http://59.42.71.199/ndatin.aspx?param=ABdXNlcm5hbWU9Z3pEU0wzODkwNzAwMiZwb2xpY3lpZD03MDEmc291cmNldXJsPWZvcnVtLmlrYWthLmNvbS9nbG9iYWxhZC90b3BpYy90b3BpYy5odG0=
以上这个是弹出网页。。。我没有仔细研究过到底我开什么网页它会弹出。总的感觉就是我无论开什么网页,它都有机会弹出的。。。
以下是我用HIjack this扫描出来的文件。。
请高手帮我分析一下到底是哪些文件作怪。。谢谢
Logfile of HijackThis v1.99.1
Scan saved at 下午9:20, on 2006-8-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
f:\Program Files\ewido anti-spyware 4.0\guard.exe
d:\program files\mcafee.com\agent\mcdetect.exe
d:\PROGRA~1\mcafee.com\vso\mcshield.exe
d:\PROGRA~1\mcafee.com\agent\mctskshd.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\McAfee.com\VSO\mcvsshld.exe
D:\Program Files\McAfee.com\VSO\oasclnt.exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
d:\program files\mcafee.com\agent\mcagent.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
D:\WINDOWS\system32\taskmgr.exe
E:\Program Files\FlashGet\flashget.exe
E:\Program Files\Tencent\qq\QQ.exe
F:\PROGRA~1\TheWorld\TheWorld.exe
G:\Flashget Downloads\HijackThis.exe
O2 - BHO: WebThunder Browser Helper - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - e:\Program Files\Thunder Network\WebThunder\WebThunderBHO_011.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - F:\PROGRA~1\KuGoo\KUGOO3~1.OCX
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [VSOCheckTask] "D:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] D:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] D:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] f:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Piracy] "D:\WINDOWS\SysUtil.exe" /PIRACY
O8 - Extra context menu item: &使用迷你迅雷下载 - e:\Program Files\Thunder Network\ThunderMini\Program\GetUrl.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - F:\Program Files\KuGoo\KuGoo3DownX.htm
O8 - Extra context menu item: 使用Web迅雷下载 - e:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 - Extra context menu item: 使用Web迅雷下载全部链接 - e:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
O8 - Extra context menu item: 使用网际快车下载 - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: 新浪UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8} - e:\Program Files\sina\UC\uc.exe
O16 - DPF: {2BFAA61B-5C83-4865-8281-D8BDBF863061} (PGEdit Class) - https://www.gnetpg.com/PlugIn/PG_ATL.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {F2EB8999-766E-4BF6-AAAD-188D398C0D0B} (PBActiveX40 Control) - http://szdl.cmbchina.com/download/PB/pb50.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{883B61AB-E73A-4224-A140-715DCD72A1DC}: NameServer = 202.96.128.68,202.96.128.143
O17 - HKLM\System\CCS\Services\Tcpip\..\{A09BA38F-572A-4DB3-AC8D-06969A40CD77}: NameServer = 202.96.128.86 202.96.128.166
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WBSrv - F:\PROGRA~1\STARDOCK\
OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: SysTime - {724C75F1-B757-408D-A50A-4CF99DA35D73} - D:\PROGRA~1\WinKld\WinKld.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - f:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - d:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - d:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - d:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Norton AntiVirus 自动防护服务 (navapsvc) - Unknown owner - E:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - E:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SPBBCSvc - Unknown owner - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
