe is a process associated with the SurfSideKick Adware. The application is used to display various types of adverts including pop-ups. This process should be removed to protect your personal privacy.
中文参考：
Ssk.exe是SurfSideKick广告软件的一部分。该程序会显示不同类型的广告，包括弹出广告。基于保护隐私起见，建议删除该进程。
出品者：N/A
属于：SurfSideKick Adware
系统进程：No
后台程序：Yes
网络相关：No
常见错误：N/A
内存使用：N/A
安全等级 (0-5): 2
间谍软件：Yes
广告软件：Yes
病毒：No
木马：No

存在安全风险进程列表
180ax.exe a.exe actalert.exe
adaware.exe Alchem.exe alevir.exe
aqadcup.exe archive.exe arr.exe
ARUpdate.exe asm.exe av.exe
avserve.exe avserve2.exe backWeb.exe
bargains.exe basfipm.exe belt.exe
Biprep.exe blss.exe bokja.exe
bootconf.exe bpc.exe brasil.exe
BRIDGE.DLL Buddy.exe BUGSFIX.EXE
bundle.exe bvt.exe cashback.exe
cdaEngine cmd32.exe cmesys.exe
conime.exe conscorr.exe crss.exe
cxtpls.exe datemanager.exe dcomx.exe
Desktop.exe directs.exe divx.exe
dllreg.exe dmserver.exe dpi.exe
dssagent.exe dvdkeyauth.exe emsw.exe
exdl.exe exec.exe EXP.EXE
explore.exe explored.exe Fash.exe
ffisearch.exe fntldr.exe fsg_4104.exe
FVProtect.exe game.exe gator.exe
gmt.exe goidr.exe hbinst.exe
hbsrv.exe hwclock.exe hxdl.exe
hxiul.exe iedll.exe iedriver.exe
IEHost.EXE iexplorer.exe infus.exe
infwin.exe intdel.exe isass.exe
istsvc.exe jawa32.exe jdbgmrg.exe
kazza.exe keenvalue.exe kernel32.exe
lass.exe lmu.exe loader.exe
lssas.exe mapisvc32.exe mario.exe
md.exe mfin32.exe mmod.exe
mostat.exe msapp.exe msbb.exe
msblast.exe mscache.exe msccn32.exe
mscman.exe msdm.exe msgfix.exe
msiexec16.exe msinfo.exe mslagent.exe
mslaugh.exe msmc.exe msmgt.exe
msmsgri32.exe MSN.exe msrexe.exe
mssvc32.exe mssys.exe msvxd.exe
mwsoemon.exe mwsvm.exe netd32.exe
nls.exe nssys32.exe nstask32.exe
nsupdate.exe ntfs64.exe NTOSA32.exe
omniscient.exe onsrvr.exe optimize.exe
P2P Networking.exe pcsvc.exe pgmonitr.exe
PIB.exe powerscan.exe prizesurfer.exe
prmt.exe prmvr.exe ray.exe
rb32.exe rcsync.exe rk.exe
run32dll.exe rundll16.exe ruxdll32.exe
saap.exe sahagent.exe saie.exe
sais.exe salm.exe satmat.exe
save.exe savenow.exe sc.exe
scam32.exe scrsvr.exe scvhost.exe
SearchUpdate33.exe SearchUpgrader.exe soap.exe
spoler.exe Ssk.exe start.exe
stcloader.exe Susp.exe svc.exe
svchosts.exe svshost.exe SyncroAd.exe
sysfit.exe system.exe system32.exe
tb_setup.exe TBPS.EXE teekids.exe
tibs3.exe trickler.exe ts.exe
ts2.exe tsa.exe tsadbot.exe
tsl.exe tsm2.exe Tvm.exe
tvmd.exe tvtmd.exe update.exe
updater.exe updmgr.exe VVSN.exe
wast.exe web.exe webdav.exe
webrebates.exe webrebates0.exe win-bugsfix.exe
win_upd2.exe win32.exe win32us.exe
winactive.exe winad.exe winadalt.exe
winadctl.exe WinAdTools.exe WINdirect.exe
windows.exe wingo.exe wininetd.exe
wininit.exe winlock.exe winlogin.exe
winmain.exe winnet.exe winppr32.exe
winrarshell32.exe WinRatchet.exe WinSched.exe
winservn.exe winshost.exe winssk32.exe
winstart.exe winstart001.exe WinStatKeep.exe
wintaskad.exe Wintime.exe wintsk32.exe
winupdate.exe winupdt.exe winupdtl.exe
winxp.exe wmon32.exe wnad.exe
wo.exe wovax.exe wsup.exe
wsxsvc.exe wtoolsa.exe WToolsA.exe
wtoolss.exe wuamgrd.exe wupdate.exe
wupdater.exe wupdmgr.exe wupdt.exe

sunwei5337 - 2005-11-29 3:19:00

进程文件： smss 或者 smss.exe
进程名称： Session Manager Subsystem

描述：
smss.exe是微软Windows操作系统的一部分。该进程调用对话管理子系统和负责操作你系统的对话。这个程序对你系统的正常运行是非常重要的。注意：smss.exe也可能是Win32.Ladex.a木马。该木马允许攻击者访问你的计算机，窃取密码和个人数据。该进程的安全等级是建议立即删除。

出品者： Microsoft Corp.
属于：Microsoft Windows Operating System

系统进程：是
后台程序：是
使用网络：否
硬件相关：否
常见错误：未知N/A
内存使用：未知N/A
安全等级 (0-5): 0
间谍软件：否
Adware: 否
病毒：否
木马: 否

瑞星卡卡安全论坛