【求助】IE在打开网站时，弹出新的IE窗口（附日志） bbs.ikaka.com

♀Jessie♀ - 2007-1-31 22:07:00

Logfile of Kaka v2. 0. 2. 6 Scan Module v1. 0. 4. 5
Scan saved at 21:52:33, on 2007-01-31
Platform: Microsoft Windows 98
MSIE: Internet Explorer v6.00 SP1;Q918439;Q916281;Q837009;Q833989;Q891781;Q313829; (6.00.2800.1106)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.google.com/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.google.com/
O1 - Hosts: 127.0.0.1 102.54.94.97 # 恶意网站
O1 - Hosts: 127.0.0.1 112288.net # 曾道人集团咨讯网，非常狠毒
O1 - Hosts: 127.0.0.1 16888.6to23.com
O1 - Hosts: 127.0.0.1 204.177.92.68 # 让你的ie去回收站
O1 - Hosts: 127.0.0.1 219.153.7.10
O1 - Hosts: 127.0.0.1 38.25.63.10 # 恶意网站
O1 - Hosts: 127.0.0.1 58.com # 恶意网站
O1 - Hosts: 127.0.0.1 67.19.60.122 # 恶意网站
O1 - Hosts: 127.0.0.1 888.888.com
O1 - Hosts: 127.0.0.1 9952.COM # 该恶意网站还会篡改hosts文件
O1 - Hosts: 127.0.0.1 ad.cn.doubleclick.net
O1 - Hosts: 127.0.0.1 chinabdkx.363.net
O1 - Hosts: 127.0.0.1 chinav25.51.net # 破解还原精灵，并转储QQ以巴病毒
O1 - Hosts: 127.0.0.1 chow.yesky.net
O1 - Hosts: 127.0.0.1 client.jogo.cn # 中文上网，著名的流氓网站
O1 - Hosts: 127.0.0.1 community.rising.com.cn # QQ尾巴，屏蔽瑞星QQ病毒专杀工具下载。
O1 - Hosts: 127.0.0.1 feiying.coolwww.net
O1 - Hosts: 127.0.0.1 girlchinese.com # 窜改IE的主页
O1 - Hosts: 127.0.0.1 h444.net
O1 - Hosts: 127.0.0.1 hjcz.www30.cnidc.cn # 掉线，蓝屏无限制闪烁屏幕必须点10000000次确定无限开窗，直至死机修改首页
O1 - Hosts: 127.0.0.1 home.kimo.com.tw # 一般性恶意代码
O1 - Hosts: 127.0.0.1 hothack.home
O1 - Hosts: 127.0.0.1 hothack.home.chinaren.com
O1 - Hosts: 127.0.0.1 jjkafei.longcity.net
O1 - Hosts: 127.0.0.1 meim.y365.com
O1 - Hosts: 127.0.0.1 movie.sx.zj.cn # 影视
O1 - Hosts: 127.0.0.1 newyouth.3322.net
O1 - Hosts: 127.0.0.1 oicq.hk.st
O1 - Hosts: 127.0.0.1 pollen.my001.net
O1 - Hosts: 127.0.0.1 qm.8ok.com
O1 - Hosts: 127.0.0.1 sdik.8ok.net
O1 - Hosts: 127.0.0.1 sms520.com
O1 - Hosts: 127.0.0.1 test.com # 本软件用于测试的一个网站，没意义
O1 - Hosts: 127.0.0.1 tty.yyun.net
O1 - Hosts: 127.0.0.1 tv.megajoy.com
O1 - Hosts: 127.0.0.1 update.myxq.com
O1 - Hosts: 127.0.0.1 vod.hengshui.com
O1 - Hosts: 127.0.0.1 wd163.588.net
O1 - Hosts: 127.0.0.1 web.cy07.com # 破解还原精灵,然后增加恶意代码
O1 - Hosts: 127.0.0.1 winzheng.126.com # 黄色网站
O1 - Hosts: 127.0.0.1 www.126p.com # QQ尾巴，还屏蔽瑞星QQ病毒专杀工具下载。
O1 - Hosts: 127.0.0.1 www.163[1].com # 音乐网。禁止注册表修改，禁止开始菜单“运行”项。开机自动运行他的主页。夹带病毒！！
O1 - Hosts: 127.0.0.1 www.163mm.com
O1 - Hosts: 127.0.0.1 www.1yin.com
O1 - Hosts: 127.0.0.1 www.3000du.com # 飞狐木马城
O1 - Hosts: 127.0.0.1 www.350200.org # 性保健广告
O1 - Hosts: 127.0.0.1 www.369.com
O1 - Hosts: 127.0.0.1 www.37021.com # 注册表启动计算机配置文件还有一个dll文件而且资源管理器无法浏览隐藏文件。3721本来就是极品垃圾没想到….
O1 - Hosts: 127.0.0.1 www.3721.com # 网络实名，著名的流氓网站
O1 - Hosts: 127.0.0.1 www.435000.com
O1 - Hosts: 127.0.0.1 www.4427.net
O1 - Hosts: 127.0.0.1 www.45108.com
O1 - Hosts: 127.0.0.1 www.4510888.com
O1 - Hosts: 127.0.0.1 www.47555.com
O1 - Hosts: 127.0.0.1 www.47555.net # QQ尾巴，中毒之后会令还原精灵进行转储
O1 - Hosts: 127.0.0.1 www.51bug.com
O1 - Hosts: 127.0.0.1 www.555666.net
O1 - Hosts: 127.0.0.1 www.58589.com # 有恶意代码的特性外还夹带病毒：trojan.tsqj.setup
O1 - Hosts: 127.0.0.1 www.5dsoft.com
O1 - Hosts: 127.0.0.1 www.666e.com
O1 - Hosts: 127.0.0.1 www.777888.com # 不停地跳出广告窗口
O1 - Hosts: 127.0.0.1 www.777888.net
O1 - Hosts: 127.0.0.1 www.7sese.com # 空网页有东西
O1 - Hosts: 127.0.0.1 www.89005.com
O1 - Hosts: 127.0.0.1 www.91look.com
O1 - Hosts: 127.0.0.1 www.94007.com
O1 - Hosts: 127.0.0.1 www.94qq.com # 恶意网站，网友提供，作用不明
O1 - Hosts: 127.0.0.1 www.a521.com
O1 - Hosts: 127.0.0.1 www.aisa-girl.net # 亚洲美图
O1 - Hosts: 127.0.0.1 www.amoisonic.com
O1 - Hosts: 127.0.0.1 www.aogo.net
O1 - Hosts: 127.0.0.1 www.boliwo.com # 黄色网站
O1 - Hosts: 127.0.0.1 WWW.BOLIWU.COM
O1 - Hosts: 127.0.0.1 www.bypp.com
O1 - Hosts: 127.0.0.1 www.cctv1.net
O1 - Hosts: 127.0.0.1 www.cctv8.net # 黄色网站
O1 - Hosts: 127.0.0.1 WWW.CNOOO.COM
O1 - Hosts: 127.0.0.1 www.cnqb.net # 禁止你的注册表，改首页，主页地址栏变灰，改右键，最毒！
O1 - Hosts: 127.0.0.1 www.coolcdrom.com # 要特别小心这个网站，它会在你启动组里做手脚，使得重启以后标题依旧！
O1 - Hosts: 127.0.0.1 www.dhchao.com # 东海潮
O1 - Hosts: 127.0.0.1 www.dj3344.com # 打开后，重启时你的主页就变成它的，并通过qq向他人传播
O1 - Hosts: 127.0.0.1 www.eastedu.com.cn
O1 - Hosts: 127.0.0.1 www.ehomeday.com # 搜索的时候它会给你一把
O1 - Hosts: 127.0.0.1 www.es158.com
O1 - Hosts: 127.0.0.1 www.ezhgc.com
O1 - Hosts: 127.0.0.1 www.fassia.net # 上了这个以后就不要想上别的了
O1 - Hosts: 127.0.0.1 www.fbstu.com
O1 - Hosts: 127.0.0.1 www.fish3000.com
O1 - Hosts: 127.0.0.1 www.flyingwalk.com
O1 - Hosts: 127.0.0.1 www.fm1058.cc
O1 - Hosts: 127.0.0.1 www.ftlink.net # 一般性恶意代码
O1 - Hosts: 127.0.0.1 www.fuzh.com
O1 - Hosts: 127.0.0.1 www.girl008.com
O1 - Hosts: 127.0.0.1 www.guosir.ccoo.com
O1 - Hosts: 127.0.0.1 www.happy666.net
O1 - Hosts: 127.0.0.1 www.jinpin.net
O1 - Hosts: 127.0.0.1 www.k163.com # 狩猎者变种和dj344、qq3344、qq168是一伙的
O1 - Hosts: 127.0.0.1 www.kuliao.com # 黄色网站
O1 - Hosts: 127.0.0.1 www.laws-online.net
O1 - Hosts: 127.0.0.1 www.love520.net
O1 - Hosts: 127.0.0.1 www.markguide.com # 新疆旅行
O1 - Hosts: 127.0.0.1 www.mmgirls.com
O1 - Hosts: 127.0.0.1 www.mtv51.com # 雪落无声音乐网，禁止注册表修改，禁止开始菜单“运行”项。开机自动运行他的主页。
O1 - Hosts: 127.0.0.1 www.my288.com
O1 - Hosts: 127.0.0.1 www.mydj2005.com # QQ尾巴屏蔽瑞星QQ病毒专杀工具下载。
O1 - Hosts: 127.0.0.1 www.myxq.com
O1 - Hosts: 127.0.0.1 www.ncunet.com
O1 - Hosts: 127.0.0.1 www.net5w.com
O1 - Hosts: 127.0.0.1 www.nnptt.com
O1 - Hosts: 127.0.0.1 www.pixpox.com # 恶性网站。会加载不明插件并且自动开启计算机后门而且在计算机每个角落都有该网站留下的恶意程序危害甚大
O1 - Hosts: 127.0.0.1 www.pk.com
O1 - Hosts: 127.0.0.1 www.play.cn.gs # 要特别小心这个网站，它会在你启动组里做手脚，使得重启以后标题依旧
O1 - Hosts: 127.0.0.1 www.qlwl.com
O1 - Hosts: 127.0.0.1 www.qq168.net
O1 - Hosts: 127.0.0.1 www.qq3344.comnet
O1 - Hosts: 127.0.0.1 www.qq520.net
O1 - Hosts: 127.0.0.1 www.sunvod.com # 黄色网站
O1 - Hosts: 127.0.0.1 www.sxsky.net # 激情影视特区
O1 - Hosts: 127.0.0.1 www.t168.com # 黄色网站
O1 - Hosts: 127.0.0.1 www.top666.net
O1 - Hosts: 127.0.0.1 www.tvliao.com # QQ尾巴，屏蔽瑞星QQ病毒专杀工具下载。
O1 - Hosts: 127.0.0.1 www.wokoo.net # 缘分
O1 - Hosts: 127.0.0.1 www.wplune.com
O1 - Hosts: 127.0.0.1 www.xxx.com # 黄色网站
O1 - Hosts: 127.0.0.1 www.xyxc.ccoo.com # 星辰娱乐
O1 - Hosts: 127.0.0.1 www.ye77.com
O1 - Hosts: 127.0.0.1 www.yezine.net
O1 - Hosts: 127.0.0.1 www.yibinren.com # 可怕，把ie的默认页都改成他的了
O1 - Hosts: 127.0.0.1 www.youmiss.com # 黄色网站
O1 - Hosts: 127.0.0.1 www.yule21.com
O1 - Hosts: 127.0.0.1 www.yyqy.com # 黄色网站，QQ尾巴
O1 - Hosts: 127.0.0.1 www.yysky.net
O1 - Hosts: 127.0.0.1 www.yyue.com
O1 - Hosts: 127.0.0.1 www.zhengdian.com # OE标题栏
O1 - Hosts: 127.0.0.1 www.zknew.com # 动感下载
O1 - Hosts: 127.0.0.1 www2.hgmo.com
O1 - Hosts: 127.0.0.1 www2.p-fw.co.jp
O1 - Hosts: 127.0.0.1 www2.ucatv.ne.jp
O1 - Hosts: 127.0.0.1 www2.x365x.com
O1 - Hosts: 127.0.0.1 www3.asstraffic.com
O1 - Hosts: 127.0.0.1 xajh.15888.net
O1 - Hosts: 127.0.0.1 xyxy68.8u8.net # 黄色网站
O1 - Hosts: 127.0.0.1 yeapple.com # 黄色网站，打开后，你的程序中将加一些你意想不到的东西
O1 - Hosts: 127.0.0.1 yes9999.com
O1 - Hosts: 127.0.0.1 youlove.3322.net # 有恶意代码的特性外还夹带病毒：Trojan.Pwdbox.d
O1 - Hosts: 127.0.0.1 zbszx.vicp.net # 温馨阁论坛
O1 - Hosts: 127.0.0.1 zhongxuesheng.myrice.com
O1 - Hosts: 0.0.0.0 请输入要查封的网站(如www.3721.com) # 这是谁都知道的垃圾网站，屏蔽没商量

♀Jessie♀ - 2007-1-31 22:08:00

O2 - BHO: (file missing)
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: 同花顺 - {39852EFE-325B-45ef-9A60-3DBECD2DDDD5} - C:\WINDOWS\SYSTEM\THSBAR.DLL
O4 - HKCU\..\Run: [pbmini] C:\PROGRAM FILES\PCAST\PODCASTBARMINI\PodcastBarMiniStater.exe
O4 - HKCU\..\Run: [cd9729c21235ab28de41f89afa0d0461] "C:\WINDOWS\DESKTOP\XL2DL.EXE"
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] systray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [RavTask] "D:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [VisionService] C:\WINDOWS\rundll32.exe C:\PROGRA~1\VISION\VISVER.DLL,Service
O4 - HKLM\..\RunServices: [stdupnet] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM32\STDUPNET.DLL,Service -s
O4 - HKLM\..\RunServices: [RsCcenter] "D:\Program Files\Rising\Rav\CCenter.exe"
O4 - HKLM\..\RunServices: [RavMond] "D:\Program Files\Rising\Rav\RavMond.exe"
O4 - HKLM\..\RunServices: [RavMon] "D:\Program Files\Rising\Rav\RavMon.exe" -system
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\PROGRAM FILES\TENCENT\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\PROGRAM FILES\TENCENT\QQ\AddEmotion.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\PROGRAM FILES\TENCENT\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\PROGRAM FILES\TENCENT\QQ\SendMMS.htm
O8 - Extra context menu item: 导出当前页到超星阅览器(&A) - D:\PROGRAM FILES\SSREADER36\ss_all.htm
O8 - Extra context menu item: 导出选中部分到超星阅览器(&S) - D:\PROGRAM FILES\SSREADER36\ss_select.htm
O9 - Extra Button: 江民在线杀毒 - {06926B30-424E-4f1c-8EE3-543CD96573DC} - http://online.jiangmin.com/online.asp (file missing)
O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\PROGRAM FILES\TENCENT\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\PROGRAM FILES\TENCENT\QQ\QQ.EXE
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {EF6205C1-3F17-4829-BCB5-1336ED89E356} - http://online.jiangmin.com/KvDown.cab
O16 - DPF: {3359C0B1-2363-40B3-AFCA-1ABC799AC486} (SSReaderPlug Control) - http://reg.ssreader.com/SSReaderPlug.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {165D83D3-359C-4783-9BF0-6FA6DC42A3F1} - http://203.192.15.100/exe/ssdownload.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cab
O18 - Filter : application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SYSTEM\mscoree.dll
O18 - Filter : application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SYSTEM\mscoree.dll
O18 - Filter : application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SYSTEM\mscoree.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM\ITSS.DLL
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM\ITSS.DLL
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM\INETCOMM.DLL
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - C:\WINDOWS\WEBWORK\WEBWORK.DLL

秋日里的蓝天 - 2007-1-31 22:38:00

重启按F8进入安全模式下删除

双击我的电脑－－单击“工具”－“文件夹选项”菜单项－“单击查看”选项卡，取消“
隐藏受保护的操作系统文件”前的对勾，在隐藏文件及文件夹中“显示所有文件和文件夹”
选项，然后单击确定按钮。

删除
C:\WINDOWS\taskmon.exe
C:\:\WINDOWS\rundll32.exe
C:\PROGRA~1\VISION\删除文件夹
C:\WINDOWS\SYSTEM32\STDUPNET.DLL
查找powrprof.dll
C:\WINDOWS\DESKTOP\删除文件夹

O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
这两项自己确认一下,疑为病毒

瑞星卡卡安全论坛