一尾金鱼 - 2007-2-2 11:16:00
最近单位里2台电脑中了毒和木马,
清除后遗留下2个问题,均表现为默认的IE浏览器不能正常使用,
一台表现为:打开IE、输入网址、按回车后,会弹出很多空的IE窗口,且机器有假死机的现象,偶尔还会弹出个对话框:“引用了无法使用的牌令”,只有一个按钮,点击后会弹出4、50个空IE窗口来...
另一台表现为:每次双击IE的图标,都会生成一个IE的快捷方式,IE窗口却无法打开。
以上2台电脑都重新安装过IE,但都不管用,用第三方软件能上网,比如世界之窗。
请问如何能解决以上问题?
HijackThis_zww汉化版扫描日志 V1.99.1
保存于 8:29:23, 日期 2007-1-31
操作系统: Windows XP SP2 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\tools\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\tools\AVG Anti-Spyware 7.5\avgas.exe
C:\tools\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\tools\MagicSet\SRIECLI.EXE
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\WINDOWS\system32\sistray.exe
C:\tools\TheWorld-v1.36\TheWorld.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\gongxiang\桌面\HijackThis1[1][1].99.1\HijackThis1991zww.exe
R3 - URLSearchHook: 2ccc - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4708ntos.dll
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - C:\tools\MagicSet\haokanbar.dll
O2 - BHO: 2ccc - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4708ntos.dll
O3 - IE工具栏增项: 2ccc - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4708ntos.dll
O3 - IE工具栏增项: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - C:\tools\MagicSet\haokanbar.dll
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - 启动项HKLM\\Run: [CorelDRAW Graphics Suite 11b] C:\tools\Corel\Corel Graphics 12\Languages\CS\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=021007 serial=DR12WNF-7499091-DBF lang=CS
O4 - 启动项HKLM\\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - 启动项HKLM\\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - 启动项HKLM\\Run: [!AVG Anti-Spyware] "C:\tools\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - 启动项HKLM\\Run: [UnlockerAssistant] "C:\tools\Unlocker\UnlockerAssistant.exe"
O4 - 启动项HKLM\\Run: [DAEMON Tools] ; "C:\tools\DAEMON Tools\daemon.exe" -lang 2052
O4 - 启动项HKLM\\Run: [DAEMON Tools-1033] ; "C:\tools\D-Tools\daemon.exe" -lang 1033
O4 - 启动项HKLM\\Run: [dfsf] ; RUNDLL32.EXE C:\WINDOWS\system\Mvvp.dll,DImmcv
O4 - 启动项HKLM\\Run: [hxgame-update] ;
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [IMSCMig] ; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [McAfeeUpdaterUI] ; "C:\tools\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - 启动项HKLM\\Run: [sdafdsafds] ; D;]XJOEPXT]ufnq]te263/fyf
O4 - 启动项HKLM\\Run: [StormCodec_Helper] ; "C:\tools\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [TkBellExe] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [WebThunder] ; C:\tools\WebThunder\WebThunder.exe
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Super Rabbit IEPro] C:\tools\MagicSet\SRIECLI.EXE /LOAD
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [UUpdate] ;
O4 - HKCU\..\Run: [wsctf.exe] ; wsctf.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - IE右键菜单中的新增项目: 使用Web迅雷下载 - C:\tools\WebThunder\GetUrl.htm
O8 - IE右键菜单中的新增项目: 使用Web迅雷下载全部链接 - C:\tools\WebThunder\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 用比特精灵下载(&B) - C:\tools\BitSpirit\bsurl.htm
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\Warcraft III\浩方对战平台\GameClient.exe
O9 - 浏览器额外的按钮: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - 浏览器额外的“工具”菜单项: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cdnns.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/
O16 - DPF: {001290E5-CD10-4957-9D2B-FD2B74990219} (GovTifActiveX Control) - http://search.sipo.gov.cn/sipo/zljs/GovActive/GovTifActiveX.ocx
O16 - DPF: {14E35F55-9E75-4107-AB26-AB645DD8EDE9} (BESClientCheck Control) - http://10.1.4.39/BESClientCheck.ocx
O16 - DPF: {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} (EWA Control) - http://p2pdl.sportscn.com/SynaLiveSetup.exe
O16 - DPF: {3F166327-8030-4881-8BD2-EA25350E574A} (CellWeb5 Control) - http://10.1.4.107/tzx/cell/cellweb5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{096F4E26-3985-4E89-B44A-3C1B40A81CB1}: NameServer = 202.106.148.1,202.106.0.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{096F4E26-3985-4E89-B44A-3C1B40A81CB1}: NameServer = 202.106.148.1,202.106.0.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{096F4E26-3985-4E89-B44A-3C1B40A81CB1}: NameServer = 202.106.148.1,202.106.0.20
O18 - 列举现有的协议: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\tools\AVG Anti-Spyware 7.5\guard.exe
O23 - NT 服务: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - NT 服务: BES Client (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
O23 - NT 服务: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - NT 服务: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - NT 服务: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - NT 服务: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - NT 服务: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
© 2000 - 2026 Rising Corp. Ltd.