自动弹出http://59.42.71.245:88/ndatin.aspx?----

自动弹出http://59.42.71.245:88/ndatin.aspx?---- - 故障解答 - 电脑教程网
站点导航
相关链接

自动弹出http://59.42.71.245:88/ndatin.aspx?----

日期:2006-11-10   荐:
.Oep979 最近打开网页时,不时会弹出hxxp://59.42.71.245:88/ndatin.aspx?param=ABdXNlcm5hbWU9Z3pEU0wxNDA4NDQ1MyZwb2xpY3lpZD03MDEmc291cmNldXJsPXd3dy5jaGluYWVuZ2xpc2guY29tLmNuLw== 里面是空白的,什么内容也没有。 查毒杀毒系统还原搞了很久也没解决```` 有没有谁有这种情况的?告诉下解决方法吧。。。

能否参考俺的签名,用hijackthis或sreng扫描一个报告看看。

应该是恶意被装了插件!有没有用360安全卫士修复过呢? 如果没有,那最好用它修复一下子吧

用卫士修复过了,还是不行。 这是HIJACK的扫描结果: Logfile of HijackThis v1.99.1 Scan saved at 23:37:39, on 2006-12-25 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\ctfmon.exe D:\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\svchost.exe D:\Winamp\Winamp.exe D:\QQ\TIMPlatform.exe D:\复件 MYIE2\复件 MYIE2\MyIE.exe D:\ha_hijackthis\HijackThis.exe O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [SKYNET Personal FireWall] D:\Firewall\PFW.exe

.

O4 - HKLM\..\Run: [BigDogPath] rem ; C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x O4 - HKLM\..\Run: [ATICCC] rem ; "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [DAEMON Tools-1033] rem ; "E:\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [KernelFaultCheck] rem ; %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [StormCodec_Helper] rem ; "D:\Storm Codec\StormSet.exe" /S /opti O4 - HKLM\..\Run: [TkBellExe] rem ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WinampAgent] rem ; "D:\Winamp\Winampa.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\QQ\AddToNetDisk.htm O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: 添加到QQ自定义面板 - D:\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - D:\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\QQ\SendMMS.htm O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\浩方对战平台\GameClient.exe (file missing) O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\QQ\QQ.EXE O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\QQ\QQ.EXE O14 - IERESET.INF: SEARCH_PAGE_URL= O14 - IERESET.INF: START_PAGE_URL= O16 - DPF: {52DF16E3-6C4F-4B22-8BAF-09263E463B48} (金山毒霸在线产品升级) - http://www.duba.net/cab/KOSInit.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe dngz.net您的电脑医生 O23 - Service: ewido security suite control - ewido networks - D:\ewido anti-malware\ewidoctrl.exe

这是SRENG的扫描结果: Windows XP Professional (Build 2600) - 管理权限用户 - 完整功能 以下内容被选中:     所有的启动项目(包括注册表、启动文件夹、服务等)     浏览器加载项     正在运行的进程(包括进程模块信息)     文件关联     Winsock 提供者     Autorun.inf     HOSTS 文件 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]     <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]     <IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]     <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]     <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]     <SKYNET Personal FireWall><D:\Firewall\PFW.exe> [天网]     <BigDogPath><rem ; C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x> [N/A]     <ATICCC><rem ; "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay> [N/A]     <DAEMON Tools-1033><rem ; "E:\D-Tools\daemon.exe" -lang 1033> [DAEMON'S HOME]     <KernelFaultCheck><rem ; %systemroot%\system32\dumprep 0 -k> [N/A]     <StormCodec_Helper><rem ; "D:\Storm Codec\StormSet.exe" /S /opti> [N/A]     <TkBellExe><rem ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [N/A]     <WinampAgent><rem ; "D:\Winamp\Winampa.exe"> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]     <shell><Explorer.exe> [(Verified)Microsoft Corporation]

本文来自 www.dngz.net

    <Userinit><C:\WINDOWS\SYSTEM32\Userinit.exe,> [(Verified)Microsoft Corporation]     <UIHost><logonui.exe> [(Verified)Microsoft Corporation] ================================== 启动文件夹 [Microsoft Office]  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N> ================================== 服务 [Ati HotKey Poller / Ati HotKey Poller]  <C:\WINDOWS\System32\Ati2evxx.exe><ATI Technologies Inc.> [ATI Smart / ATI Smart]  <C:\WINDOWS\system32\ati2sgag.exe><> [ewido security suite control / ewido security suite control]  <D:\ewido anti-malware\ewidoctrl.exe><ewido networks> [Human Interface Device Access / HidServ]  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [IMAPI CD-Burning COM Service / ImapiService]  <C:\WINDOWS\System32\imapi.exe><Microsoft Corporation> ================================== 驱动程序 [AC2003 / AC2003]  <System32\Drivers\AC2003.sys><ABIT Computer Corp.> [Service for Realtek AC97 Audio (WDM) / ALCXWDM]  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.> [ati2mtag / ati2mtag]  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.> [d347bus / d347bus]  <\SystemRoot\System32\DRIVERS\d347bus.sys><> [d347prt / d347prt]  <\SystemRoot\System32\Drivers\d347prt.sys><> [EagleNT / EagleNT]  <\?\C:\WINDOWS\System32\drivers\EagleNT.sys><N/A> [FREEPROC / FREEPROC]  <\?\D:\新龙族-永久免费网游\freeproc.sys><N/A> [kmsinput / kmsinput]  <\?\C:\WINDOWS\System32\drivers\kmsinput.sys><N/A> [npkcrypt / npkcrypt]  <\?\D:\QQ\npkcrypt.sys><INCA Internet Co., Ltd.> dngz.net您的电脑医生 [nvatabus / nvatabus]  <\SystemRoot\System32\DRIVERS\nvatabus.sys><NVIDIA Corporation> [NVIDIA nForce Networking Controller Driver / NVENET]  <System32\DRIVERS\NVENET.sys><NVIDIA Corporation> [NVIDIA nForce AGP Bus Filter / nv_agp]  <\SystemRoot\System32\DRIVERS\nv_agp.sys><NVIDIA Corporation> [Direct Parallel Link Driver / Ptilink]  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation> [Secdrv / Secdrv]  <System32\DRIVERS\secdrv.sys><N/A> [SKNFW / SKNFW]  <\?\C:\WINDOWS\System32\Drivers\SKNFW.sys><N/A> [World Standard Teletext Codec / WSTCODEC]  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation> ================================== 浏览器加载项 [浩方对战平台]  {0A155D3C-68E2-4215-A47A-E800A446447A} <D:\浩方对战平台\GameClient.exe, N/A> [QQ]  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\QQ\QQ.EXE, TENCENT> [FlashGet Bar]  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft> [电台(&R)]  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation> [金山毒霸在线产品升级]  {52DF16E3-6C4F-4B22-8BAF-09263E463B48} <C:\PROGRA~1\KOS\KOSInit.ocx, 金山软件股份有限公司> [Shockwave Flash Object]  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.> [上传到QQ网络硬盘]  <D:\QQ\AddToNetDisk.htm, N/A> [使用网际快车下载]  <C:\Program Files\FlashGet\jc_link.htm, N/A> [使用网际快车下载全部链接]  <C:\Program Files\FlashGet\jc_all.htm, N/A> [添加到QQ自定义面板]  <D:\QQ\AddPanel.htm, N/A> , [添加到QQ表情]  <D:\QQ\AddEmotion.htm, N/A> [用QQ彩信发送该图片]  <D:\QQ\SendMMS.htm, N/A> ================================== 正在运行的进程 [PID: 408][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 576][\?\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 680][\?\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]     [C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4132] [PID: 724][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 736][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 888][C:\WINDOWS\System32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4132]     [C:\WINDOWS\System32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2500] [PID: 920][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1024][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1216][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1272][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1340][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4132]     [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2500] [PID: 1472][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]     [C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll] [, 1, 0, 0, 1] [PID: 1568][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [PID: 1712][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] dngz.net [PID: 1912][D:\ewido anti-malware\ewidoctrl.exe] [ewido networks, 3, 0, 0, 1]     [D:\ewido anti-malware\lang.dll] [privat, 1, 0, 0, 1] [PID: 160][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 248][C:\WINDOWS\System32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)] [PID: 1440][D:\Winamp\Winamp.exe] [Nullsoft, 2.81]     [D:\Winamp\Plugins\IN_CDDA.DLL] [N/A, N/A]     [D:\Winamp\Plugins\IN_MIDI.DLL] [N/A, N/A]     [D:\Winamp\Plugins\read_file.dll] [N/A, N/A]     [D:\Winamp\Plugins\IN_MOD.DLL] [N/A, N/A]

    [D:\Winamp\Plugins\IN_MP3.DLL] [N/A, N/A]     [D:\Winamp\Plugins\in_vorbis.dll] [N/A, N/A]     [D:\Winamp\Plugins\IN_WAVE.DLL] [N/A, N/A]     [D:\Winamp\Plugins\IN_WM.DLL] [N/A, N/A]     [D:\Winamp\Plugins\OUT_DISK.DLL] [N/A, N/A]     [D:\Winamp\Plugins\OUT_DS.DLL] [N/A, N/A]     [D:\Winamp\Plugins\out_wave.dll] [N/A, N/A]     [D:\Winamp\Plugins\OUT_WM.DLL] [N/A, N/A]     [D:\Winamp\Plugins\gen_MiniLyrics.dll] [N/A, N/A]     [D:\Winamp\Plugins\MiniLyrics.dll] [N/A, N/A]     [D:\QQ\qdshm.dll] [, 1, 0, 1, 2]     [C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]     [C:\WINDOWS\System32\tssoft32.acm] [DSP GROUP, INC., 1.01]     [C:\WINDOWS\System32\tsd32.dll] [N/A, N/A]     [C:\WINDOWS\System32\sl_anet.acm] [Sipro Lab Telecom Inc., 3.02]     [C:\WINDOWS\System32\iac25_32.ax] [Intel Corporation, 2.05.53]

    [C:\WINDOWS\System32\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]     [C:\WINDOWS\System32\vct3216.acm] [Voxware, Inc., 1.6.0.17]     [C:\WINDOWS\System32\vct3216.dll] [Voxware, Inc., 1.6.0.12]     [C:\WINDOWS\System32\msms001.vwp] [Voxware, Inc., 2.0.2.61]     [C:\WINDOWS\System32\mvoice.vwp] [Voxware, Inc., 2.0.0.12.01]

dngz.net您的电脑医生

[PID: 1516][D:\QQ\TIMPlatform.exe] [tencent, 0, 3, 1, 8]     [D:\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4] [PID: 1016][D:\复件 MYIE2\复件 MYIE2\MyIE.exe] [MY Soft Technology, 0, 9, 27, 68]     [D:\复件 MYIE2\复件 MYIE2\Plugin\ViewSource\ViewSrc.dll] [, 1, 0, 0, 1]     [D:\复件 MYIE2\复件 MYIE2\Services\RealTime\real_time.dll] [, 1, 0, 0, 1]     [C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]     [C:\WINDOWS\System32\NQWBX.IME] [念青:http://nq.yeah.net, 2.03.05.08] [PID: 1540][D:\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S]

.CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}]

把这个hxxp://59.42.71.245:88/ndatin.aspx?加入hosts文件试试如何(http换成hxxp了): 127.0.0.1 hxxp://59.42.71.245:88/ndatin.aspx?

标签:

Powered by 电脑教程网 © 2004-2015 pc.ximizi.com Inc.