1   1  /  1  页   跳转

是否中了木马?

是否中了木马?

最近发现我的电脑在打开IE后却没有iexplore.exe进程,浏览网页时所有的连接都是从EXPLORER.EXE进程发出的,但用金山毒霸也没能查到有病毒或木马,有哪位高手指点一下究竟我的电脑是否中了木马?是什么木马?
最后编辑2005-09-07 01:52:05
分享到:
gototop
 

我开着IE的,就是没有iexplore.exe进程!

Logfile of HijackThis v1.99.0
Scan saved at 20:01:44, on 2005-09-05
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINNT\system32\RunDll32.exe
C:\Program Files\D-Tools\daemon.exe
C:\Herosoft\HeroV8\SYSEXPLR.EXE
C:\WINNT\Mixer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\conime.exe
D:\FlashFXP\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IDDTInitObj Class - {15DDE989-CD45-4561-BF99-D22C0D5C2B74} - C:\PROGRA~1\sina\UC\UCddt\ddtinit.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: KillObj Class - {66C28884-4E5D-494B-80C9-CAA27528FD6D} - C:\PROGRA~1\sina\UC\UCddt\ddtkillw.ocx
O2 - BHO: ShowBarObject Class - {850B69E4-90DB-4F45-8621-891BF35A5B53} - C:\WINNT\system32\alitb3\bar.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - C:\PROGRA~1\sina\UC\UCddt\DDTONG~1.DLL
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DAEMON Tools-2052] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SysExplr] C:\Herosoft\HeroV8\SYSEXPLR.EXE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [桌面图标文字自动透明] C:\Program Files\Wom\WinMem.exe XP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - Global Startup: adobe gamma loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlackICE Utility.lnk = C:\Program Files\Network ICE\BlackICE\blackice.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: 使用新浪下载助手下载 - C:\PROGRA~1\sina\UC\UCddt\sinadl.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 华盛在线&C      - url:http://hcnsoft.icpcn.com
O8 - Extra context menu item: 导入当前页到超星阅览器(&A) - C:\Program Files\SSREADER36\ss_all.htm
O8 - Extra context menu item: 导入选中部分到超星阅览器(&S) - C:\Program Files\SSREADER36\ss_select.htm
O8 - Extra context menu item: 收藏此页到ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - Extra context menu item: 新浪搜索 - http://cha.sina.com.cn/ddt.html
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 豪杰超级解霸V8实时播放 - C:\Herosoft\HeroV8\MPURLGET.HTM
O9 - Extra button: 江民在线杀毒 - {06926B30-424E-4f1c-8EE3-543CD96573DC} - http://club.jiangmin.com/kvscan/KvOnline.asp (file missing)
O9 - Extra button: LoadSQL - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - http://loadsql.126.com (file missing)
O9 - Extra button: 华盛在线&C  - {12f24a10-F40A-11D1-B792-444553540001} - url:http://hcnsoft.icpcn.com (file missing)
O9 - Extra 'Tools' menuitem: 华盛在线&C  - {12f24a10-F40A-11D1-B792-444553540001} - url:http://hcnsoft.icpcn.com (file missing)
O9 - Extra button: 商机直通车 - {13b0c05c-ef05-4bf6-b0ea-f6111af25544} - C:\WINNT\system32\alitb3\bar.dll
O9 - Extra button: 新浪UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8} - C:\Program Files\sina\UC\UC.exe
O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra button: 个性 - {6576434C-102F-22A0-36C9-2222F95ABF02} - 个性 (file missing)
O9 - Extra 'Tools' menuitem: 个性 - {6576434C-102F-22A0-36C9-2222F95ABF02} - 个性 (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {ACFE8232-03C5-4AEC-AF5E-42B806724096} (KSHScan Control) - http://scan.kingsoft.com/scan/fangyi/KAllScan.CAB
O16 - DPF: {EF6205C1-3F17-4829-BCB5-1336ED89E356} - http://club.jiangmin.com/kvscan/KvDown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9536D518-72DD-40DE-89B2-0064968E1100}: NameServer = 222.133.221.168
O23 - Service: pcAnywhere Host Service - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Peanut Hull Client Service - Vavic Network Technology Inc. - C:\Program Files\PeanutHull\PHSvc.exe
gototop
 

是否有人知道?
gototop
 

请高手指点!
gototop
 

我也是~
更新8.29防火墙后开机时阻止它运行~说是内存马木
我上网查说是Dropper.Delf.av病毒,我用瑞星杀毒怎么也查不出有病毒(天天都有更新的习惯),可是每次开机都会出现,那个高手指点一下呀
gototop
 
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT