1   1  /  1  页   跳转

help...弹出网站 http://www.677977.com/

收藏
43543543543534
头像
初生襁褓狮
  • 帖子:3
  • 注册: 2006-03-16
  • 来自:
发表于: 2006-03-16 18:25 | 只看楼主 短消息 资料
字号: 1楼

help...弹出网站 http://www.677977.com/

Logfile of HijackThis v1.99.1
Scan saved at 18:27:10, on 2006-3-16
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\SYSTEM32\RUNDLL32.EXE
C:\Program Files\Common Files\SAND\qqfacerclient.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\WNILOGON.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\系统扫描\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: ClosePopup Class - {2645D297-DD4B-4DD3-BAB0-34D4BB8F7EE6} - D:\Program Files\MiniPopupKiller\cpw.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\kakatool.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SonudMan] C:\WINNT\system32\WNILOGON.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [internat.exe] internat.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {57E91B47-F40A-11D1-B792-444553542001} - F:\NEWSOFT\Windows优化大师.exe
O9 - Extra 'Tools' menuitem: &Windows优化大师 - {57E91B47-F40A-11D1-B792-444553542001} - F:\NEWSOFT\Windows优化大师.exe
O16 - DPF: {3D812B3C-B008-4A21-ACF0-9E3389ACE6E5} (PopKart Control) - http://popkart.tiancity.com/homepage/js/PopKartX.cab
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (天下搜索) - http://iebar.t2t2.com/iebar.cab
O16 - DPF: {7253A666-8D4A-11D7-A4DC-00E04C504779} (BDC Control) - http://www.jiqingliao.com/BDC.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cab
O16 - DPF: {750AD907-AEFD-4B79-993E-601BED023C75} (XLauncher Class) - http://www.movom.com/X.CAB
O16 - DPF: {88734439-46D0-42C0-A13F-7E881EE550CF} (Filetran Control) - http://www.bluesky.cn/download/filetran.cab
O16 - DPF: {9675ABBF-8D0B-4956-868C-934B5A7928D4} (Npv Control) - https://nprotect.lineage2.com.tw/nprotect/nprotect2004/ncsoft/npv.cab
O16 - DPF: {98A62E3F-A8C5-4EF0-8A00-C70CF9D18A89} (LoaderCore Class) - http://tb.sogou.com/DLLoader.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://nprotect.lineage2.com.tw/nprotect/keycrypt/npkcx.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.80_20060123.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{358C4408-ABA9-4E99-9089-D2EE41FA0462}: NameServer = 202.101.172.46 202.101.172.47
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Network Connection - Unknown owner - C:\WINNT\vent.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINNT\system32\npkcsvc.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Transaction Coordinator - Unknown owner - C:\WINNT\Service.exe
O23 - Service: Windows Print Controller (Universal Disk Manager) - COMENET TECHNOLOGY - C:\Program Files\Common Files\SAND\qqfacerclient.exe
O23 - Service: Windows Player - Unknown owner - C:\WINNT\ACDSee.exe

最后编辑2006-03-16 19:20:59
分享到:
gototop
 
天使之剑
头像
社区嘉宾
  • 帖子:2961
  • 注册: 2005-09-15
  • 来自:
发表于: 2006-03-16 18:51 | 短消息 资料
字号: 2楼

【回复“43543543543534”的帖子】



请楼主使用下面的两个多引擎扫描器扫描下列文件:
D:\Program Files\MiniPopupKiller\cpw.dll
C:\WINNT\system32\WNILOGON.exe
C:\WINNT\vent.exe
C:\WINNT\Service.exe
C:\Program Files\Common Files\SAND\qqfacerclient.exe
C:\WINNT\ACDSee.exe
多引擎扫描之Virustotal:

http://www.virustotal.com/
多引擎扫描之Jotti:

http://virusscan.jotti.org/


请务必将报告贴全。
gototop
 
43543543543534
头像
初生襁褓狮
  • 帖子:3
  • 注册: 2006-03-16
  • 来自:
发表于: 2006-03-16 19:13 | 只看楼主 短消息 资料
字号: 3楼

在http://www.virustotal.com/下
This is a report processed by VirusTotal on 03/16/2006 at 12:01:25 (CET) after scanning the

file "cpw.dll" file.
Antivirus Version Update Result
AntiVir 6.34.0.53 03.15.2006 no virus found
Avast 4.6.695.0 03.14.2006 no virus found
AVG 718 03.15.2006 no virus found
Avira 6.34.0.53 03.16.2006 no virus found
BitDefender 7.2 03.16.2006 no virus found
CAT-QuickHeal 8.00 03.14.2006 no virus found
ClamAV devel-20060126 03.16.2006 no virus found
DrWeb 4.33 03.16.2006 no virus found
eTrust-InoculateIT 23.71.103 03.16.2006 no virus found
eTrust-Vet 12.4.2121 03.16.2006 no virus found
Ewido 3.5 03.16.2006 no virus found
Fortinet 2.71.0.0 03.16.2006 no virus found
F-Prot 3.16c 03.16.2006 no virus found
Ikarus 0.2.59.0 03.15.2006 no virus found
Kaspersky 4.0.2.24 03.16.2006 no virus found
McAfee 4719 03.15.2006 no virus found
NOD32v2 1.1446 03.16.2006 no virus found
Norman 5.70.10 03.16.2006 no virus found
Panda 9.0.0.4 03.16.2006 no virus found
Sophos 4.03.0 03.16.2006 no virus found
Symantec 8.0 03.16.2006 no virus found
TheHacker 5.9.5.114 03.15.2006 no virus found
UNA 1.83 03.15.2006 no virus found
VBA32 3.10.5 03.15.2006 no virus found

This is a report processed by VirusTotal on 03/16/2006 at 12:01:25 (CET) after scanning the

file "WNILOGON.exe" file.
Antivirus Version Update Result
AntiVir 6.34.0.53 03.15.2006 TR/PSW.Delf.AI.1
Avast 4.6.695.0 03.14.2006 no virus found
AVG 718 03.15.2006 no virus found
Avira 6.34.0.53 03.16.2006 TR/PSW.Delf.AI.1
BitDefender 7.2 03.16.2006 no virus found
CAT-QuickHeal 8.00 03.14.2006 (Suspicious) - DNAScan
ClamAV devel-20060126 03.16.2006 no virus found
DrWeb 4.33 03.16.2006 Trojan.DownLoader.7259
eTrust-InoculateIT 23.71.103 03.16.2006 no virus found
eTrust-Vet 12.4.2121 03.16.2006 no virus found
Ewido 3.5 03.16.2006 Logger.Delf.op
Fortinet 2.71.0.0 03.16.2006 suspicious
F-Prot 3.16c 03.16.2006 could be infected with an unknown virus
Ikarus 0.2.59.0 03.15.2006 IM-Worm.Win32.Lewor.AF
Kaspersky 4.0.2.24 03.16.2006 Trojan-Spy.Win32.Delf.op
McAfee 4719 03.15.2006 W32/Generic.Delphi.b
NOD32v2 1.1446 03.16.2006 probably unknown NewHeur_PE virus
Norman 5.70.10 03.16.2006 no virus found
Panda 9.0.0.4 03.16.2006 Suspicious file
Sophos 4.03.0 03.16.2006 no virus found
Symantec 8.0 03.16.2006 no virus found
TheHacker 5.9.5.114 03.15.2006 no virus found
UNA 1.83 03.15.2006 Trojan.Spy.Win32.Delf
VBA32 3.10.5 03.15.2006 Trojan-Spy.Win32.Delf.op

C:\WINNT\vent.exe
C:\WINNT\Service.exe
C:\WINNT\ACDSee.exe
这两个不能扫描..可能是文件太小了.(File size can't be more than 10 Megabytes.
You can't try compressing it.)


This is a report processed by VirusTotal on 03/16/2006 at 12:05:07 (CET) after scanning the

file "qqfacerclient.exe" file.
Antivirus Version Update Result
AntiVir 6.34.0.53 03.15.2006 ADSPY/AdHelper.K
Avast 4.6.695.0 03.14.2006 no virus found
AVG 718 03.15.2006 Adware Generic.LHS
Avira 6.34.0.53 03.16.2006 ADSPY/AdHelper.K
BitDefender 7.2 03.16.2006 Trojan.Downloader.6098.A
CAT-QuickHeal 8.00 03.14.2006 no virus found
ClamAV devel-20060126 03.16.2006 Adware.Qhelp-1
DrWeb 4.33 03.16.2006 Trojan.DownLoader.6098
eTrust-InoculateIT 23.71.103 03.16.2006 no virus found
eTrust-Vet 12.4.2121 03.16.2006 no virus found
Ewido 3.5 03.16.2006 Adware.AdHelper
Fortinet 2.71.0.0 03.16.2006 BDoor.CVM!bdr
F-Prot 3.16c 03.16.2006 no virus found
Ikarus 0.2.59.0 03.15.2006 AdWare.AdHelper.K
Kaspersky 4.0.2.24 03.16.2006 not-a-virus:AdWare.Win32.AdHelper.k
McAfee 4719 03.15.2006 BackDoor-CVM
NOD32v2 1.1446 03.16.2006 a variant of Win32/Adware.AdHelper
Norman 5.70.10 03.16.2006 W32/AdHelper.K
Panda 9.0.0.4 03.16.2006 no virus found
Sophos 4.03.0 03.16.2006 no virus found
Symantec 8.0 03.16.2006 Download.Trojan
TheHacker 5.9.5.114 03.15.2006 Adware/AdHelper.k
UNA 1.83 03.15.2006 Adware.AdHelper
VBA32 3.10.5 03.15.2006 Trojan.DownLoader.6098
在http://virusscan.jotti.org/下
C:\WINNT\vent.exe
C:\WINNT\Service.exe
C:\WINNT\ACDSee.exe(扫描不出。可能是文件大小的缘故..)
Service load:  0%        100% 

File:  cpw.dll 
Status:  OK 
MD5  be8394a7c76f422f1b75077dafa7070d 
Packers detected:  -
Scanner results 
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
UNA  Found nothing
VirusBuster  Found nothing
VBA32  Found nothing

Service load:  0%        100% 

File:  WNILOGON.exe 
Status:  INFECTED/MALWARE 
MD5  bdbf816a5f62a5c0d968e1d608e5ec7b 
Packers detected:  FSG
Scanner results 
AntiVir  Found Trojan/PSW.Delf.AI.1 
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found Trojan.DownLoader.7259 
F-Prot Antivirus  Found unknown virus (probable variant) 
Fortinet  Found nothing
Kaspersky Anti-Virus  Found Trojan-Spy.Win32.Delf.op 
NOD32  Found probably unknown NewHeur_PE (probable variant) 
Norman Virus Control  Found nothing
UNA  Found nothing
VirusBuster  Found nothing
VBA32  Found Trojan-Spy.Win32.Delf.op 


Service load:  0%        100% 

File:  qqfacerclient.exe 
Status:  INFECTED/MALWARE 
MD5  0bcf0b106fe49c80a6765e010c7c39df 
Packers detected:  -
Scanner results 
AntiVir  Found Adware-Spyware/AdHelper.K adware 
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found Generic.LHS 
BitDefender  Found Trojan.Downloader.6098.A 
ClamAV  Found Adware.Qhelp-1 
Dr.Web  Found Trojan.DownLoader.6098 
F-Prot Antivirus  Found nothing
Fortinet  Found BDoor.CVM!bdr 
Kaspersky Anti-Virus  Found not-a-virus:AdWare.Win32.AdHelper.k 
NOD32  Found a variant of Win32/Adware.AdHelper application 
Norman Virus Control  Found W32/AdHelper.K 
UNA  Found Adware.AdHelper 
VirusBuster  Found nothing
VBA32  Found Trojan.DownLoader.6098 
gototop
 
天使之剑
头像
社区嘉宾
  • 帖子:2961
  • 注册: 2005-09-15
  • 来自:
发表于: 2006-03-16 19:20 | 短消息 资料
字号: 4楼

【回复“43543543543534”的帖子】



“开始”,“控制面板”,“性能和维护”,“管理工具”,双击“服务”图标,右击所要停用的服务Network Connection、Transaction Coordinator、Windows Print Controller和Windows Player,点击“停止”。



恢复TXT文件关联:
打开注册表编辑器,定位HKCR\TXTFILE\SHELL\OPEN\COMMAND,看看右边的数据一项是不是%SystemRoot%\system32\notepad.exe %1,如果不是,请更正。



清空IE临时文件,暂时关闭系统还原。重新启动至安全模式,关闭所有不必要的窗口,使用HijackThis扫描后修复(在需要修复的项目前面打对勾,然后按“Fix checked”或“修复”,修复前会询问您是否需要备份,请选择“Yes”或“是”):
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [SonudMan] C:\WINNT\system32\WNILOGON.exe
重新启动计算机,显示隐藏文件和系统文件,删除(如果存在的话):
C:\WINNT\system32\WNILOGON.exe
C:\WINNT\vent.exe
C:\WINNT\Service.exe
C:\Program Files\Common Files\SAND文件夹
C:\WINNT\ACDSee.exe
待修复完成,如果问题依旧,请继续跟帖说明情况。
以上建议仅供参考,如果您认识其中的一些设置抑或是您的手动设置,就不必执行。
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT