从昨天开始，我的IE首页变成了http://www.17777.com/
尝试多种方法也解决不了，请高手帮忙啊

【回复“第一个ID”的帖子】
请您先点击这里http://forum.ikaka.com/download.asp?id=5188960下载HijackThis1.99.1，将它解压到一个非临时性的文件夹。然后双击HijackThis.exe图标，选择Do a system scan and save a logfile，将产生的文本文件中的日志帖上来。如果一个帖子贴不下，可以将剩余的部分另开一帖。

Logfile of HijackThis v1.99.1
Scan saved at 16:11:37, on 2005-8-15
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\RUNDLL32.exe
C:\WINNT\system32\internat.exe
C:\Program Files\shanda\泡泡堂\CA.exe
C:\Program Files\shanda\泡泡堂\NMCOSrv.exe
D:\Program Files\SkyNet\FireWall\PFWmain.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\remotesetup.exe
C:\WINNT\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\rundll32.exe
E:\hijackthis\HijackThis.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v5.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EyeOnBrowser Class - {1272F701-349D-4DB3-BBCD-10CBDCD049FE} - C:\WINNT\Downlo~1\_IS_WEBH.dll
O2 - BHO: CCIT Memory Manager - {2CE7166E-8BBA-4E76-BA7E-02AB3C573011} - C:\WINNT\DOWNLO~1\cytdcli.dll
O2 - BHO: Wbho Class - {40E3A34A-3282-41F8-AD2C-051BAB96AD4A} - C:\WINNT\system32\Usign.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQIEHelper.dll
O2 - BHO: ltmenu Class - {78C21EFD-53BA-406C-AF1A-33A38ABD3958} - C:\Program Files\LtUcx\1002\c1.dll
O2 - BHO: IMU IE HELP - {9A0527C1-4D5F-4e45-9D28-6257F75EDDB1} - C:\WINNT\system32\imuiepls.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: DownloadBHO T2BHO - {B1D147E7-873E-4909-8127-695D9BB78728} - C:\WINNT\Downloaded Program Files\barhelp.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINNT\system32\qylhelper.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O2 - BHO: AdSwpr - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - D:\PROGRA~1\IER\IERBar.dll
O2 - BHO: IE Accessibility Helper - {FFFFFFFF-6D31-4989-959F-62758166A46C} - C:\Program Files\Internet Explorer\netbus\ie_ad.dll
O3 - Toolbar: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no file)
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 完美网译通 - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINNT\WORLD2\TOOLBAR\hmtoolbar.dll
O3 - Toolbar: &IE修复专家 - {123249EB-F891-44C4-946F-450064F9080E} - D:\PROGRA~1\IER\IERBar.dll
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [advapi32] RUNDLL32 C:\WINNT\Downlo~1\_IS_ISC.DLL,isc
O4 - HKLM\..\RunOnce: [ClientQyule] C:\Program Files\Qyule\qyule.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\RunOnce: [ClientQyule] C:\Program Files\Qyule\qyule.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {0400AC1C-EEF0-4638-A501-31D5A0DC2002} (VTPlug3 Class) - http://61.152.96.82:1995/VTrans.cab
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {3F166327-8030-4881-8BD2-EA25350E574A} (CellWeb5 Control) - http://10.16.51.18:7001/em/cell/cellweb5.cab
O16 - DPF: {4EA20CD0-BF89-4666-9DB1-B5410D27DA54} (Computer Doctor) - http://download.3721.com/pcchkup/pcchkup.cab
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (天下搜索) - http://iebar.t2t2.com/iebar.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://61.152.96.82:1995/talk.cab
O16 - DPF: {7253A666-8D4A-11D7-A4DC-00E04C504779} (BDC Control) - http://222.47.117.133/meiliao/BDC.cab
O16 - DPF: {73BF47F8-04F4-4857-9F04-A1FF670CB5EA} (iChatX Control) - http://chat.inhe.net/ichatx.ocx
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {8135EF31-FE8C-4C6E-A18A-F59944C3A488} - http://ddddl.dudu.com/ddd/channel/spockx-channel.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {99888952-AC62-437C-AFC6-7B5CF05A7F2F} (IEDown Class) - http://download.ourgame.com/IEDown.cab
O16 - DPF: {9A0527C1-4D5F-4E45-9D28-6257F75EDDB1} (IEBHOObj Class) - http://download.imuweb.com/client/chatatwill/ie/imuiepls.cab
O16 - DPF: {ABA7CC7F-019D-47DB-A0D2-B3C2B3AC1B44} (Fc2Boot Class) - http://210.51.5.80/fun/system/fc2boot.cab
O16 - DPF: {BAA07C31-16C7-4E8B-BC40-5096ADA26C03} - http://202.101.62.196:1995/VTrans.cab
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab
O16 - DPF: {C0C13879-6A17-429E-80F1-60B23FC1F720} (FcBoot Class) - http://210.51.180.119/game/system/activex/fcboot.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {E320DDBB-307F-44D5-B758-A57A78C05480} (SPNetViewer.SPNV) - http://61.48.10.66:8000/SPNetViewer.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O16 - DPF: {F381FC65-D92D-4410-B865-E4E9713994E8} (Cytd Encipherment Memory) - http://61.55.138.4/sso/ccitpay.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A05D0FC-D0AB-4F9C-8AB7-D44EA6B43387}: NameServer = 202.99.160.68,202.99.166.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{1A05D0FC-D0AB-4F9C-8AB7-D44EA6B43387}: NameServer = 202.99.160.68,202.99.166.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{1A05D0FC-D0AB-4F9C-8AB7-D44EA6B43387}: NameServer = 202.99.160.68,202.99.166.4
O18 - Protocol: mbox - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINNT\system32\mbprot.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Unknown owner - F:\oracle\ora92\bin\omtsreco.exe (file missing)
O23 - Service: OracleOraHome92Agent - Unknown owner - F:\oracle\ora92\bin\agntsrvc.exe (file missing)
O23 - Service: OracleOraHome92ClientCache - Unknown owner - F:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92HTTPServer - Unknown owner - F:\oracle\ora92\Apache\Apache\apache.exe" --ntservice (file missing)
O23 - Service: OracleOraHome92PagingServer - Unknown owner - F:\oracle\ora92/bin/pagntsrv.exe (file missing)
O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - F:\oracle\ora92\BIN\ENCSVC.EXE (file missing)
O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - F:\oracle\ora92\BIN\AGNTSVC.EXE (file missing)
O23 - Service: OracleOraHome92TNSListener - Unknown owner - (no file)
O23 - Service: OracleServiceLP - Unknown owner - (no file)
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: Smart Card Helper (SCardDrv) - Unknown owner - C:\WINNT\system32\scardsvr32.exe (file missing)

请帮忙给看一下

【回复“第一个ID”的帖子】

重启按F8进入安全模式下修复:
O2 - BHO: EyeOnBrowser Class - {1272F701-349D-4DB3-BBCD-10CBDCD049FE} - C:\WINNT\Downlo~1\_IS_WEBH.dll

O2 - BHO: ltmenu Class - {78C21EFD-53BA-406C-AF1A-33A38ABD3958} - C:\Program Files\LtUcx\1002\c1.dll
O2 - BHO: IMU IE HELP - {9A0527C1-4D5F-4e45-9D28-6257F75EDDB1} - C:\WINNT\system32\imuiepls.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

删除:C:\Program Files\LtUcx\整个目录
C:\WINNT\system32\imuiepls.dll



关于:O4 - HKLM\..\Run: [advapi32] RUNDLL32 C:\WINNT\Downlo~1\_IS_ISC.DLL,isc
请参考:http://forum.ikaka.com/topic.asp?board=67&artid=6909890

【回复“第一个ID”的帖子】
修复的项目可能很多，请务必耐心……
修复：
O2 - BHO: CCIT Memory Manager - {2CE7166E-8BBA-4E76-BA7E-02AB3C573011} - C:\WINNT\DOWNLO~1\cytdcli.dll
O2 - BHO: Wbho Class - {40E3A34A-3282-41F8-AD2C-051BAB96AD4A} - C:\WINNT\system32\Usign.dll
O2 - BHO: ltmenu Class - {78C21EFD-53BA-406C-AF1A-33A38ABD3958} - C:\Program Files\LtUcx\1002\c1.dll
O2 - BHO: IMU IE HELP - {9A0527C1-4D5F-4e45-9D28-6257F75EDDB1} - C:\WINNT\system32\imuiepls.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINNT\system32\qylhelper.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O2 - BHO: AdSwpr - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - D:\PROGRA~1\IER\IERBar.dll
O2 - BHO: IE Accessibility Helper - {FFFFFFFF-6D31-4989-959F-62758166A46C} - C:\Program Files\Internet Explorer\netbus\ie_ad.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (天下搜索) - http://iebar.t2t2.com/iebar.cab
O16 - DPF: {9A0527C1-4D5F-4E45-9D28-6257F75EDDB1} (IEBHOObj Class) - http://download.imuweb.com/client/chatatwill/ie/imuiepls.cab
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab
O23 - Service: OracleMTSRecoveryService - Unknown owner - F:\oracle\ora92\bin\omtsreco.exe (file missing)
O23 - Service: OracleOraHome92Agent - Unknown owner - F:\oracle\ora92\bin\agntsrvc.exe (file missing)
O23 - Service: OracleOraHome92ClientCache - Unknown owner - F:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92HTTPServer - Unknown owner - F:\oracle\ora92\Apache\Apache\apache.exe" --ntservice (file missing)
O23 - Service: OracleOraHome92PagingServer - Unknown owner - F:\oracle\ora92/bin/pagntsrv.exe (file missing)
O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - F:\oracle\ora92\BIN\ENCSVC.EXE (file missing)
O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - F:\oracle\ora92\BIN\AGNTSVC.EXE (file missing)
O23 - Service: OracleOraHome92TNSListener - Unknown owner - (no file)
O23 - Service: OracleServiceLP - Unknown owner - (no file)
O23 - Service: Smart Card Helper (SCardDrv) - Unknown owner - C:\WINNT\system32\scardsvr32.exe (file missing)
删除：
C:\WINNT\DOWNLO~1\cytdcli.dll
C:\WINNT\system32\Usign.dll
C:\Program Files\LtUcx文件夹
C:\WINNT\system32\imuiepls.dll
您的日志中有_IS_WEBH.dll的项目。
请参考：
【推荐】日志项中有_IS_ISC.dll的朋友来看看（反chaxun.com劫持） 
http://forum.ikaka.com/topic.asp?board=67&artid=6909890。

请问怎么修复，我比较菜

【回复“第一个ID”的帖子】
请参考：
【原创】图说本版的一些基本操作第15楼：
http://forum.ikaka.com/topic.asp?board=67&artid=6789825。

【回复“第一个ID”的帖子】
最先但的就是：
可以用3721清理（对你来说这是最直接的）
不想他们说的那么复杂

请参考sanadayukimura 朋友的意见

3721修复不了_IS_ISC.dll问题
另外，以下几项也请修复

O2 - BHO: DownloadBHO T2BHO - {B1D147E7-873E-4909-8127-695D9BB78728} - C:\WINNT\Downloaded Program Files\barhelp.dll
O3 - Toolbar: 完美网译通 - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINNT\WORLD2\TOOLBAR\hmtoolbar.dll
O4 - HKLM\..\RunOnce: [ClientQyule] C:\Program Files\Qyule\qyule.exe
O4 - HKCU\..\RunOnce: [ClientQyule] C:\Program Files\Qyule\qyule.exe

删除
C:\Program Files\Qyule\整个目录
C:\WINNT\WORLD2\整个目录
C:\WINNT\Downloaded Program Files\barhelp.dll
C:\Program Files\Internet Explorer\netbus\整个目录