瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 求助:无故弹出广告,新更新日志!高手会战!【未解决】8月22日0:59

123   1  /  3  页   跳转

求助:无故弹出广告,新更新日志!高手会战!【未解决】8月22日0:59

收藏
七夜郎君
头像
初生襁褓狮
  • 帖子:18
  • 注册: 2005-09-08
  • 来自:
发表于: 2006-08-21 08:23 | 只看楼主 短消息 资料
字号: 1楼

求助:无故弹出广告,新更新日志!高手会战!【未解决】8月22日0:59

请各位大侠帮帮忙,谢谢了!
大约开机半小时左右便弹出:http://survey88.allyes.com/index.php?的垃圾广告
还会弹出:http://www.5617.com/news/2.htm
http://tv.mofile.com/cn/register/index.do?ch=26的广告
我分析是这两个:
O10 - Unknown file in Winsock LSP: c:\windows\system32\wmpcd32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wmpcd32.dll
但是删除了我就上不了网了 无语……呵呵!


Logfile of HijackThis v1.99.1
Scan saved at 8:11:27, on 2006-8-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
d:\Program Files\Rising\Rav\Ravmond.exe
d:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\Rising\Rav\RavStub.exe
D:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
d:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\igfxpers.exe
D:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\igfxsrvc.exe
D:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\BHDCRegC.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
D:\Program Files\淘宝网\淘宝旺旺\WangWang.exe
C:\WINDOWS\system32\conime.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\Tencent\QQ\TIMPlatform.exe
D:\Program Files\Maxthon2\Maxthon.exe
d:\program files\rising\rfw\RfwCfg.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\TDDownload\HijackThis.exe

R3 - Default URLSearchHook is missing
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RfwMain] "d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [BHDCRegC] C:\WINDOWS\system32\BHDCRegC.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\wmpcd32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wmpcd32.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://supportapj.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {091CDD73-1401-4643-9B9C-65B091C88685} (MyLinker Control) - http://skinstore.contents.mylinker.co.kr/module/MyLinker.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://kp.wuhan.net.cn/plugin/PowerPlr.ocx
O16 - DPF: {52DF16E3-6C4F-4B22-8BAF-09263E463B48} - http://zs.kingsoft.com/KOSInit.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152073396744
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152074722491
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {ACFE8232-03C5-4AEC-AF5E-42B806724096} (KSHScan Control) - http://safe.qq.com/scan/KAllScan.CAB
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) - http://dl_dir.qq.com/3dshow/3DShowVM.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://www.tenpay.com/download/qqedit.cab
O16 - DPF: {EF6205C1-3F17-4829-BCB5-1336ED89E356} - http://club.jiangmin.com/kvscan/KvDown.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - D:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

最后编辑2006-08-22 21:19:24
分享到:
gototop
 
七夜郎君
头像
初生襁褓狮
  • 帖子:18
  • 注册: 2005-09-08
  • 来自:
发表于: 2006-08-21 09:27 | 只看楼主 短消息 资料
字号: 2楼

神那 救救我吧!
gototop
 
sdjianyuan
头像
初生襁褓狮
  • 帖子:5
  • 注册: 2006-08-21
  • 来自:
发表于: 2006-08-21 10:35 | 短消息 资料
字号: 3楼

我的电脑和你的一样啊,你解决这个问题后能不能也告诉我?谢谢
gototop
 
wistom992
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2006-08-21
  • 来自:
发表于: 2006-08-21 10:37 | 短消息 资料
字号: 4楼

我也是,日志如下:
Logfile of HijackThis v1.99.0
Scan saved at 10:26:55, on 2006-8-21
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\Rising\Rav\RavStub.exe
C:\wt2ksrv\bin\Apache.exe
C:\wt2ksrv\bin\Apache.exe
C:\wt2ksrv\bin\mysqld-opt.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Rising\Rav\rav.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\tools\kill\hijackthis\HijackThis.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v8.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: 搜搜地址栏搜索 - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\QQ2006\QQIEHelper.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\QQ2006\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 把选定的内容发送到手机 - C:\PROGRA~1\佳禾\佳禾短~1\link.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\QQ2006\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\QQ2006\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\QQ2006\SendMMS.htm
O8 - Extra context menu item: 用比特精灵下载(&B) - D:\Program Files\bt精灵\BitSpirit\bsurl.htm
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2006\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2006\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ2006\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ2006\QQIEHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll
O16 - DPF: {658E8183-D04C-413A-9FCF-C04D610E81A3} (CCTest Control) - http://localhost/cctest.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {9124F9F5-EC7E-4399-9901-4F365B42FC88} (StoreAnswer Control) - http://localhost/zjks.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E70B1D40-D915-4BE8-8B0C-0AD2E9D16A3C}: NameServer = 192.168.0.1,220.187.24.2
O23 - Service: Apache2 - Apache Software Foundation - C:\wt2ksrv\bin\Apache.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MageServer - Unknown - C:\Program Files\Common Files\Conson.exe
O23 - Service: MySql - Unknown - C:\wt2ksrv\bin\mysqld-opt (file missing)
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rising Process Communication Center - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\Ravmond.exe
gototop
 
wistom992
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2006-08-21
  • 来自:
发表于: 2006-08-21 10:50 | 短消息 资料
字号: 5楼

O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll
有问题,就是清楚不了呀
gototop
 
zx765
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2006-08-20
  • 来自:
发表于: 2006-08-21 10:55 | 短消息 资料
字号: 6楼

我的也有这样的问题.有人帮忙解决吗??
gototop
 
七夜郎君
头像
初生襁褓狮
  • 帖子:18
  • 注册: 2005-09-08
  • 来自:
发表于: 2006-08-21 12:25 | 只看楼主 短消息 资料
字号: 7楼

引用:
【wistom992的贴子】O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll
有问题,就是清楚不了呀
………………

哎 无语中 同命相怜
gototop
 
秋日里的蓝天
头像
卡卡技术团队
  • 帖子:7349
  • 注册: 2004-09-30
  • 来自:
发表于: 2006-08-21 12:27 | 短消息 资料
字号: 8楼

【回复“七夜郎君”的帖子】
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\wmpcd32.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\wmpcd32.dll

请下载LSPFix和WinsockXPFix这两个软件,它们在:
[必读]本版说明及常用小软件下载

http://forum.ikaka.com/topic.asp?board=67&artid=5188931
  重新启动电脑, 进入安全模式。运行LSPFix.exe,删除:
wmpcd32.dll

说明:
LSPFix这个软件主要用来辅助修复HijackThis扫描发现的O10项。使用时,请关闭所有IE界面和文件夹界面后运行LSPFix。运行后,把要修复的那一个O10项从左边转到右边,点“Finish”即可。修复后重启计算机,如果无法上网,请运行WinsockXPFix,让它修复一下。
gototop
 
秋日里的蓝天
头像
卡卡技术团队
  • 帖子:7349
  • 注册: 2004-09-30
  • 来自:
发表于: 2006-08-21 12:29 | 短消息 资料
字号: 9楼

【回复“wistom992”的帖子】
O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll
请下载LSPFix和WinsockXPFix这两个软件,它们在:
[必读]本版说明及常用小软件下载

http://forum.ikaka.com/topic.asp?board=67&artid=5188931
  重新启动电脑, 进入安全模式。运行LSPFix.exe,删除:
quartz32.dll

说明:
LSPFix这个软件主要用来辅助修复HijackThis扫描发现的O10项。使用时,请关闭所有IE界面和文件夹界面后运行LSPFix。运行后,把要修复的那一个O10项从左边转到右边,点“Finish”即可。修复后重启计算机,如果无法上网,请运行WinsockXPFix,让它修复一下。
gototop
 
johnsBB
头像
初生襁褓狮
  • 帖子:59
  • 注册: 2006-01-17
  • 来自:
发表于: 2006-08-21 12:33 | 短消息 资料
字号: 10楼

为什么这个世界上那么少高手呢??
真是潜水高手!!!!
只有一个高手出来了。
gototop
 
<<上一主题|下一主题>>
123   1  /  3  页   跳转
页面顶部
Powered by Discuz!NT