发表于: 2005-12-13 18:30 | 显示全部 短消息 资料
字号: 1楼

我的IE被http://u.ulink.cc/劫持了,救命啊

IE不定时地跳出http://u.ulink.cc/top.htm?user=110dy&fu=http://www.110dy.com#ulinktop,用卡卡上网助手加入屏弊名单里也不行。下面是hijackthis的扫描结果,有劳高手帮忙看看
Logfile of HijackThis v1.99.1
Scan saved at 18:17:42, on 2005-12-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\brsvc01a.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\brss01a.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\Program Files\rising\Rfw\rfwmain.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\VM_STI.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Administrator\桌面\发布\proxysm.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\XYOnline2\xy2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Netcaptor\NetCaptor.exe
C:\Documents and Settings\Administrator\桌面\HijackThis.exe

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\Net Transport\NTIEHelper.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\KakaTool.dll
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RfwMain] C:\Program Files\rising\Rfw\rfwmain.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINNT\VM_STI.EXE ZSMC USB PC Camera
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [poco] C:\poco\Poco2004.exe
O4 - HKLM\..\Run: [proxysm] C:\Documents and Settings\Administrator\桌面\发布\proxysm.exe
O4 - HKLM\..\Run: [SeAdUpdate] C:\WINNT\SeAd\SeAdUpdate43941e22.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O8 - Extra context menu item: 使用影音传送带下载 - C:\PROGRA~1\Xi\NETTRA~1\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - C:\PROGRA~1\Xi\NETTRA~1\NTAddList.html
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0836580B-78E9-40EF-946D-D59607BAAD18}: NameServer = 202.100.192.68,202.100.199.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{0836580B-78E9-40EF-946D-D59607BAAD18}: NameServer = 202.100.192.68,202.100.199.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{0836580B-78E9-40EF-946D-D59607BAAD18}: NameServer = 202.100.192.68,202.100.199.8
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINNT\system32\brsvc01a.exe
O23 - Service: MazeServer - Unknown owner - C:\Program Files\Maze\MazeSvr.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe

最后编辑2005-12-13 18:36:24