电脑自动弹网页..请高手们救救小弟啊!! - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛电脑自动弹网页..请高手们救救小弟啊!!

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

电脑自动弹网页..请高手们救救小弟啊!!

kamen89 初生襁褓狮帖子:12 注册: 2006-10-16 来自:	发表于： 2006-10-16 20:15 \| 只看楼主短消息资料字号：小中大 1楼电脑自动弹网页..请高手们救救小弟啊!! Logfile of HijackThis v1.99.1 Scan saved at 20:02:18, on 2006-10-16 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\WINDOWS\System32\svchost.exe c:\program files\rising\rfw\rfwsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\rising\rfw\RfwMain.exe C:\Program Files\Rising\Rav\RavTask.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe E:\Tencent\qq\TIMPlatform.exe E:\Tencent\qq\QQ.exe C:\Program Files\Rising\Rav\Ravmond.exe C:\Program Files\Rising\Rav\RAVMON.EXE C:\Program Files\Rising\Rav\RavStub.exe E:\Tencent\TT\TTraveler.exe C:\Documents and Settings\jujumao\桌面\HijackThis.exe O1 - Hosts: 207.134.231.160 game01.us.segaonline.jp O1 - Hosts: 207.134.231.160 game01.psobb.segaonline.jp O1 - Hosts: 207.134.231.160 db.psobb.cn O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - F:\PROGRA~1\KuGoo3\KUGOO3~1.OCX O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: 宽带连接.lnk = ? O4 - Startup: 腾讯QQ珊瑚虫版.lnk = E:\Tencent\qq\CoralQQ.exe O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Tencent\qq\AddToNetDisk.htm O8 - Extra context menu item: 使用KuGoo3下载(&K) - F:\Program Files\KuGoo3\KuGoo3DownX.htm O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Tencent\qq\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - E:\Tencent\qq\AddEmotion.htm O9 - Extra button: 易趣购物 - {DE607144-AC19-424e-868A-8D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing) O9 - Extra 'Tools' menuitem: 易趣购物 - {DE607144-AC19-424e-868A-8D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093505610780 O17 - HKLM\System\CCS\Services\Tcpip\..\{D6C13A7E-55DB-46A4-A8EE-B6ABD1CCD1C2}: NameServer = 202.96.128.166 202.96.128.86 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: 9E6ADED2 - Unknown owner - C:\WINDOWS\system32\9E6ADED2.EXE (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe O23 - Service: svchost - Unknown owner - C:\Program Files\HgzServer\Hacker.com.cn.exe 2006-10-16 20:28:00
kamen89 初生襁褓狮帖子:12 注册: 2006-10-16 来自:	分享到：

kamen89 初生襁褓狮帖子:12 注册: 2006-10-16 来自:	发表于： 2006-10-16 20:19 \| 只看楼主短消息资料字号：小中大 2楼 Process list saved on 20:09:15, on 2006-10-16 Platform: Windows XP SP2 (WinNT 5.01.2600) [pid][full path to filename][file version][company name] 432C:\WINDOWS\System32\smss.exe5.1.2600.2180Microsoft Corporation 508C:\WINDOWS\system32\winlogon.exe5.1.2600.2180Microsoft Corporation 552C:\WINDOWS\system32\services.exe5.1.2600.2180Microsoft Corporation 564C:\WINDOWS\system32\lsass.exe5.1.2600.2180Microsoft Corporation 700C:\WINDOWS\system32\svchost.exe5.1.2600.2180Microsoft Corporation 836C:\Program Files\Rising\Rav\CCenter.exe18.0.0.3Beijing Rising Technology Co., Ltd. 868C:\WINDOWS\System32\svchost.exe5.1.2600.2180Microsoft Corporation 1148c:\program files\rising\rfw\rfwsrv.exe4.0.0.33Beijing Rising Technology Co., Ltd. 1292C:\WINDOWS\Explorer.EXE6.0.2900.2180Microsoft Corporation 1400C:\WINDOWS\system32\spoolsv.exe5.1.2600.2180Microsoft Corporation 1680c:\program files\rising\rfw\RfwMain.exe4.0.0.52Beijing Rising Technology Co., Ltd. 1864C:\Program Files\Rising\Rav\RavTask.exe18.0.0.22Beijing Rising Technology Co., Ltd. 1880C:\WINDOWS\SOUNDMAN.EXE5.1.0.11Realtek Semiconductor Corp. 2020C:\WINDOWS\system32\ctfmon.exe5.1.2600.2180Microsoft Corporation 164C:\Program Files\MSN Messenger\MsnMsgr.Exe8.0.812.0Microsoft Corporation 188C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe2.22.0.0 1764C:\Program Files\iPod\bin\iPodService.exe6.0.2.23Apple Computer, Inc. 2400C:\WINDOWS\system32\wscntfy.exe5.1.2600.2180Microsoft Corporation 2748C:\WINDOWS\System32\svchost.exe5.1.2600.2180Microsoft Corporation 4040E:\Tencent\qq\TIMPlatform.exe0.3.1.8tencent 3352E:\Tencent\qq\QQ.exe0.0.0.0TENCENT 3316C:\Program Files\Rising\Rav\Ravmond.exe18.0.1.35Beijing Rising Technology Co., Ltd. 3276C:\Program Files\Rising\Rav\RAVMON.EXE18.0.1.33Beijing Rising Technology Co., Ltd. 3084C:\Program Files\Rising\Rav\RavStub.exe18.0.0.16Beijing Rising Technology Co., Ltd. 380E:\Tencent\TT\TTraveler.exe3.1.0.259腾讯公司 3032C:\WINDOWS\system32\NOTEPAD.EXE5.1.2600.2180Microsoft Corporation 228C:\Documents and Settings\jujumao\桌面\HijackThis.exe1.99.0.1Soeperman Enterprises Ltd.
kamen89 初生襁褓狮帖子:12 注册: 2006-10-16 来自:

kamen89 初生襁褓狮帖子:12 注册: 2006-10-16 来自:	发表于： 2006-10-16 20:20 \| 只看楼主短消息资料字号：小中大 3楼 StartupList report, 2006-10-16, 20:10:42 StartupList version: 1.52.2 Started from : C:\Documents and Settings\jujumao\桌面\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\WINDOWS\System32\svchost.exe c:\program files\rising\rfw\rfwsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\rising\rfw\RfwMain.exe C:\Program Files\Rising\Rav\RavTask.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe E:\Tencent\qq\TIMPlatform.exe E:\Tencent\qq\QQ.exe C:\Program Files\Rising\Rav\Ravmond.exe C:\Program Files\Rising\Rav\RAVMON.EXE C:\Program Files\Rising\Rav\RavStub.exe E:\Tencent\TT\TTraveler.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\jujumao\桌面\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\jujumao\「开始」菜单\程序\启动] 宽带连接.lnk = ? 腾讯QQ珊瑚虫版.lnk = E:\Tencent\qq\CoralQQ.exe Shell folders Common Startup: [C:\Documents and Settings\All Users\「开始」菜单\程序\启动] ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run RavTask = "C:\Program Files\Rising\Rav\RavTask.exe" -system SoundMan = SOUNDMAN.EXE iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" RfwMain = "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup MSConfig = C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe /auto -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=INI section not found SCRNSAVE.EXE=INI section not found drivers=INI section not found Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=Registry value not found drivers=Registry value not found Policies Shell key: HKCU\..\Policies: Shell=Registry key not found HKLM\..\Policies: Shell=Registry value not found -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - F:\PROGRA~1\KuGoo3\KUGOO3~1.OCX - {A9930D97-9CF0-42A0-A10D-4F28836579D5} -------------------------------------------------- Enumerating Download Program Files: [WUWebControl Class] InProcServer32 = C:\WINDOWS\system32\wuweb.dll CODEBASE = http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093505610780 [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll -------------------------------------------------- End of report, 4,725 bytes Report generated in 0.047 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only
kamen89 初生襁褓狮帖子:12 注册: 2006-10-16 来自:

秋日里的蓝天卡卡技术团队帖子:7349 注册: 2004-09-30 来自:	发表于： 2006-10-16 20:36 \| 短消息资料字号：小中大 4楼控制面板－－管理工具－－服务－－查找--svchost,,,9E6ADED2--启动类型－－设置为已禁止--服务类型－－设置为停止运行Hijackthis，把下面的选中打上钩，修复 O23 - Service: 9E6ADED2 - Unknown owner - C:\WINDOWS\system32\9E6ADED2.EXE (file missing) O23 - Service: svchost - Unknown owner - C:\Program Files\HgzServer\Hacker.com.cn.exe O1 - Hosts: 207.134.231.160 game01.us.segaonline.jp O1 - Hosts: 207.134.231.160 game01.psobb.segaonline.jp O1 - Hosts: 207.134.231.160 db.psobb.cn O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - F:\PROGRA~1\KuGoo3\KUGOO3~1.OCX 修复后,重启,还有异常,请下载SREng2 ，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来,,日志一次粘不完，分次粘完，请不要修改。下载地址 http://free5.ys168.com/?ufwihgu168 http://www.kztechs.com/sreng/sreng2.zip
秋日里的蓝天卡卡技术团队帖子:7349 注册: 2004-09-30 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT