我的电脑IE老是自动弹出窗口.运行HijackThis V2.2 结果如下,盼望高手帮忙,在此谢过!!!!!!!!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:35:43, on 2009-6-18
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
e:\Program Files\Rising\Rav\CCENTER.EXE
e:\Program Files\Rising\RFW\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
e:\Program Files\Rising\Rav\RavTask.exe
e:\Program Files\Rising\RFW\RavTask.exe
e:\Program Files\Rising\RFW\rfwsrv.exe
e:\Program Files\Rising\Rav\RavMonD.exe
C:\WINDOWS\system32\spoolsv.exe
e:\Program Files\Rising\Rav\rsnetsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\Rising\Rav\RsTray.exe
E:\Program Files\Rising\RFW\RsTray.exe
C:\Program Files\Rising\AntiSpyware\rstray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\snmp.exe
e:\Program Files\Rising\Rav\ScanFrm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Rising\AntiSpyware\knownsvr.exe
C:\WINDOWS\system32\cidaemon.exe
E:\Program Files\Tencent\QQ\Bin\QQ.exe
e:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Downloads\HijackThis.exe
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Program Files\Real PLay\rpbrowserrecordplugin.dll
O2 - BHO: 卡卡上网安全助手 - {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} - C:\WINDOWS\system32\UrlFilter.dll
O3 - Toolbar: 瑞星卡卡工具条(&R) - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RavTray] "e:\Program Files\Rising\Rav\RsTray.exe" -system
O4 - HKLM\..\Run: [RFWTray] "e:\Program Files\Rising\RFW\RsTray.exe" -system
O4 - HKLM\..\Run: [StormCodec_Helper] "e:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [runeip] "C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 使用快车(Flas&hGet)下载 - e:\Program Files\FlashGet Network\Flashget\GetUrl.htm
O8 - Extra context menu item: 使用快车(Flash&Get)下载全部链接 - e:\Program Files\FlashGet Network\Flashget\GetAllUrl.htm
O8 - Extra context menu item: 使用快车(FlashGet)下载该网页FLV - e:\Program Files\FlashGet Network\Flashget\FlvDetector.htm
O8 - Extra context menu item: 使用迅雷下载 - E:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - E:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\Tencent\QQ\Bin\AddEmotion.htm
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - e:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - e:\Program Files\Thunder Network\Thunder\Thunder.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - AppInit_DLLs: kmon.dll
O20 - Winlogon Notify: logondll - C:\WINDOWS\SYSTEM32\fly991.dll
O22 - SharedTaskScheduler: flysoft.dll - {153FC33C-8D26-4620-ACBA-3371AAC67A23} - C:\WINDOWS\System32\flysoft.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: iPod 服务 (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Rav Process Communication Center (RavCCenter) - Beijing Rising Information Technology Co., Ltd. - e:\Program Files\Rising\Rav\CCENTER.EXE
O23 - Service: Rising RavTask Manager (RavTask) - Beijing Rising Information Technology Co., Ltd. - e:\Program Files\Rising\Rav\RavTask.exe
O23 - Service: Rfw Process Communication Center (RfwCCenter) - Beijing Rising Information Technology Co., Ltd. - e:\Program Files\Rising\RFW\CCENTER.EXE
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Information Technology Co., Ltd. - e:\Program Files\Rising\RFW\rfwsrv.exe
O23 - Service: Rising RfwTask Manager (RfwTask) - Beijing Rising Information Technology Co., Ltd. - e:\Program Files\Rising\RFW\RavTask.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - e:\Program Files\Rising\Rav\RavMonD.exe
O23 - Service: Rising Scan Service (RsScanSrv) - Beijing Rising Information Technology Co., Ltd. - e:\Program Files\Rising\Rav\ScanFrm.exe
--
End of file - 6506 bytes

用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; aff-kingsoft-ciba)

O20 - Winlogon Notify: logondll - C:\WINDOWS\SYSTEM32\fly991.dll
O22 - SharedTaskScheduler: flysoft.dll - {153FC33C-8D26-4620-ACBA-3371AAC67A23} - C:\WINDOWS\System32\flysoft.dll


发现上面的注册表登录通知项、共享计划任务项异常，估计还有同伙，鉴于HJ日志扫描项目有限，建议：

点击下载 System Repair Engineer
1 、解压缩sreng2.zip
2、 运行SREngldr.exe
3 、智能扫描=》扫描=》保存报告
4 、将刚保存的日志文件以附件方式上传。

这是SREngldr.exe扫描的结果,谢谢,帮忙分析下,还有我电脑IE主页被http://www.7241.cn/?s1更改,无法改过来

按步骤做，操作时请认真看注意事项，不懂的看置顶工具帖的介绍：

1、下载XDELBOX1.8,解压缩；

2、复制以下红色病毒文件列表，运行XDELBOX.exe后，在窗口下方空白处单击右键后选择“导入剪贴板不检查路径”将刚复制的病毒文件列表粘贴到下方空白框中，然后再次右键选择“立即重启执行删除”，之后不要做任何操作，静静等待自动登录系统（完成后将自动登录到桌面，期间请勿手痒去调整黑白背景下的系统启动菜单）：
C:\WINDOWS\system32\fly991.dll
C:\WINDOWS\System32\HtmlPeek.dll
C:\WINDOWS\system32\Com\1.2.8\WndHook.dll
C:\WINDOWS\System32\flysoft.dll
C:\WINDOWS\system32\drivers\ergiq.sys
C:\WINDOWS\system32\drivers\nnbsf.sys

3、上一步XDELBOX删除病毒文件重启登录系统后，运行SRENG扫描工具，启动项目--注册表，找到以下项目，删除：
    <WinlogonNotify: logondll><fly991.dll>
    <{153FC33C-8D26-4620-ACBA-3371AAC67A23}><C:\WINDOWS\System32\flysoft.dll>

4、SRENG扫描工具窗口，启动项目--服务--驱动程序，找到如下项目，删除以下驱动程序：
[htmm / htmm][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\ergiq.sys><N/A>
[uzbrv / uzbrv][Running/Boot Start]
  <\SystemRoot\system32\drivers\nnbsf.sys><N/A>

5、重启电脑。

非常感谢,问题解决了!!!!!!!!!!!!!!!!!!!!!!!!!!