水虎鱼010 - 2006-9-8 8:26:00
我昨天下载了一个格式转换软件,在执行setup的时候没有什么反应,一看这个安装文件才1兆多点,接着杀毒软件就提示有病毒,病毒名称为Trojan/INF.z ,而且这个文件是以一个AUTOrun的文件出现的就28K大,把它杀了一会它又出现了,在病毒隔离栏目里就看见隔离数目在不断的增多,我想问问大家这个是不是木马啊!因为我在瑞星官方里面察无此木马,如果是木马还请各位谁能帮小弟一把,给指个明路走走啊!!!!小弟我在这里先谢啦!!!!
日志在这里,大侠们看看有没有什么问题啊,我可是才新换的硬盘啊!!
Logfile of HijackThis v1.99.1
Scan saved at 17:21:05, on 2006-9-7
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
D:\Program Files\KV2006\KVSrvXP.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
D:\Program Files\KV2006\KVMonXP.kxp
C:\WINNT\system32\ctfmon.exe
D:\Program Files\KV2006\TrojDie.kxp
D:\Program Files\KV2006\KRegEx.exe
d:\Program Files\Maxthon\Maxthon.exe
D:\Program Files\ftc\Trojanwall.exe
C:\WINNT\system32\conime.exe
C:\WINNT\system32\rundll32.exe
D:\Program Files\KV2006\UIHost.exe
C:\DOCUME~1\hewei\LOCALS~1\Temp\Rar$EX00.896\HijackThis.exe
O2 - BHO: FiltrateWebObj Class - {42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} - D:\Program Files\KV2006\KVBHO.dll
O2 - BHO: BrowseHelper Class - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - D:\Program Files\KV2006\KvShell.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} - D:\Program Files\KV2006\KvShell.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [KvMonXP] "D:\Program Files\KV2006\KVMonXP.kxp" /auto
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: IE-Bar.lnk = C:\Program Files\Common Files\IE-Bar\iebar.exe
O8 - Extra context menu item: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 用比特精灵下载(&B) - D:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.tomatolei.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{94A83F25-AB8A-4637-93F5-D8E25B685F8B}: NameServer = 218.56.57.58,202.102.168.220
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINNT\a43d3430.dll (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: KVSrvXP - Jiangmin Co. Ltd - D:\Program Files\KV2006\KVSrvXP.exe
© 2000 - 2025 Rising Corp. Ltd.