发表于: 2006-08-23 13:21 | 只看楼主 短消息 资料
字号: 1楼

【求助】不知道是不是中毒了,整天都弹出网页广告!!

昨天中了Win32.Troj.AdSetup.vt.282177,但是处理结果是跳过,今天就有广告自己跳出来,以前是没有的,该怎么办??下面是日志:
unning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\KAV6\Kulansyn.EXE
C:\KAV6\KWatchUI.EXE
C:\Program Files\lenovo\StateChange\QuakeII.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\联想\联想标准功能键盘\SkDaemond.exe
C:\KAVPFW\KAVPFW.EXE
C:\KAV6\KPopMon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\KAV6\MailMon.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\KAV6\KAVPlus.EXE
C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
C:\Program Files\AMD\Cool'n'Quiet\gemback.exe
C:\KAV6\KAVSvc.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
G:\新建文件夹 (2)\HijackThis.exe

R3 - URLSearchHook: BdSearchHook Class - {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} - C:\PROGRA~1\baidu\iexp\BDSrHook.dll (file missing)
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - F:\新建文件夹\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O3 - Toolbar: 金山毒霸 - {A9BE2902-C447-420A-BB7F-A5DE921E6138} - C:\KAV6\KAIEPlus.DLL
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [KAVRun] C:\KAV6\KAVRun.EXE
O4 - HKLM\..\Run: [Kulansyn] C:\KAV6\Kulansyn.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [QuakeII.exe] C:\Program Files\lenovo\StateChange\QuakeII.exe
O4 - HKLM\..\Run: [raid_tool.exe] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SkDaemond.exe] C:\Program Files\联想\联想标准功能键盘\SkDaemond.exe
O4 - HKLM\..\Run: [iDuba Personal FireWall] C:\KAVPFW\KAVPFW.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KAVPFW.EXE] ; D:\新建文件夹 (2)\KAVPFW.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KpopMon] C:\KAV6\KPopMon.EXE
O4 - HKCU\..\Run: [iDuba Personal Firewall] C:\KAVPFW\KAVPFW.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &使用迅雷下载 - G:\讯雷\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - G:\讯雷\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - G:\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - G:\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - G:\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - G:\QQ\SendMMS.htm
O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - G:\讯雷\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - G:\讯雷\Thunder.exe
O9 - Extra button: 百度首页 - {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} - http://baidu.com/index.php?tn=znmqdg (file missing)
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O17 - HKLM\System\CCS\Services\Tcpip\..\{78B2E6FC-973E-4958-90A4-3BE8EEFA8F25}: NameServer = 61.235.70.98 211.98.4.1
O18 - Protocol: mbox - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
O23 - Service: Kingsoft AntiVirus Service (KAVSvc) - kingsoft Antivirus - C:\KAV6\KAVSvc.EXE
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Unknown owner - (no file)
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - (no file)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
最后编辑2006-08-23 13:21:08.450000000