清浅ぺ梅影Ю - 2006-7-21 16:17:00
IE总是隔一段时间就弹出N个网站.要把机子卡死,而且一开机IE就自动打开,都是非法的网站和一些广告,那位大虾救救我啊.55555555
下面是用HijackThis扫描的日志:
Logfile of HijackThis v1.99.1
Scan saved at 16:04:01, on 2006-7-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\windows\system32\Rundll32.exe
C:\WINDOWS\LSASS.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\baigoo\bgoomain.exe
C:\windows\svchost.exe
C:\Documents and Settings\ttqx.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\windows\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\windows\System32\alg.exe
C:\windows\system32\conime.exe
C:\Program Files\rising\rav\RsAgent.exe
C:\windows\System32\VIPTray.exe
C:\windows\Tempp\winass.exe
C:\windows\system\java.exe
D:\qq\QQ.exe
D:\qq\TIMPlatform.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\1101246.exe
E:\反浏览器劫持工具\HijackThis.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\abmci.exe
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\windows\system32\wmpdrm.dll
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4573.dll
O2 - BHO: CAISHOW TOOLBAR - {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} - C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll
O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} - C:\WINDOWS\system32\bdhelper.dll
O2 - BHO: ActiveBHO Class - {63C55A7F-6E29-8D4F-5C76-4F850F28D13A} - C:\Progra~1\DoDoorRSSFinder\ActiveBandObject.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O2 - BHO: MSHlper Class - {721E6521-4CAD-4A8D-A7F1-4E230B31EF19} - C:\windows\system32\MSHLP.DLL
O2 - BHO: CpapView Class - {77962960-536E-47EC-9DDB-52651519705F} - C:\windows\system32\Rundl132.dll
O2 - BHO: bg - {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} - C:\Program Files\baigoo\BGooBHO.dll
O2 - BHO: IEHlprObj Class - {999ADFA2-8AD1-47ff-97FC-69FB847458F4} - C:\Progra~1\NetMeeting\nmview.dll
O3 - Toolbar: 系统标准按钮(&E) - {6B2455FD-3669-4555-8DF8-69FD5BC846F8} - C:\WINDOWS\system32\SystemToolbar.dll
O4 - HKLM\..\Run: [ToP] C:\WINDOWS\LSASS.exe
O4 - HKLM\..\Run: [svc] C:\windows\svchost.exe
O4 - HKLM\..\Run: [MSService_v1.0] C:\windows\system\java.exe
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [ttqx] C:\Documents and Settings\ttqx.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [bgoomain.exe] C:\PROGRA~1\baigoo\bgoomain.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [spoolsv] C:\windows\system32\spoolsv\spoolsv.exe -printer
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [svc] C:\windows\svchost.exe
O4 - HKCU\..\Run: [msnnt] C:\windows\Updateb.exe
O4 - HKCU\..\Run: [IE浏览器修复工具] E:\新建文件夹\IE浏览器修复工具\ietools.exe /AutoRun
O4 - HKCU\..\Run: [caishowmanage] C:\Program Files\CaiShow Tech\CaiShow\UpdateManager.EXE
O4 - Startup: 腾讯QQ.lnk = D:\qq\QQ.exe
O4 - Global Startup: IE-BAR.lnk = C:\WINDOWS\system32\rundll32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: !搜一搜 - res://C:\Program Files\YiSou\yisou.dll/232
O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\qq\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\qq\AddEmotion.htm
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\qq\SendMMS.htm
O8 - Extra context menu item: 用炫彩图铃发送该图片 - C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm
O8 - Extra context menu item: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll/246
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\qq\QQ.EXE
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msplus.dll
O10 - Unknown file in Winsock LSP: c:\windows\xboxcenter.dll
O10 - Unknown file in Winsock LSP: c:\windows\xboxcenter.dll
O10 - Unknown file in Winsock LSP: c:\windows\xboxcenter.dll
O10 - Unknown file in Winsock LSP: c:\windows\xboxcenter.dll
O10 - Unknown file in Winsock LSP: c:\windows\xboxcenter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msplus.dll
O11 - Options group: [!CNS] 网络实名
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CC90182-C52F-4E93-B7C6-FF588F30C8BC}: NameServer = 61.139.2.69
O21 - SSODL: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Te1net - Unknown owner - C:\windows\System32\VIPTray.exe
下面是用HijackThis扫描的日志:
Logfile of HijackThis v1.99.1
Scan saved at 16:04:01, on 2006-7-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\windows\system32\Rundll32.exe
C:\WINDOWS\LSASS.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\baigoo\bgoomain.exe
C:\windows\svchost.exe
C:\Documents and Settings\ttqx.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\windows\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\windows\System32\alg.exe
C:\windows\system32\conime.exe
C:\Program Files\rising\rav\RsAgent.exe
C:\windows\System32\VIPTray.exe
C:\windows\Tempp\winass.exe
C:\windows\system\java.exe
D:\qq\QQ.exe
D:\qq\TIMPlatform.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\1101246.exe
E:\反浏览器劫持工具\HijackThis.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\abmci.exe
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\windows\system32\wmpdrm.dll
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4573.dll
O2 - BHO: CAISHOW TOOLBAR - {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} - C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll
O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} - C:\WINDOWS\system32\bdhelper.dll
O2 - BHO: ActiveBHO Class - {63C55A7F-6E29-8D4F-5C76-4F850F28D13A} - C:\Progra~1\DoDoorRSSFinder\ActiveBandObject.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O2 - BHO: MSHlper Class - {721E6521-4CAD-4A8D-A7F1-4E230B31EF19} - C:\windows\system32\MSHLP.DLL
O2 - BHO: CpapView Class - {77962960-536E-47EC-9DDB-52651519705F} - C:\windows\system32\Rundl132.dll
O2 - BHO: bg - {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} - C:\Program Files\baigoo\BGooBHO.dll
O2 - BHO: IEHlprObj Class - {999ADFA2-8AD1-47ff-97FC-69FB847458F4} - C:\Progra~1\NetMeeting\nmview.dll
O3 - Toolbar: 系统标准按钮(&E) - {6B2455FD-3669-4555-8DF8-69FD5BC846F8} - C:\WINDOWS\system32\SystemToolbar.dll
O4 - HKLM\..\Run: [ToP] C:\WINDOWS\LSASS.exe
O4 - HKLM\..\Run: [svc] C:\windows\svchost.exe
O4 - HKLM\..\Run: [MSService_v1.0] C:\windows\system\java.exe
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [ttqx] C:\Documents and Settings\ttqx.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [bgoomain.exe] C:\PROGRA~1\baigoo\bgoomain.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [spoolsv] C:\windows\system32\spoolsv\spoolsv.exe -printer
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [svc] C:\windows\svchost.exe
O4 - HKCU\..\Run: [msnnt] C:\windows\Updateb.exe
O4 - HKCU\..\Run: [IE浏览器修复工具] E:\新建文件夹\IE浏览器修复工具\ietools.exe /AutoRun
O4 - HKCU\..\Run: [caishowmanage] C:\Program Files\CaiShow Tech\CaiShow\UpdateManager.EXE
O4 - Startup: 腾讯QQ.lnk = D:\qq\QQ.exe
O4 - Global Startup: IE-BAR.lnk = C:\WINDOWS\system32\rundll32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: !搜一搜 - res://C:\Program Files\YiSou\yisou.dll/232
O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\qq\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\qq\AddEmotion.htm
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\qq\SendMMS.htm
O8 - Extra context menu item: 用炫彩图铃发送该图片 - C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm
O8 - Extra context menu item: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll/246
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\qq\QQ.EXE
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msplus.dll
O10 - Unknown file in Winsock LSP: c:\windows\xboxcenter.dll
O10 - Unknown file in Winsock LSP: c:\windows\xboxcenter.dll
O10 - Unknown file in Winsock LSP: c:\windows\xboxcenter.dll
O10 - Unknown file in Winsock LSP: c:\windows\xboxcenter.dll
O10 - Unknown file in Winsock LSP: c:\windows\xboxcenter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msplus.dll
O11 - Options group: [!CNS] 网络实名
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CC90182-C52F-4E93-B7C6-FF588F30C8BC}: NameServer = 61.139.2.69
O21 - SSODL: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Te1net - Unknown owner - C:\windows\System32\VIPTray.exe