屏幕上出现这个，怎么办？？ - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛屏幕上出现这个，怎么办？？

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

屏幕上出现这个，怎么办？？

ldg228 初生襁褓狮帖子:8 注册: 2006-01-25 来自:	发表于： 2006-01-25 12:23 \| 只看楼主短消息资料字号：小中大 1楼屏幕上出现这个，怎么办？？ Warning! Spyware detected on your computer!Install an antivirus or spyware remover to clean your computer. → View the list of top spyware removers here ← 2006-01-25 16:14:25
ldg228 初生襁褓狮帖子:8 注册: 2006-01-25 来自:	分享到：

8897603 锋芒艾服狮帖子:1177 注册: 2005-01-14 来自:	发表于： 2006-01-25 12:28 \| 短消息资料字号：小中大 2楼微软杀毒软件的提示
8897603 锋芒艾服狮帖子:1177 注册: 2005-01-14 来自:

ldg228 初生襁褓狮帖子:8 注册: 2006-01-25 来自:	发表于： 2006-01-25 12:44 \| 只看楼主短消息资料字号：小中大 3楼可是老是在桌面上，怎么清除呢？急！！！是不是中了间谍病毒？？
ldg228 初生襁褓狮帖子:8 注册: 2006-01-25 来自:

ldg228 初生襁褓狮帖子:8 注册: 2006-01-25 来自:	发表于： 2006-01-25 12:48 \| 只看楼主短消息资料字号：小中大 4楼急！！！求救！！！
ldg228 初生襁褓狮帖子:8 注册: 2006-01-25 来自:

BlackStone 叱咤花甲狮帖子:2616 注册: 2005-09-27 来自:	发表于： 2006-01-25 13:43 \| 短消息资料字号：小中大 5楼用Autoruns保存一个日志发上来日志保存方法:选择File->Save菜单项保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮) 工具的下载、使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7318038
BlackStone 叱咤花甲狮帖子:2616 注册: 2005-09-27 来自:

is狐狸吖飘泊而立狮帖子:625 注册: 2005-12-28 来自:京城	发表于： 2006-01-25 14:35 \| 短消息资料字号：小中大 6楼应该是广告类病毒欺骗性的。告知你可能中毒请访问如下链接。。。（但点击后很有可能进入的是一个广告页面或病毒网站）
is狐狸吖飘泊而立狮帖子:625 注册: 2005-12-28 来自:京城

ldg228 初生襁褓狮帖子:8 注册: 2006-01-25 来自:	发表于： 2006-01-25 15:16 \| 只看楼主短消息资料字号：小中大 7楼这是我的日志，帮忙看看 ProcessPIDCPUDescriptionCompany Name System Idle Process077.67 Interruptsn/aHardware Interrupts DPCsn/a0.97Deferred Procedure Calls System4 SMSS.EXE416Windows NT Session ManagerMicrosoft Corporation csrss.exe480Client Server Runtime ProcessMicrosoft Corporation winlogon.exe504Windows NT Logon ApplicationMicrosoft Corporation services.exe5482.91Services and Controller appMicrosoft Corporation svchost.exe736Generic Host Process for Win32 ServicesMicrosoft Corporation svchost.exe788Generic Host Process for Win32 ServicesMicrosoft Corporation svchost.exe884Generic Host Process for Win32 ServicesMicrosoft Corporation svchost.exe912Generic Host Process for Win32 ServicesMicrosoft Corporation spoolsv.exe1000Spooler SubSystem AppMicrosoft Corporation alg.exe1800Application Layer Gateway ServiceMicrosoft Corporation DefWatch.exe1820Virus Definition DaemonSymantec Corporation Rtvscan.exe1864Symantec AntiVirusSymantec Corporation nvsvc32.exe1880NVIDIA Driver Helper Service, Version 29.42NVIDIA Corporation svchost.exe1916Generic Host Process for Win32 ServicesMicrosoft Corporation wdfmgr.exe1952Windows User Mode Driver ManagerMicrosoft Corporation lsass.exe5600.97LSA Shell (Export Version)Microsoft Corporation Explorer.EXE13081.94Windows ExplorerMicrosoft Corporation rundll32.exe1584Run a DLL as an AppMicrosoft Corporation VPTray.exe1612Symantec AntiVirusSymantec Corporation realsched.exe1412RealNetworks SchedulerRealNetworks, Inc. rundll32.exe1432Run a DLL as an AppMicrosoft Corporation assistse.exe1480AssistSettingyahoo rundll32.exe1448Run a DLL as an AppMicrosoft Corporation ctfmon.exe1156CTF LoaderMicrosoft Corporation msmsgs.exe1596Messenger ClientMicrosoft Corporation MsnMsgr.Exe1648MSN MessengerMicrosoft Corporation VnetClient.exe23440.97Vstar Microsoft 基础类应用程序 TrojanAssistant.exe3488清除木马Yahoo! CN iexplore.exe19400.97Internet ExplorerMicrosoft Corporation WinRAR.exe2516 procexp.exe10840.97Sysinternals Process ExplorerSysinternals procexp.exe26969.71Sysinternals Process ExplorerSysinternals App.exe17242.91 conime.exe3728Console IMEMicrosoft Corporation Process: Procexp Pid: -2 TypeName
ldg228 初生襁褓狮帖子:8 注册: 2006-01-25 来自:

不言放弃社区嘉宾帖子:30678 注册: 2004-09-17 来自:蓝色星球	发表于： 2006-01-25 15:25 \| 短消息资料字号：小中大 8楼中了间谍程序 http://forum.ikaka.com/topic.asp?board=28&artid=6979213 下载HIJACKTHIS 导出日志
不言放弃社区嘉宾帖子:30678 注册: 2004-09-17 来自:蓝色星球

ldg228 初生襁褓狮帖子:8 注册: 2006-01-25 来自:	发表于： 2006-01-25 16:05 \| 只看楼主短消息资料字号：小中大 9楼 7楼老大：我的扫描的日志如下，请帮忙看看！！万分感激！！！ HijackThis_zww汉化版扫描日志 V1.99.1 保存于 16:16:03, 日期 2006-1-25 操作系统： Windows XP (WinNT 5.01.2600) 浏览器： Internet Explorer v6.00 (6.00.2600.0000) 当前运行的进程： C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\Rundll32.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\assistse.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\ChinaNet\VnetClient.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE E:\安装目录\WinRAR\WinRAR.exe C:\DOCUME~1\kevin\LOCALS~1\Temp\Rar$EX00.866\HijackThis1991zww.exe R3 - URLSearchHook: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll O2 - BHO: VeryCD超级搜索 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\PROGRA~1\YOK.com\SUPERS~1\yok_supersearch.dll O2 - BHO: (no name) - {797237CB-1025-4D7C-83D1-00FA3632D3BC} - C:\WINDOWS\System32\fmca.dll (file missing) O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll O3 - IE工具栏增项: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - 启动项HKLM\\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - 启动项HKLM\\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32 O4 - 启动项HKLM\\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32 O4 - 启动项HKLM\\Run: [assistse] "C:\PROGRA~1\3721\assistse.exe" O4 - 启动项HKLM\\Run: [sp] rundll32 C:\DOCUME~1\kevin\LOCALS~1\Temp\se.dll,DllInstall O4 - 启动项HKLM\\Run: [hgqhp.exe] C:\WINDOWS\System32\hgqhp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: 星空极速.lnk = C:\Program Files\ChinaNet\VnetClient.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - IE右键菜单中的新增项目: >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm O9 - 浏览器额外的按钮: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=401732_1006 (file missing) O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing) O9 - 浏览器额外的按钮: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=?allyesPara=816 (file missing) O9 - 浏览器额外的按钮: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/?source=Cns (file missing) O9 - 浏览器额外的按钮: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll O9 - 浏览器额外的“工具”菜单项: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing) O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing) O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing) O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing) O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing) O11 - Options group: [!CNS] 网络实名 O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} (PowerList Control) - http://download.ppstream.com/bin/powerplayer.cab O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://vod.lanyin.net/plugin/PowerPlr.ocx O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/aliedit.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{64EC95BF-E5B8-4B5B-9A4E-CBCEC61542BA}: NameServer = 85.255.115.158,85.255.112.220 O17 - HKLM\System\CCS\Services\Tcpip\..\{6B85F15A-0F70-4EED-BCEE-917B02179260}: NameServer = 85.255.115.158,85.255.112.220 O17 - HKLM\System\CCS\Services\Tcpip\..\{B1F6A549-7388-44CB-A926-88A57FA9BD83}: NameServer = 85.255.115.158 85.255.112.220 O17 - HKLM\System\CS1\Services\Tcpip\..\{64EC95BF-E5B8-4B5B-9A4E-CBCEC61542BA}: NameServer = 85.255.115.158,85.255.112.220 O17 - HKLM\System\CS2\Services\Tcpip\..\{64EC95BF-E5B8-4B5B-9A4E-CBCEC61542BA}: NameServer = 85.255.115.158,85.255.112.220 O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O21 - SSODL: SysTray.Exgr - {5368D1FC-4F5C-4f1b-B134-E67214FC78E9} - C:\WINDOWS\System32\cnhehcjm.dll (file missing) O23 - NT 服务: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - NT 服务: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - NT 服务: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - NT 服务: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
ldg228 初生襁褓狮帖子:8 注册: 2006-01-25 来自:

不言放弃社区嘉宾帖子:30678 注册: 2004-09-17 来自:蓝色星球	发表于： 2006-01-25 16:14 \| 短消息资料字号：小中大 10楼修复 O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll O2 - BHO: VeryCD超级搜索 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\PROGRA~1\YOK.com\SUPERS~1\yok_supersearch.dll O2 - BHO: (no name) - {797237CB-1025-4D7C-83D1-00FA3632D3BC} - C:\WINDOWS\System32\fmca.dll (file missing) O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O4 - 启动项HKLM\\Run: [sp] rundll32 C:\DOCUME~1\kevin\LOCALS~1\Temp\se.dll,DllInstall O4 - 启动项HKLM\\Run: [hgqhp.exe] C:\WINDOWS\System32\hgqhp.exe O8 - IE右键菜单中的新增项目: >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm O9 - 浏览器额外的按钮: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll O9 - 浏览器额外的“工具”菜单项: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll O21 - SSODL: SysTray.Exgr - {5368D1FC-4F5C-4f1b-B134-E67214FC78E9} - C:\WINDOWS\System32\cnhehcjm.dll (file missing) 进入注册表依次搜索cnhehcjm.dll和fmca.dll 找到后全部删除卸载C:\Program Files\MMSASS~1 C:\Program Files\YOK.com 删除 C:\Program Files\MMSASS~1 C:\Program Files\YOK.com C:\Documents and Settings\kevin\Local Settings\Temp\se.dll C:\WINDOWS\System32\hgqhp.exe
不言放弃社区嘉宾帖子:30678 注册: 2004-09-17 来自:蓝色星球

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT