近些天来，每当我打开www.tingshow.com这个音乐下载网站时，都会弹出一个名为www.keyrun.com/opengo.php的不良网页，请问这是咋回事？

日志在三楼

【回复“火焰蔷薇”的帖子】

您好,建议您用hijackthis1.99.1版扫描个日志贴上来.

Logfile of HijackThis v1.99.1
Scan saved at 17:36:34, on 2005-7-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
d:\program files\rising\rfw\rfwsrv.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
d:\program files\rising\rfw\RfwMain.exe
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\WINDOWS\VM_STI.EXE
D:\Program Files\3721\Dlaccel\YDownloader.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
D:\PROGRA~1\RISING\RAV\RAVMON.EXE
D:\Program Files\wsearch\Search.exe
D:\WINDOWS\system32\ctfmon.exe
F:\Maxthon\Maxthon.exe
F:\Winamp\Winamp.exe
D:\WINDOWS\system32\crypserv.exe
D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
D:\WINDOWS\system32\svchost.exe
D:\PROGRAM FILES\RISING\RAV\RavStub.exe
F:\qq\QQ.exe
F:\qq\TIMPlatform.exe
F:\qq\QQexternal.exe
F:\Thunder\Thunder.exe
F:\Thunder\TDUpdate.exe
C:\Program Files\Thunder Network\GameIssue\Issue.exe
D:\Documents and Settings\Administrator\桌面\0\ha_hijackthis_1991\HijackThis.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - D:\WINDOWS\system32\xunleibho_v5.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F57} - D:\WINDOWS\system32\ThunderBHO_v07.dll (file missing)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - F:\qq\QQIEHelper.dll
O3 - Toolbar: 卡卡安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - D:\Program Files\Rising\KaKaToolBar\kakatool.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IMSCMig] D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [hcuninstall] D:\WINDOWS\system32\1101619920pigUinstl.exe
O4 - HKLM\..\Run: [BigDogPath] D:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [yahoo_mini] D:\Program Files\3721\Dlaccel\YDownloader.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [MS-4011 Memory Patch] F:\RavSasser.exe -Patch
O4 - HKLM\..\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [迅雷4] F:\Thunder\TDUpdate.exe
O4 - HKLM\..\Run: [MoveSearch] D:\Program Files\wsearch\Search.exe
O4 - HKLM\..\Run: [ExFilter] Rundll32.exe "D:\PROGRA~1\CNNIC\Cdn\cdnspie.dll,ExecFilter solo"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &使用下载加速专家下载 - D:\Program Files\3721\Dlaccel\geturl.htm
O8 - Extra context menu item: &使用迅雷下载 - F:\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - F:\Thunder\getAllurl.htm
O8 - Extra context menu item: 中国搜索(&Z) - D:\WINDOWS\I_SearchIE.htm
O8 - Extra context menu item: 使用影音传送带下载 - F:\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - F:\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - F:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - F:\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\qq\SendMMS.htm
O9 - Extra button: 迅雷 - {1FBA04EE-3024-11D2-8F1F-000019796948}} - f:\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 迅雷 - {1FBA04EE-3024-11D2-8F1F-000019796948}} - f:\Thunder\Thunder.exe
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\qq\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\qq\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: 访问瑞星网站 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} - http://www.rising.com.cn (file missing)
O9 - Extra button: 访问卡卡社区 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://www.ikaka.com (file missing)
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71E32F6D-5ECE-4F4A-B549-ABDE704E2C10}: NameServer = 202.99.96.68 202.99.64.69
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Crypkey License - Kenonic Controls Ltd. - D:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: hpdj - Unknown owner - D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe

【回复“火焰蔷薇”的帖子】

您好,请您重启电脑按F8进入安全模式下工作.

运行hijackthis,修复:

O4 - HKLM\..\Run: [hcuninstall] D:\WINDOWS\system32\1101619920pigUinstl.exe

O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll

所有(file missing)项

删除文件:

D:\WINDOWS\system32\1101619920pigUinstl.exe


另,建议卸载movesearch,CNNIC

谢谢您的帮助.我还有些疑问。不知道movesearch,CNNIC是什么东西。要在哪里找到？这两个是干什么用的？

请问，为什么会被劫呢？以后要注意些什么呢？

还有，为什么我再次打开那个网页的时候还会弹出那个可恶的网页呢？我使用的浏览器是MAXTHON，可弹出的网页是用IE，能给我讲讲是为什么呢

引用:

【火焰蔷薇的贴子】还有，为什么我再次打开那个网页的时候还会弹出那个可恶的网页呢？我使用的浏览器是MAXTHON，可弹出的网页是用IE，能给我讲讲是为什么呢 ...........................

您好,您的日志已无问题,请检查是否是网站本身的问题.

请到控制面板的添加删除程序中卸载“网络猪”（或者是“划词搜索”）