瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 各位大鹰帮帮我啊.莫名其妙的弹出网页,有日志,拜托【求助】

1   1  /  1  页   跳转

各位大鹰帮帮我啊.莫名其妙的弹出网页,有日志,拜托【求助】

收藏
yizhe053
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2006-08-04
  • 来自:
发表于: 2006-08-04 22:54 | 只看楼主 短消息 资料
字号: 1楼

各位大鹰帮帮我啊.莫名其妙的弹出网页,有日志,拜托【求助】

post.wiki.cn 还有很多 5,6个 大鹰们 帮帮小鸟啊 10天郁闷中....


ogfile of HijackThis v1.99.1
Scan saved at 21:58:33, on 2006-8-4
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\1212\찌르레기\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\cmmon.exe
O3 - Toolbar: ??上?安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [HncUpdate] C:\HNC\HncUpdate.exe /A
O4 - HKLM\..\Run: [NetpiaLite] C:\HNC\Netpia\netpia.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Vcrmon] C:\Program Files\Virus Chaser\vcrmon.exe
O4 - HKLM\..\Run: [AddrPlus3] C:\PROGRA~1\TENCENT\Adplus\stup.exe C:\PROGRA~1\TENCENT\Adplus\Adplus1.dll Rundll32
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Bittorrent] C:\WINDOWS\bittorrent.exe
O4 - HKLM\..\Run: [PC-Radar] C:\Program Files\PC-Radar\PC_Radar.exe
O4 - HKLM\..\Run: [res] C:\WINDOWS\system32\res.exe
O4 - HKLM\..\Run: [MSService_v1.0] C:\WINDOWS\system\realsched.exe
O4 - HKLM\..\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LetsCool] C:\Program Files\LetsCool\LetsCool.exe
O4 - HKCU\..\Run: [msnnt] C:\WINDOWS\Updatec.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart
O11 - Options group: [TBH]  SOSO AddressBar Search
O16 - DPF: {049A6D47-31CF-4774-814D-E334614E456A} (IKeeperWeb Control) - http://www.watv.org/i/i/i/i/i/ikeeper/common/iKeeperWeb.CAB
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4E52C32F-C143-4963-A758-2DB07703CB49} (YahooCS Class) - http://kr.memo.yahoo.com/CAB/YahooWCS.cab
O16 - DPF: {93F79C47-F414-4EEE-95C5-A0F0ACE59A0E} (ALDx Class) - http://www.altools.co.kr/ALDX.cab
O16 - DPF: {A00B2A53-60D9-4477-ADA3-60490770C5E0} (Hanmail Upload Control) - http://mail.daum.net/hanmail-ax/hanmail.cab
O16 - DPF: {A5F3B5CF-A05F-479E-B684-13AA512A7B93} (YGLauncher Control) - http://kr.pubbase.yahoo.com/gamesetup/YGLauncher.cab
O16 - DPF: {BEAE9FC7-6F8D-404A-A803-8AC208F49570} (IKeeperNW Control) - http://www.watv.org/i/i/i/i/i/ikeeper//common/iKeeperNW.CAB
O16 - DPF: {E36BEEF0-E18D-4FCB-9AD4-F9A643232027} (spykeepax Control) - http://down.spykeep.com/down/spykeepatx.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe (file missing)
O23 - Service: Open Search Keyword Services (ossvc) - Unknown owner - C:\WINDOWS\system32\ossvc.exe (file missing)
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Network ConnectionPPO2 (ServicePPO2) - Unknown owner - C:\WINDOWS\popo\server.exe (file missing)
O23 - Service: Virus Chaser Spider NT (spidernt) - New Technology Wave Inc. - C:\Program Files\Virus Chaser\SpiderNT.exe
O23 - Service: svchost.exe - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Ineterner Explorer Add Update Services (updatecheck) - Unknown owner - C:\WINDOWS\system32\ieaus.exe (file missing)

最后编辑2006-08-05 17:38:47
分享到:
gototop
 
yizhe053
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2006-08-04
  • 来自:
发表于: 2006-08-04 22:56 | 只看楼主 短消息 资料
字号: 2楼

拜托,拜托
gototop
 
读来毒网
头像
飘泊而立狮
  • 帖子:610
  • 注册: 2004-04-18
  • 来自:
发表于: 2006-08-05 03:53 | 短消息 资料
字号: 3楼

开始→控制面板→添加或删除程序→选中→搜狗→卸载
开始→控制面板→性能和维护→管理工具→服务→查找svchost.exe→右击→属性→启动类型→禁止→应用→停止→确定。

打开注册表编辑器,展开:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run,
将Userinit的值C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\cmmon.exe改为:C:\WINDOWS\system32\userinit.exe,
重启系统。

删除文件:C:\WINDOWS\system32\cmmon.exe。

重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
==================================
运行Hijackthis,扫描结束后在下列选项前打上勾,然后选修复“Fix Checked”:
O4 - HKLM\..\Run: [Bittorrent] C:\WINDOWS\bittorrent.exe
O4 - HKLM\..\Run: [res] C:\WINDOWS\system32\res.exe
O4 - HKLM\..\Run: [MSService_v1.0] C:\WINDOWS\system\realsched.exe
O4 - HKCU\..\Run: [msnnt] C:\WINDOWS\Updatec.exe
O11 - Options group: [TBH] SOSO AddressBar Search
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe (file missing)
O23 - Service: Open Search Keyword Services (ossvc) - Unknown owner - C:\WINDOWS\system32\ossvc.exe (file missing)
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
O23 - Service: Network ConnectionPPO2 (ServicePPO2) - Unknown owner - C:\WINDOWS\popo\server.exe (file missing)
O23 - Service: svchost.exe - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Ineterner Explorer Add Update Services (updatecheck) - Unknown owner - C:\WINDOWS\system32\ieaus.exe (file missing
显示隐藏文件

双击我的电脑--工具---文件夹选项--查看选项卡--单击选取"显示隐藏文件或文件夹"--清除"隐藏受保护的操作系统文件(推荐)"复选框。在提示您确定更改时,单击“是”--单击“确定”。

然后找到如下文件并删除(如果有的话)
C:\WINDOWS\bittorrent.exe
C:\WINDOWS\system32\res.exe
C:\WINDOWS\system\realsched.exe
C:\WINDOWS\Updatec.exe
C:\PROGRA~1\MSNMES~1\msgrapp.dll
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Sogou PXP\整个目录
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\ieaus.exe
gototop
 
yizhe053
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2006-08-04
  • 来自:
发表于: 2006-08-05 17:46 | 只看楼主 短消息 资料
字号: 4楼

【回复“读来毒网”的帖子】
没有 C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\cmmon. 值啊
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT