瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 电脑无缘无故弹出网页!请教大虾如何处理!多谢!

12   1  /  2  页   跳转

[已解决] 电脑无缘无故弹出网页!请教大虾如何处理!多谢!

电脑无缘无故弹出网页!请教大虾如何处理!多谢!

请问各位大侠,电脑无缘无故弹出网页,hijackthis扫描如下,请问如何处理!不胜感激!


Logfile of HijackThis v1.99.1
Scan saved at 18:19:50, on 2009-7-4
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\vsnp2uvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\CMBCHINA\WebProtect\WPService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\wuauctl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Maxthon2\Maxthon.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Administrator\桌面\ha_hijackthis_1991\HijackThis.exe
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebProtect.IEHlpObj - {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} - C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD\eREAD\WebHook.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\Program Files\BaiDu\bar\BaiduBar.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live 登录帮助程序 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: 百度工具栏 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Program Files\BaiDu\bar\BaiduBar.dll
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\system32\msconfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [PCSuite.exe] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe -onlytray -install -startgcw
O4 - HKCU\..\RunOnce: [PcSync2.exe] C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe /NoDialog
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 发送到 Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: 发送到 Bluetooth 设备(&B)... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\Bin\AddEmotion.htm
O8 - Extra context menu item: 设为 Messenger Live 头像 - \SetMSNDP.htm
O8 - Extra context menu item: 转换为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换选取内容为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换选取内容到现有的 PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换选定的链接为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 转换选定的链接为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 转换选定的链接到 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 转换选定的链接到现有的 PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 转换选项为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换选项为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换链接目标为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换链接目标为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换链接目标到现有的 PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 追加到现有的 PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Web 流量保护状态 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E5EB2B1-F772-4A59-AA7F-8C7D293F6B11}: NameServer = 202.96.128.86 202.96.134.133
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\system32\psqlpwd.dll
O20 - Winlogon Notify: tpfnf2 - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\Program Files\Lenovo\HOTKEY\tphklock.dll
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Cmb WebProtect Support (CMBWPS) - China Merchants Bank - C:\Program Files\CMBCHINA\WebProtect\WPService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kingsoft Basic Service (kaccore) - Kingsoft Corporation - C:\Program Files\Kingsoft\KAC\Service\kaccore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1; .NET CLR 2.0.50727; aff-kingsoft-ciba; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; MAXTHON 2.0)
最后编辑andynio 最后编辑于 2009-07-06 22:40:47
分享到:
gototop
 

回复:电脑无缘无故弹出网页!请教大虾如何处理!多谢!

Sreng官方下载
SREng/智能扫描(记得勾选“检查进程的数字签名)
等扫描完成,保存日志(LOG格式)
PS:如主程序SREng**.exe无法运行,导致无法扫描日志
将主程序改名为我爱小狮子.bat
或我爱小狮子.scr
日志放入附件
(点击我这贴右下角的“引用”或最右下角的那个较大的“回复”然后就应该知道怎么发了。)
gototop
 

回复: 电脑无缘无故弹出网页!请教大虾如何处理!多谢!

谢谢您!我将扫描结果放在附件了,麻烦您看下!多谢!

附件附件:

文件名:SREngLOG.log
下载次数:218
文件类型:application/octet-stream
文件大小:
上传时间:2009-7-4 22:50:46
描述:log

gototop
 

回复:电脑无缘无故弹出网页!请教大虾如何处理!多谢!

C:\WINDOWS\System32\wuauctl.exe
c:\windows\system32\audiosrv.dll
C:\WINDOWS\System32\SmartPopup.dll
C:\WINDOWS\System32\SmartClick.dll
C:\WINDOWS\System32\SmartSearch.dll
上面文件用XDelBox一次性删除
(enao.ys168.com 下载)
复制上面所有要删除的文件,打开XDelBox,在待删除列表点 右键==>选择 剪贴版导入不检查路径==>点 右键==>选择==>立刻重启执行删除

删除服务
[Windows Audio / AudioSrv][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\audiosrv.dll><N/A>
PM偶时请附上求助贴的地址...
gototop
 

回复: 电脑无缘无故弹出网页!请教大虾如何处理!多谢!

刚刚按照您的方法执行了,请问怎样检查有没有删除干净?
还有那个服务如何删除?请问也使用这个xdel删除吗?
gototop
 

回复:电脑无缘无故弹出网页!请教大虾如何处理!多谢!

我刚刚手动删除声音服务后,电脑变得很慢,然后我就重启,结果之后电脑就无法启动声音了!怎么办?
gototop
 

回复:电脑无缘无故弹出网页!请教大虾如何处理!多谢!


师父毛手毛脚的

楼主看看附近谁的系统是XP-sp3的
需要拷注册表导入
gototop
 

回复:电脑无缘无故弹出网页!请教大虾如何处理!多谢!

首先谢谢达人的帮忙!问题得到解决,但是新的问题来了,电脑的声音不正常了,请问怎么导入注册表,如何拷?谢谢!
还有请问如何将帖子归为【已解决】?再次感谢!
gototop
 

回复:电脑无缘无故弹出网页!请教大虾如何处理!多谢!

去相同系统内找这文件c:\windows\system32\audiosrv.dll

复制放到你系统c:\windows\system32\文件夹内即可

还可以用解压工具WinRAR打开你的系统C:\WINDOWS\system32\dllcache文件夹找看看是否还有这文件

再去相同系统内,打开注册表,找这路径下的AudioSrv项目导出来,然后再去你那电脑导入即可

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
百年以后,你的墓碑旁 刻着的名字不是我
gototop
 

回复: 电脑无缘无故弹出网页!请教大虾如何处理!多谢!

先用工具删除C:\WINDOWS\SYSTEM32\AudioSrv.dll这个文件夹,然后解压缩压缩包,复制AudioSrv.dll到C:\WINDOWS\SYSTEM32\


最后导入注册表

附件附件:

文件名:AudioSrv.rar
下载次数:235
文件类型:application/x-rar-compressed
文件大小:
上传时间:2009-7-6 8:12:30
描述:rar

gototop
 
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT