开机一段时间后
进程里会自动生成CTFMON.EXE和IEXPLORE.EXE
也就是说同时有两个CTFMON.EXE和IEXPLORE.EXE
我只开了一个IE,如果结束进程后过段时间后会自动再生成
请问这是什么木马?
我用了各种方法,包括灰鸽子查法也没查到
请朋友们帮帮忙
谢谢
Logfile of HijackThis v1.99.1
Scan saved at 12:35:06, on 2006-5-21
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
e:\rising2\Rav\CCenter.exe
D:\WINDOWS\System32\svchost.exe
e:\rising2\Rav\Ravmond.exe
e:\rising2\rfw\rfwsrv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
e:\rising2\Rav\RavStub.exe
e:\rising2\rfw\RfwMain.exe
D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
E:\CPUCooL\CooLSrv.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\SOUNDMAN.EXE
E:\rising2\Rav\RavTask.exe
E:\rising2\Rav\Ravmon.exe
D:\WINDOWS\System32\ctfmon.exe
D:\WINDOWS\System32\taskmgr.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\System32\ctfmon.exe
G:\temp2\iso\模拟游戏下载大全V1[1].6\hijackthis\HijackThis.exe
R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - D:\WINDOWS\System32\xunleibho_v2.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: i&Bar搜索引擎 - {2E7D3330-EB94-4518-B0FE-E05379A5C1DA} - D:\PROGRA~1\iBar\10002\iBar.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - D:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll (file missing)
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll
O2 - BHO: IEHlprObj Class - {C5E5DB7E-46B1-47E6-8447-2E517F269925} - E:\Xplus\GETIE.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\FLASHGET\FGIEBAR.DLL
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: i&Bar搜索引擎 - {2E7D3330-EB94-4518-B0FE-E05379A5C1DA} - D:\PROGRA~1\iBar\10002\iBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EM_EXEC] D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RavTask] "e:\rising2\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "E:\rising2\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\RunOnce: [RavStub] "e:\rising2\Rav\ravstub.exe" /RUNONCE
O4 - Global Startup: Microsoft Office.lnk = E:\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: >> 彩信发送 << - res://D:\PROGRA~1\MMSASS~1\MMSASS~1.DLL/mms.htm
O8 - Extra context menu item: &使用迅雷下载 - E:\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: Download All Links with IDM - E:\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - E:\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: 使用网际快车下载 - E:\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Tencent\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Tencent\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Tencent\SendMMS.htm
O9 - Extra button: pp点点通 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - E:\PP25\Pp.exe (file missing)
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - G:\temp\cga\hfgame3\GameClient.exe
O9 - Extra button: 常用网址 - {36B39F01-7B48-44AD-A165-5849CD8EF562} - D:\WINDOWS\System32\SHDOCVW.DLL
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - D:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O9 - Extra 'Tools' menuitem: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - D:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Tencent\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Tencent\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FLASHGET\FLASHGET.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FLASHGET\FLASHGET.EXE
O9 - Extra button: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-156?cn=song;text;hp&mpro=http://www.ebay.com.cn (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-156?cn=song;text;hp&mpro=http://www.ebay.com.cn (file missing)
O16 - DPF: {339C1EE2-1029-46B8-81F1-360217F26FC4} (VGAPlayer Control) - http://219.144.186.220/byyl/25/VGAPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AB9A747-5278-4BAD-9900-F15399DE256C}: NameServer = 202.96.209.6 202.96.209.133
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: KB2357801.LOG
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - E:\CPUCooL\CooLSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - e:\rising2\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - e:\rising2\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - e:\rising2\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - e:\rising2\Rav\Ravmond.exe
O23 - Service: Universal Disk Manager - Unknown owner - D:\Program Files\Common Files\SAND\diskman.exe (file missing)
