瑞星卡卡安全论坛

这两天我的电脑总是在没有开任何网页的情况下自己弹，有时候吃顿饭的功夫自己能弹出来7、8个，全都是什么金山毒霸、彩铃图片、有的时候还有色情网站拿瑞星杀毒也没有，拿3721修复IE也没用，找了个木马克星不注册的话还用不了~~

大家推荐下看怎么解决这种情况吧，每天看弹出来的网页实在头疼~~

自动弹网页一般都可在HJK日志的02项显示出来,楼主帖个HJK日志(HijackThis)

【回复“710207”的帖子】
本人愚蠢真不会查日志，请指点~~

楼主帖上HijackThis日志,我帮你分析

我知道，因为我是个只会用电脑，不会修电脑的人，所以你说的哪个日志我不知道从哪里可以查出来，请指点下，从哪里能弄出来啊？

下载一个Hijackthis，然后扫一下就会有日志的。
我的机子也有这情况，日志如下。
Logfile of HijackThis v1.99.1
Scan saved at 8:45:57, on 2006-7-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
E:\瑞星\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
E:\瑞星\Rising\Rav\Ravmond.exe
e:\瑞星\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
E:\瑞星\Rising\Rav\RavStub.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
e:\瑞星\rising\rfw\RfwMain.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
E:\瑞星\Rising\Rav\RavTask.exe
E:\瑞星\Rising\Rav\Ravmon.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
F:\QQ\QQ.exe
F:\QQ\TIMPlatform.exe
F:\QQ\QQ.exe
F:\QQ\QQ.exe
C:\WINDOWS\system\realsched.exe
C:\WINDOWS\system\realsched.exe
D:\新建文件夹\Program\Thunder5.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\新建文件夹 (2)\hijackthis\HijackThis.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\ajeac.exe
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v13.dll
O2 - BHO: Shockwave Flash Object - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} - C:\WINDOWS\system32\smflash.ocx
O2 - BHO: FltSetUp Class - {1D49D58D-5C84-4B50-8359-D9809BEB2B32} - C:\Program Files\Internet Explorer\Connection Wizard\icwnet.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - F:\QQ\QQIEHelper.dll
O2 - BHO: ActiveBHO Class - {63C55A7F-6E29-8D4F-5C76-4F850F28D13A} - C:\Progra~1\DoDoorRSSFinder\ActiveBandObject.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\BaiduBar.dll
O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - C:\WINDOWS\system32\WinSC64.dll
O2 - BHO: Yahoo Bar - {A697BC46-BC93-4833-93F5-1E365011E88A} - C:\WINDOWS\ODBINT.dll
O2 - BHO: Flash 8 ocx  - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - C:\WINDOWS\system32\flash8.dll
O2 - BHO: IEHlprObj Class - {D424FE4E-CAF9-4fdd-BC5F-E6E6B91D53BF} - C:\Progra~1\NetMeeting\conf.dll
O2 - BHO: AssistHelper - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\BaiduBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [Thunder] "D:\新建文件夹\Thunder.exe" /s
O4 - HKLM\..\Run: [RavTask] "E:\瑞星\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: 腾讯QQ.lnk = F:\QQ\QQ.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &使用迅雷下载 - D:\新建文件夹\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\新建文件夹\Program\GetAllUrl.htm
O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - F:\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - F:\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - F:\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\QQ\SendMMS.htm
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{64F69554-4009-462C-AA5E-C50C62843F31}: NameServer = 61.232.202.158 61.134.1.4
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - e:\瑞星\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - e:\瑞星\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - E:\瑞星\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\瑞星\Rising\Rav\Ravmond.exe

http://forum.ikaka.com/topic.asp?board=28&artid=8105899下载HijackThis
下载后运行HijackThis.exe
单机＂扫描日志并保存日志＂
把保存的日志复制，粘贴到社区上

HijackThis_815汉化版扫描日志 V1.99.1
保存于      8:54:16, 日期 2006-7-29
操作系统：  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\rising\Rav\CCenter.exe
C:\Program Files\rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\rising\Rav\RavStub.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\soundman.exe
C:\Program Files\rising\Rav\RavTask.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\WINNT\system32\internat.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\rising\Rav\Ravmon.exe
C:\Program Files\HelloNet\HNMainUI.exe
F:\BT软件\BitComet\BitComet.exe
F:\qq\QQ.exe
F:\qq\TIMPlatform.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\瑞星\Hijackthis1991zww\HijackThis1991zww.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll
O2 - BHO: (no name) - {35980F6E-A137-4E50-953D-813BB8556899} - (no file)
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
O2 - BHO: AssistHelper - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yassist.dll
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 启动项HKLM\\Run: [SoundMan] soundman.exe
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - 启动项HKLM\\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - IE右键菜单中的新增项目: 添加到雅虎收藏+ - http://myweb.cn.yahoo.com/post.html?F=D2_A
O8 - IE右键菜单中的新增项目: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yrss.dll/YRSSMENUEXT
O8 - IE右键菜单中的新增项目: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/203
O9 - 浏览器额外的按钮: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - 浏览器额外的“工具”菜单项: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O11 - Options group: [CDNCLIENT]  中文上网
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124581803078
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D4A64AA-7742-4B71-913E-317C21F54D7C}: NameServer = 202.99.160.68 202.99.168.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5073DD6-8B0F-47E0-B159-213D25DE8D8A}: NameServer = 202.99.160.68
O23 - NT 服务: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - NT 服务: Database information combine (DbooInfo) - 易易加速科技有限公司 - C:\WINNT\dbmsinfo.exe
O23 - NT 服务: dbwgglq - Unknown owner - \\60.0.57.143\E$\mstskmngr32.exe" -service (file missing)
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development - C:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - NT 服务: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe
O23 - NT 服务: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe


我的日志，好复杂啊看不明白的说~~~

帮我也看一下.

引用:

【pallasxs的贴子】下载一个Hijackthis，然后扫一下就会有日志的。 我的机子也有这情况，日志如下。 Logfile of HijackThis v1.99.1 Scan saved at 8:45:57, on 2006-7-29 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe E:\瑞星\Rising\Rav\CCenter.exe C:\WINDOWS\System32\svchost.exe E:\瑞星\Rising\Rav\Ravmond.exe e:\瑞星\rising\rfw\rfwsrv.exe C:\WINDOWS\system32\spoolsv.exe E:\瑞星\Rising\Rav\RavStub.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE e:\瑞星\rising\rfw\RfwMain.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\Mixer.exe C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe C:\WINDOWS\wt\updater\wcmdmgr.exe E:\瑞星\Rising\Rav\RavTask.exe E:\瑞星\Rising\Rav\Ravmon.exe C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\sistray.exe F:\QQ\QQ.exe F:\QQ\TIMPlatform.exe F:\QQ\QQ.exe F:\QQ\QQ.exe C:\WINDOWS\system\realsched.exe C:\WINDOWS\system\realsched.exe D:\新建文件夹\Program\Thunder5.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\新建文件夹 (2)\hijackthis\HijackThis.exe R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\ajeac.exe O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v13.dll O2 - BHO: Shockwave Flash  - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} - C:\WINDOWS\system32\smflash.ocx O2 - BHO: FltSetUp Class - {1D49D58D-5C84-4B50-8359-D9809BEB2B32} - C:\Program Files\Internet Explorer\Connection Wizard\icwnet.dll O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - F:\QQ\QQIEHelper.dll O2 - BHO: ActiveBHO Class - {63C55A7F-6E29-8D4F-5C76-4F850F28D13A} - C:\Progra~1\DoDoorRSSFinder\ActiveBand.dll O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\BaiduBar.dll O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - C:\WINDOWS\system32\WinSC64.dll O2 - BHO: Yahoo Bar - {A697BC46-BC93-4833-93F5-1E365011E88A} - C:\WINDOWS\ODBINT.dll O2 - BHO: Flash 8 ocx  - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - C:\WINDOWS\system32\flash8.dll O2 - BHO: IEHlprObj Class - {D424FE4E-CAF9-4fdd-BC5F-E6E6B91D53BF} - C:\Progra~1\NetMeeting\conf.dll O2 - BHO: AssistHelper - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\BaiduBar.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe O4 - HKLM\..\Run: [Thunder] "D:\新建文件夹\Thunder.exe" /s O4 - HKLM\..\Run: [RavTask] "E:\瑞星\Rising\Rav\RavTask.exe" -system O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe" O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: 腾讯QQ.lnk = F:\QQ\QQ.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: &使用迅雷下载 - D:\新建文件夹\Program\GetUrl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\新建文件夹\Program\GetAllUrl.htm O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm O8 - Extra context menu item: 上传到QQ网络硬盘 - F:\QQ\AddToNetDisk.htm O8 - Extra context menu item: 添加到QQ自定义面板 - F:\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - F:\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\QQ\SendMMS.htm O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing) O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing) O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll O9 - Extra ''Tools'' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing) O17 - HKLM\System\CCS\Services\Tcpip\..\{64F69554-4009-462C-AA5E-C50C62843F31}: NameServer = 61.232.202.158 61.134.1.4 O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - e:\瑞星\rising\rfw\rfwproxy.exe O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - e:\瑞星\rising\rfw\rfwsrv.exe O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - E:\瑞星\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\瑞星\Rising\Rav\Ravmond.exe ...........................

O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v13.dll
O2 - BHO: Shockwave Flash  - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} - C:\WINDOWS\system32\smflash.ocx
O2 - BHO: FltSetUp Class - {1D49D58D-5C84-4B50-8359-D9809BEB2B32} - C:\Program Files\Internet Explorer\Connection Wizard\icwnet.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - F:\QQ\QQIEHelper.dll
O2 - BHO: ActiveBHO Class - {63C55A7F-6E29-8D4F-5C76-4F850F28D13A} - C:\Progra~1\DoDoorRSSFinder\ActiveBand.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\BaiduBar.dll
O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - C:\WINDOWS\system32\WinSC64.dll
O2 - BHO: Yahoo Bar - {A697BC46-BC93-4833-93F5-1E365011E88A} - C:\WINDOWS\ODBINT.dll
O2 - BHO: Flash 8 ocx  - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - C:\WINDOWS\system32\flash8.dll
O2 - BHO: IEHlprObj Class - {D424FE4E-CAF9-4fdd-BC5F-E6E6B91D53BF} - C:\Progra~1\NetMeeting\conf.dll
O2 - BHO: AssistHelper - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll
多数都是流氓软件的插件，用超级兔子卸掉流氓软件试试

用hijackthis修复行吗?

我想问一下，那个中文上网官方软件有用么？

C:\WINNT\SYSTEM32\DNTUS26.EXE打包发到yssf7777@eyou.com
O23 - NT 服务: dbwgglq - Unknown owner - \\60.0.57.143\E$\mstskmngr32.exe" -service (file missing)
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development - C:\WINNT\SYSTEM32\DNTUS26.EXE
你和5楼的兄弟差不多，流氓软件的问题，用超级兔子卸掉就行了

看你的使用习惯了，用处不大。

引用:

【pallasxs的贴子】用hijackthis修复行吗? ...........................

可以

谢谢710207。

引用:

【夏天的骆驼的贴子】我想问一下，那个中文上网官方软件有用么？ ...........................

那是个流氓软件，建议卸掉

谢谢，我都不知道它什么时候跑我电脑上的，想卸又怕有副作用，所以一直没动它，现在听高手说了，就卸了它哈哈

不知道是不是病毒知道咱们在说它，居然有好长时间都没有弹出来过了嘿嘿