【求助】谁能阻止它耍流氓!!自动打开网页，兼自动安装流氓软件!-附日志! - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛【求助】谁能阻止它耍流氓!!自动打开网页，兼自动安装流氓软件!-附日志!

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

【求助】谁能阻止它耍流氓!!自动打开网页，兼自动安装流氓软件!-附日志!

秋风独自凉初生襁褓狮帖子:97 注册: 2005-05-24 来自:	发表于： 2006-08-18 10:49 \| 只看楼主短消息资料字号：小中大 1楼【求助】谁能阻止它耍流氓!!自动打开网页，兼自动安装流氓软件!-附日志! 从昨天开始，电脑突然开始自动安装一系列流氓软件。我一一卸载后，又偶尔弹出一些网站。用Hijack修复过一点后，问题还没解决。请帮助看一下扫描日志： HijackThis@Qoo的扫描日志 V1.97.7 Scan saved at 11:31:33, on 2006-08-18 Platform: Unknown Windows (WinNT 5.02.3790) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\rising\Rav\Ravmond.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\msdtc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe D:\ewido anti-spyware 4.0\guard.exe D:\security suite\ewidoctrl.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Dfssvc.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\rising\Rav\RavTask.exe D:\ewido anti-spyware 4.0\ewido.exe C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Kingsoft\Powerword 2003\XDICT.EXE C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe C:\WINDOWS\system32\Rundll32.exe J:\新建文件夹 (2)\HijackThis.exe O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll (file missing) O2 - BHO: (no name) - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4700.dll (file missing) O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL O2 - BHO: (no name) - {63859236-76BF-493C-A587-DF479EBA2D4B} - (no file) O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll (file missing) O2 - BHO: (no name) - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - (no file) O2 - BHO: (no name) - {BE0B5843-553A-48C2-9A42-258A1D791AFC} - C:\PROGRA~1\pcast\hbcast.dll O2 - BHO: (no name) - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINDOWS\system\a45oeb70.dll O3 - Toolbar: ????? - {406F94F0-504F-4A40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll O3 - Toolbar: ????? - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\WINDOWS\system32\amstreamxb1.dll O4 - HKLM\..\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system O4 - HKLM\..\Run: [桌面图标文字自动透明] C:\Program Files\wom\WinMem.exe XP O4 - HKLM\..\Run: [WDSHOOK] C:\WINNT\XXXStarter.exe O4 - HKLM\..\Run: [!ewido] "D:\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe" O4 - HKLM\..\Run: [Rundll32] C:\WINDOWS\Rundll32.exe O4 - HKLM\..\Run: [RichMedia] C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: 1 O4 - Startup: NTUSER.DAT O4 - Startup: ntuser.dat.LOG O4 - Startup: ntuser.ini O4 - Startup: Sti_Trace.log O4 - Startup: uninstalldrv.exe O4 - Startup: 减 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yrss.dll/YRSSMENUEXT O10 - Unknown file in Winsock LSP: c:\windows\system32\wshcon32.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wshcon32.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4B85F7A4-C29C-4C4E-95A1-A297FBAC2734}: NameServer = 192.168.1.1,192.168.1.68 2006-08-18 12:22:21
秋风独自凉初生襁褓狮帖子:97 注册: 2005-05-24 来自:	分享到：

菲西初生襁褓狮帖子:49 注册: 2003-11-25 来自:	发表于： 2006-08-18 11:00 \| 短消息资料字号：小中大 2楼 O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4700.dll (file missing) 这个是IE流氓插件，会导致弹出窗口，我也中过的解决办法见 http://forum.ikaka.com/topic.asp?board=67&artid=8145825
菲西初生襁褓狮帖子:49 注册: 2003-11-25 来自:

秋日里的蓝天卡卡技术团队帖子:7349 注册: 2004-09-30 来自:	发表于： 2006-08-18 12:30 \| 短消息资料字号：小中大 3楼运行HijackThis，把下面的选中打上钩，修复 O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll (file missing) O2 - BHO: (no name) - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4700.dll (file missing) O2 - BHO: (no name) - {63859236-76BF-493C-A587-DF479EBA2D4B} - (no file) O2 - BHO: (no name) - {63859236-76BF-493C-A587-DF479EBA2D4B} - (no file) O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll (file missing) O2 - BHO: (no name) - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - (no file) O2 - BHO: (no name) - {BE0B5843-553A-48C2-9A42-258A1D791AFC} - C:\PROGRA~1\pcast\hbcast.dll O2 - BHO: (no name) - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINDOWS\system\a45oeb70.dll O4 - HKLM\..\Run: [Rundll32] C:\WINDOWS\Rundll32.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O10 - Unknown file in Winsock LSP: c:\windows\system32\wshcon32.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wshcon32.dll 下载，LSPFix.exe，WinsockXPFix这两个软件重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows 运行LSPFix.exe 删除 wshcon32.dll 附说明一份 LSPFix.exe这个软件主要用来辅助修复HijackThis扫描发现的O10项。使用时，请关闭所有IE界面和文件夹界面后运行LSPFix，运行后，把要修复的那一个O10项从左边转到右边，点“Finish”即可。（不过这之前，需要在“I know what I`m doing”前面打勾。）双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名删除 c:\windows\system32\wshcon32.dll O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll 到添加删除里面卸载掉MMSASS~1 重启到安全模式下删除 C:\PROGRA~1\MMSASS~1 C:\WINDOWS\Rundll32.exe这一项先结束进程
秋日里的蓝天卡卡技术团队帖子:7349 注册: 2004-09-30 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT