瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】IE老是自动打开窗口,麻烦帮我看看hijackthis的log文件!

1   1  /  1  页   跳转

【求助】IE老是自动打开窗口,麻烦帮我看看hijackthis的log文件!

收藏
HappyBob
头像
初生襁褓狮
  • 帖子:1
  • 注册: 2005-07-20
  • 来自:
发表于: 2005-07-20 10:37 | 只看楼主 短消息 资料
字号: 1楼

【求助】IE老是自动打开窗口,麻烦帮我看看hijackthis的log文件!

Logfile of HijackThis v1.99.1
Scan saved at 10:11:35, on 2005-07-20
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

运行进程:           
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\S24EvMon.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\LogWatNT.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
E:\oracle92\ora92\bin\omtsreco.exe
E:\oracle\ora81\bin\dbsnmp.exe
E:\oracle\ora81\bin\vppdc.exe
E:\oracle\ora81\BIN\TNSLSNR.exe
e:\oracle\ora81\bin\ORACLE.EXE
C:\WINNT\system32\RegSrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\spool\ugplot\ugiipqd.exe
E:\Program Files\EDS\License Servers\UGNXFLEXlm\lmgrd.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
E:\Program Files\EDS\License Servers\UGNXFLEXlm\uglmd.exe
C:\WINNT\system32\ZCfgSvc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\1XConfig.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Azsudm\Egtgf.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\jdk1.5.0_02\bin\jusched.exe
C:\WINNT\system32\conime.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\software\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (没有文件) 
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\tools\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINNT\wsem303.dll
O2 - BHO: ACA Capture - {93C69D87-A11D-4FFC-BC56-BE7EE0D235BA} - E:\Program Files\ACASystems\ACACapturePro422\scap0003p.dll
O2 - BHO: IMU IE HELP - {9A0527C1-4D5F-4e45-9D28-6257F75EDDB1} - C:\WINNT\system32\imuiepls.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: LVF Helper Object - {EDB66B70-9AF0-458B-8128-CAE4ED187205} - C:\Program Files\EDS\iSeries\5_0\WebBHO.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINNT\system32\51.net\diybar\diybar.dll
O3 - Toolbar: MSN 工具栏 - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\zh-cn\msntb.dll (文件故障)
O3 - Toolbar: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (没有文件) 
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Xlgfiyfe] C:\Program Files\Azsudm\Egtgf.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINNT\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\jdk1.5.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O8 - Extra context menu item: &Download by NetAnts - D:\tools\NetAnts\NAGet.htm
O8 - Extra context menu item: Download &All by NetAnts - D:\tools\NetAnts\NAGetAll.htm
O8 - Extra context menu item: 使用影音传送带下载 - D:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - D:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 发送图片到手机(&M) - http://sms.sina.com.cn/diy/send.html?from=20000001
O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\jdk1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\jdk1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - D:\tools\NetAnts\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - D:\tools\NetAnts\NetAnts.exe
O9 - Extra button: 卓越 - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - d:\tools\Kingsoft\XDict\IEPlugin.dll
O9 - Extra button: ACA Capture Pro - {905A31AA-BDD1-44bd-9920-53D34E5953A4} - E:\Program Files\ACASystems\ACACapturePro422\SCapPro.exe
O9 - Extra button: (no name) - {9543741D-4E79-4f0d-8E60-A702CDF8B2D2} - E:\Program Files\ACASystems\ACACapturePro422\SCapPro.exe
O9 - Extra 'Tools' menuitem: ACA Capture Pro - {9543741D-4E79-4f0d-8E60-A702CDF8B2D2} - E:\Program Files\ACASystems\ACACapturePro422\SCapPro.exe
O9 - Extra button: 金山词霸 - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - d:\tools\Kingsoft\XDict\IEPlugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {54F8C0E2-34F9-474F-B47F-2CFCFE2300A2} - http://download.imu.com.cn/client/chatatwill/ie/imuliver.cab
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} - http://iebar.t2t2.com/iebar.cab
O16 - DPF: {7245F8AA-FE92-4CA7-B0D7-17594F3D7C0C} - http://localhost:8081/HFCWEB/applets/webpd.cab
O16 - DPF: {8B4067F6-E530-4312-9FC6-970D3FADE6A8} (OSSCtrl Class) - http://localhost:7001/TCENT5/applets/OSSPlugin.cab
O16 - DPF: {9A0527C1-4D5F-4E45-9D28-6257F75EDDB1} (IEBHOObj Class) - http://download.imuweb.com/client/chatatwill/ie/imuiepls.cab
O16 - DPF: {A23817F2-733B-4BC5-8DED-C1B9B4BBF93C} - http://bar.yok.com/yokbar.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_05) -
O16 - DPF: {D854FC15-D3EA-496A-B2A0-A772A3DE1D09} (CHtmlIp1View Object) - http://image2.sina.com.cn/cj/chanye/Ip1HtmlView.dll
O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} (MultiDist) - http://xbs.mtree.com/mt/dialers/fc/MultiDistFC.CAB
O20 - AppInit_DLLs: apihookdll.dll
O20 - Winlogon Notify: Sebring - C:\WINNT\system32\LgNotify.dll

最后编辑2005-07-20 11:34:36
分享到:
gototop
 
飞跃迷离
头像
社区嘉宾
  • 帖子:7351
  • 注册: 2004-10-15
  • 来自:
发表于: 2005-07-20 11:34 | 短消息 资料
字号: 2楼

重新启动到安全模式(进入安全模式的方法:重新启动电脑, 开机自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。)

请关闭所有IE界面,重新使用HijackThis扫描一次,选中下面建议修复的项目,让HijackThis修复,修复前请允许HijackThis保留备份。(如果楼主知道是安全的可以不必勾选)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (没有文件)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINNT\wsem303.dll
O2 - BHO: IMU IE HELP - {9A0527C1-4D5F-4e45-9D28-6257F75EDDB1} - C:\WINNT\system32\imuiepls.dll
O3 - Toolbar: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINNT\system32\51.net\diybar\diybar.dll
O3 - Toolbar: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (没有文件)
O16 - DPF: {54F8C0E2-34F9-474F-B47F-2CFCFE2300A2} - http://download.imu.com.cn/client/chatatwill/ie/imuliver.cab
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} - http://iebar.t2t2.com/iebar.cab
O16 - DPF: {7245F8AA-FE92-4CA7-B0D7-17594F3D7C0C} - http://localhost:8081/HFCWEB/applets/webpd.cab
O16 - DPF: {8B4067F6-E530-4312-9FC6-970D3FADE6A8} (OSSCtrl Class) - http://localhost:7001/TCENT5/applets/OSSPlugin.cab
O16 - DPF: {9A0527C1-4D5F-4E45-9D28-6257F75EDDB1} (IEBHOObj Class) - http://download.imuweb.com/client/chatatwill/ie/imuiepls.cab

然后打开我的电脑。。再点工具。。打开文件夹选项。。。查看。。。把隐藏受保护的系统文件(推荐)和隐藏已知文件类型的扩展名的勾去掉。再显示所有文件。 用WINDOWS的查找功能进行查找并删除:
C:\WINNT\nem220.dll
C:\WINNT\wsem303.dll
C:\WINNT\system32\imuiepls.dll
C:\WINNT\system32\51.net\diybar\diybar.dll
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT