发表于: 2005-10-08 23:57 | 显示全部 短消息 资料
字号: 1楼

菜鸟求助高手看hijackthis-1.99.1日志 确认已有Backdoor.GPigeon.pd

Logfile of HijackThis v1.99.1
Scan saved at 23:33:14, on 2005-10-8
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

运行进程:           
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\工具软件\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
d:\工具软件\rising\rfw\RfwMain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\工具软件\RISING\RAV\RAVTIMER.EXE
D:\工具软件\RISING\RAV\RAVMON.EXE
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
D:\工具软件\DesktopSprite2\DesktopSprite.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Chinanet\VnetClient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\工具软件\RISING\RAV\CCENTER.EXE
D:\工具软件\RISING\RAV\Ravmond.exe
D:\工具软件\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Hisoka\桌面\HijackThis.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F57} - C:\WINDOWS\system32\ThunderBHO_v07.dll
O2 - BHO: CFilter Object - {2A7B720A-7A28-4e99-80A0-2DF985EC93D0} - C:\WINDOWS\system32\font.dll
O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINDOWS\system32\NaviHelper.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\工具软件\qq\QQIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Helper Class - {6E28339B-7A2A-47B6-AEB2-197004272379} - C:\WINDOWS\vchelper.dll
O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - D:\工具软件\BitComet\BitCometBar\BitCometBar0.2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RavTimer] D:\工具软件\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] D:\工具软件\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [RfwMain] "D:\工具软件\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [ExFilter] Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll",ExecFilter solo
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DesktopSprite] D:\工具软件\DesktopSprite2\DesktopSprite.exe
O4 - Startup: 星空极速.lnk = C:\Program Files\Chinanet\VnetClient.exe
O8 - Extra context menu item: &使用迅雷下载 - D:\工具软件\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\工具软件\Thunder\getAllurl.htm
O8 - Extra context menu item: 使用Kugoo下载 - D:\工具软件\KuGoo2\KugooDownX.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\工具软件\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 迅雷 - {1FBA04EE-3024-11D2-8F1F-000019796948}} - D:\工具软件\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 迅雷 - {1FBA04EE-3024-11D2-8F1F-000019796948}} - D:\工具软件\Thunder\Thunder.exe
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\工具软件\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\工具软件\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\工具软件\qq\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B1EB9C8-F65B-45F2-886C-B9A918A91C48}: NameServer = 218.2.135.1 61.147.37.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3A89011-3BE7-4C8A-9C34-76FC0DCFE55A}: NameServer = 202.102.24.35,10.24.0.35




个人觉得可能是C:\Program Files\Internet Explorer\IEXPLORE.EXE有问题 但是我把xp自带的ie卸掉了 还有C:\Program Files\Internet Explorer\文件夹下并没有找到IEXPLORE.EXE


小弟急啊 不知道这个木马有多大的危害 请高手解答 还有我没有装ssm 装了后老是报错
最后编辑2005-10-08 23:57:22