瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 请各位大虾帮帮小弟(点击“我的电脑”要等很久才能进入)

1   1  /  1  页   跳转

请各位大虾帮帮小弟(点击“我的电脑”要等很久才能进入)

请各位大虾帮帮小弟(点击“我的电脑”要等很久才能进入)

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      8:54:33, 日期 05-7-4
操作系统:  Windows 98 SE (Win9x 4.10.2222A)
浏览器:    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程:         
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
D:\PROGRAM FILES\RISING\RAV\RAVMON.EXE
D:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE
D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\EXPLORER.EXE
D:\PROGRAM FILES\RISING\RAV\RAVTIMER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\TENCENT\TT\TTRAVELER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
F:\软件\HIJACKTHIS1991ZWW321\HIJACKTHIS1991汉化版\HIJACKTHIS1991ZWW.EXE

R3 - URLSearchHook: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINDOWS\SYSTEM\DIYBAR2\DIYBAR2.DLL
O2 - BHO: NetAnts.IE.Monitor - {57E91B41-F40A-11D1-B792-444553540000} - C:\PROGRAM FILES\NETANTS\ANTAPI.DLL
O2 - BHO: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRAM FILES\3721\ASSIST\ASBAR.DLL
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL
O2 - BHO: T2BHO Class - {B1D147E7-873E-4909-8127-695D9BB78728} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\BARHELP22.0.DLL
O2 - BHO: ReviseHelper Class - {749D1D7D-1969-4014-A98D-9E867E7508D0} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\PAGEREVISOR.DLL
O2 - BHO: Link Filter - {4022F902-ABC7-4C79-924F-BB26F1D355A2} - C:\WINDOWS\SYSTEM\DIYBAR2\DIYBAR2.DLL
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - IE工具栏增项: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRAM FILES\3721\ASSIST\ASBAR.DLL
O4 - 启动项HKLM\\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\RunServices: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\RunServices: [RavMond] D:\PROGRA~1\RISING\RAV\RAVMOND.EXE
O4 - 启动项HKLM\\RunServices: [RsCcenter] D:\PROGRA~1\RISING\RAV\CCENTER.EXE
O8 - IE右键菜单中的新增项目: 豪杰超级解霸V8实时播放 - C:\Herosoft\HeroV8\MPURLGET.HTM
O8 - IE右键菜单中的新增项目: !搜一搜 - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\CnsMinEx.dll/1003
O8 - IE右键菜单中的新增项目: &Download by NetAnts - C:\PROGRA~1\NETANTS\NAGet.htm
O8 - IE右键菜单中的新增项目: Download &All by NetAnts - C:\PROGRA~1\NETANTS\NAGetAll.htm
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe
O9 - 浏览器额外的“工具”菜单项: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe
O9 - 浏览器额外的按钮: 百度搜索伴侣 - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - C:\WINDOWS\DOWNLO~1\BDSRHOOK.DLL
O9 - 浏览器额外的按钮: (no name) - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - 浏览器额外的“工具”菜单项: Link Filter - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O15 - “受信任的站点”中添加项: *.static.topconverting.com (HKLM)
O15 - “受信任的站点”中添加项: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {29F25158-4933-4C2F-A8C1-A7BC3A87DF3A} (TestX) - http://download.51888.com/toolbar/51888.cab
O16 - DPF: {86BC8440-8693-4076-A144-6BAF942B40B0} (RegMore Class) - http://mysearch.8848.com/mysearch/MySearch.CAB
O16 - DPF: {28E0FA88-ABA8-4937-A247-3031F1A11165} (Installer Class) - http://pi.51.net/download/diybar2.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = nyjcw
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 218.76.248.6

最后编辑2005-07-04 13:14:04
分享到:
gototop
 

【回复“白云飞”的帖子】
重新启动到安全模式(进入安全模式的方法:重新启动电脑, 开机自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。)


请关闭所有IE界面,重新使用HijackThis扫描一次,选中下面建议修复的项目,让HijackThis修复,修复前请允许HijackThis保留备份。(如果楼主知道是安全的可以不必勾选)
R3 - URLSearchHook: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINDOWS\SYSTEM\DIYBAR2\DIYBAR2.DLL
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL
O2 - BHO: T2BHO Class - {B1D147E7-873E-4909-8127-695D9BB78728} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\BARHELP22.0.DLL
O2 - BHO: ReviseHelper Class - {749D1D7D-1969-4014-A98D-9E867E7508D0} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\PAGEREVISOR.DLL
O2 - BHO: Link Filter - {4022F902-ABC7-4C79-924F-BB26F1D355A2} - C:\WINDOWS\SYSTEM\DIYBAR2\DIYBAR2.DLL
O15 - “受信任的站点”中添加项: *.static.topconverting.com (HKLM)
O15 - “受信任的站点”中添加项: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {86BC8440-8693-4076-A144-6BAF942B40B0} (RegMore Class) - http://mysearch.8848.com/mysearch/MySearch.CAB
O16 - DPF: {28E0FA88-ABA8-4937-A247-3031F1A11165} (Installer Class) - http://pi.51.net/download/diybar2.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = nyjcw

然后重起电脑。F8到安全模式。。打开我的电脑。。再点工具。。打开文件夹选项。。。查看。。。把隐藏受保护的系统文件(推荐)和隐藏已知文件类型的扩展名的勾去掉。再显示所有文件。 用WINDOWS的查找功能进行查找并删除:
C:\WINDOWS\SYSTEM\DIYBAR2\DIYBAR2.DLL
C:\WINDOWS\CERES.DLL
C:\WINDOWS\DOWNLOADED PROGRAM FILES\BARHELP22.0.DLL
C:\WINDOWS\DOWNLOADED PROGRAM FILES\PAGEREVISOR.DLL


gototop
 
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT