定时弹出广告页面，请高手帮忙！！ - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛定时弹出广告页面，请高手帮忙！！

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

定时弹出广告页面，请高手帮忙！！

路路08 初生襁褓狮帖子:7 注册: 2006-01-26 来自:	发表于： 2006-01-26 22:39 \| 只看楼主短消息资料字号：小中大 1楼定时弹出广告页面，请高手帮忙！！上网后，隔几分钟就弹出一个广告页面，地址不定。用NORTON查了是LOOK2ME，在安全模式下也杀不掉看看我的LOG HijackThis_zww汉化版扫描日志 V1.99.1 保存于 22:31:23, 日期 2006-1-26 操作系统： Windows 2000 SP4 (WinNT 5.00.2195) 浏览器： Internet Explorer v6.00 SP1 (6.00.2800.1106) 当前运行的进程： C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\svchost.exe D:\Program Files\norton2004\navapsvc.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe D:\Program Files\norton2004\SAVScan.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\rundll32.exe C:\WINNT\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\Thunder Network\Thunder\Thunder.exe D:\Program Files\HijackThis1991汉化版\HijackThis1991zww.exe O3 - IE工具栏增项: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\norton2004\NavShExt.dll O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon O4 - 启动项HKLM\\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - 启动项HKLM\\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - 启动项HKLM\\Run: [MSConfig] C:\DOCUME~1\史科路\LOCALS~1\Temp\Rar$EX00.375\MSCONFIG.EXE /auto O4 - HKCU\..\Run: [ctfmon.exe] ; ctfmon.exe O9 - 浏览器额外的按钮: 网址大全 - {1FBA04EE-3024-11D2-8F1F-0000F87ABD18} - http://www.coc.cc (file missing) O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B26C7E68-E78A-49D9-B6D4-EFF6ECF87E3F}: NameServer = 202.96.107.29 202.96.107.28 O20 - Winlogon Notify: Run- - C:\WINNT\system32\nlwrstr.dll O23 - NT 服务: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - NT 服务: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - NT 服务: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - NT 服务: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\norton2004\navapsvc.exe O23 - NT 服务: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - NT 服务: SAVScan - Symantec Corporation - D:\Program Files\norton2004\SAVScan.exe O23 - NT 服务: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - NT 服务: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe 2006-01-28 00:07:49
路路08 初生襁褓狮帖子:7 注册: 2006-01-26 来自:	分享到：

路路08 初生襁褓狮帖子:7 注册: 2006-01-26 来自:	发表于： 2006-01-26 23:38 \| 只看楼主短消息资料字号：小中大 2楼安全模式下LOG HijackThis_zww汉化版扫描日志 V1.99.1 保存于 23:21:43, 日期 2006-1-26 操作系统： Windows 2000 SP4 (WinNT 5.00.2195) 浏览器： Internet Explorer v6.00 SP1 (6.00.2800.1106) 当前运行的进程： C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\rundll32.exe C:\WINNT\Explorer.EXE D:\Program Files\HijackThis1991汉化版\HijackThis1991zww.exe O3 - IE工具栏增项: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\norton2004\NavShExt.dll O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon O4 - 启动项HKLM\\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - 启动项HKLM\\Run: [MSConfig] C:\DOCUME~1\史科路\LOCALS~1\Temp\Rar$EX00.375\MSCONFIG.EXE /auto O4 - HKCU\..\Run: [ctfmon.exe] ; ctfmon.exe O9 - 浏览器额外的按钮: 网址大全 - {1FBA04EE-3024-11D2-8F1F-0000F87ABD18} - http://www.coc.cc (file missing) O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab O20 - Winlogon Notify: IntlRun.OC - C:\WINNT\system32\h2j4lc1q1f.dll O23 - NT 服务: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - NT 服务: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - NT 服务: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - NT 服务: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\norton2004\navapsvc.exe O23 - NT 服务: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - NT 服务: SAVScan - Symantec Corporation - D:\Program Files\norton2004\SAVScan.exe O23 - NT 服务: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - NT 服务: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe 用KILLBOX无法删除（O20 - Winlogon Notify: IntlRun.OC - C:\WINNT\system32\h2j4lc1q1f.dll）用L2MFIX也无效，拼命重启。
路路08 初生襁褓狮帖子:7 注册: 2006-01-26 来自:

路路08 初生襁褓狮帖子:7 注册: 2006-01-26 来自:	发表于： 2006-01-26 23:45 \| 只看楼主短消息资料字号：小中大 3楼 L2mfix 010406 Creating Account. 命令成功完成。 Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: C:\WINNT\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 196 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 220 'winlogon.exe' Killing PID 220 'winlogon.exe' Error 0x5 : 拒绝访问。 Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1176 'explorer.exe' Killing PID 1176 'explorer.exe' Error 0x5 : 拒绝访问。 Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1452 'rundll32.exe' Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrators ... successful Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! 已复制 1 个文件。已复制 1 个文件。已复制 1 个文件。已复制 1 个文件。已复制 1 个文件。已复制 1 个文件。已复制 1 个文件。已复制 1 个文件。已复制 1 个文件。已复制 1 个文件。已复制 1 个文件。 Deleting: C:\WINNT\system32\cWpesnpn.dll Successfully Deleted: C:\WINNT\system32\cWpesnpn.dll Deleting: C:\WINNT\system32\dhwsockx.dll Successfully Deleted: C:\WINNT\system32\dhwsockx.dll Deleting: C:\WINNT\system32\gpl8l33u1.dll Successfully Deleted: C:\WINNT\system32\gpl8l33u1.dll Deleting: C:\WINNT\system32\kt40l7hm1.dll Successfully Deleted: C:\WINNT\system32\kt40l7hm1.dll Deleting: C:\WINNT\system32\mnxclu.dll Successfully Deleted: C:\WINNT\system32\mnxclu.dll Deleting: C:\WINNT\system32\ncwrsru.dll Successfully Deleted: C:\WINNT\system32\ncwrsru.dll Deleting: C:\WINNT\system32\r2r6lc9s1f.dll Successfully Deleted: C:\WINNT\system32\r2r6lc9s1f.dll Deleting: C:\WINNT\system32\rhcss.dll Successfully Deleted: C:\WINNT\system32\rhcss.dll Deleting: C:\WINNT\system32\sisinv.dll Successfully Deleted: C:\WINNT\system32\sisinv.dll Deleting: C:\WINNT\system32\SO2EVNT1.DLL Successfully Deleted: C:\WINNT\system32\SO2EVNT1.DLL Deleting: C:\WINNT\system32\guard.tmp Successfully Deleted: C:\WINNT\system32\guard.tmp msg11?.dll 已复制 0 个文件。 Desktop.ini sucessfully removed Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: ************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Setup] "Asynchronous"=dword:00000000 "DllName"="C:\\WINNT\\system32\\q468leju1ho8.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "DLLName"="wzcdlg.dll" "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000000 The following are the files found: ************************************************************************ C:\WINNT\system32\cWpesnpn.dll C:\WINNT\system32\dhwsockx.dll C:\WINNT\system32\gpl8l33u1.dll C:\WINNT\system32\kt40l7hm1.dll C:\WINNT\system32\mnxclu.dll C:\WINNT\system32\ncwrsru.dll C:\WINNT\system32\r2r6lc9s1f.dll C:\WINNT\system32\rhcss.dll C:\WINNT\system32\sisinv.dll C:\WINNT\system32\SO2EVNT1.DLL C:\WINNT\system32\guard.tmp Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. ************************************************************************ Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{74430AED-40E3-4822-950F-A6E8B432229C}] @="" [HKEY_CLASSES_ROOT\CLSID\{74430AED-40E3-4822-950F-A6E8B432229C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{74430AED-40E3-4822-950F-A6E8B432229C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{74430AED-40E3-4822-950F-A6E8B432229C}\InprocServer32] @="C:\\WINNT\\system32\\SO2EVNT1.DLL" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{22D06A7D-92C8-4102-A38B-B20FADC8CF83}] @="" [HKEY_CLASSES_ROOT\CLSID\{22D06A7D-92C8-4102-A38B-B20FADC8CF83}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{22D06A7D-92C8-4102-A38B-B20FADC8CF83}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{22D06A7D-92C8-4102-A38B-B20FADC8CF83}\InprocServer32] @="C:\\WINNT\\system32\\sisinv.dll" "ThreadingModel"="Apartment" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{74430AED-40E3-4822-950F-A6E8B432229C}"=- "{22D06A7D-92C8-4102-A38B-B20FADC8CF83}"=- [-HKEY_CLASSES_ROOT\CLSID\{74430AED-40E3-4822-950F-A6E8B432229C}] [-HKEY_CLASSES_ROOT\CLSID\{22D06A7D-92C8-4102-A38B-B20FADC8CF83}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] ************************************************************************ Desktop.ini Contents: ************************************************************************ ************************************************************************** Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: adding: dlls/icmon.dll (deflated 5%) adding: dlls/mlr2c.dll (deflated 5%) adding: dlls/guard.tmp (deflated 5%) adding: dlls/cWpesnpn.dll (deflated 4%) adding: dlls/dhwsockx.dll (deflated 5%) adding: dlls/gpl8l33u1.dll (deflated 4%) adding: dlls/kt40l7hm1.dll (deflated 5%) adding: dlls/mnxclu.dll (deflated 5%) adding: dlls/ncwrsru.dll (deflated 4%) adding: dlls/r2r6lc9s1f.dll (deflated 5%) adding: dlls/rhcss.dll (deflated 5%) adding: dlls/sisinv.dll (deflated 5%) adding: dlls/SO2EVNT1.DLL (deflated 5%) adding: backregs/notibac.reg (deflated 85%) adding: backregs/shell.reg (deflated 72%) adding: backregs/4BA93603-C01E-416F-8A1F-41841CF54E22.reg (deflated 69%) adding: backregs/A36A2B23-7165-401C-9C5E-08696518F409.reg (deflated 70%) adding: backregs/74430AED-40E3-4822-950F-A6E8B432229C.reg (deflated 70%) adding: backregs/22D06A7D-92C8-4102-A38B-B20FADC8CF83.reg (deflated 70%)
路路08 初生襁褓狮帖子:7 注册: 2006-01-26 来自:

魔法学徒卡卡技术团队帖子:11465 注册: 2004-10-03 来自:	发表于： 2006-01-27 00:04 \| 短消息资料字号：小中大 4楼 O4 - 启动项HKLM\\Run: [MSConfig] C:\DOCUME~1\史科路\LOCALS~1\Temp\Rar$EX00.375\MSCONFIG.EXE /auto 这一项是您自己装的吗？试试这里的look2me专杀 mofaxuetu.ys168.com
魔法学徒卡卡技术团队帖子:11465 注册: 2004-10-03 来自:

路路08 初生襁褓狮帖子:7 注册: 2006-01-26 来自:	发表于： 2006-01-27 18:15 \| 只看楼主短消息资料字号：小中大 5楼那个MSCONFIG已经修复专杀工具无法删除，还是不行啊 55555
路路08 初生襁褓狮帖子:7 注册: 2006-01-26 来自:

路路08 初生襁褓狮帖子:7 注册: 2006-01-26 来自:	发表于： 2006-01-27 18:25 \| 只看楼主短消息资料字号：小中大 6楼还有，这个问题最近好像很多见的。
路路08 初生襁褓狮帖子:7 注册: 2006-01-26 来自:

天使之剑社区嘉宾帖子:2961 注册: 2005-09-15 来自:	发表于： 2006-01-27 19:25 \| 短消息资料字号：小中大 7楼【回复“路路08”的帖子】请下载并使用：【推荐】Look2Me Remover简介 http://forum.ikaka.com/topic.asp?board=67&artid=7440953 上面给出的这个帖子中有下载链接和使用方法。
天使之剑社区嘉宾帖子:2961 注册: 2005-09-15 来自:

路路08 初生襁褓狮帖子:7 注册: 2006-01-26 来自:	发表于： 2006-01-27 22:04 \| 只看楼主短消息资料字号：小中大 8楼又失败了！ 21:27:11 -> Start scanning procedures... 21:27:11 -> Suspected Registry Key found. Key added to list. 21:27:11 -> Start checking running tasks... 21:28:05 -> End of the scan process. 21:28:15 -> No ACTIVE virus/trojan found in Memory but the Registry contains suspected voices! The voices are listed in the Registry Key Found box. We suggest you to delete them using the Delete Keys button! 21:28:16 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Controls Folder deleted! 21:28:17 -> Key(s) deleted! Please, reboot the machine now! 重启后依旧，安全模式下无法SCAN，，，
路路08 初生襁褓狮帖子:7 注册: 2006-01-26 来自:

魔法学徒卡卡技术团队帖子:11465 注册: 2004-10-03 来自:	发表于： 2006-01-28 00:07 \| 短消息资料字号：小中大 9楼建议使用icesword监控的同时进行手动删除使用IceSword杀毒的一些基本操作 http://forum.ikaka.com/topic.asp?board=28&artid=7168178
魔法学徒卡卡技术团队帖子:11465 注册: 2004-10-03 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT