现在公司好几台电脑中了这样的现象,如果不开IE,或者其他浏览器,则没有什么事情.一旦开了IE,就会每隔一段时间弹出3到4个国外的网站广告,每次弹出的不一样,但是都是从
http://www.searc-h.com/normal/yyy34.html 连接过去的.请问如何解决啊,杀毒,IE修复都没有用,注册表也找不到这个网址的信息.谢谢!

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run           

+ ccApp    Common Client User Session    Symantec Corporation    c:\program files\common files\symantec shared\ccapp.exe

+ vptray    Symantec AntiVirus    Symantec Corporation    c:\program files\symantec antivirus\vptray.exe

+ yassistse    AssistSetting    Yahoo!    c:\program files\yahoo!\assistant\yassistse.exe

+ YLive.exe    YLive         c:\program files\yahoo!\assistant\ylive.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved           

+ Adobe.Acrobat.ContextMenu    Adobe Acrobat Elements    Adobe Systems Inc.    c:\program files\adobe\acrobat 6.0\acrobat elements\contextmenu.dll

+ Display Panning CPL Extension            File not found: deskpan.dll

+ hA23msp.dll            File not found: C:\WINNT\system32\hA23msp.dll

+ HyperTerminal Icon Ext    HyperTerminal Applet Library    Hilgraeve, Inc.    c:\winnt\system32\hticons.dll

+ KodakShellExtension    Shell Extension Resource DLL    Eastman Kodak Company    c:\program files\common files\kodak\ifscore\kodakshx.dll

+ LDVP Shell Extensions    Symantec AntiVirus    Symantec Corporation    c:\program files\common files\symantec shared\ssc\vpshell2.dll

+ mphtmler.dll            c:\winnt\system32\mphtmler.dll

+ ScriptDropShellExt    RoboEnhancer ScriptDropShellExt Module        c:\program files\acd systems\roboenhancer\scriptdropshellext.dll

+ WinRAR shell extension            c:\program files\winrar\rarext.dll

+ Yahoo!Photo    yPhtb    Yahoo! China    c:\program files\yahoo!\assistant\assist\yphtb.dll

+ 粉碎文件    Wiper 动态链接库        c:\program files\yahoo!\assistant\assist\ywiper.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved           

+ Web 文件夹            c:\program files\common files\microsoft shared\web folders\msonsext.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks           

+ coolbar    ToolBar    Yahoo!    c:\program files\yahoo!\assistant\assist\yasbar.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar           

+ 雅虎助手    ToolBar    Yahoo!    c:\program files\yahoo!\assistant\assist\yasbar.dll

Task Scheduler           

+ BMMTask.job            c:\program files\thinkpad\utilities\bmmtask.exe

+ Symantec NetDetect.job    Symantec NetDetect    Symantec Corporation    c:\program files\symantec\liveupdate\ndetect.exe

HKLM\System\CurrentControlSet\Services           

+ Ati HotKey Poller            c:\winnt\system32\ati2evxx.exe

+ ccEvtMgr    Symantec Event Manager    Symantec Corporation    c:\program files\common files\symantec shared\ccevtmgr.exe

+ ccSetMgr    Symantec Settings Manager    Symantec Corporation    c:\program files\common files\symantec shared\ccsetmgr.exe

+ DefWatch    Monitors and maintains virus definitions.    Symantec Corporation    c:\program files\symantec antivirus\defwatch.exe

+ Symantec AntiVirus    Provides real-time virus scanning, reporting, and management functionality for Symantec AntiVirus.    Symantec Corporation    c:\program files\symantec antivirus\rtvscan.exe

HKLM\System\CurrentControlSet\Services           

+ AgereSoftModem    SoftModem Device Driver    Agere Systems    c:\winnt\system32\drivers\agrsm.sys

+ ati2mtag    ATI RAGE 6 Miniport Driver    ATI Technologies Inc.    c:\winnt\system32\drivers\ati2mtag.sys

+ cs429x    Crystal AC9x WDM Driver    Cirrus Logic, Inc.    c:\winnt\system32\drivers\cwawdm.sys

+ dmio    NT Disk Manager I/O Driver    VERITAS Software Corp.    c:\winnt\system32\drivers\dmio.sys

+ E100B    NDIS 5 driver    Intel Corporation    c:\winnt\system32\drivers\e100bnt5.sys

+ EGATHDRV            c:\winnt\system32\egathdrv.sys

+ IBMPMDRV            c:\winnt\system32\drivers\ibmpmdrv.sys

+ IBMTPCHK            c:\winnt\system32\drivers\ibmbldid.sys

+ Klick    Kaspersky Anti-Hacker NDIS Interceptor    Kaspersky Labs    c:\winnt\system32\drivers\klick.sys

+ Klif    spuper-ptor    Kaspersky Labs    c:\winnt\system32\drivers\klif.sys

+ Klin    Kaspersky Anti-Hacker TDI Interceptor    Kaspersky Labs    c:\winnt\system32\drivers\klin.sys

+ Klmc    Kaspersky Anti-Virus Mail Checker Proxy    Kaspersky Lab    c:\winnt\system32\drivers\klmc.sys

+ ltmodem5    LT Windows Modem    LT    c:\winnt\system32\drivers\ltmdmnt.sys

+ NAVENG    AV Engine    Symantec Corporation    c:\program files\common files\symantec shared\virusdefs\20051123.019\naveng.sys

+ NAVEX15    AV Engine    Symantec Corporation    c:\program files\common files\symantec shared\virusdefs\20051123.019\navex15.sys

+ NSCIRDA    NSC Fast Infrared Driver.    National Semiconductor Corporation    c:\winnt\system32\drivers\nscirda.sys

+ PcdrNt    PC-Doctor NT Support Driver    PC-Doctor Inc.    c:\winnt\system32\drivers\pcdrnt.sys

+ Ptilink    Direct Parallel Link Driver    Parallel Technologies, Inc.    c:\winnt\system32\drivers\ptilink.sys

+ PxHelp20    Px Engine Device Driver for Windows 2000/XP    Sonic Solutions    c:\winnt\system32\drivers\pxhelp20.sys

+ S3SSavage    S3 Graphics SuperSavage Miniport    S3 Graphics, Inc.    c:\winnt\system32\drivers\s3ssavm.sys

+ SAVRT    AutoProtect    Symantec Corporation    c:\program files\symantec antivirus\savrt.sys

+ SAVRTPEL    SAVRTPEL    Symantec Corporation    c:\program files\symantec antivirus\savrtpel.sys

+ smwdm    SoundMAX Integrated Digital Audio     Analog Devices, Inc.    c:\winnt\system32\drivers\smwdm.sys

+ SymEvent    Symantec Event Library    Symantec Corporation    c:\program files\symantec\symevent.sys

+ SYMREDRV    Redirector Filter Driver    Symantec Corporation    c:\winnt\system32\drivers\symredrv.sys

+ SYMTDI    Network Dispatch Driver    Symantec Corporation    c:\winnt\system32\drivers\symtdi.sys

+ SynTP    Synaptics Touchpad Driver    Synaptics, Inc.    c:\winnt\system32\drivers\syntp.sys

+ TDSMAPI            c:\winnt\system32\drivers\tdsmapi.sys

+ TPPWR    IBM ThinkPad Power Management Device Driver    IBM Corp.    c:\winnt\system32\drivers\tppwr.sys

+ TSMAPIP            c:\winnt\system32\drivers\tsmapip.sys

+ TSP    spuper-ptor    Kaspersky Labs    c:\winnt\system32\drivers\klif.sys

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify           

+ StillImage            c:\winnt\system32\g4jole131h.dll

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors           

+ Adobe PDF Port    Acrobat ? PDF Port    Adobe Systems Incorporated.    c:\winnt\system32\adobepdf.dll

对不起,刚才发错了. 我编辑了一下,请再看看.随后发HijackThis日志

Logfile of HijackThis v1.99.1
Scan saved at 17:53:55, on 2005-11-29
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\msiexec.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\conime.exe
\192.168.0.240\officeshare\HijackThis.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: 雅虎搜索 - res://C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll/246
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O20 - Winlogon Notify: StillImage - C:\WINNT\system32\g4jole131h.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

感谢楼上的帮助.host文件我看了,里面被加入了很多127.0.0.1的对应其他的网站.但是无法清除.在安全模式下删除,重新启动后又自动生成了.

没有找到这个dll.好像每次扫描结果都不一样,我又扫描了一遍

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ ccAppCommon Client User SessionSymantec Corporationc:\program files\common files\symantec shared\ccapp.exe

+ vptraySymantec AntiVirusSymantec Corporationc:\program files\symantec antivirus\vptray.exe

+ yassistseAssistSettingYahoo!c:\program files\yahoo!\assistant\yassistse.exe

+ YLive.exeYLive c:\program files\yahoo!\assistant\ylive.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Adobe.Acrobat.ContextMenuAdobe Acrobat ElementsAdobe Systems Inc.c:\program files\adobe\acrobat 6.0\acrobat elements\contextmenu.dll

+ Display Panning CPL ExtensionFile not found: deskpan.dll

+ hA23msp.dllFile not found: C:\WINNT\system32\hA23msp.dll

+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\winnt\system32\hticons.dll

+ KodakShellExtensionShell Extension Resource DLLEastman Kodak Companyc:\program files\common files\kodak\ifscore\kodakshx.dll

+ LDVP Shell ExtensionsSymantec AntiVirusSymantec Corporationc:\program files\common files\symantec shared\ssc\vpshell2.dll

+ ScriptDropShellExtRoboEnhancer ScriptDropShellExt Modulec:\program files\acd systems\roboenhancer\scriptdropshellext.dll

+ sscpack.dllc:\winnt\system32\sscpack.dll

+ WinRAR shell extensionc:\program files\winrar\rarext.dll

+ Yahoo!PhotoyPhtbYahoo! Chinac:\program files\yahoo!\assistant\assist\yphtb.dll

+ 粉碎文件Wiper 动态链接库c:\program files\yahoo!\assistant\assist\ywiper.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Web 文件夹c:\program files\common files\microsoft shared\web folders\msonsext.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ coolbarToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ 雅虎助手ToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll

Task Scheduler

+ BMMTask.jobc:\program files\thinkpad\utilities\bmmtask.exe

+ Symantec NetDetect.jobSymantec NetDetectSymantec Corporationc:\program files\symantec\liveupdate\ndetect.exe

HKLM\System\CurrentControlSet\Services

+ Ati HotKey Pollerc:\winnt\system32\ati2evxx.exe

+ ccEvtMgrSymantec Event ManagerSymantec Corporationc:\program files\common files\symantec shared\ccevtmgr.exe

+ ccSetMgrSymantec Settings ManagerSymantec Corporationc:\program files\common files\symantec shared\ccsetmgr.exe

+ DefWatchMonitors and maintains virus definitions.Symantec Corporationc:\program files\symantec antivirus\defwatch.exe

+ Symantec AntiVirusProvides real-time virus scanning, reporting, and management functionality for Symantec AntiVirus.Symantec Corporationc:\program files\symantec antivirus\rtvscan.exe

HKLM\System\CurrentControlSet\Services

+ AgereSoftModemSoftModem Device DriverAgere Systemsc:\winnt\system32\drivers\agrsm.sys

+ ati2mtagATI RAGE 6 Miniport DriverATI Technologies Inc.c:\winnt\system32\drivers\ati2mtag.sys

+ cs429xCrystal AC9x WDM DriverCirrus Logic, Inc.c:\winnt\system32\drivers\cwawdm.sys

+ dmioNT Disk Manager I/O DriverVERITAS Software Corp.c:\winnt\system32\drivers\dmio.sys

+ E100BNDIS 5 driverIntel Corporationc:\winnt\system32\drivers\e100bnt5.sys

+ EGATHDRVc:\winnt\system32\egathdrv.sys

+ IBMPMDRVc:\winnt\system32\drivers\ibmpmdrv.sys

+ IBMTPCHKc:\winnt\system32\drivers\ibmbldid.sys

+ KlickKaspersky Anti-Hacker NDIS InterceptorKaspersky Labsc:\winnt\system32\drivers\klick.sys

+ Klifspuper-ptorKaspersky Labsc:\winnt\system32\drivers\klif.sys

+ KlinKaspersky Anti-Hacker TDI InterceptorKaspersky Labsc:\winnt\system32\drivers\klin.sys

+ KlmcKaspersky Anti-Virus Mail Checker ProxyKaspersky Labc:\winnt\system32\drivers\klmc.sys

+ ltmodem5LT Windows ModemLTc:\winnt\system32\drivers\ltmdmnt.sys

+ NAVENGAV EngineSymantec Corporationc:\program files\common files\symantec shared\virusdefs\20051123.019\naveng.sys

+ NAVEX15AV EngineSymantec Corporationc:\program files\common files\symantec shared\virusdefs\20051123.019\navex15.sys

+ NSCIRDANSC Fast Infrared Driver.National Semiconductor Corporationc:\winnt\system32\drivers\nscirda.sys

+ PcdrNtPC-Doctor NT Support DriverPC-Doctor Inc.c:\winnt\system32\drivers\pcdrnt.sys

+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\winnt\system32\drivers\ptilink.sys

+ PxHelp20Px Engine Device Driver for Windows 2000/XPSonic Solutionsc:\winnt\system32\drivers\pxhelp20.sys

+ S3SSavageS3 Graphics SuperSavage MiniportS3 Graphics, Inc.c:\winnt\system32\drivers\s3ssavm.sys

+ SAVRTAutoProtectSymantec Corporationc:\program files\symantec antivirus\savrt.sys

+ SAVRTPELSAVRTPELSymantec Corporationc:\program files\symantec antivirus\savrtpel.sys

+ smwdmSoundMAX Integrated Digital Audio Analog Devices, Inc.c:\winnt\system32\drivers\smwdm.sys

+ SymEventSymantec Event LibrarySymantec Corporationc:\program files\symantec\symevent.sys

+ SYMREDRVRedirector Filter DriverSymantec Corporationc:\winnt\system32\drivers\symredrv.sys

+ SYMTDINetwork Dispatch DriverSymantec Corporationc:\winnt\system32\drivers\symtdi.sys

+ SynTPSynaptics Touchpad DriverSynaptics, Inc.c:\winnt\system32\drivers\syntp.sys

+ TDSMAPIc:\winnt\system32\drivers\tdsmapi.sys

+ TPPWRIBM ThinkPad Power Management Device DriverIBM Corp.c:\winnt\system32\drivers\tppwr.sys

+ TSMAPIPc:\winnt\system32\drivers\tsmapip.sys

+ TSPspuper-ptorKaspersky Labsc:\winnt\system32\drivers\klif.sys

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ Extensionsc:\winnt\system32\fp8603lse.dll

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ Adobe PDF PortAcrobat ? PDF PortAdobe Systems Incorporated.c:\winnt\system32\adobepdf.dll

经过无数次删除启动机器后,还是失败了.原因是这些dll文件是自动生成的.这次扫描出来的dll文件在安全模式下删除后,下次启动又生成新的dll文件,文件名随机生成的.而且host文件也照样被修改,加入了30过个网址和127.0.0.1对应,实在没有办法了,只能重新安装系统了.不知道还有没有其他有效的方法