瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 总会自动跳出一些游戏网页和视频广告,各种杀无效
eyoupc - 2012-10-29 11:53:00
经常上一些正常的网站(哪新浪,QQ,163各种等),网页上面好像会多出一个隐形的网页,不论点正常的网页哪个位置,就会跳出那些垃圾网页游戏网站和视频网页(如6间房,1号店,京东,凡客等很多不同的都有),用了各种杀毒软件和工具,都查不出什么原因,求助各位大大,谢谢
网站1,网站2,非常妨碍你浏览网页
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:29:03, on 2012/10/29 星期一
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
D:\Program Files\Tencent\QQPCMgr\6.8.2379.401\QQPCTray.exe
C:\Program Files (x86)\kX Project\kxmixer.exe
D:\Program Files\kingsoft\kingsoft antivirus\kxetray.exe
C:\Program Files\CMBCHINA\WebProtect\WPService.exe
C:\Program Files (x86)\CCBComponents\HDZB\USBKeyTools.exe
C:\Windows\SysWOW64\D4Svr_CCB.exe
C:\Program Files (x86)\360\360Safe\safemon\360Tray.exe
D:\Program Files\360\360se\360se\360SE.exe
D:\Program Files\Tencent\QQPCMgr\6.8.2379.401\QQPCWebShield.exe
D:\Program Files\360\360se\360se\SafeCentral\urlproc.exe
D:\Program Files\360\360se\360se\360SE.exe
D:\Program Files\Tencent\QQ\Bin\QQ.exe
D:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
D:\Program Files\Tencent\QQ\Bin\QQExternal.exe
D:\Program Files\Tencent\QQ\Bin\QQExternal.exe
D:\Users\liang\AppData\Roaming\Tencent\QPlus\QPlus.exe
D:\Users\liang\AppData\Roaming\Tencent\QPlus\4.0.288.0\Bin\QPlusService.exe
D:\Program Files\360\360se\360se\360SE.exe
D:\Program Files\Tencent\QQ\Bin\QQExternal.exe
D:\Program Files\360\360se\360se\SeDown.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: XlBrowserAddinBho.XlBrowserAddinBhoObject - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - D:\Program Files\Thunder\BHO\XlBrowserAddin1.0.8.71.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebProtect.IEHlpObj - {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} - C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: QMWSBho - {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} - D:\Program Files\Tencent\QQPCMgr\6.8.2379.401\TSWebMon.dat
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder\BHO\XunleiBHO7.2.8.3574.dll
O2 - BHO: ResourceKeywordMonitor.XlResourceKeywordMonitorBhoObject - {9AA238FE-8298-48c9-B188-05B6AEE76C3A} - D:\Program Files\Thunder\BHO\XlBrowserAddinKernel1.0.8.71.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files (x86)\360\360Safe\safemon\safemon.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [kxesc] "d:\program files\kingsoft\kingsoft antivirus\kxetray.exe" -autorun
O4 - HKLM\..\Run: [CMB webProtect] C:\Program Files\CMBCHINA\WebProtect\WPService.exe  /alone
O4 - HKLM\..\Run: [wdcertm_ccb] C:\windows\system32\WatchData\Watchdata CCB CSP v3.2\WDCertM_CCB.exe
O4 - HKLM\..\Run: [USBKeyTools.exe] C:\Program Files (x86)\CCBComponents\HDZB\USBKeyTools.exe
O4 - HKLM\..\Run: [D4Svr_CCB.exe] D4Svr_CCB.exe
O4 - HKLM\..\Run: [360Safetray] "C:\Program Files (x86)\360\360Safe\safemon\360Tray.exe" /start
O4 - HKLM\..\Run: [ QQPCTray] "D:\Program Files\Tencent\QQPCMgr\6.8.2379.401\QQPCTray.exe"  /regrun
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'DefaultAppPool')
O4 - HKUS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'DefaultAppPool')
O4 - Startup: kxmixer.exe - 快捷方式.lnk = C:\Program Files (x86)\kX Project\kxmixer.exe
O4 - Startup: QQ游戏启动加速程序.lnk = ?
O9 - Extra button: (no name) - {14c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra 'Tools' menuitem: 启动迅雷看看播放器 - {14c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra button: 启动迅雷看看播放器 - {24c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm
O9 - Extra button: 发送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: 发送至 OneNote(&N) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote 链接笔记(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote 链接笔记(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - d:\Program Files\PPLive\PPTV\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - d:\Program Files\PPLive\PPTV\PPLive.exe
O9 - Extra button: 显示或隐藏 HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\thunder network\netmon\net_monitor2.0.2.7.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\thunder network\netmon\net_monitor2.0.2.7.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\thunder network\netmon\net_monitor2.0.2.7.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\thunder network\netmon\net_monitor2.0.2.7.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.ccb.com
O15 - Trusted Zone: http://*.ccb.com
O15 - Trusted Zone: http://*.taobao.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {3FB84210-0311-49BA-AFF7-A2C50E2D20B6} (NetSurveillance Control) - http://192.168.1.245/web.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{919ECDBD-E172-4D2C-ADD6-9913E86E7BBA}: NameServer = 202.96.128.166,202.96.134.133
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~2\KUGOU2~1\KUGOO3~1.OCX
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~2\KUGOU2~1\KUGOO3~1.OCX
O18 - Protocol: kuwo - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: 91手机助手服务 (91MobileDevice) - Unknown owner - D:\Program Files\NetDragon\91Mobile\91MobileDeviceService.exe
O23 - Service: ArcSoft Exchange Service (ADExchange) - ArcSoft, Inc. - C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: ARP防火墙加载程序 (AntiARPClientLoader) - Unknown owner - d:\Program Files\彩影软件\ARP防火墙单机版\AntiARPClientLoader.exe
O23 - Service: CNTV CBox Service (CntvCBoxService) - 中国网络电视台 - d:\Program Files\CNTV\CBox\CntvCBoxService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HDZB Comm Service For V3.0 (HZ_CommSrv) - 华大智宝电子系统有限公司 - C:\windows\SysWOW64\HZ_CommSrv.exe
O23 - Service: HDZB Comm Service 64 For V2.0 (HZ_CommSrv64) - Unknown owner - C:\windows\system32\HZ_CommSrv64.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Kingsoft Core Service (kxescore) - Kingsoft Corporation - d:\program files\kingsoft\kingsoft antivirus\kxescore.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PSI_SVC_2 - Unknown owner - D:\Program Files\coreldraw x6 v16简体中文绿色版下载(32_64位)\Protexis\License Service\PsiService_2.exe (file missing)
O23 - Service: Tenpay Certificate Service (QQCertificateService) - Tencent - C:\Program Files (x86)\Common Files\Tencent\Paycenter\tenpaycert.exe
O23 - Service: QQPCMgr RTP Service (QQPCRtp) - Tencent - D:\Program Files\Tencent\QQPCMgr\6.8.2379.401\QQPCRtp.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: WatchData ccb V3.2 (WDMonitorCCB) -  Beijing WatchData System Co., Ltd. - C:\windows\SysWOW64\WatchData\Watchdata CCB OCL CSP v3.2\WDKeyMonitorCCB.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSVC) - Unknown owner - C:\windows\system32\inetsrv\wmsvc.exe (file missing)
O23 - Service: 主动防御 (ZhuDongFangYu) - 360.cn - C:\Program Files (x86)\360\360Safe\deepscan\zhudongfangyu.exe
--
End of file - 12889 bytes

用户系统信息:Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
networkedition - 2012-10-29 13:07:00
使用的是什么上网方式?
l8l8 - 2012-10-29 13:39:00
该用户帖子内容已被屏蔽
无名的大象 - 2012-10-29 14:59:00
通过路由器上网,中国电信的,路由器用的固件是海蜘蛛,基本上各种浏览器都会这样,没查到什么恶意插件
无名的大象 - 2012-10-29 15:00:00
啊,怎么我有两个帐号...
networkedition - 2012-10-29 15:16:00
咨询网络运营商看看。
无名的大象 - 2012-10-29 15:23:00
我也有考虑到这个问题,但是不明白的是,运营商是否能在你打开的网面上面或右下角插入广告或超链接?
networkedition - 2012-10-29 15:36:00
广告推送啊,dns劫持啊,可以换个dns试试。
无名的大象 - 2012-10-29 15:38:00
可我用的DNS是广东通用的,很多电脑好像没出现这个问题,202.96.134.133  202.96.128.166
无名的大象 - 2012-10-29 15:53:00
我把它改成GOOGLE的看一下,8.8.8.8  8.8.4.4
networkedition - 2012-10-29 15:54:00
试试:8.8.8.8,不行就咨询一下运营商。
无名的大象 - 2012-10-29 15:57:00
可恶的中国电信,我试半天看看,到时来汇报成绩!
无名的大象 - 2012-10-30 10:19:00
杯具,还是一样的问题
networkedition - 2012-10-30 11:22:00
用hosts屏蔽试试,加入 127.0.0.1  t.womenwan.com
路径:C:\WINDOWS\system32\drivers\etc\hosts 用记事本打开加入上条记录。
无名的大象 - 2012-10-30 18:04:00
不个行不通,因为每次跳出来的网页经常不一样的
networkedition - 2012-10-31 9:49:00
网址是随机的?
无名的大象 - 2012-10-31 11:35:00
嗯,可以这么说吧,反正经常都是不一样的,有时也有一样的
networkedition - 2012-10-31 13:04:00
建议咨询运营商吧。
无名的大象 - 2012-11-22 10:20:00
搞不定,电信不承认
eyoupc - 2012-12-11 18:28:00
找到原因了,是软路由的问题
1
查看完整版本: 总会自动跳出一些游戏网页和视频广告,各种杀无效