Board logo

標題: [求助]MSN木馬(附上hijackthis記錄) [打印本頁]

作者: 拜仁    時間: 2007-9-23 10:26 PM     標題: [求助]MSN木馬(附上hijackthis記錄)

有無人幫到我.THX

Logfile of HijackThis v1.99.1
Scan saved at PM 09:44:59, on 2007/9/24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smssfilter-031
C:\WINDOWS\system32\csrssfilter-031
C:\WINDOWS\system32\winlogonfilter-031
C:\WINDOWS\system32\servicesfilter-031
C:\WINDOWS\system32\lsassfilter-031
C:\WINDOWS\system32\svchostfilter-031
C:\WINDOWS\system32\svchostfilter-031
C:\WINDOWS\System32\svchostfilter-031
C:\Norman\Npm\bin\ELOGSVCfilter-031
C:\Norman\Npm\Bin\Zandafilter-031
C:\WINDOWS\system32\svchostfilter-031
C:\WINDOWS\system32\svchostfilter-031
C:\WINDOWS\Explorerfilter-031
C:\WINDOWS\system32\spoolsvfilter-031
C:\WINDOWS\RTHDCPLfilter-031
C:\Program Files\Common Files\Real\Update_OB\realschedfilter-031
C:\Norman\Npm\bin\ZLHfilter-031
C:\WINDOWS\713xRMTMonfilter-031
C:\WINDOWS\WinBool32filter-031
C:\WINDOWS\system32\ctfmonfilter-031
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifierfilter-031
C:\Program Files\honestech\honestech TVR\scheduleTVfilter-031
C:\Program Files\WinZip\WZQKPICKfilter-031
C:\Norman\Nvc\BIN\NIPfilter-031
C:\WINDOWS\713xRMTfilter-031
C:\WINDOWS\system32\aspimgrfilter-031
C:\WINDOWS\system32\svchostfilter-031
C:\Norman\Nvc\BIN\NVCSCHEDfilter-031
C:\Norman\Nvc\bin\nvcoasfilter-031
C:\Norman\Npm\bin\NJEEVESfilter-031
C:\WINDOWS\System32\algfilter-031
C:\Norman\Nvc\bin\cclawfilter-031
C:\Program Files\Internet Explorer\iexplorefilter-031
C:\WINDOWS\system32\wuaucltfilter-031
C:\WINDOWS\system32\wuaucltfilter-031
C:\Documents and Settings\Administrator\Local Settings\Temp\wzdca1\HijackThisfilter-031
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIGfilter-031" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\Vista\systool\Vistadrive\vsdrvfilter-031
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPLfilter-031
O4 - HKLM\..\Run: [SkyTel] SkyTelfilter-031
O4 - HKLM\..\Run: [Alcmtr] ALCMTRfilter-031
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFGfilter-031 /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFGfilter-031 /PHIMETIPSync
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realschedfilter-031"  -osboot
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLHfilter-031 /LOAD /SPLASH
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMTMonfilter-031
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttaskfilter-031" -atboottime
O4 - HKLM\..\Run: [Windows Bool Service] WinBool32filter-031
O4 - HKCU\..\Run: [ctfmonfilter-031] C:\WINDOWS\system32\ctfmonfilter-031
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifierfilter-031
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxyfilter-031/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxyfilter-031/search.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCELfilter-031/3000
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn01.hkjc.com/BetSlip/object/eWinCtl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{833DA816-01AD-40C6-95CD-5B0B34E48DA4}: NameServer = 203.98.129.1 203.98.129.9
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgrfilter-031
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVCfilter-031
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterServicefilter-031
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverTfilter-031
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVESfilter-031
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zandafilter-031
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoasfilter-031
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHEDfilter-031
作者: jsp    時間: 2007-9-23 10:39 PM

Originally posted by 拜仁 at 2007-9-23 10:26 PM:
有無人幫到我.THX

Logfile of Hi...
Analyze...

http://www.hijackthis.de/
作者: 拜仁    時間: 2007-9-23 11:09 PM

知後點用?

http://www.hijackthis.de/#anl




歡迎光臨 娛樂滿紛 26FUN (http://26fun.com/bbs7/) Powered by Discuz! 7.0.0