发表于: 2006-04-26 15:32 | 显示全部 短消息 资料
字号: 1楼

spoolsv占用cpu 99,是不是中了木马?(二)(日志太长,这是第二部分)

我的电脑装了win2000 adv server,这几天发现电脑运行很慢,在任务管理器里查看,
spoolsv.exe这个程序占用了cpu 99,我用HijackThis_zww查看了日志,请各位高手看看是不是中了木马?


F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - 启动项HKLM\\Run: [IcaBar] icabar.exe /adminonly
O4 - 启动项HKLM\\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - 启动项HKLM\\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Documents and Settings\zwd\WINDOWS\web\related.htm (file missing)
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Documents and Settings\zwd\WINDOWS\web\related.htm (file missing)
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\zwd\windows\system32\rnr20.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{88950418-9C47-4DC2-A1A1-DD3573808563}: NameServer = 192.168.0.254
O20 - Winlogon Notify: MetaFrame - ctxnotif.dll (file missing)
O23 - NT 服务: Alerter - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\services.exe (file missing)
O23 - NT 服务: Application Management (AppMgmt) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\svchost.exe (file missing)
O23 - NT 服务: Computer Browser (Browser) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\services.exe (file missing)
O23 - NT 服务: Client Network (CdmService) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\cdmsvc.exe (file missing)
O23 - NT 服务: ClipBook (ClipSrv) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\system32\clipsrv.exe (file missing)
O23 - NT 服务: Distributed File System (Dfs) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\system32\Dfssvc.exe (file missing)
O23 - NT 服务: DHCP Client (Dhcp) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\services.exe (file missing)
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\dmadmin.exe (file missing)
O23 - NT 服务: Logical Disk Manager (dmserver) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\services.exe (file missing)
O23 - NT 服务: DNS Client (Dnscache) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\services.exe (file missing)
O23 - NT 服务: Encryption Service - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\encsvc.exe (file missing)
O23 - NT 服务: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - NT 服务: Event Log (Eventlog) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: Fax Service (Fax) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\system32\faxsvc.exe (file missing)
O23 - NT 服务: ICA Browser (ICABrowser) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\ibrowser.exe (file missing)
O23 - NT 服务: KDDelegateService - KINGDEE - C:\Program Files\Kingdee\K3ERP\KDDelegateService.exe
O23 - NT 服务: Server (lanmanserver) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\services.exe (file missing)
O23 - NT 服务: Workstation (lanmanworkstation) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\services.exe (file missing)
O23 - NT 服务: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - NT 服务: License Logging Service (LicenseService) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\llssrv.exe (file missing)
O23 - NT 服务: TCP/IP NetBIOS Helper Service (LmHosts) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\services.exe (file missing)
O23 - NT 服务: Messenger - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\services.exe (file missing)
O23 - NT 服务: Network DDE (NetDDE) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\system32\netdde.exe (file missing)
O23 - NT 服务: Network DDE DSDM (NetDDEdsdm) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\system32\netdde.exe (file missing)
O23 - NT 服务: Net Logon (Netlogon) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\lsass.exe (file missing)
O23 - NT 服务: Network Connections (Netman) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\svchost.exe (file missing)
O23 - NT 服务: File Replication (NtFrs) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\system32\ntfrs.exe (file missing)
O23 - NT 服务: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\lsass.exe (file missing)
O23 - NT 服务: Removable Storage (NtmsSvc) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\svchost.exe (file missing)
O23 - NT 服务: Plug and Play (PlugPlay) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: IPSEC Policy Agent (PolicyAgent) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\lsass.exe (file missing)
O23 - NT 服务: Program Neighborhood Service (ProgNeighborhood) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\system32\pnsvc.exe (file missing)
O23 - NT 服务: Protected Storage (ProtectedStorage) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\svchost.exe (file missing)
O23 - NT 服务: Remote Access Connection Manager (RasMan) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\svchost.exe (file missing)
O23 - NT 服务: Remote Registry Service (RemoteRegistry) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\system32\regsvc.exe (file missing)
O23 - NT 服务: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\locator.exe (file missing)
O23 - NT 服务: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\Documents.exe (file missing)
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: QoS RSVP (RSVP) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\rsvp.exe (file missing)
O23 - NT 服务: Security Accounts Manager (SamSs) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\system32\lsass.exe (file missing)
O23 - NT 服务: Smart Card Helper (SCardDrv) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - NT 服务: Smart Card (SCardSvr) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - NT 服务: Task Scheduler (Schedule) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\system32\MSTask.exe (file missing)
O23 - NT 服务: RunAs Service (seclogon) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: System Event Notification (SENS) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\system32\svchost.exe (file missing)
O23 - NT 服务: Internet Connection Sharing (SharedAccess) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\svchost.exe (file missing)
O23 - NT 服务: SNMP 服务 (SNMP) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\snmp.exe (file missing)
O23 - NT 服务: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\snmptrap.exe (file missing)
O23 - NT 服务: Print Spooler (Spooler) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\system32\spoolsv.exe (file missing)
O23 - NT 服务: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - NT 服务: Telephony (TapiSrv) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\svchost.exe (file missing)
O23 - NT 服务: Terminal Services (TermService) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\termsrv.exe (file missing)
O23 - NT 服务: Telnet (TlntSvr) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\system32\tlntsvr.exe (file missing)
O23 - NT 服务: Distributed Link Tracking Server (TrkSvr) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: Uninterruptible Power Supply (UPS) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\ups.exe (file missing)
O23 - NT 服务: Utility Manager (UtilMan) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\UtilMan.exe (file missing)
O23 - NT 服务: Windows Time (W32Time) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\services.exe (file missing)
O23 - NT 服务: Windows Management Instrumentation (WinMgmt) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\WBEM\WinMgmt.exe (file missing)
O23 - NT 服务: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\system32\Services.exe (file missing)
O23 - NT 服务: Automatic Updates (wuauserv) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\system32\svchost.exe (file missing)
O23 - NT 服务: Wireless Configuration (WZCSVC) - Unknown owner - C:\Documents and Settings\zwd\WINDOWS\System32\svchost.exe (file missing)

最后编辑2006-04-26 15:32:32