求救啊，又出怪事了！ - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛求救啊，又出怪事了！

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

求救啊，又出怪事了！

黑巧克力初生襁褓狮帖子:24 注册: 2006-01-12 来自:	发表于： 2006-02-01 21:35 \| 只看楼主短消息资料字号：小中大 1楼求救啊，又出怪事了！最近打开一些网站就会跳出同一个网站，而且有些网站打不开了（别人能打开）大侠帮忙看看吧，感激不尽当前运行的进程： C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\KAV2005\KWatch.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\KAV2005\KAVStart.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\KAV2005\KMailMon.EXE C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\system32\ctfmon.exe C:\KAV2005\KPfwSvc.EXE C:\KAV2005\KavPFW.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\MSNShell\BIN\MSNShell.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Tencent\QQ2005\QQ.exe C:\Program Files\Tencent\QQ2005\TIMPlatform.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\inetsrv\DavCData.exe C:\Program Files\hijackthis\HijackThis1991汉化版\HijackThis1991zww.exe R3 - URLSearchHook: MyURLSearchHook Class - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - C:\Program Files\P4P\ToolBar.dll (file missing) O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ2005\QQIEHelper.dll O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing) O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll O3 - IE工具栏增项: 捜狗直通车 - {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} - C:\Program Files\P4P\ToolBar.dll (file missing) O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload O4 - 启动项HKLM\\Run: [ats] C:\WINDOWS\system32\asd\loadqm.exe noshow O4 - 启动项HKLM\\Run: [KAVDl] "C:\WINDOWS\system32\KAVDL.EXE" -t 814.2 O4 - 启动项HKLM\\Run: [KavStart] "C:\KAV2005\KAVStart.exe" -startup O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - 启动项HKLM\\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe O4 - 启动项HKLM\\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti O4 - 启动项HKLM\\Run: [EssSpkPhone] essspk.exe O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install O4 - 启动项HKLM\\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [KavPFW] "C:\KAV2005\KavPFW.exe" O4 - HKCU\..\Run: [MSNShell] C:\Program Files\MSNShell\BIN\MSNShell.exe autorun O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ2005\AddPanel.htm O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ2005\AddEmotion.htm O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ2005\SendMMS.htm O8 - IE右键菜单中的新增项目: 用比特精灵下载(&B) - C:\Program Files\BitSpirit\bsurl.htm O9 - 浏览器额外的按钮: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=1066_1006 (file missing) O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - H:\网络游戏\浩方对战平台\GameClient.exe O9 - 浏览器额外的按钮: (no name) - {223bc3fe-345a-ffee-3c9e-fe12345678e1} - C:\WINDOWS\system32\shdocvw.dll O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing) O9 - 浏览器额外的按钮: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/?source=Cns (file missing) O9 - 浏览器额外的按钮: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing) O9 - 浏览器额外的“工具”菜单项: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing) O9 - 浏览器额外的按钮: 我的订阅 - {8755CE6E-0BF7-4441-8751-FB728941B0B4} - C:\Program Files\P4P\rss.dll (file missing) O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ2005\QQ.EXE O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ2005\QQ.EXE O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe O9 - 浏览器额外的按钮: 易趣购物 - {DE607143-AC19-423e-865A-5D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing) O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {DE607143-AC19-423e-865A-5D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing) O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ2005\QQIEHelper.dll O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ2005\QQIEHelper.dll O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing) O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday 控件) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx O16 - DPF: {7FC22A16-79E6-4787-9C96-B6359BB1106D} (DigitalTrafic Control) - http://jtj.sh.gov.cn/trafficmap/jtj.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview 控件) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://pcaststatic.mop.com/dn/files/pCastCtl_1.0.0.71_20050929.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{13861BDD-11EB-4CA4-BD8E-593C4AF1D22E}: NameServer = 202.96.209.6 202.96.209.133 O17 - HKLM\System\CS1\Services\Tcpip\..\{13861BDD-11EB-4CA4-BD8E-593C4AF1D22E}: NameServer = 202.96.209.6 202.96.209.133 O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - NT 服务: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - NT 服务: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - NT 服务: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - C:\KAV2005\KPfwSvc.EXE O23 - NT 服务: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - C:\KAV2005\KWatch.EXE O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - NT 服务: RaySat_3dsmax7 Server (RaySat_3dsmax7Server) - Unknown owner - C:\Program Files\3dsmax7\mentalray\satellite\raysat_3dsmax7server.exe 2006-02-02 10:55:30
黑巧克力初生襁褓狮帖子:24 注册: 2006-01-12 来自:	分享到：

regen2005 初生襁褓狮帖子:36 注册: 2006-02-01 来自:	发表于： 2006-02-01 23:01 \| 短消息资料字号：小中大 2楼偶和你出现的症状差不多！
regen2005 初生襁褓狮帖子:36 注册: 2006-02-01 来自:

天使之剑社区嘉宾帖子:2961 注册: 2005-09-15 来自:	发表于： 2006-02-02 00:02 \| 短消息资料字号：小中大 3楼【回复“黑巧克力”的帖子】请楼主使用下面的两个多引擎扫描器扫描下列文件： essspk.exe 多引擎扫描之Virustotal： http://www.virustotal.com/ 多引擎扫描之Jotti： http://virusscan.jotti.org/ 请务必将报告贴全。
天使之剑社区嘉宾帖子:2961 注册: 2005-09-15 来自:

黑巧克力初生襁褓狮帖子:24 注册: 2006-01-12 来自:	发表于： 2006-02-02 00:34 \| 只看楼主短消息资料字号：小中大 4楼 essspk.exe 的扫描结果如下 Service load: 0% 100% File: essspk.exe Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5 8fb0360ea6450ef775ef65e858c3d721 Packers detected: - Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VBA32 Found nothing ----------------------------------------------- This is a report processed by VirusTotal on 02/01/2006 at 17:34:54 (CET) after scanning the file "essspk.exe" file. Antivirus Version Update Result AntiVir 6.33.0.81 02.01.2006 no virus found Avast 4.6.695.0 02.01.2006 no virus found AVG 718 02.01.2006 no virus found Avira 6.33.0.81 02.01.2006 no virus found BitDefender 7.2 02.01.2006 no virus found CAT-QuickHeal 8.00 02.01.2006 no virus found ClamAV devel-20060126 02.01.2006 no virus found DrWeb 4.33 02.01.2006 no virus found eTrust-InoculateIT 23.71.65 01.31.2006 no virus found eTrust-Vet 12.4.2062 02.01.2006 no virus found Ewido 3.5 02.01.2006 no virus found Fortinet 2.54.0.0 02.01.2006 no virus found F-Prot 3.16c 02.01.2006 no virus found Ikarus 0.2.59.0 02.01.2006 no virus found Kaspersky 4.0.2.24 02.01.2006 no virus found McAfee 4686 01.31.2006 no virus found NOD32v2 1.1390 02.01.2006 no virus found Norman 5.70.10 02.01.2006 no virus found Panda 9.0.0.4 02.01.2006 no virus found Sophos 4.02.0 02.01.2006 no virus found Symantec 8.0 02.01.2006 no virus found TheHacker 5.9.3.086 01.31.2006 no virus found UNA 1.83 02.01.2006 no virus found VBA32 3.10.5 02.01.2006 no virus found =============================================================== 不过，钻石奇迹.exe 的扫描结果是 Service load: 0% 100% File: 钻石奇迹.exe Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5 73cc02f6f2bb7b67f301b3479e929be7 Packers detected: FLYSFX Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found W32/AddUser.H@troj Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing UNA Found TrojanDropper.Win32.Agent VBA32 Found nothing ------------------------------------------ This is a report processed by VirusTotal on 02/01/2006 at 17:24:29 (CET) after scanning the file "__32593" file. Antivirus Version Update Result AntiVir 6.33.0.81 02.01.2006 no virus found Avast 4.6.695.0 02.01.2006 no virus found AVG 718 02.01.2006 no virus found Avira 6.33.0.81 02.01.2006 no virus found BitDefender 7.2 02.01.2006 no virus found CAT-QuickHeal 8.00 02.01.2006 no virus found ClamAV devel-20060126 02.01.2006 no virus found DrWeb 4.33 02.01.2006 no virus found eTrust-InoculateIT 23.71.65 01.31.2006 Win32/GoomHttp!Backdoor eTrust-Vet 12.4.2062 02.01.2006 no virus found Ewido 3.5 02.01.2006 no virus found Fortinet 2.54.0.0 02.01.2006 no virus found F-Prot 3.16c 02.01.2006 security risk named W32/AddUser.H@troj Ikarus 0.2.59.0 02.01.2006 no virus found Kaspersky 4.0.2.24 02.01.2006 no virus found McAfee 4686 01.31.2006 no virus found NOD32v2 1.1390 02.01.2006 no virus found Norman 5.70.10 02.01.2006 no virus found Panda 9.0.0.4 02.01.2006 no virus found Sophos 4.02.0 02.01.2006 no virus found Symantec 8.0 02.01.2006 no virus found TheHacker 5.9.3.086 01.31.2006 no virus found UNA 1.83 02.01.2006 TrojanDropper.Win32.Agent VBA32 3.10.5 02.01.2006 no virus found 附件: 文件名:64952920062203422.JPG 下载次数:213 文件类型:image/pjpeg 文件大小: 上传时间:2006-2-2 0:34:22 描述:
黑巧克力初生襁褓狮帖子:24 注册: 2006-01-12 来自:

天使之剑社区嘉宾帖子:2961 注册: 2005-09-15 来自:	发表于： 2006-02-02 10:55 \| 短消息资料字号：小中大 5楼【回复“黑巧克力”的帖子】删除钻石奇迹.exe。
天使之剑社区嘉宾帖子:2961 注册: 2005-09-15 来自:

天使之剑社区嘉宾帖子:2961 注册: 2005-09-15 来自:	发表于： 2006-03-08 20:23 \| 短消息资料字号：小中大 6楼蹦床附件: 文件名:582240200638202349.jpg 下载次数:225 文件类型:image/pjpeg 文件大小: 上传时间:2006-3-8 20:23:49 描述:
天使之剑社区嘉宾帖子:2961 注册: 2005-09-15 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT