前几天我的电脑因不小心打开了一些那些六合彩的网页,弄得现在一启动电脑就自动打开那些网页,而桌面上也多了很多类似网页的快捷键,原本我的主页是百度的,可一打开就是六合彩的,网址却还是百度的,我试了IE修复,可修复不了,都不知怎么办,烦死了,望各各高手能帮忙解决!

建议您下载并使用HijackThis1.99.1

HijackThis下载地址请参考：
【必读】本版说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931

HijackThis的使用方法-----请参考--瑞星HijackThis专题
http://it.rising.com.cn/newSite/Channels/anti_virus/Antivirus_Faq/TopicExplorerPagePackage/hijackthis.htm

运行HijackThis，先点[扫描]或[Scan]按钮，扫描完成后，[扫描]或[Scan]按钮会变为[保存Log]或[Save Log]按钮，点击它，LOG将会在记事本中显示，再从记事本里复制/粘贴到贴子里。
如果LOG比较长，一贴发不完，你可以分成几个部分发在回贴里。

【回复“文源”的帖子】



请您先下载HijackThis1.99.1（它是免费的）：

http://www.spywareinfo.com/~merijn/files/hijackthis.zip
将它解压到一个非临时性的文件夹（比如C:\Program Files\HijackThis\HijackThis.exe）。然后双击HijackThis.exe图标，选择Do a system scan and save a logfile，将产生的文本文件中的日志帖上来。如果一个帖子贴不下，可以将剩余的部分另开一帖。

Logfile of HijackThis v1.99.1
Scan saved at 13:56:23, on 2005-12-7
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\KAV2005\KWatch.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\KAV2005\KPfwSvc.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\rundll32.exe
D:\Program Files\Common Files\SAND\client.exe
D:\KAV2005\KAVStart.exe
D:\WINDOWS\rundll32.exe
D:\Program Files\Ahead\InCD\InCD.exe
D:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
D:\WINDOWS\System32\rundll32.exe
D:\WINDOWS\System32\ctfmon.exe
D:\KAV2005\KMailMon.EXE
D:\WINDOWS\System32\Rundll32.exe
D:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
D:\Program Files\TTPlayer\TTPlayer.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\System32\rundll32.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\Tencent\QQ\TIMPlatform.exe
D:\Program Files\IE修复专家\IE修复专家.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\Tencent\QQ\QQexternal.exe
D:\Documents and Settings\hdc\Local Settings\Temp\hijackthis.zip 的临时

目录 1\HijackThis.exe
D:\Program Files\Kingsoft\FastAIT 2005\FastAIT.exe

R3 - Default URLSearchHook is missing
O1 - Hosts: 205.177.72.132 www.32012.com/1/2.htm
O1 - Hosts: 205.177.72.132 www.16700.net/189.htm
O1 - Hosts: 205.177.72.132 www.32012.com/1/1.htm
O1 - Hosts: 205.177.72.132 www.fc987.com/cp135.htm
O1 - Hosts: 205.177.72.132 www.34111.com/dy8.htm
O1 - Hosts: 205.177.72.132 1.334456.com/i.htm
O1 - Hosts: 205.177.72.132 www.60066.com/666.htm
O1 - Hosts: 205.177.72.132 www.mark68.net/3.htm
O1 - Hosts: 205.177.72.132 www.fc987.com/cp134.htm
O1 - Hosts: 205.177.72.132 www.4894.com/l.htm
O1 - Hosts: 205.177.72.132 www.55399.com/65.asp
O1 - Hosts: 205.177.72.132 www.34111.com/dy.htm
O1 - Hosts: 205.177.72.132 www.66823.com/11.htm
O1 - Hosts: 205.177.72.132 www.66823.com/33.htm
O1 - Hosts: 205.177.72.132 www1.31339.com
O1 - Hosts: 205.177.72.132 www.v8885.cn/222.htm
O1 - Hosts: 205.177.72.132 www.fc987.com/cp136.htm
O1 - Hosts: 205.177.72.132 2.31339.com
O1 - Hosts: 205.177.72.132 www.60066.com/63.asp
O1 - Hosts: 205.177.72.132 www.v088.com/index1.htm
O1 - Hosts: 205.177.72.132 www.kai888.com/www.kai888.com
O1 - Hosts: 205.177.72.132 k3838338.com/donghua.htm
O1 - Hosts: 205.177.72.132 www.55399.com/64.asp
O1 - Hosts: 205.177.72.132 www.97118.com/3000.htm
O1 - Hosts: 205.177.72.132 www.kai888.com/www.kai888.com/www.kai888.com
O1 - Hosts: 205.177.72.132 k3838338.com/donghua1.htm
O1 - Hosts: 205.177.72.132 www.60066.com/64.asp
O1 - Hosts: 205.177.72.132 55399.com/63.asp
O1 - Hosts: 205.177.72.132 www.60066.com/66.htm
O1 - Hosts: 205.177.72.132 www.118y.com/33.htm
O1 - Hosts: 205.177.72.132 www.v8885.cn/111.htm
O1 - Hosts: 205.177.72.132 www.q3721.com/index1.htm
O1 - Hosts: 205.177.72.132 www.fc987.com/cp133.htm
O1 - Hosts: 205.177.72.132 58665.com/1.htm
O1 - Hosts: 205.177.72.132 www.hk256.com/6.htm
O1 - Hosts: 205.177.72.132 www.389988.com/ab.htm
O1 - Hosts: 205.177.72.132 www.66823.com/44.htm
O1 - Hosts: 205.177.72.132 www.mark68.net/1.htm
O1 - Hosts: 205.177.72.132 www.mt007.com
O1 - Hosts: 205.177.72.132 www.v088.com
O1 - Hosts: 205.177.72.132 www.118y.com/11.htm
O1 - Hosts: 205.177.72.132 www.xg169.com
O1 - Hosts: 205.177.72.132 www.hk6777.com/index6.htm
O1 - Hosts: 205.177.72.132 www.hk8777.com/index6.htm
O1 - Hosts: 205.177.72.132 www.hk6777.com
O1 - Hosts: 205.177.72.132 www.hk3777.com/index3.htm
O1 - Hosts: 205.177.72.132 www.920888.com
O1 - Hosts: 205.177.72.132 hk256.com
O1 - Hosts: 205.177.72.132 100049.com/66.htm
O1 - Hosts: 205.177.72.132 www.hk256.com/66.htm
O1 - Hosts: 205.177.72.132 www.mark68.net/5.htm
O1 - Hosts: 205.177.72.132 www.118y.com/44.htm
O1 - Hosts: 205.177.72.132 www.60066.com/61.asp
O1 - Hosts: 205.177.72.132 www.hk256.com
O1 - Hosts: 205.177.72.132 qq665.com/1.htm
O1 - Hosts: 205.177.72.132 004466.com/htm31.htm
O1 - Hosts: 205.177.72.132 it889.com/101.htm
O1 - Hosts: 205.177.72.132 yao38.com/index1.htm
O1 - Hosts: 205.177.72.132 www.60066.com/62.asp
O1 - Hosts: 205.177.72.132 389988.com/88.htm
O1 - Hosts: 205.177.72.132 www.hk723.com/44.htm
O1 - Hosts: 205.177.72.132 www.4894.com/l.htm
O1 - Hosts: 205.177.72.132 www.mark68.net/2.htm
O1 - Hosts: 205.177.72.132 www.mt007.com/ring
O1 - Hosts: 205.177.72.132 55399.com/62.asp
O1 - Hosts: 205.177.72.132 www.hk8777.com
O1 - Hosts: 205.177.72.132 www.xg169.com
O1 - Hosts: 205.177.72.132 www.vv166.com/4.htm
O1 - Hosts: 205.177.72.132 www.138130.com/dy/168.htm
O1 - Hosts: 205.177.72.132 www.66823.com/22.htm
O1 - Hosts: 205.177.72.132 www.hk723.com/11.htm
O1 - Hosts: 205.177.72.132 004466.com/htm34.htm
O1 - Hosts: 205.177.72.132 004466.com/htm32.htm
O1 - Hosts: 205.177.72.132 55399.com/61.asp
O1 - Hosts: 205.177.72.132 60066.com/6.asp
O1 - Hosts: 205.177.72.132 www.mark68.net/4.htm
O1 - Hosts: 205.177.72.132 hk6777.com
O1 - Hosts: 205.177.72.132 www.1396.net/indexl.htm
O1 - Hosts: 205.177.72.132 www.hk723.com/33.htm
O1 - Hosts: 205.177.72.132 www.58665.com/1.htm
O1 - Hosts: 205.177.72.132 www.so516.com/ls.htm
O1 - Hosts: 205.177.72.132 www.hk723.com/22.htm
O1 - Hosts: 205.177.72.132 004466.com/htm35.htm
O1 - Hosts: 205.177.72.132 it889.com/101.htm
O1 - Hosts: 205.177.72.132 004466.com/htm33.htm
O1 - Hosts: 205.177.72.132 www.hk256.com/666.htm
O1 - Hosts: 205.177.72.132 www.h828.net/yi88
O1 - Hosts: 205.177.72.132 www.hk3777.com/index3.htm
O1 - Hosts: 205.177.72.132 hk8777.com
O1 - Hosts: 205.177.72.132 www.hk256.com/6666.htm
O1 - Hosts: 205.177.72.132 225568.com/01.htm
O1 - Hosts: 205.177.72.132 www.118y.com/22.htm
O1 - Hosts: 205.177.72.132 www1.53777.com
O1 - Hosts: 205.177.72.132 www.xgccc.com
O1 - Hosts: 205.177.72.132 3953.com/2
O1 - Hosts: 205.177.72.132 tk9933.com/d.htm
O1 - Hosts: 205.177.72.132 www1.53777.com
O1 - Hosts: 205.177.72.132 www.vv166.com/5.htm
O1 - Hosts: 205.177.72.132 hao339.com/tu/index.htm
O1 - Hosts: 205.177.72.132 tk399.net/07.htm
O1 - Hosts: 205.177.72.132 www.68q.net/44.htm
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-

843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: Router Layer - {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} -

D:\WINDOWS\System32\aclayer.dll
O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} -

D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing)
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} -

D:\PROGRA~1\MMSASS~1\MMSASS~2.DLL
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} -

D:\WINDOWS\SYSTEM32\stdup.dll
O2 - BHO: BrowserHAP Class - {AEF6F648-78D8-4456-BEE7-5ADE23D209FD} -

D:\PROGRA~1\HBClient\hapast.dll
O2 - BHO: IEHlprObj Class - {EE7C3CF0-4B15-11D1-ABED-709549C10000} -

D:\PROGRA~1\INTERN~1\hmapi.dll (file missing)
O2 - BHO: AdSwpr - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} -

D:\PROGRA~1\IE修复~1\IERBar.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} -

D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} -

D:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O3 - Toolbar: &IE修复专家 - {123249EB-F891-44C4-946F-450064F9080E} -

D:\PROGRA~1\IE修复~1\IERBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE

/Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32

\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32

\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KavStart] "D:\KAV2005\KAVStart.exe" -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32

\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll
O4 - HKLM\..\Run: [Update] D:\Program Files\Common

Files\UPDATE\Update.exe
O4 - HKLM\..\Run: [hbpassport] D:\PROGRA~1\HBClient\hbast.exe
O4 - HKLM\..\Run: [rx] D:\WINDOWS\rundll32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32

\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ExFilter] Rundll32.exe "D:\PROGRA~1

\CNNIC\Cdn\cdnspie.dll,ExecFilter solo"
O4 - HKLM\..\Run: [DataLayer] D:\PROGRA~1\COMMON~1\PCSuite\DATALA~1

\DATALA~1.EXE
O4 - HKLM\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KsgUpdateRun] D:\Program Files\Common

Files\kingsoft\KSG\Client.exe
O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll
O4 - HKCU\..\Run: [KavPFW] "D:\KAV2005\KAVPFW.EXE"
O4 - Startup: 腾讯QQ.lnk = D:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft

Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions

present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions

present
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program

Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program

Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program

Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} -

D:\PROGRA~1\MMSASS~1\MMSASS~2.DLL
O9 - Extra 'Tools' menuitem: MMSAssist工具条设置 - {6671A433-5C3D-463d

-A7CF-5587F9B7E191} - D:\PROGRA~1\MMSASS~1\MMSASS~2.DLL
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) -

http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O23 - Service: .Net Boot Service - Unknown owner - D:\WINDOWS\System32

\big5_gb2312.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program

Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG -

D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft

Corporation - D:\KAV2005\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft

Corporation - D:\KAV2005\KWatch.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Print Controller (Universal Disk Manager) - Unknown

owner - D:\Program Files\Common Files\SAND\client.exe

我现在一打开网页就出现http://cctv28.net的网址,点转到百度网址就出现无法显示,关闭网页后就出现自解压文件的窗口:"无法解压HMAPI.dLL      无法创建HMAPI.dLL  正在解压Licenses.txt"

开始→控制面板→性能和维护→管理工具→服务→查找.Net Boot Service、Print Controller (Universal Disk Manager)→右击→属性→启动类型→禁止→应用→停止→确定。

进入控制面版的添加删除程序中卸载 “MMSAssist”“Winstdup”

重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows

运行Hijackthis，扫描结束后在下列选项前打上勾，然后选修复“Fix Checked”：

R3 - Default URLSearchHook is missing
所有01项
O2 - BHO: Router Layer - {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} - D:\WINDOWS\System32\aclayer.dll
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - D:\PROGRA~1\MMSASS~1\MMSASS~2.DLL
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - D:\WINDOWS\SYSTEM32\stdup.dll
O2 - BHO: BrowserHAP Class - {AEF6F648-78D8-4456-BEE7-5ADE23D209FD} - D:\PROGRA~1\HBClient\hapast.dll
O2 - BHO: IEHlprObj Class - {EE7C3CF0-4B15-11D1-ABED-709549C10000} - D:\PROGRA~1\INTERN~1\hmapi.dll (file missing)
O4 - HKLM\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll
O4 - HKLM\..\Run: [Update] D:\Program Files\Common Files\UPDATE\Update.exe
O4 - HKLM\..\Run: [hbpassport] D:\PROGRA~1\HBClient\hbast.exe
O4 - HKLM\..\Run: [rx] D:\WINDOWS\rundll32.exe
O4 - HKLM\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat
O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - D:\PROGRA~1\MMSASS~1\MMSASS~2.DLL
O9 - Extra 'Tools' menuitem: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - D:\PROGRA~1\MMSASS~1\MMSASS~2.DLL

显示隐藏文件

双击我的电脑--工具---文件夹选项--查看选项卡--单击选取"显示隐藏文件或文件夹"--清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示您确定更改时，单击“是”--单击“确定”。

然后找到如下文件并删除（如果有的话）。

D:\WINDOWS\System32\aclayer.dll
D:\WINDOWS\System32\aclayer.exe
D:\PROGRA~1\MMSASS~1\整个目录
D:\WINDOWS\SYSTEM32\stdup.dll
D:\PROGRA~1\HBClient\整个目录
C:\$NtUninstallQ5926809$\整个目录
D:\Program Files\Common Files\UPDATE\整个目录
D:\WINDOWS\rundll32.exe
D:\Program Files\Common Files\SAND\整个目录
D:\WINDOWS\System32\big5_gb2312.exe(请将此文件在删除前用winrar压缩打包，密码设为：virus.发给我，谢谢。lymofaxuetu@163.com)

不好意思,我不会压缩打包,而且我电脑现在也上不了网易,我的邮箱也是163的,发不了怎么办?

6楼的哥们，你不会打包？？右键点不就出来了吗？你还不如说你不会玩电脑呢？！

不会压缩就算了，直接删除吧

多谢版主的指点,但我照你的方法试过了,但还是不行,现在就不会自动打开网页,我现在一打开网页就出现http://cctv28.net的网址,点转到百度网址就还是会自动转到http://cctv28.net的网址,关闭网页后就出现自解压文件的窗口:"无法解压HMAPI.dLL 无法创建HMAPI.dLL 正在解压Licenses.txt",但可以在收藏夹里打开网页,也可以由收藏夹转其它的网页,但每个网页左上方显示地址的地方会在网址后面加上http://cctv28.net的字,唉,烦呀