似乎是被一个叫做“新互动网媒”的东西控制着,它还有时导致Explorer.exe错误。这个软件好像来自杭州,在网上找不到任何删除的方法,所以只好来请教专家了。下面贴出的是HIJACK的扫描:
Logfile of HijackThis v1.99.1
Scan saved at 13:43:56, on 2006-9-3
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Computer\Rising\Rav\CCenter.exe
D:\Computer\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Computer\Rising\Rav\Ravmond.exe
D:\Computer\Rising\Rav\RavStub.exe
D:\Computer\Diskeeper\DkService.exe
C:\Program Files\IGRSAnywhere\IGRS\IGRS.exe
C:\WINDOWS\System32\IgrsSvcs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\IGRSAnywhere\IGRS Profiles\File Profile\IgrsFile.exe
D:\Net Transport\IGRS EasyShare\FileShare.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\svchost.exe
D:\Computer\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Elantech\ktp.exe
D:\Computer\Windows Defender\MSASCui.exe
D:\Computer\Rising\Rav\RavTask.exe
D:\Computer\Rising\Rav\Ravmon.exe
D:\Net Transport\IGRS EasyShare\IgrsPortal.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\Net Transport\Maxthon\Maxthon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
D:\Files\Adobe Reader\Reader\AcroRd32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Net Transport\Thunder\Thunder.exe
D:\Computer\HijackThis.exe
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55}? - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}? - (no file)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162}? - (no file)
O2 - BHO: 卡卡上网安全助手 - {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} -
C:\WINDOWS\system32\kakatool.dll
O2 - BHO: (no name) - {E5A1691B-D188-4419-AD02-90002030B8EE}? - (no file)
O3 - Toolbar: (no name) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A}? - (no file)
O3 - Toolbar: (no name) - {3F1ABCDB-A875-46c1-8345-B72A4567E486}? - (no file)
O3 - Toolbar: (no name) - {0C9B3AB9-DEDF-11D8-A2D4-0050FC464B19}? - (no file)
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} -
C:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [PHIME2002ASync] ; C:\WINDOWS\system32\dllcache\tintsetp.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002A] ; C:\WINDOWS\system32\dllcache\tintsetp.exe /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMSCMig] "C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE"
/Preload
O4 - HKLM\..\Run: [QuickTime Task] "D:\Media\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Computer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [igfxtray] ; C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KTPWare] "C:\Program Files\Elantech\ktp.exe"
O4 - HKLM\..\Run: [Windows Defender] "D:\Computer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RavTask] "D:\Computer\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [SKYNET Personal FireWall] D:\Computer\Firewall\pfw.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Computer\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [IgrsPortal] "D:\Net Transport\IGRS EasyShare\IgrsPortal.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Wtsoft_nat] ; c:\wtsoft\wtsoft_client\CWtNatControl.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program
Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Diskeeper 10 Professional Edition Registration.lnk =
D:\Computer\Diskeeper\ESIRegister.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Files\Adobe
Reader\Reader\reader_sl.exe
O8 - Extra context menu item: 使用迅雷下载 - D:\Net Transport\Thunder\geturl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}? -
D:\Computer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: 联想 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F}? -
http://www.lenovo.com (file missing)
O9 - Extra 'Tools' menuitem: 联想 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F}? -
http://www.lenovo.com (file missing)
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263}? - C:\PROGRA~1
\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra 'Tools' menuitem: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263}? -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9}? -
D:\Communication\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9}? -
D:\Communication\ICQLite\ICQLite.exe
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b}? -
D:\Communication\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b}? -
D:\Communication\qq\QQ.EXE
O9 - Extra button: 易趣购物 - {DE607141-AC19-421e-865A-5D70ABDF119A}? -
http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {DE607141-AC19-421e-865A-5D70ABDF119A}? -
http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? -
D:\Communication\qq\QQIEHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}? - %windir%
\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-
f2ba38496583}? - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}? - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}? -
C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\secur.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\secur.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) -
https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation
Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) -
http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) -
https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {43E839C5-E10F-443A-BC1F-F09CFD2ABC77} (updatePanelX Control) -
http://www.uusee.com/player/updateC.cab
O16 - DPF: {474AD63A-9B7E-40FE-8E4E-7067CC0F8D3D} (IB_OnAir.IBOnAir) -
http://ionair.sbs.co.kr/onair/IB_OnAir.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {53AF6E02-F18F-4228-AC13-3E79773FBE50} (CMCBooter
Object) -
http://download.mysee.com/plugin/booter.cab
O16 - DPF: {60B33001-5F10-4A94-A7E4-77A3D8F5C78E} (OnAirClient Control) -
http://ionair.sbs.co.kr/onair/OnAirClient.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?
1134834619000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?
1144017314671
O16 - DPF: {7260569F-1D40-4E7F-B95B-2E68D35668B9} (MofileUploadX Control) -
http://www.mofile.com/activex/UploadFX.CAB
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control)
- http://filelodge.bolt.com/ImageUploader3.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) -
https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1
\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1
\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1
\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Computer\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation -
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IGRS - 联想集团有限公司 - C:\Program Files\IGRSAnywhere\IGRS\IGRS.exe
O23 - Service: IGRSFILE - Lenovo Group Limited - C:\Program Files\IGRSAnywhere\IGRS
Profiles\File Profile\IgrsFile.exe
O23 - Service: IgrsFileShare - 闪联信息技术工程中心有限公司 - D:\Net Transport\IGRS
EasyShare\FileShare.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation
- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown
owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini
(file missing)
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising
Technology Co., Ltd. - D:\Computer\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. -
D:\Computer\Rising\Rav\Ravmond.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation
- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
其中有两项010的,不过我没敢修复。请大家指点,谢谢!
