[求助]浏览器问题

wuyou

无忧启动论坛不接受任何外来的广告，也没有放置任何插件。
应该是你的IE中招了，与无忧无关。
前两天我另外一台电脑也遇到IE自动弹窗口的情况，后来才修复。
现在网上流氓插件太多了。

peak8

我的电脑症状依旧, 新安装的系统啊,还是用卡巴扫描了全盘,并安装了sysshield.

6618

我也想搞清楚是什么问题，我这里发了一个求助帖：

http://bbs.wuyou.net/forum.php?m ... =page%3D1#pid847385

peak8

现在，我重新启动了电脑后，把卡巴的保护暂时取消，然后，又把Internet选项里“隐私”标签中的"阻止弹出窗口"去掉勾选，打开无忧的论坛主页，出现了弹出的窗口，接着按Ctrl+N，看弹出窗口的具体地址。

注意，把Internet选项里“隐私”标签中的"阻止弹出窗口"勾选上的话，弹出窗口绝对是看不到，会被系统屏蔽掉的，并且，此时页面顶端（靠地址栏处）的提示出现了眨眼的功夫就消失了，正常情况，那种提示会停在那里，用户可以单击它，让 阻止的窗口再弹出来。

我这里是扬州，老毛桃是扬州的，希望他能看看，会不会是电信在捣鬼，我用的是ADSL。

peak8

又重新启动了一下，重复楼上的操作，依然上的wuyou.  现象依然。下面再重起，上另外的网站看看。

[ 本帖最后由 peak8 于 2006-8-6 08:58 AM 编辑 ]

peak8

重起过后，拨号，仍然取消卡巴的保护，取消弹出窗口的勾选，上了www.tom.com，首先弹出个没内容的窗口(219.133.33.46)，很快又转到了先前的那个窗口(http://219.133.33.46/angel.html).

关掉所有窗口,再上无忧,没有弹出窗口.

peak8

又重新启动，然后，上www.jdjy.cc，并浏览若干链接，没有弹出窗口，再上无忧，弹出了先前的窗口

wang6071

当地电信Adsl可能与网站有合作,可能不是你的机器的问题.
比如与电信合作的互联星空,如果没到电信去申请关闭,也会出现域名劫持．

可以用host文件屏蔽,以互联星为例：
127.0.0.1       220.167.29.102:5001             # 雪花啤酒
127.0.0.1       sc.vnet.cn                    　　  # 互联星空

虽然是屏蔽了，但如果未到电信申请关闭，弹出窗口是空白IE窗口．如果申请了屏蔽则不会有弹出．

peak8

感谢wangsea的答复，刚重新启动了一下，上www.ibm.com,弹出那个恶心的窗口！再上wuyou,还是弹出。

搞不清是什么问题了。可恶的adsl.

wang6071

突然发现你的弹出网站是:www.ibm.com

那么:
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {59CCB4A0-727D-11CF-AC36-00AA00A47DD2} (Timer Object) - http://movie.yzvod.com/player/tools/ietimer.cab

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-3.ibm.com/pc/support/IbmEgath.cab
是否有点可疑？（你的是IBM笔记本吗?）

还有：
O17 - HKLM\System\CCS\Services\Tcpip\..\{455E0399-7723-4B7D-B854-895367589D19}: NameServer = 10.2.0.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{81793D87-9D32-4107-BE75-394CAD77BD8D}: NameServer = 61.147.37.1 61.177.7.1
这两项是你当地的Asp服务商地址吗?

peak8

用的ibm thinkpad x30

突然发现你的弹出网站是:www.ibm.com
-----不会弹出www.ibm.com，只是刚才，上www.ibm.com也弹出那个恶心的窗口

O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {59CCB4A0-727D-11CF-AC36-00AA00A47DD2} (Timer Object) - http://movie.yzvod.com/player/tools/ietimer.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-3.ibm.com/pc/support/IbmEgath.cab
是否有点可疑？（你的是IBM笔记本吗?）
-----这些都没有问题的，第一个是支付宝网站，第二个是扬州宽带上的播放窗口上显示进度条的东西，第三个是ibm上检测笔记本配置的

我现在重新安装了系统，以上三个网站还没有上过呢，但问题情况依旧，所以肯定和他们无关。


O17 - HKLM\System\CCS\Services\Tcpip\..\{455E0399-7723-4B7D-B854-895367589D19}: NameServer = 10.2.0.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{81793D87-9D32-4107-BE75-394CAD77BD8D}: NameServer = 61.147.37.1 61.177.7.1
这两项是你当地的Asp服务商地址吗?
-----10.2.0.4是教育城域网内网的IP（我设在了本机网卡上了，以便以后在office使用）   61.147.37.1      61.177.7.1应该是电信的

[ 本帖最后由 peak8 于 2006-8-6 10:05 AM 编辑 ]

peak8

说明，这种弹出窗口情况好像大都发生在打开首页的时候。

peak8

原帖由 gd510090 于 2006-8-6 11:50 AM 发表
打电信客服电话报故障，最好能动员技术人员带笔记本和ADSL MODEM去，这样就能知道是不是你电脑的问题
若是你电脑问题，弄不好是安装盘有问题

100%排除安装盘问题。

peak8

请看看这里：http://bbs.sznews.com/forum/topi ... 157157&pageNo=1
这个帖子的作者也有我类似的苦恼

我这里弹出的网址是http://219.133.33.37/angel.html
直接上219.133.33.37的话，会转到http://imguv.21cn.com/topic/oy-lm/oy.html   21cn.com的IP为 61.140.60.90   不知道二者是什么勾当

我现在想弄清楚，前述我的电脑弹出窗口的行为是我电脑自身的问题，还是我当地的电信搞鬼。

peak8

更多有关219.133.33.37的弹出广告
http://www.baidu.com/s?word=doma ... ;ie=gb2312&ct=0

我真怀疑我们当地电信作了手脚！！

peak8

值得一看：http://i.sunnyblog.net/archives/000577.html

peak8

谁能提供TCPMonitor，找了好久了，没找到啊

6618

朋友，我在我的空间上传了两个杀毒辅助工具，一个是安全分析专家，一个是智能杀毒伴侣，这两个都是绿色软件，这两个工具也是我比较常用的，请你去下载下来，用它们扫描你的机子，把日志传到论坛上，我们一起来研究研究。网址：
http://6618.ys168.com/

在peak8文件夹下。

peak8

#T0 SecAnalyst 分析报告 版本:0, 4, 0, 47
#操作系统 : Microsoft Windows XP Professional Service Pack 2 (Build 2600) (CHS)
#系统目录 : C:\WINDOWS\system32
#浏览器   : Internet Explorer 6.0.2900.2180
#生成时间 : 2006-8-6 18:48:51

#T2 请把报告贴到安全救援中心bbs.s-sos.net,我们的专家会为你做出诊断，另外，报告中的安全风险值仅仅表示可疑程度。
#Q1 (请在此输入你的电脑遇到的问题和异常情况..)


#O4  危险     自启动:[hkey_current_user\software\microsoft\windows\currentversion\explorer\shell folders\系统安全盾.lnk]-c:\documents and settings\jm\start menu\programs\startup\系统安全盾.lnk
#O4  危险     自启动:[hkey_local_machine\software\microsoft\windows nt\currentversion\windows\Appinit_Dlls]-c:\progra~1\kasper~1\kasper~1.0\adialhk.dll
#O4  警告     自启动:[hkey_local_machine\software\microsoft\windows\currentversion\run\TPHOTKEY]-c:\progra~1\lenovo\pkgmgr\hotkey\tphkmgr.exe
#O4  警告     自启动:[hkey_local_machine\software\microsoft\windows\currentversion\run\BMMLREF]-c:\program files\thinkpad\utilities\bmmlref.exe
#O4  警告     自启动:[hkey_local_machine\software\microsoft\windows\currentversion\run\DAEMON Tools-1033]-"c:\program files\d-tools\daemon.exe"  -lang 1033
#O4  低风险   自启动:[hkey_local_machine\software\microsoft\windows\currentversion\shell extensions\approved\WinRAR shell extension]-c:\program files\winrar\rarext.dll
#O4  低风险   自启动:[hkey_local_machine\software\microsoft\windows\currentversion\run\BMMGAG]-rundll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,startpwrmonitor
#O4  低风险   自启动:[hkey_local_machine\software\microsoft\windows\currentversion\shell extensions\approved\Display Panning CPL Extension]-deskpan.dll [file not found]
#O4  低风险   自启动:[hkey_local_machine\software\microsoft\windows\currentversion\shell extensions\approved\Web Anti-Virus]-c:\program files\kaspersky lab\kaspersky internet security 6.0\scieplugin.dll


#D0  低风险   驱动: C:\Program Files\系统安全盾\SafeReg.sys
#D0  低风险   驱动: C:\WINDOWS\system32\drivers\klif.sys
#D0  低风险   驱动: C:\WINDOWS\System32\Drivers\TPHKDRV.SYS
#D0  低风险   驱动: C:\WINDOWS\System32\drivers\Tppwr.sys


#IE1 警告     IE设置: IE浏览器链接栏名称被恶意修改!
推荐删除: LinksFolderName: Links - HKCU\Software\Microsoft\Internet Explorer\Toolbar ,LinksFolderName

#M0  危险     DLL:C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll
#M0  警告     DLL:C:\WINDOWS\system32\INDICDLL.dll
#M0  警告     DLL:C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\pr_remote.dll
#M0  警告     DLL:C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll
#M0  警告     DLL:C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll
#M0  低风险   DLL:C:\Program Files\WinRAR\rarext.dll
#M0  低风险   DLL:C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll
#M0  低风险   DLL:C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll
#M0  低风险   DLL:C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll

#P0  危险     进程:c:\program files\系统安全盾\sysshield.exe
#P0  警告     进程:c:\progra~1\lenovo\pkgmgr\hotkey\tphkmgr.exe
#P0  警告     进程:c:\program files\d-tools\daemon.exe
#P0  低风险   进程:c:\program files\lenovo\pkgmgr\hotkey\tponscr.exe
#P0  低风险   进程:c:\program files\lenovo\pkgmgr\hotkey_1\tpscrex.exe

#S0  低风险   NT 服务: HidServ - ServiceDll - C:\WINDOWS\System32\hidserv.dll - [file not found]




您的电脑整体安全风险为低(32分)，有空的话，请进行安全优化处理!

6618

还有一个智能杀毒伴侣的分析日志呢？点自动分析可得到日志，我想综合比较一下看能否找出一点点蛛线马迹。朋友，顺带把HIJACKTHIS的最新日志也一起粘帖过来。

[ 本帖最后由 6618 于 2006-8-6 07:17 PM 编辑 ]

peak8

|   <智能杀毒伴侣 Version 1.0.0.8> 自动安全分析报告 |
|            [ --2006 年8 月6 日19 时25 分45 秒 --]|
|            [ ----- Microsoft Windows XP  ----- ]|
|                  [ --- IE浏览器插件 --- ]|
Web Anti-Virus|{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}|{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}
Messenger|C:\Program Files\Messenger\msmsgs.exe|{FB5F1910-F110-11d2-BB9E-00C04F795683}
Microsoft Url Search Hook|%SystemRoot%\system32\shdocvw.dll|{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
|                  [ --- 系统网络连接 --- ]|
0.0.0.0 : 0|C:\WINDOWS\system32\svchost.exe|[ 监听 ]
0.0.0.0 : 0|C:\WINDOWS\System32\alg.exe|[ 监听 ]
*.*.*.* : *|C:\WINDOWS\system32\lsass.exe|
*.*.*.* : *|C:\WINDOWS\system32\svchost.exe|
*.*.*.* : *|C:\WINDOWS\system32\svchost.exe|
*.*.*.* : *|C:\WINDOWS\system32\svchost.exe|
*.*.*.* : *|C:\WINDOWS\system32\svchost.exe|
*.*.*.* : *|C:\WINDOWS\system32\svchost.exe|
*.*.*.* : *|C:\WINDOWS\system32\svchost.exe|
*.*.*.* : *|C:\WINDOWS\system32\svchost.exe|
*.*.*.* : *|C:\WINDOWS\system32\lsass.exe|
*.*.*.* : *|C:\WINDOWS\System32\svchost.exe|
*.*.*.* : *|C:\WINDOWS\system32\svchost.exe|
*.*.*.* : *|C:\Program Files\Internet Explorer\iexplore.exe|
*.*.*.* : *|C:\Program Files\Internet Explorer\IEXPLORE.EXE|
*.*.*.* : *|C:\Program Files\Internet Explorer\IEXPLORE.EXE|
*.*.*.* : *|C:\WINDOWS\System32\svchost.exe|
*.*.*.* : *|C:\WINDOWS\system32\svchost.exe|
*.*.*.* : *|C:\WINDOWS\System32\svchost.exe|
*.*.*.* : *|C:\WINDOWS\system32\svchost.exe|
|                  [ --- 系统自动启动 --- ]|
TrackPointSrv|C:\WINDOWS\system32\tp4mon.exe|HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IgfxTray|c:\windows\system32\igfxtray.exe|HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HotKeysCmds|c:\windows\system32\hkcmd.exe|HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SoundMAXPnP|c:\program files\analog devices\soundmax\smax4pnp.exe|HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SoundMAX|c:\program files\analog devices\soundmax\smax4.exe|HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
kis|c:\program files\kaspersky lab\kaspersky internet security 6.0\avp.exe|HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DAEMON Tools-1033|c:\program files\d-tools\daemon.exe|HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BMMGAG|c:\progra~1\thinkpad\utilit~1\pwrmonit.dll|HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BMMLREF|c:\program files\thinkpad\utilities\bmmlref.exe|HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BMMMONWND|c:\progra~1\thinkpad\utilit~1\batinfex.dll|HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BLOG|c:\progra~1\thinkpad\utilit~1\batlogex.dll|HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TPHOTKEY|c:\progra~1\lenovo\pkgmgr\hotkey\tphkmgr.exe|HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
internat.exe|C:\WINDOWS\system32\internat.exe|HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
系统安全盾.lnk|C:\Program Files\系统安全盾\sysshield.exe|
|                  [ --- 未知进程模块 --- ]|
SmartAssistant.EXE|D:\Program Files\SmartAssistant.EXE|斯玛特科技 陈维嘉
INDICDLL.dll|C:\WINDOWS\system32\INDICDLL.dll|Microsoft Corporation
ATL.DLL|System|
klogon.dll|C:\WINDOWS\system32\klogon.dll|Kaspersky Lab
msacm32.drv|C:\WINDOWS\system32\msacm32.drv|Microsoft Corporation
ibmpmsvc.exe|C:\WINDOWS\system32\ibmpmsvc.exe|
adialhk.dll|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll|Kaspersky Lab
mdimon.dll|C:\WINDOWS\system32\mdimon.dll|Microsoft Corporation
mdippr.dll|C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll|Microsoft Corporation
pwrmonit.dll|C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll|IBM Corp.
INDICDLL.dll|C:\WINDOWS\system32\INDICDLL.dll|Microsoft Corporation
msacm32.drv|C:\WINDOWS\system32\msacm32.drv|Microsoft Corporation
adialhk.dll|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll|Kaspersky Lab
igfxdev.dll|C:\WINDOWS\system32\igfxdev.dll|Intel Corporation
rarext.dll|C:\Program Files\WinRAR\rarext.dll|
shellex.dll|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll|Kaspersky Lab
scr_ch_pg.dll|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll|Kaspersky Lab
klscav.dll|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll|Kaspersky Lab
pr_remote.dll|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\pr_remote.dll|Kaspersky Lab
prloader.dll|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll|Kaspersky Lab
prkernel.ppl|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl|Kaspersky Lab
params.ppl|c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl|Kaspersky Lab
pxstub.ppl|c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl|Kaspersky Lab
tempfile.ppl|c:\program files\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl|Kaspersky Lab
msohev.dll|C:\Program Files\Microsoft Office\OFFICE11\msohev.dll|Microsoft Corporation
hkcmd.exe|C:\WINDOWS\system32\hkcmd.exe|Intel Corporation
hccutils.DLL|C:\WINDOWS\system32\hccutils.DLL|Intel Corporation
igfxdev.dll|C:\WINDOWS\system32\igfxdev.dll|Intel Corporation
INDICDLL.dll|C:\WINDOWS\system32\INDICDLL.dll|Microsoft Corporation
igfxsrvc.dll|C:\WINDOWS\system32\igfxsrvc.dll|Intel Corporation
igfxhk.dll|C:\WINDOWS\system32\igfxhk.dll|Intel Corporation
igfxres.dll|C:\WINDOWS\system32\igfxres.dll|Intel Corporation
SMax4PNP.exe|C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe|Analog Devices, Inc.
SMWDMIF.dll|C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll|Analog Devices, Inc.
msacm32.drv|C:\WINDOWS\system32\msacm32.drv|Microsoft Corporation
INDICDLL.dll|C:\WINDOWS\system32\INDICDLL.dll|Microsoft Corporation
msctfime.ime|AVP.EXE|
daemon.exe|C:\Program Files\D-Tools\daemon.exe|VeNoM386 and SwENSkE
daemon.dll|C:\WINDOWS\daemon.dll|Generic
PFCTOC.DLL|C:\Program Files\D-Tools\PFCTOC.DLL|Padus(R), Inc.
INDICDLL.dll|C:\WINDOWS\system32\INDICDLL.dll|Microsoft Corporation
pwrmonit.dll|C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll|IBM Corp.
tppwrw32.dll|C:\PROGRA~1\ThinkPad\UTILIT~1\tppwrw32.dll|IBM Corp.
TPHKMGR.exe|C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe|
msacm32.drv|C:\WINDOWS\system32\msacm32.drv|Microsoft Corporation
tphk_2k.dll|C:\Program Files\Lenovo\PkgMgr\HOTKEY_2\tphk_2k.dll|
INDICDLL.dll|C:\WINDOWS\system32\INDICDLL.dll|Microsoft Corporation
Oemdspif.dll|C:\WINDOWS\system32\Oemdspif.dll|Intel Corporation
igfxdev.dll|C:\WINDOWS\system32\igfxdev.dll|Intel Corporation
internat.exe|C:\WINDOWS\system32\internat.exe|Microsoft Corporation
INDICDLL.dll|C:\WINDOWS\system32\INDICDLL.dll|Microsoft Corporation
sysshield.exe|C:\Program Files\系统安全盾\sysshield.exe|
INDICDLL.dll|C:\WINDOWS\system32\INDICDLL.dll|Microsoft Corporation
TPONSCR.exe|C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe|
INDICDLL.dll|C:\WINDOWS\system32\INDICDLL.dll|Microsoft Corporation
msacm32.drv|C:\WINDOWS\system32\msacm32.drv|Microsoft Corporation
TpScrex.exe|C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe|Lenovo Group Limited
INDICDLL.dll|C:\WINDOWS\system32\INDICDLL.dll|Microsoft Corporation
ole32.dll|AVP.EXE|
MDM.EXE|C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE|Microsoft Corporation
mdmui.dll|C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll|Microsoft Corporation
SMAgent.exe|C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe|Analog Devices, Inc.
INDICDLL.dll|C:\WINDOWS\system32\INDICDLL.dll|Microsoft Corporation
msohev.dll|C:\Program Files\Microsoft Office\OFFICE11\msohev.dll|Microsoft Corporation
msacm32.drv|C:\WINDOWS\system32\msacm32.drv|Microsoft Corporation
adialhk.dll|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll|Kaspersky Lab
scr_ch_pg.dll|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll|Kaspersky Lab
klscav.dll|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll|Kaspersky Lab
pr_remote.dll|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\pr_remote.dll|Kaspersky Lab
prloader.dll|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll|Kaspersky Lab
prkernel.ppl|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl|Kaspersky Lab
params.ppl|c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl|Kaspersky Lab
pxstub.ppl|c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl|Kaspersky Lab
tempfile.ppl|c:\program files\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl|Kaspersky Lab
nfio.ppl|c:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl|Kaspersky Lab
fsdrvplgn.ppl|c:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl|Kaspersky Lab
IMSC40A.IME|C:\WINDOWS\system32\IMSC40A.IME|Microsoft Corporation
INDICDLL.dll|C:\WINDOWS\system32\INDICDLL.dll|Microsoft Corporation
INDICDLL.dll|C:\WINDOWS\system32\INDICDLL.dll|Microsoft Corporation
msohev.dll|C:\Program Files\Microsoft Office\OFFICE11\msohev.dll|Microsoft Corporation
msacm32.drv|C:\WINDOWS\system32\msacm32.drv|Microsoft Corporation
adialhk.dll|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll|Kaspersky Lab
scr_ch_pg.dll|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll|Kaspersky Lab
klscav.dll|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll|Kaspersky Lab
pr_remote.dll|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\pr_remote.dll|Kaspersky Lab
prloader.dll|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll|Kaspersky Lab
prkernel.ppl|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl|Kaspersky Lab
params.ppl|c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl|Kaspersky Lab
pxstub.ppl|c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl|Kaspersky Lab
tempfile.ppl|c:\program files\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl|Kaspersky Lab
nfio.ppl|c:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl|Kaspersky Lab
fsdrvplgn.ppl|c:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl|Kaspersky Lab
INDICDLL.dll|C:\WINDOWS\system32\INDICDLL.dll|Microsoft Corporation
msohev.dll|C:\Program Files\Microsoft Office\OFFICE11\msohev.dll|Microsoft Corporation
msacm32.drv|C:\WINDOWS\system32\msacm32.drv|Microsoft Corporation
adialhk.dll|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll|Kaspersky Lab
scr_ch_pg.dll|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll|Kaspersky Lab
klscav.dll|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll|Kaspersky Lab
pr_remote.dll|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\pr_remote.dll|Kaspersky Lab
prloader.dll|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll|Kaspersky Lab
prkernel.ppl|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl|Kaspersky Lab
params.ppl|c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl|Kaspersky Lab
pxstub.ppl|c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl|Kaspersky Lab
tempfile.ppl|c:\program files\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl|Kaspersky Lab
NetTransport.exe|G:\WinApps\NetTransport\NetTransport.exe|Xi
libssl.dll|G:\WinApps\NetTransport\libssl.dll|Xi
libssh.dll|G:\WinApps\NetTransport\libssh.dll|Xi
INDICDLL.dll|C:\WINDOWS\system32\INDICDLL.dll|Microsoft Corporation
adialhk.dll|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll|Kaspersky Lab
SmartAssistant.EXE|D:\Program Files\SmartAssistant.EXE|斯玛特科技 陈维嘉
INDICDLL.dll|C:\WINDOWS\system32\INDICDLL.dll|Microsoft Corporation
|                  [ --- 未知系统服务 --- ]|
AVP|C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.exe|
IBMPMSVC|C:\WINDOWS\system32\ibmpmsvc.exe|
MDM|C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe|Microsoft Corporation
ose|C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.exe|Microsoft Corporation
SoundMAX Agent Service (default)|C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe|Analog Devices, Inc.
|                  [ --- 未知内核驱动 --- ]|
stlth317.sys|C:\WINDOWS\system32\drivers\stlth317.sys|Generic
kl1.sys|C:\WINDOWS\system32\drivers\kl1.sys|Kaspersky Lab
ialmnt5.sys|C:\WINDOWS\system32\DRIVERS\ialmnt5.sys|Intel Corporation
IMWEBN51.sys|C:\WINDOWS\system32\DRIVERS\IMWEBN51.sys|Intel Corporation
ibmpmdrv.sys|C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys|Lenovo.
smwdm.sys|C:\WINDOWS\system32\drivers\smwdm.sys|Analog Devices, Inc.
aeaudio.sys|C:\WINDOWS\system32\drivers\aeaudio.sys|Andrea Electronics Corporation
AGRSM.sys|C:\WINDOWS\system32\DRIVERS\AGRSM.sys|Agere Systems
ialmkchw.sys|C:\WINDOWS\system32\drivers\ialmkchw.sys|Intel Corporation
ialmsbw.sys|C:\WINDOWS\system32\drivers\ialmsbw.sys|Intel Corporation
Tppwr.sys|C:\WINDOWS\System32\drivers\Tppwr.sys|IBM Corp.
TPHKDRV.SYS|C:\WINDOWS\System32\Drivers\TPHKDRV.SYS|IBM Corporation
klif.sys|C:\WINDOWS\system32\drivers\klif.sys|Kaspersky Lab
Vch.sys|C:\WINDOWS\system32\drivers\Vch.sys|Intel Corporation
ialmdnt5.dll|C:\WINDOWS\System32\ialmdnt5.dll|Intel Corporation
ialmrnt5.dll|C:\WINDOWS\System32\ialmrnt5.dll|Intel Corporation
ialmdev5.DLL|C:\WINDOWS\System32\ialmdev5.DLL|Intel Corporation
ialmdd5.DLL|C:\WINDOWS\System32\ialmdd5.DLL|Intel Corporation
SafeReg.sys|C:\Program Files\系统安全盾\SafeReg.sys|
|                  [ --- 未知安全 SPI --- ]|
|                  [ --- 重要文件关联 --- ]|
|                  [ --- 闪电杀毒报告 --- ]|
|                  [ --- 重要安全状态 --- ]|
Windows Update相关状态|[启用]----您已经启用了 Windows Update 智能补丁升级 (状态安全)|
Win XP简单文件共享状态|[启用]----Windows XP 操作系统 简单共享功能已经启用 <存在危险>|
Windows NT系统文件保护|[启用]----Windows 系统已经成功[启动]了系统文件保护 (状态安全)|
终端服务(TermSrv) 信息|[启用]----TS 远程终端服务 ,监听端口为 TCP [ 3389 ] <注意安全>|
TCP/IP网络端口筛选状态|[禁用]----如果您"手动"设置网卡的TCP/IP端口过虑功能 <需要注意>|
启用CD-ROM光盘自动播放|[启用]----当CD-ROM光盘放入光驱中系统将自动播放光盘 <系统默认>|
Windows 系统IPC$空连接|[启用]----已经启用 Windows NT 远程共享命名管道IPC$ <建议禁用>|
Windows 系统ADMIN$共享|[禁用]----已经禁用了 Windows NT远程管理共享 Admin$ (状态安全)|
Windows 系统隐藏$ 共享|[禁用]----已经禁用了 Windows NT隐藏共享如 C$ D$ E$ (状态安全)|

peak8

Logfile of HijackThis v1.99.0
Scan saved at 19:35:20, on 2006-8-6
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4mon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\internat.exe
C:\Program Files\系统安全盾\sysshield.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\WinApps\NetTransport\NetTransport.exe
C:\WINDOWS\system32\mmc.exe
D:\Program Files\hijackthis.exe

O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: 系统安全盾.lnk = ?
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{00E5438C-6A01-449D-BCE6-B39AA63B8F53}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6B0E84A-E23A-4703-9DD7-63718A2F3DE8}: NameServer = 61.147.37.1 61.177.7.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{00E5438C-6A01-449D-BCE6-B39AA63B8F53}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{00E5438C-6A01-449D-BCE6-B39AA63B8F53}: NameServer = 192.168.1.1
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 6.0 - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: ThinkPad PM Service - Unknown - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

紫狐

试一试Browser Sentinel，还有，将冰刃里面BHOS的截图发上来看看。

wang6071

估计还是电信adsl的域名劫持,可以试一下到电信去查询是否打开什么增值服务(带上身份证)，有就申请关闭它．

要判断这个也简单，问一下你所在地区使用adsl的用户是否弹出相同窗口即可知道是否是电信搞的鬼．

用host屏蔽有个问题就是我先前说的，第一次打开某个网址可能会出现空白页，要第二次才能打开．

peak8

手头暂时没有  Browser Sentinel，冰刃

以下附件是ethereal捕获浏览器的记录，我不太熟悉，用ethereal可以打开的。如果用记事本打开，也可以发现里面发现有如下字符串：
<HTML><script language="JavaScript">
function newwin()
{var urlname;var win_attr;win_attr='toolbar=no,menubar=no,scrollbars=no,status=no,location=no,resizable=no,fullscreen=no,directories=no,width=400,height=400,top=0,left=0 ';window.open('http://219.133.33.37/angel.html','ips_win0',win_attr);
  }
</script>
<head><title></title><META HTTP-EQUIV="Pragma" CONTENT="no-cache"><META http-equiv="Content-Type" content="text/html;charset=gb2312"><meta http-equiv="Refresh" content="0; url=http://bbs.wuyou.net/"></head><body onload='newwin()'> </body></html>

[ 本帖最后由 peak8 于 2006-8-6 10:24 PM 编辑 ]

peak8

楼上我提供的这些代码和下面这个链接里提到的代码有十分类似之处：
http://i.sunnyblog.net/archives/000577.html

6618

今天上午进入腾讯迷你新闻看杂志，结果中了莫名其妙的弹出网页骚扰，奇怪，退出腾讯QQ就不会有这种情况，结果用百度一搜，才发现别人也有这种情况，但问题却没解决，下面把百度的帖子复制上来，请大家帮忙解决以下，谢谢啦！就是下面这个网页，闪一下就没有了，等一下又闪！

上网时弹出窗口，没中毒，刚装的系统，怎么能解决？
悬赏分：20 - 提问时间2006-7-14 09:40
刚装的系统，使用FIREFOX浏览器，使用阻止弹出窗口的网站就没事，但有些网站必须允许弹出，这时就会出现一个另外的小窗口

弹出网址为：http://219.133.33.37:7010，查为深圳IP，偶就是使用深圳电信ADSL，难道是电信在搞怪？如果真是这样就太TMD无耻了，其它深圳网友有没有这事啊。以前电信也有弹出广告，不过只是刚上网时弹出一下，现在是每打开一次都要弹出，大部分显示不出来，有时会出现SZ10000.com的广告，请问如何能把它屏蔽掉？

完整的弹出网址为：http://219.133.33.37:7010/ndatin ... nBvbGljeWlkPTM0MDQ=
但打开又是空白页

我先去看了上面的这个帖子，6618本人就是深圳的ADSL，没有这个现象，联系安全分析专家，以及下面的帖子，发现这个比较可疑
#M0  警告     DLL:C:\WINDOWS\system32\INDICDLL.dll。
智能杀毒伴侣也有这个，未知模块，腾讯QQ用的，怎么可能是Microsoft Corporation公司？
INDICDLL.dll|C:\WINDOWS\system32\INDICDLL.dll|Microsoft Corporation
百度随便搜一下的结果：
INDICDLL.dll这是个什么文件？
悬赏分：60 - 解决时间：2006-1-15 09:31
我装有瑞星2006防火墙，游戏保护里添加了QQ保护，所以其他程序访问不到我的QQ，每次关QQ时防火墙就会提示有哪些程序曾经试图连接QQ，就有这么一个C:\WINNT\system32\INDICDLL.dll，每次都试图连接。
这是不是一个间谍程序，我们公司有网络监控系统，如果是这个没什么关系，如果是其他黑客的木马什么的就得删了。

杀过毒了。
问题补充：不太了解，请详细说明这个程序是干吗的？

禁止它通过会怎么样？我没发现有什么异常的啊？
提问者： pippo仔 - 经理 五级
最佳答案
这个很正常
QQ必须要调用这个“多语言组件”的动态链接库文件才能正常使用。
但6618的2006版珊瑚虫版QQ却没这个，建议卸载掉QQ，重新启动电脑，再regsvr32 /u INDICDLL.dll再看看还会不会弹出窗口，想问一下peak8朋友，你用的是什么版本的QQ？
最搜，百度也有说是“输入法组件”但我用的CTFMON.exe是没有这个东东的，不知你用的internat.exe是否有这个进程。我再改成你用的输入法图标，是有这个东东，但没你的电脑启动的线程多。

[ 本帖最后由 6618 于 2006-8-7 04:00 AM 编辑 ]

6618

#IE1 警告     IE设置: IE浏览器链接栏名称被恶意修改!
推荐删除: LinksFolderName: Links - HKCU\Software\Microsoft\Internet Explorer\Toolbar ,LinksFolderName
正常：
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
"LinksFolderName"="链接"
0.0.0.0 : 0|C:\WINDOWS\system32\svchost.exe|[ 监听 ]
C:\WINDOWS\system32\RunDll32.exe
存在上面这两个，存在病毒的迹象。
建议：
1、把输入法改成CTFMON。重启电脑后看还有没有启动INDICDLL.dll
2、卸载QQ，重启电脑，反注册INDICDLL.dll
3、结束RunDll32.exe进程。
4、上网看看还会不会弹出窗口。
peak8朋友，系统GHOST过了，重装过了，实在没法，唯有一步一步查找原因了。

用SYSCHECK2查看EXPLORER给注入了哪些线程。

[ 本帖最后由 6618 于 2006-8-7 04:33 AM 编辑 ]

peak8

把RunDll32.exe关闭了，还是有弹出窗口
关于输入法，没改前，就有弹出窗口的情况
SYSCHECK2查看EXPLORER查看，没有发现注入了可疑的线程。

peak8

刚用entherea监控了数据流，分别监控了访问bbs.wuyou.net两次，一次是弹出窗口的，另外一次是没有弹出窗口的

请注意红色的文字

下面是正常时的数据

[/quote]
GET / HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*

Accept-Language: zh-cn

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Host: bbs.wuyou.net

Connection: Keep-Alive

Cookie: cdb_sid=HZqZwK; cdb_cookietime=315360000; cdb_onlineindex=1; cdb_visitedfid=36D8D1D34; cdb_auth=AAFbUVoAVlECVVZTAA9dUFMEXVVXBFNdAQIBDAtXCldoalUPDQNW; cdb_oldtopics=D80453D80585D80515D



HTTP/1.1 200 OK

Date: Sun, 06 Aug 2006 23:28:04 GMT

Server: Apache/1.3.29 (Unix) mod_jk/1.2.5 mod_ssl/2.8.16 OpenSSL/0.9.7c DAV/1.0.3 mod_perl/1.27

X-Powered-By: PHP/4.3.4

Set-Cookie: cdb_sid=YREPLi; expires=Sun, 13-Aug-06 23:28:04 GMT; path=/

Connection: close

Transfer-Encoding: chunked

Content-Type: text/html



1000


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<html>
<head>
<title>............   - powered by Discuz!</title>

<meta http-equiv="Content-Type" content="text/html; charset=gbk">
<meta name="keywords" content="Discuz!,Board,Comsenz,forums,bulletin board,">
<meta name="description" content="............  - Discuz! Board">
<meta name="generator" content="Discuz! 4.1.0 with Templates 4.0.0">
<meta name="MSSmartTagsPreventParsing" content="TRUE">
<meta http-equiv="MSThemeCompatible" content="Yes">

<style type="text/css"><!--
a...{ text-decoration: none; color: #003366 }
a:hover...{ text-decoration: underline }
body...{ scrollbar-base-color: #F8F8F8; scrollbar-arrow-color: #698CC3; font-size: 12px; background-color: #9EB6D8 }
table...{ font: 12px Tahoma, Verdana; color: #000000 }
input,select,textarea.{ font: 11px Tahoma, Verdana; color: #000000; font-weight: normal; background-color: #F8F8F8 }
form...{ margin: 0; padding: 0}
select...{ font: 11px Arial, Tahoma; color: #000000; font-weight: normal; background-color: #F8F8F8 }
.nav...{ font: 12px Tahoma, Verdana; color: #000000; font-weight: bold }
.nav a...{ color: #000000 }
.header...{ font: 11px Tahoma, Verdana; color: #FFFFFF; font-weight: bold; background-color: #698CC3 }
.header a..{ color: #FFFFFF }
.category..{ font: 11px Arial, Tahoma; color: #000000; background-color: #EFEFEF }
.tableborder..{ background: #D6E0EF; border: 1px solid #698CC3 }
.singleborder..{ font-size: 0px; line-height: 1px; padding: 0px; background-color: #F8F8F8 }
.smalltxt..{ font: 11px Arial, Tahoma }
.outertxt..{ font: 12px Tahoma, Verdana; color: #000000 }
.outertxt a..{ color: #000000 }
.bold...{ font-weight: bold }
.altbg1...{ background: #F8F8F8 }
.altbg2...{ background: #FFFFFF }
.maintable..{ width: 98%; background-color: #FFFFFF }
--></style><script language="JavaScript" src="include/common.js"></script>
</head>

<body leftmargin="0" rightmargin="0" topmargin="0" onkeydown="if(event.keyCode==27) return false;">

<table bgcolor="#FFFFFF" width="98%" cellpadding="0" cellspacing="0" border="0" align="center">

<tr>
<td width="100%" background="images/default/topbg.gif">
<table border="0" cellspacing="0" cellpadding="0" width="98%" align="center" class="outertxt">

<tr>
<td rowspan="2" width="0"><img src="images/spacer.gif" width="0" height="0"></td>
<td rowspan="2" valign="top"><a href="index.php"><img src="images/default/logo.gif" alt="............" border="0"></a></td><td height="80" align="right">&nbsp;
<a href=http://www.wuyou.com target="_blank"><img border=0 src=http://bbs.wuyou.net/images/banner.gif width=460 height=60></a></td>
</tr>

<tr>
<td align="right" class="smalltxt"><span class="bold">&raquo;</span>
<span class="bold">peak8: </span> <a href="logging.php?action=logout">....</a>
| <a href="pm.php" target="_blank">......</a>
|  <a href="memcp.php">........</a>
| <a href="member.php?action=list">....</a>
| <a href="search.php">....</a>
| <a href="stats.php">....</a>
     
| <a href="status.php">..........</a>
| <a href="faq.php">....</a>

</td><td rowspan="2" width="0"><img src="images/spacer.gif" width="0" height="0"></td>
</tr>

</table>
</td></tr></table>
<center>
<div class="maintable"><br><table cellspacing="0" cellpadding="0" border="0" width="98%" align="center" style="table-layout: fixed">
<tr><td class="nav" width="85%" align="left" nowrap>&nbsp;<a href="index.php">............</a> </td>
<td align="right" width="15%">
&nbsp;<a href="#bottom"><img src="images/default/arrow_dw.gif" border="0" align="absmiddle"></a></td>
</tr></table><br>
</div>

<div class="maintable">
<table cellspacing="4" cellpadding="0" border="0" width="98%" align="center" class="outertxt">
<tr><td class="smalltxt">
.......... 07:28 AM, .............. 2006-8-6 09:52 PM<br>
....: <span class="bold">1448</span>&nbsp;
....: <span class="bold">721</span>&nbsp;
....: <span class="bold">0</span>&nbsp;
/ ....:
<span class="bold">........</span>
</td><td align="right" nowrap class="smalltxt">
<a href="search.php?srchfrom=35000&searchsubmit=yes">........</a> |
<a href="search.php?srchu

1000

id=68567&mytopics=yes&searchsubmit=yes">........</a> |
<a href="blog.php?uid=68567" target="_blank">Blog</a> |
<a href="digest.php">......</a> |
<a href="member.php?action=markread">........</a>
| .......... <a href="viewpro.php?username=Mgccl"><span class="bold">Mgccl</span></a><br>
.. <span class="bold">79799</span> ...... / <span class="bold">838938</span> ...... / .... <span class="bold">47</span> ...... / <span class="bold">68582</span> ......
</td></tr></table>
</div>
<div class="maintable">
<table cellspacing="1" cellpadding="4" width="98%" align="center" class="tableborder">
<tr class="header"><td colspan="3">............ ....</td></tr>
<tr class="altbg2" align="center">
<td colspan="3" align="center">
........................
</td></tr>
<tr class="altbg2"><td>
<table width="100%" border="0" cellpadding="1" cellspacing="0">
<tr><td width="50%">
</td><td align="right">
<img src="images/default/search.gif" border="0" align="bottom" width="16" height="16">&nbsp;&nbsp;<input type="text" name="searchbox" value=".........................." size="30" class="altbg2" onmouseover="this.focus()" onfocus="this.select()">
<select name="stype"><option value="" selected>....</option><option value="1">....</option></select>
<input name="button" type="button" style="height: 1.8em" onclick="window.open('search.php?srchtype=qihoo&srchtxt='+findobj('searchbox').value+'&stype='+findobj('stype').value+'&searchsubmit=yes');" value="....">
</td></tr>
<tr><td>
<span class="bold">........</span>&nbsp;
<a href="topic.php?topic=%CE%DE%D3%C7%C6%F4%B6%AF%C5%CC&keyword=%CE%DE%D3%C7%C6%F4%B6%AF%C5%CC&stype=0&length=0&relate=score" target="_blank">..........</a> &nbsp;
<a href="topic.php?topic=%C9%EE%C9%BD%BA%EC%D2%B6&keyword=%C9%EE%C9%BD%BA%EC%D2%B6&stype=0&length=0&relate=score" target="_blank">........</a> &nbsp;
<a href="topic.php?topic=Embedded&keyword=Embedded&stype=0&length=0&relate=score" target="_blank">Embedded</a> &nbsp;
<a href="topic.php?topic=GRUB&keyword=GRUB&stype=0&length=0&relate=score" target="_blank">GRUB</a> &nbsp;
<a href="topic.php?topic=EasyBoot&keyword=EasyBoot&stype=0&length=0&relate=score" target="_blank">EasyBoot</a> &nbsp;
<a href="topic.php?topic=WinPE&keyword=WinPE&stype=0&length=0&relate=score" target="_blank">WinPE</a> &nbsp;
</td><td align="right">
<span class="bold">........</span>&nbsp;&nbsp;<a href="topic.php?keyword=" target="_blank"></a>  [<a href="###" onclick="window.open('misc.php?action=customtopics', '', 'width=320,height=450,resizable=yes,scrollbars=yes');">....</a>]
</td></tr>
</table>
</td></tr>
</table><br></div>
<div class="maintable">
<table cellspacing="1" cellpadding="4" width="98%" align="center" class="tableborder">
<tr><td colspan="7" class="header"><table cellspacing="0" cellpadding="0" width="100%">
<tr class="smalltxt"><td class="bold"><a href="index.php?gid=0">............</a></td><td align="right">
<a href="###" onclick="toggle_collapse('category_0');"><img id="category_0_img" src="images/default/collapsed_no.gif" border="0"></a>
</td></tr></table></td></tr>
<tr class="category" align="center">
                <td width="5%"> </td>
                <td width="48%">....</td>
                <td width="5%">....</td>
                <td width="5%">....</td>
                <td width="5%">....</td>
                <td width="16%">........</td>
                <td width="16%">....</td>
   ..</tr><tbody id="category_0" style="">
<tr>
<td class="altbg1" align="center"><img src="images/default/red_forum.gif"></td>
<td class="altbg2" align="left" onMouseOver="this.className='altbg1'" onMouseOut="this.className='altbg2'">
<a href="forumdisplay.php?fid=34"><span class="bold">..........</span></a>
<br><span class="smalltxt">....................................<br><span class="bold">......:</span> <a href="forumdisplay.php?fid=33"><u>..........</u></a>, <a href="forumdisplay.php?fid=36"><u>DOS........</u></a>, <a href="forumdisplay.php?fid=37"><u>VMWare ....</u></a>, <a href="forumdisplay.php?fid=38"><u>Embedded ....</u></a></span></td>
<td class="altbg1" align="center">29323</td>
<td cla

1000

ss="altbg2" align="center">237009</td>
<td class="altbg1" align="center">18</td>
<td class="altbg2" height="52">
<table cellpadding="0" cellspacing="0" border="0" width="100%">
<tr><td align="left" class="smalltxt" nowrap>....: <a title="............inf........................" href="redirect.php?tid=80582&goto=lastpost#lastpost">............inf...... ...</a><br>....:
<a href="viewpro.php?username=%B0%B2%C7%E9">....</a><br>....: 2006-8-7 06:22 AM</td></tr></table></td>
<td class="altbg1" align="center" style="word-break: keep-all"><span class="smalltxt"><a href="viewpro.php?username=6618"><b>6618</b></a>, <a href="viewpro.php?username=%B4%F2%B9%B7%D0%AD%BB%E1%C0%ED%CA%C2"><b>............</b></a>, <a href="viewpro.php?username=%D7%CF%BA%FC"><b>....</b></a>, <a href="viewpro.php?username=%C0%CF%C3%AB%CC%D2"><b>......</b></a>&nbsp;</span></td></tr>
<tr>
<td class="altbg1" align="center"><img src="images/default/red_forum.gif"></td>
<td class="altbg2" align="left" onMouseOver="this.className='altbg1'" onMouseOut="this.className='altbg2'">
<a href="forumdisplay.php?fid=8"><span class="bold">..........</span></a>
<br><span class="smalltxt">..........................................................<br><span class="bold">......:</span> <a href="forumdisplay.php?fid=32"><u>..........</u></a></span></td>
<td class="altbg1" align="center">13436</td>
<td class="altbg2" align="center">89483</td>
<td class="altbg1" align="center">12</td>
<td class="altbg2" height="52">
<table cellpadding="0" cellspacing="0" border="0" width="100%">
<tr><td align="left" class="smalltxt" nowrap>....: <a title="[....].........." href="redirect.php?tid=80515&goto=lastpost#lastpost">[....]..........</a><br>....:
<a href="viewpro.php?username=6618">6618</a><br>....: 2006-8-7 04:31 AM</td></tr></table></td>
<td class="altbg1" align="center" style="word-break: keep-all"><span class="smalltxt"><a href="viewpro.php?username=%CB%C4%D6%BB%D1%DB%BF%B4%CA%C0%BD%E7"><b>............</b></a>, <a href="viewpro.php?username=6618"><b>6618</b></a>, <a href="viewpro.php?username=%D7%CF%BA%FC"><b>....</b></a>, <a href="viewpro.php?username=magictek"><b>magictek</b></a>&nbsp;</span></td></tr>
<tr>
<td class="altbg1" align="center"><img src="images/default/red_forum.gif"></td>
<td class="altbg2" align="left" onMouseOver="this.className='altbg1'" onMouseOut="this.className='altbg2'">
<a href="forumdisplay.php?fid=15"><span class="bold">..........</span></a>
<br><span class="smalltxt">..........................................................<br><span class="bold">......:</span> <a href="forumdisplay.php?fid=31"><u>..........</u></a></span></td>
<td class="altbg1" align="center">2861</td>
<td class="altbg2" align="center">13371</td>
<td class="altbg1" align="center">3</td>
<td class="altbg2" height="52">
<table cellpadding="0" cellspacing="0" border="0" width="100%">
<tr><td align="left" class="smalltxt" nowrap>....: <a title="....WAP.... ............ wapcount.com" href="redirect.php?tid=80609&goto=lastpost#lastpost">....WAP.... ........ ...</a><br>....:
<a href="viewpro.php?username=yxeenlzboy">yxeenlzboy</a><br>....: 2006-8-7 06:22 AM</td></tr></table></td>
<td class="altbg1" align="center" style="word-break: keep-all"><span class="smalltxt"><a href="viewpro.php?username=sliuy0"><b>sliuy0</b></a>, <a href="viewpro.php?username=%D0%A1%CF%BA%C6%A4"><b>......</b></a>, <a href="viewpro.php?username=wwwfox"><b>wwwfox</b></a>&nbsp;</span></td></tr>
<tr>
<td class="altbg1" align="center"><img src="images/default/red_forum.gif"></td>
<td class="altbg2" align="left" onMouseOver="this.className='altbg1'" onMouseOut="this.className='altbg2'">
<a href="forumdisplay.php?fid=1"><span class="bold">..........</span></a>
<br><span class="smalltxt">..............................................................</span></td>
<td class="altbg1" align="center">25631</td>
<td class="altbg2" align="center">396908</td>
<td class="altbg1" align="center">12</td>
<td class="altbg2" height="52">
<table cellpadding="0" cellspacing="0" border="0" width="100%">
<tr><td align="left" class="smalltxt" nowrap

1000

>....: <a title="................,.........................." href="redirect.php?tid=80600&goto=lastpost#lastpost">................,.... ...</a><br>....:
<a href="viewpro.php?username=xiaoyongge">xiaoyongge</a><br>....: 2006-8-7 02:46 AM</td></tr></table></td>
<td class="altbg1" align="center" style="word-break: keep-all"><span class="smalltxt"><a href="viewpro.php?username=%C4%AA%B0%AE%BA%EC%B3%BE">........</a>, <a href="viewpro.php?username=%D5%FC%BE%C8%CE%A3%BB%FA">........</a>, <a href="viewpro.php?username=%C9%EE%C0%B6%B5%E7%C4%D4">........</a>, <a href="viewpro.php?username=%CC%EC%B7%E7">....</a>, <a href="viewpro.php?username=%B4%F2%B9%B7%D0%AD%BB%E1%C0%ED%CA%C2">............</a>&nbsp;</span></td></tr>
<tr>
<td class="altbg1" align="center"><img src="images/default/red_forum.gif"></td>
<td class="altbg2" align="left" onMouseOver="this.className='altbg1'" onMouseOut="this.className='altbg2'">
<a href="forumdisplay.php?fid=21"><span class="bold">..........</span></a>
<br><span class="smalltxt">................................................................</span></td>
<td class="altbg1" align="center">7713</td>
<td class="altbg2" align="center">95347</td>
<td class="altbg1" align="center">0</td>
<td class="altbg2" height="52">
<table cellpadding="0" cellspacing="0" border="0" width="100%">
<tr><td align="left" class="smalltxt" nowrap>....: <a title="......" href="redirect.php?tid=80354&goto=lastpost#lastpost">......</a><br>....:
<a href="viewpro.php?username=clwx">clwx</a><br>....: 2006-8-6 11:30 PM</td></tr></table></td>
<td class="altbg1" align="center" style="word-break: keep-all"><span class="smalltxt"><a href="viewpro.php?username=%B1%CC%BA%A3%BF%F1%CC%CE">........</a>, <a href="viewpro.php?username=%D5%FC%BE%C8%CE%A3%BB%FA">........</a>, <a href="viewpro.php?username=%C9%EE%C0%B6%B5%E7%C4%D4">........</a>&nbsp;</span></td></tr>
<tr>
<td class="altbg1" align="center"><img src="images/default/forum.gif"></td>
<td class="altbg2" align="left" onMouseOver="this.className='altbg1'" onMouseOut="this.className='altbg2'">
<a href="forumdisplay.php?fid=30"><span class="bold">..........</span></a>
<br><span class="smalltxt">........................................</span></td>
<td class="altbg1" align="center">544</td>
<td class="altbg2" align="center">3931</td>
<td class="altbg1" align="center">0</td>
<td class="altbg2" height="52">
<table cellpadding="0" cellspacing="0" border="0" width="100%">
<tr><td align="left" class="smalltxt" nowrap>....: <a title="................" href="redirect.php?tid=80447&goto=lastpost#lastpost">................</a><br>....:
<a href="viewpro.php?username=bdfcy">bdfcy</a><br>....: 2006-8-4 07:06 AM</td></tr></table></td>
<td class="altbg1" align="center" style="word-break: keep-all"><span class="smalltxt"><a href="viewpro.php?username=wwwfox">wwwfox</a>&nbsp;</span></td></tr>
</table><br></div><div class="maintable">
<table cellspacing="1" cellpadding="4" width="98%" align="center" class="tableborder">
<tr><td colspan="3" class="header"><a href="###" onclick="toggle_collapse('forumlinks');"><img id="forumlinks_img" src="images/default/collapsed_no.gif" align="right" border="0"></a>
<span class="bold">........</span></td></tr>
<tbody id="forumlinks" style="">
<tr>
<td class="altbg1" width="5%" align="center" valign="middle"><img src="images/default/forumlink.gif"></td>
<td class="altbg2" width="95%" colspan="2" valign="middle" style="word-break: keep-all" onMouseOver="this.className='altbg1'" onMouseOut="this.className='altbg2'"><a href="http://www.discuz.com" target="_blank"><img src="images/logo.gif" border="0" alt="Discuz! ........"></a> <a href="http://bbs.websky.net/" target="_blank"><img src="images/websky.gif" border="0" alt="........"></a> <a href="http://bbs.cfanhome.com" target="_blank"><img src="images/cfanclub.gif" border="0" alt="...................."></a> <a href="http://www.jujumao.com" target="_blank"><img src="images/jujumao.gif" border="0" alt="JUJU............"></a> <a href="http://www.hao007.net/cgi-bin/leobbs.cgi" target="_blank"><img src="images/hao007.gif" border="0"

1000

alt="CAD/CAM........"></a> <a href="http://www.myjxtx.com" target="_blank"><img src="images/myjxtx.gif" border="0" alt="........"></a> <a href="http://www.xxjy.org/index.php" target="_blank"><img src="images/xiaoxao.gif" border="0" alt="........"></a> <a href="http://www.zaibbs.com/index.php" target="_blank"><img src="images/zaibbs.gif" border="0" alt=".............."></a> <a href="http://www.mscode.cc" target="_blank"><img src="images/mscode.gif" border="0" alt=".............."></a> <br><a href="http://www.znpc.net/bbs/" target="_blank">[Sysoft ........]</a> <a href="http://www.791600.com/bbs/index.asp" target="_blank">[..........*..........]</a> </td>
</tr>
</tbody>
<tr class="header"><td colspan="3" class="smalltxt" style="font-weight: normal; color: #FFFFFF">
<a name="online"></a><a href="index.php?showoldetails=no#online"><img src="images/default/collapsed_no.gif" align="right" border="0">.</a>
<span class="bold"><a href="member.php?action=online">........</a></span> -
&nbsp;<span class="bold">57</span> ...... - <span class="bold">7</span> ......(<span class="bold">0</span> ....),
<span class="bold">50</span> ...... | .......... <span class="bold">967</span> .. <span class="bold">2006-6-17</span>.
</td></tr>
<tr><td class="altbg1" width="5%" align="center"><img src="images/default/online.gif"></td>
<td class="altbg2" colspan="2" onMouseOver="this.className='altbg1'" onMouseOut="this.className='altbg2'">
<table cellspacing="0" cellpadding="0" border="0" width="98%" align="center" class="smalltxt">
<tr><td colspan="7" valign="middle"><img src="images/common/online_admin.gif"> ...... &nbsp; &nbsp; &nbsp; <img src="images/common/online_supermod.gif"> ........ &nbsp; &nbsp; &nbsp; <img src="images/common/online_moderator.gif"> .... &nbsp; &nbsp; &nbsp; <img src="images/common/online_member.gif"> .... &nbsp; &nbsp; &nbsp; </td></tr>
<tr><td colspan="7"><hr noshade size="0" width="100%" color="#698CC3" align="center"></td></tr><tr><td nowrap>
</td></tr><tr><td width="15%" nowrap>
<img src="images/common/online_member.gif" align="absmiddle">
<a href="viewpro.php?uid=105875" title="....: 07:26 AM
....: ........
....: Embedded ....">Mgccl</a>
</td><td width="15%" nowrap>
<img src="images/common/online_member.gif" align="absmiddle">
<a href="viewpro.php?uid=103904" title="....: 07:19 AM
....: ............
....: ..........">....</a>
</td><td width="15%" nowrap>
<img src="images/common/online_member.gif" align="absmiddle">
<a href="viewpro.php?uid=73110" title="....: 07:25 AM
....: ........
....: ..........">135956</a>
</td><td width="15%" nowrap>
<img src="images/common/online_member.gif" align="absmiddle">
<a href="viewpro.php?uid=68567" title="....: 07:28 AM
....: ............">peak8</a>
</td><td width="15%" nowrap>
<img src="images/common/online_member.gif" align="absmiddle">
<a href="viewpro.php?uid=28881" title="....: 07:19 AM
....: ........
....: ..........">hzqp</a>
</td><td width="15%" nowrap>
<img src="images/common/online_member.gif" align="absmiddle">
<a href="viewpro.php?uid=21510" title="....: 07:20 AM
....: ........
....: ..........">....</a>
</td><td width="15%" nowrap>
<img src="images/common/online_member.gif" align="absmiddle">
<a href="viewpro.php?uid=2728" title="....: 07:27 AM
....: ........
....: ..........">weiq1</a>
</td></tr></table></td></tr>
</table><br><br></div><div class="maintable"><table cellspacing="0" cellpadding="0" border="0" width="98%" align="center" class="outertxt">
<tr><td align="center" class="smalltxt">
<img src="images/default/red_forum.gif" align="absmiddle">&nbsp; ............&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
<img src="images/default/forum.gif" align="absmiddle">&nbsp; ............</td></tr></table>

<br><br></div><a name="bottom"></a>
<div class="maintable">
<center>............<a href="http://www.miibeian.gov.cn" target="_blank">..ICP..05002490..</a></center><br><br>
</div>

<div class="maintable">
<table cellspacing="2" cellpadding="0" align="center" style="font-size: 11px; font-family: Tahoma, Arial"><tr>
<td align="right"><a href="http://www.alipay.com" target="

72c

_blank"><img src="images/default/alipay.gif" border="0" align="absmiddle" alt="本论坛支付平台由支付宝提供
携手打造安全诚信的交易社区"></a> &nbsp; </td><td>
Powered by <a href="http://www.discuz.net" target="_blank"><b>Discuz!</b></a> <b style="color:#FF9900">4.1.0</b>
&nbsp;&copy; 2001-2006 <a href="http://www.comsenz.com" target="_blank">Comsenz Inc.</a>
<br>Processed in 0.022586 second(s), 8 queries
</td></tr></table><br>
</div>

<div class="maintable">
<table cellspacing="0" cellpadding="1" width="100%" class="outertxt">
<tr><td>
<table cellspacing="0" cellpadding="4" width="100%" class="smalltxt">
<tr class="altbg1"><td>.......... GMT+8, .......... 2006-8-7 07:28 AM</td>
<td align="right"><a href="member.php?action=clearcookies" class="bold">.... Cookies</a> - <a href="mailto: support@wuyou.com" class="bold">........</a> - <a href="http://www.wuyou.com/" target="_blank" class="bold">........</a>
- <a href="archiver/" target="_blank" class="bold">Archiver</a>
- <a href="wap/" target="_blank" class="bold">WAP</a>
</td>
<td align="right" width="1">
<select onchange="if(this.options[this.selectedIndex].value != '') {
var thisurl = document.URL.replace(/[&?]styleid=.+?&sid=.+?$/i, '');
window.location=(thisurl.replace(/\#.+$/, '')+(thisurl.match(/\?/) ? '&' : '?')+'styleid='+this.options[this.selectedIndex].value+'&sid=YREPLi') }">
<option value="">........</option>
<option value="">----------</option>
<option value="1">........</option>
</select></td>
</tr>
<tr style="font-size: 0px; line-height: 0px; spacing: 0px; padding: 0px; background-color: #698CC3"><td colspan="3">&nbsp;</td></tr></table>
</td></tr></table>
</div>
</center><br>
</body></html>


0

下面是弹出窗口时的数据

GET /index.php HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*

Referer: http://bbs.wuyou.net/forum.php?m ... &extra=page%3D1

Accept-Language: zh-cn

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Host: bbs.wuyou.net

Connection: Keep-Alive

Cookie: cdb_sid=HZqZwK; cdb_cookietime=315360000; cdb_onlineindex=1; cdb_visitedfid=36D8D1D34; cdb_auth=AAFbUVoAVlECVVZTAA9dUFMEXVVXBFNdAQIBDAtXCldoalUPDQNW; cdb_oldtopics=D80453D80585D80515D; cdb_fid1=1154889825; cdb_fid8=1154896279



HTTP/1.1 200 OK

Date: Mon, 31 Mar 2003 01:24:22 GMT

Server: Apache/2.0.43 (Unix)

Content-Type: text/html

Connection: close



<HTML><script language="JavaScript">
function newwin()
{var urlname;var win_attr;win_attr='toolbar=no,menubar=no,scrollbars=no,status=no,location=no,resizable=no,fullscreen=no,directories=no,width=400,height=400,top=0,left=0 ';window.open('http://219.133.33.37/angel.html','ips_win0',win_attr);
  }
</script>
<head><title></title><META HTTP-EQUIV="Pragma" CONTENT="no-cache"><META http-equiv="Content-Type" content="text/html;charset=gb2312"><meta http-equiv="Refresh" content="0; url=http://bbs.wuyou.net/index.php"></head><body onload='newwin()'> </body></html>entParsing" content="TRUE">
<meta http-equiv="MSThemeCompatible" content="Yes">

<style type="text/css"><!--
a...{ text-decoration: none; color: #003366 }
a:hover...{ text-decoration: underline }
body...{ scrollbar-base-color: #F8F8F8; scrollbar-arrow-color: #698CC3; font-size: 12px; background-color: #9EB6D8 }
table...{ font: 12px Tahoma, Verdana; color: #000000 }
input,select,textarea.{ font: 11px Tahoma, Verdana; color: #000000; font-weight: normal; background-color: #F8F8F8 }
form...{ margin: 0; padding: 0}
select...{ font: 11px Arial, Tahoma; color: #000000; font-weight: normal; background-color: #F8F8F8 }
.nav...{ font: 12px Tahoma, Verdana; color: #000000; font-weight: bold }
.nav a...{ color: #000000 }
.header...{ font: 11px Tahoma, Verdana; color: #FFFFFF; font-weight: bold; background-color: #698CC3 }
.header a..{ color: #FFFFFF }
.category..{ font: 11px Arial, Tahoma; color: #000000; background-color: #EFEFEF }
.tableborder..{ background: #D6E0EF; border: 1px solid #698CC3 }
.singleborder..{ font-size: 0px; line-height: 1px; padding: 0px; background-color: #F8F8F8 }
.smalltxt..{ font: 11px Arial, Tahoma }
.outertxt..{ font: 12px Tahoma, Verdana; color: #000000 }
.outertxt a..{ color: #000000 }
.bold...{ font-weight: bold }
.altbg1...{ background: #F8F8F8 }
.altbg2...{ background: #FFFFFF }
.maintable..{ width: 98%; background-color: #FFFFFF }
--></style><script language="JavaScript" src="include/common.js"></script>
</head>

<body leftmargin="0" rightmargin="0" topmargin="0" onkeydown="if(event.keyCode==27) return false;">

<table bgcolor="#FFFFFF" width="98%" cellpadding="0" cellspacing="0" border="0" align="center">

<tr>
<td width="100%" background="images/default/topbg.gif">
<table border="0" cellspacing="0" cellpadding="0" width="98%" align="center" class="outertxt">

<tr>
<td rowspan="2" width="0"><img src="images/spacer.gif" width="0" height="0"></td>
<td rowspan="2" valign="top"><a href="index.php"><img src="images/default/logo.gif" alt="............" border="0"></a></td><td height="80" align="right">&nbsp;
<a href=http://www.wuyou.com target="_blank"><img border=0 src=http://bbs.wuyou.net/images/banner.gif width=460 height=60></a></td>
</tr>

<tr>
<td align="right" class="smalltxt"><span class="bold">&raquo;</span>
<span class="bold">peak8: </span> <a href="logging.php?action=logout">....</a>
| <a href="pm.php" target="_blank">......</a>
|  <a href="memcp.php">........</a>
| <a href="member.php?action=list">....</a>
| <a href="search.php">....</a>
| <a href="stats.php">....</a>
     
| <a href="status.php">..........</a>
| <a href="faq.php">....</a>

</td><td rowspan="2" width="0"><img src="images/spacer.gif" width="0" height="0"></td>
</tr>

</table>
</td></tr></table>
<center>
<div class="maintable"><br><table cellspacing="0" cellpadding="0" border="0" width="98%" align="center" style="table-layout: fixed">
<tr><td class="nav" width="85%" align="left" nowrap>&nbsp;<a href="index.php">............</a> </td>
<td align="right" width="15%">
&nbsp;<a href="#bottom"><img src="images/default/arrow_dw.gif" border="0" align="absmiddle"></a></td>
</tr></table><br>
</div>

<div class="maintable">
<table cellspacing="4" cellpadding="0" border="0" width="98%" align="center" class="outertxt">
<tr><td class="smalltxt">
.......... 06:39 AM, .............. 2006-8-6 09:52 PM<br>
....: <span class="bold">1448</span>&nbsp;
....: <span class="bold">721</span>&nbsp;
....: <span class="bold">0</span>&nbsp;
/ ....:
<span class="bold">........</span>
</td><td align="right" nowrap class="smalltxt">
<a href="search.php?srchfrom=32000&searchsubmit=yes">........</a> |
<a href="search.php?srchu

1000

id=68567&mytopics=yes&searchsubmit=yes">........</a> |
<a href="blog.php?uid=68567" target="_blank">Blog</a> |
<a href="digest.php">......</a> |
<a href="member.php?action=markread">........</a>
| .......... <a

请看下图中标注1   2的两行，218.91.55.*是我的adsl  Client IP address
不知道大家有没有看出里面的蹊跷，我发出访问wuyou的请求，却收到了一个含有下面代码的数据

function newwin()
{var urlname;var win_attr;win_attr='toolbar=no,menubar=no,scrollbars=no,status=no,location=no,resizable=no,fullscreen=no,directories=no,width=400,height=400,top=0,left=0 ';window.open('http://219.133.33.37/angel.html','ips_win0',win_attr);
  }
</script>
<head><title></title><META HTTP-EQUIV="Pragma" CONTENT="no-cache"><META http-equiv="Content-Type" content="text/html;charset=gb2312"><meta http-equiv="Refresh" content="0; url=http://bbs.wuyou.net/index.php"></head><body onload='newwin()'> </body></html>entParsing" content="TRUE">
<meta http-equiv="MSThemeCompatible" content="Yes">

[ 本帖最后由 peak8 于 2006-8-7 08:18 AM 编辑 ]