帮我看看HijackThis扫描报告有什么问题【求助】

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛帮我看看HijackThis扫描报告有什么问题【求助】

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1 / 1 页

跳转页

帮我看看HijackThis扫描报告有什么问题【求助】

T_back2005 初生襁褓狮帖子:34 注册: 2004-09-14 来自:	发表于： 2005-09-27 11:01 \| 只看楼主短消息资料字号：小中大 1楼帮我看看HijackThis扫描报告有什么问题【求助】 Logfile of HijackThis v1.98.2 Scan saved at 10:17:55, on 2005-9-27 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe d:\Program Files\Borland\InterBase\bin\ibguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\BCUP.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\Sina\UC\uc.exe d:\Program Files\Borland\InterBase\bin\ibserver.exe C:\WINDOWS\system32\wuauclt.exe D:\Program Files\Maxthon\Maxthon.exe D:\Program Files\HijackThis\HijackThis.exe R3 - URLSearchHook: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINDOWS\system32\diybar2\diybar2.dll O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: IDDTInitObj Class - {15DDE989-CD45-4561-BF99-D22C0D5C2B74} - D:\PROGRA~1\SINA\UC\UCddt\ddtinit.dll O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} - C:\WINDOWS\system32\MSTXRC.DLL O2 - BHO: LinkFilter Class - {4022F902-ABC7-4C79-924F-BB26F1D355A2} - C:\WINDOWS\system32\diybar2\diybar2.dll O2 - BHO: MmsSend Class - {43A8AFD1-5C9C-4ADB-BABB-407254BC0F34} - C:\WINDOWS\DOWNLO~1\SENSKY~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IEBHOLiver Class - {54F8C0E2-34F9-474F-B47F-2CFCFE2300A2} - C:\WINDOWS\system32\IMULiver.dll O2 - BHO: IEhelper Class - {55FE8157-23FA-43C6-91A1-3E4094E9A38D} - d:\PROGRA~1\网络缰猪韁\HCIEPL~1.DLL (file missing) O2 - BHO: KillObj Class - {66C28884-4E5D-494B-80C9-CAA27528FD6D} - d:\PROGRA~1\Sina\ddt\ddtkillw.ocx O2 - BHO: IEBHOObj Class - {9A0527C1-4D5F-4e45-9D28-6257F75EDDB1} - C:\WINDOWS\system32\imuiepls.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O3 - Toolbar: 博采 - {4DA2EE61-6399-4C39-AEB9-0D990E610D29} - C:\WINDOWS\system32\BOCAIT~1.DLL O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll O3 - Toolbar: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - D:\PROGRA~1\SINA\UC\UCddt\DDTONG~1.DLL O3 - Toolbar: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINDOWS\system32\diybar2\diybar2.dll O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [BCUpdate] C:\WINDOWS\system32\BCUP.exe O4 - HKLM\..\Run: [Init] regsvr32 /s C:\WINDOWS\system32\MSTXRC.DLL MsWinb.exe O4 - HKLM\..\Run: [MsWinb] rem D:\Program Files\白猫清理工\MsWinb.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Init] regsvr32 /s C:\WINDOWS\system32\MSTXRC.DLL MsWinb.exe O4 - HKCU\..\Run: [MsWinb] rem D:\Program Files\白猫清理工\MsWinb.exe O4 - Startup: QQ.lnk O4 - Startup: 新浪UC.lnk = D:\Program Files\Sina\UC\uc.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: 添加到新浪点点通阅读器 - res://D:\Program Files\Sina\RssReader\rssreader.exe/RSSFEED.js O8 - Extra context menu item: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\geturl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\getallurl.htm O8 - Extra context menu item: FlashSmart下载Flash - D:\Program Files\FlashSmart\flashsmart.htm O8 - Extra context menu item: 使用Kugoo下载 - D:\PROGRA~1\KUGOO2\KugooDownX.htm O8 - Extra context menu item: 使用彩信超级自写发送到手机 - http://mms.sina.com.cn/mmsnews.html O8 - Extra context menu item: 使用搜狗直通车下载 - C:\PROGRA~1\P4P\dl.htm O8 - Extra context menu item: 使用新浪下载助手下载 - D:\PROGRA~1\SINA\UC\UCddt\sinadl.htm O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: 发送图片到手机 - C:\PROGRA~1\P4P\cx.htm O8 - Extra context menu item: 发送图片到手机(&M) - http://sms.sina.com.cn/diy/send.html?from=467 O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 新浪搜索 - http://cha.sina.com.cn/ddt.html O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\SendMMS.htm O9 - Extra button: 商机直通车 - {13b0c05c-ef05-4bf6-b0ea-f6111af25544} - (no file) O9 - Extra button: 新浪UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8} - D:\Program Files\Sina\UC\UC.exe O9 - Extra button: (no name) - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - (no file) O9 - Extra 'Tools' menuitem: Link Filter - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - (no file) O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing) O9 - Extra button: 卓越 - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - d:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll O9 - Extra button: 网际飞音 - {8E4E4123-AAC7-42CA-AF1B-68CE70B8D385} - D:\Program Files\Donor\donor.exe O9 - Extra 'Tools' menuitem: 网际飞音(&D) - {8E4E4123-AAC7-42CA-AF1B-68CE70B8D385} - D:\Program Files\Donor\donor.exe O9 - Extra button: 金山词霸 - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - d:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE (file missing) O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra button: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-195?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing) O9 - Extra 'Tools' menuitem: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-195?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing) O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {974AD624-EA50-4831-A6C0-3040F6665396} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: 新浪点点通阅读器 - {974AD624-EA50-4831-A6C0-3040F6665396} - (no file) (HKCU) O9 - Extra button: 新浪点点通阅读器 - {F0646DC8-58CD-4C64-8F6B-525043914685} - d:\PROGRA~1\Sina\ddt\rssband.dll (HKCU) O16 - DPF: shortcut - http://news.xinhuanet.com/caixin/shortcutxinhua.CAB O16 - DPF: {15DDE989-CD45-4561-BF99-D22C0D5C2B85} - http://vivi.sina.com.cn/control/vivi.cab O16 - DPF: {28E0FA88-ABA8-4937-A247-3031F1A11165} (Installer Class) - http://pi.51.net/download/diybar2.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://cn.download.yahoo.com/dl/install/yinst0401.cab O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab O16 - DPF: {40CFEA79-ED5B-4B2B-8B8D-B567E40AF812} (sslclient Control) - http://www.tol24.com/download/ocx/sslclientnew.cab O16 - DPF: {54F8C0E2-34F9-474F-B47F-2CFCFE2300A2} (IEBHOLiver Class) - http://download.imu.com.cn/client/chatatwill/ie/imuliver.cab O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (天下搜索) - http://iebar.t2t2.com/iebar.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124674753198 O16 - DPF: {7253A666-8D4A-11D7-A4DC-00E04C504779} (BDC Control) - http://218.64.91.53:81/BDC.cab O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab O16 - DPF: {98A62E3F-A8C5-4EF0-8A00-C70CF9D18A89} (LoaderCore Class) - http://tb.sogou.com/DLLoader.cab O16 - DPF: {99888952-AC62-437C-AFC6-7B5CF05A7F2F} (IEDown Class) - http://download.ourgame.com/IEDown.cab O16 - DPF: {9A0527C1-4D5F-4E45-9D28-6257F75EDDB1} (IEBHOObj Class) - http://download.imuweb.com/client/chatatwill/ie/imuiepls.cab O16 - DPF: {C14D003A-DA41-4FEE-8204-62A94EAA29D1} (GLWebAvt Control) - http://bbs.ourgame.com/image/GLWebAvt.cab O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/ravkill/rsonline.cab O16 - DPF: {FB812CBB-A87E-4BA6-BD49-7C984D192EBB} (Cdrawer Object) - http://211.157.100.212/code/bk_htmlview.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{38CF6D1C-892F-4B66-A5E5-FF66BAE11AB6}: NameServer = 61.166.150.101 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll 2005-09-30 13:30:11
T_back2005 初生襁褓狮帖子:34 注册: 2004-09-14 来自:	分享到：

飞跃迷离社区嘉宾帖子:7351 注册: 2004-10-15 来自:	发表于： 2005-09-27 11:36 \| 短消息资料字号：小中大 2楼重新启动到安全模式（进入安全模式的方法:重新启动电脑, 开机自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。）请关闭所有IE界面，重新使用HijackThis扫描一次，选中下面建议修复的项目，让HijackThis修复，修复前请允许HijackThis保留备份。（如果楼主知道是安全的可以不必勾选） R3 - URLSearchHook: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINDOWS\system32\diybar2\diybar2.dll O2 - BHO: LinkFilter Class - {4022F902-ABC7-4C79-924F-BB26F1D355A2} - C:\WINDOWS\system32\diybar2\diybar2.dll O2 - BHO: IEBHOLiver Class - {54F8C0E2-34F9-474F-B47F-2CFCFE2300A2} - C:\WINDOWS\system32\IMULiver.dll O2 - BHO: MmsSend Class - {43A8AFD1-5C9C-4ADB-BABB-407254BC0F34} - C:\WINDOWS\DOWNLO~1\SENSKY~1.DLL O2 - BHO: IEBHOObj Class - {9A0527C1-4D5F-4e45-9D28-6257F75EDDB1} - C:\WINDOWS\system32\imuiepls.dll O2 - BHO: IEhelper Class - {55FE8157-23FA-43C6-91A1-3E4094E9A38D} - d:\PROGRA~1\网络缰猪韁\HCIEPL~1.DLL (file missing) O3 - Toolbar: 博采 - {4DA2EE61-6399-4C39-AEB9-0D990E610D29} - C:\WINDOWS\system32\BOCAIT~1.DLL O3 - Toolbar: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINDOWS\system32\diybar2\diybar2.dll O4 - HKLM\..\Run: [BCUpdate] C:\WINDOWS\system32\BCUP.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: 商机直通车 - {13b0c05c-ef05-4bf6-b0ea-f6111af25544} - (no file) O9 - Extra button: (no name) - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - (no file) O9 - Extra 'Tools' menuitem: Link Filter - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - (no file) O16 - DPF: {28E0FA88-ABA8-4937-A247-3031F1A11165} (Installer Class) - http://pi.51.net/download/diybar2.cab O16 - DPF: {54F8C0E2-34F9-474F-B47F-2CFCFE2300A2} (IEBHOLiver Class) - http://download.imu.com.cn/client/chatatwill/ie/imuliver.cab O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (天下搜索) - http://iebar.t2t2.com/iebar.cab O16 - DPF: {7253A666-8D4A-11D7-A4DC-00E04C504779} (BDC Control) - http://218.64.91.53:81/BDC.cab O16 - DPF: {9A0527C1-4D5F-4E45-9D28-6257F75EDDB1} (IEBHOObj Class) - http://download.imuweb.com/client/chatatwill/ie/imuiepls.cab 然后打开我的电脑→再点工具→打开文件夹选项→查看→把隐藏受保护的系统文件（推荐）和隐藏已知文件类型的扩展名的勾去掉→再显示所有文件→找到以下文件并删除： C:\WINDOWS\system32\IMULiver.dll C:\WINDOWS\system32\imuiepls.dll C:\WINDOWS\system32\BOCAIT~1.DLL C:\WINDOWS\system32\BCUP.exe C:\WINDOWS\DOWNLO~1\SENSKY~1.DLL 删除文件夹C:\WINDOWS\system32\diybar2 bcup.exe卸载方法..: 关闭所有IE。使用任务管理器删除BCUP.exe进程。打开运行，执行regsvr32-u c:\系统目录\BoCaiToolBar.dll 进入系统目录。（win2000:\\winnt\system32）（win98:\\windows\system）删除BCUP.exe，删除BoCaiToolBall.DLL 打开注册表编辑器删除 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BCUpdate 删除HKEY_LOCAL_MACHINE\SOFTWARE\BlogChina\BC]
飞跃迷离社区嘉宾帖子:7351 注册: 2004-10-15 来自:

拙长孩提狮

帖子:147
注册: 2005-09-27
来自:

发表于： 2005-09-27 12:08 | 短消息资料

字号：小中大 3楼

引用:

【飞跃迷离的贴子】重新启动到安全模式（进入安全模式的方法:重新启动电脑, 开机自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。）

请关闭所有IE界面，重新使用HijackThis扫描一次，选中下面建议修复的项目，让HijackThis修复，修复前请允许HijackThis保留备份。（如果楼主知道是安全的可以不必勾选）
R3 - URLSearchHook: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINDOWS\system32\diybar2\diybar2.dll
O2 - BHO: LinkFilter Class - {4022F902-ABC7-4C79-924F-BB26F1D355A2} - C:\WINDOWS\system32\diybar2\diybar2.dll
O2 - BHO: IEBHOLiver Class - {54F8C0E2-34F9-474F-B47F-2CFCFE2300A2} - C:\WINDOWS\system32\IMULiver.dll
O2 - BHO: MmsSend Class - {43A8AFD1-5C9C-4ADB-BABB-407254BC0F34} - C:\WINDOWS\DOWNLO~1\SENSKY~1.DLL
O2 - BHO: IEBHOObj Class - {9A0527C1-4D5F-4e45-9D28-6257F75EDDB1} - C:\WINDOWS\system32\imuiepls.dll
O2 - BHO: IEhelper Class - {55FE8157-23FA-43C6-91A1-3E4094E9A38D} - d:\PROGRA~1\网络缰猪韁\HCIEPL~1.DLL (file missing)
O3 - Toolbar: 博采 - {4DA2EE61-6399-4C39-AEB9-0D990E610D29} - C:\WINDOWS\system32\BOCAIT~1.DLL
O3 - Toolbar: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINDOWS\system32\diybar2\diybar2.dll
O4 - HKLM\..\Run: [BCUpdate] C:\WINDOWS\system32\BCUP.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: 商机直通车 - {13b0c05c-ef05-4bf6-b0ea-f6111af25544} - (no file)
O9 - Extra button: (no name) - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - (no file)
O9 - Extra ''Tools'' menuitem: Link Filter - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - (no file)
O16 - DPF: {28E0FA88-ABA8-4937-A247-3031F1A11165} (Installer Class) - http://pi.51.net/download/diybar2.cab
O16 - DPF: {54F8C0E2-34F9-474F-B47F-2CFCFE2300A2} (IEBHOLiver Class) - http://download.imu.com.cn/client/chatatwill/ie/imuliver.cab
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (天下搜索) - http://iebar.t2t2.com/iebar.cab
O16 - DPF: {7253A666-8D4A-11D7-A4DC-00E04C504779} (BDC Control) - http://218.64.91.53:81/BDC.cab
O16 - DPF: {9A0527C1-4D5F-4E45-9D28-6257F75EDDB1} (IEBHOObj Class) - http://download.imuweb.com/client/chatatwill/ie/imuiepls.cab

然后打开我的电脑→再点工具→打开文件夹选项→查看→把隐藏受保护的系统文件（推荐）和隐藏已知文件类型的扩展名的勾去掉→再显示所有文件→找到以下文件并删除：
C:\WINDOWS\system32\IMULiver.dll
C:\WINDOWS\system32\imuiepls.dll
C:\WINDOWS\system32\BOCAIT~1.DLL
C:\WINDOWS\system32\BCUP.exe
C:\WINDOWS\DOWNLO~1\SENSKY~1.DLL
删除文件夹C:\WINDOWS\system32\diybar2

bcup.exe卸载方法..:

关闭所有IE。

使用任务管理器删除BCUP.exe进程。

打开运行，执行regsvr32-u c:\系统目录\BoCaiToolBar.dll

进入系统目录。

（win2000:\\winnt\system32）

（win98:\\windows\system）

删除BCUP.exe，删除BoCaiToolBall.DLL

打开注册表编辑器

删除 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BCUpdate

删除HKEY_LOCAL_MACHINE\SOFTWARE\BlogChina\BC]

...........................

虽然我不是当事人,不过我也要谢谢你,因为你的回答很仔细.

T_back2005 初生襁褓狮帖子:34 注册: 2004-09-14 来自:	发表于： 2005-09-28 08:58 \| 只看楼主短消息资料字号：小中大 4楼谢谢帮助！我这就重新扫描修复！
T_back2005 初生襁褓狮帖子:34 注册: 2004-09-14 来自:

T_back2005 初生襁褓狮帖子:34 注册: 2004-09-14 来自:	发表于： 2005-09-30 10:06 \| 只看楼主短消息资料字号：小中大 5楼重新扫描的报告！ Logfile of HijackThis v1.98.2 Scan saved at 8:36:04, on 2005-9-30 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe D:\Program Files\HijackThis\HijackThis.exe R3 - URLSearchHook: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINDOWS\system32\diybar2\diybar2.dll O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: IDDTInitObj Class - {15DDE989-CD45-4561-BF99-D22C0D5C2B74} - D:\PROGRA~1\SINA\UC\UCddt\ddtinit.dll O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} - C:\WINDOWS\system32\MSTXRC.DLL O2 - BHO: LinkFilter Class - {4022F902-ABC7-4C79-924F-BB26F1D355A2} - C:\WINDOWS\system32\diybar2\diybar2.dll O2 - BHO: MmsSend Class - {43A8AFD1-5C9C-4ADB-BABB-407254BC0F34} - C:\WINDOWS\DOWNLO~1\SENSKY~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IEBHOLiver Class - {54F8C0E2-34F9-474F-B47F-2CFCFE2300A2} - C:\WINDOWS\system32\IMULiver.dll O2 - BHO: IEhelper Class - {55FE8157-23FA-43C6-91A1-3E4094E9A38D} - d:\PROGRA~1\网络缰猪韁\HCIEPL~1.DLL (file missing) O2 - BHO: KillObj Class - {66C28884-4E5D-494B-80C9-CAA27528FD6D} - d:\PROGRA~1\Sina\ddt\ddtkillw.ocx O2 - BHO: IEBHOObj Class - {9A0527C1-4D5F-4e45-9D28-6257F75EDDB1} - C:\WINDOWS\system32\imuiepls.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\YiSou\yisoub.dll O3 - Toolbar: 博采 - {4DA2EE61-6399-4C39-AEB9-0D990E610D29} - C:\WINDOWS\system32\BOCAIT~1.DLL (file missing) O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll O3 - Toolbar: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - D:\PROGRA~1\SINA\UC\UCddt\DDTONG~1.DLL O3 - Toolbar: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINDOWS\system32\diybar2\diybar2.dll O3 - Toolbar: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\YiSou\yisou.dll O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32 O4 - HKLM\..\Run: [StormCodec_Helper] "D:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti O4 - HKLM\..\Run: [MINI_BFYY] D:\Program Files\Ringz Studio\Storm Downloader\StormDownloader.exe O4 - HKLM\..\Run: [thunder_mini] D:\Program Files\遨游\Thundermini\ThunderMini.exe O4 - HKCU\..\Run: [Init] regsvr32 /s C:\WINDOWS\system32\MSTXRC.DLL MsWinb.exe O4 - HKCU\..\Run: [MsWinb] rem D:\Program Files\白猫清理工\MsWinb.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: QQ.lnk O4 - Startup: 新浪UC.lnk = D:\Program Files\Sina\UC\uc.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: 添加到新浪点点通阅读器 - res://D:\Program Files\Sina\RssReader\rssreader.exe/RSSFEED.js O8 - Extra context menu item: !搜一搜(&S) - res://C:\Program Files\YiSou\yisou.dll/232 O8 - Extra context menu item: &使用暴风下载器下载 - D:\Program Files\Ringz Studio\Storm Downloader\geturl.htm O8 - Extra context menu item: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\geturl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\getAllurl.htm O8 - Extra context menu item: FlashSmart下载Flash - D:\Program Files\FlashSmart\flashsmart.htm O8 - Extra context menu item: 使用Kugoo下载 - D:\PROGRA~1\KUGOO2\KugooDownX.htm O8 - Extra context menu item: 使用彩信超级自写发送到手机 - http://mms.sina.com.cn/mmsnews.html O8 - Extra context menu item: 使用搜狗直通车下载 - C:\PROGRA~1\P4P\dl.htm O8 - Extra context menu item: 使用新浪下载助手下载 - D:\PROGRA~1\SINA\UC\UCddt\sinadl.htm O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: 发送图片到手机 - C:\PROGRA~1\P4P\cx.htm O8 - Extra context menu item: 发送图片到手机(&M) - http://sms.sina.com.cn/diy/send.html?from=467 O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 新浪搜索 - http://cha.sina.com.cn/ddt.html O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\SendMMS.htm O9 - Extra button: 商机直通车 - {13b0c05c-ef05-4bf6-b0ea-f6111af25544} - (no file) O9 - Extra button: 新浪UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8} - D:\Program Files\Sina\UC\UC.exe O9 - Extra button: (no name) - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - (no file) O9 - Extra 'Tools' menuitem: Link Filter - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - (no file) O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing) O9 - Extra button: 卓越 - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - d:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll O9 - Extra button: 网际飞音 - {8E4E4123-AAC7-42CA-AF1B-68CE70B8D385} - D:\Program Files\Donor\donor.exe O9 - Extra 'Tools' menuitem: 网际飞音(&D) - {8E4E4123-AAC7-42CA-AF1B-68CE70B8D385} - D:\Program Files\Donor\donor.exe O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: 金山词霸 - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - d:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE (file missing) O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra button: 易趣购物 - {DE607143-AC19-423e-862A-2D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing) O9 - Extra 'Tools' menuitem: 易趣购物 - {DE607143-AC19-423e-862A-2D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing) O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {974AD624-EA50-4831-A6C0-3040F6665396} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: 新浪点点通阅读器 - {974AD624-EA50-4831-A6C0-3040F6665396} - (no file) (HKCU) O9 - Extra button: 新浪点点通阅读器 - {F0646DC8-58CD-4C64-8F6B-525043914685} - d:\PROGRA~1\Sina\ddt\rssband.dll (HKCU) O16 - DPF: shortcut - http://news.xinhuanet.com/caixin/shortcutxinhua.CAB O16 - DPF: {15DDE989-CD45-4561-BF99-D22C0D5C2B85} - http://vivi.sina.com.cn/control/vivi.cab O16 - DPF: {28E0FA88-ABA8-4937-A247-3031F1A11165} (Installer Class) - http://pi.51.net/download/diybar2.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://cn.download.yahoo.com/dl/install/yinst0401.cab O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab O16 - DPF: {40CFEA79-ED5B-4B2B-8B8D-B567E40AF812} (sslclient Control) - http://www.tol24.com/download/ocx/sslclientnew.cab O16 - DPF: {54F8C0E2-34F9-474F-B47F-2CFCFE2300A2} (IEBHOLiver Class) - http://download.imu.com.cn/client/chatatwill/ie/imuliver.cab O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (天下搜索) - http://iebar.t2t2.com/iebar.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124674753198 O16 - DPF: {7253A666-8D4A-11D7-A4DC-00E04C504779} (BDC Control) - http://218.64.91.53:81/BDC.cab O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab O16 - DPF: {98A62E3F-A8C5-4EF0-8A00-C70CF9D18A89} (LoaderCore Class) - http://tb.sogou.com/DLLoader.cab O16 - DPF: {99888952-AC62-437C-AFC6-7B5CF05A7F2F} (IEDown Class) - http://download.ourgame.com/IEDown.cab O16 - DPF: {9A0527C1-4D5F-4E45-9D28-6257F75EDDB1} (IEBHOObj Class) - http://download.imuweb.com/client/chatatwill/ie/imuiepls.cab O16 - DPF: {C14D003A-DA41-4FEE-8204-62A94EAA29D1} (GLWebAvt Control) - http://bbs.ourgame.com/image/GLWebAvt.cab O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/ravkill/rsonline.cab O16 - DPF: {FB812CBB-A87E-4BA6-BD49-7C984D192EBB} (Cdrawer Object) - http://211.157.100.212/code/bk_htmlview.dll O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://pcaststatic.mop.com/dn/files/pCastCtl_1.0.0.68_20050923.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
T_back2005 初生襁褓狮帖子:34 注册: 2004-09-14 来自:

T_back2005 初生襁褓狮帖子:34 注册: 2004-09-14 来自:	发表于： 2005-09-30 10:08 \| 只看楼主短消息资料字号：小中大 6楼修复后的报告： Logfile of HijackThis v1.98.2 Scan saved at 10:07:15, on 2005-9-30 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe D:\Program Files\TheWorldFull\TheWorld.exe D:\Program Files\Tencent\TMDlls\TM.exe d:\Program Files\Tencent\QQ\TIMPlatform.exe D:\Program Files\Sina\UC\uc.exe D:\Program Files\eMule\eMule.exe C:\WINDOWS\system32\zstatus.exe D:\Program Files\HijackThis\HijackThis.exe O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: IDDTInitObj Class - {15DDE989-CD45-4561-BF99-D22C0D5C2B74} - D:\PROGRA~1\SINA\UC\UCddt\ddtinit.dll O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} - C:\WINDOWS\system32\MSTXRC.DLL O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\geturl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\getAllurl.htm O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\SendMMS.htm O9 - Extra button: 新浪UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8} - D:\Program Files\Sina\UC\UC.exe O9 - Extra button: 网际飞音 - {8E4E4123-AAC7-42CA-AF1B-68CE70B8D385} - D:\Program Files\Donor\donor.exe O9 - Extra 'Tools' menuitem: 网际飞音(&D) - {8E4E4123-AAC7-42CA-AF1B-68CE70B8D385} - D:\Program Files\Donor\donor.exe O9 - Extra button: 金山词霸 - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - d:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE (file missing) O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe O16 - DPF: shortcut - http://news.xinhuanet.com/caixin/shortcutxinhua.CAB O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://cn.download.yahoo.com/dl/install/yinst0401.cab O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab O16 - DPF: {54F8C0E2-34F9-474F-B47F-2CFCFE2300A2} - http://download.imu.com.cn/client/chatatwill/ie/imuliver.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124674753198 O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab O16 - DPF: {98A62E3F-A8C5-4EF0-8A00-C70CF9D18A89} (LoaderCore Class) - http://tb.sogou.com/DLLoader.cab O16 - DPF: {99888952-AC62-437C-AFC6-7B5CF05A7F2F} (IEDown Class) - http://download.ourgame.com/IEDown.cab O16 - DPF: {C14D003A-DA41-4FEE-8204-62A94EAA29D1} (GLWebAvt Control) - http://bbs.ourgame.com/image/GLWebAvt.cab O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/ravkill/rsonline.cab O16 - DPF: {FB812CBB-A87E-4BA6-BD49-7C984D192EBB} (Cdrawer Object) - http://211.157.100.212/code/bk_htmlview.dll O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://pcaststatic.mop.com/dn/files/pCastCtl_1.0.0.68_20050923.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{38CF6D1C-892F-4B66-A5E5-FF66BAE11AB6}: NameServer = 61.166.150.101 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
T_back2005 初生襁褓狮帖子:34 注册: 2004-09-14 来自:

T_back2005 初生襁褓狮帖子:34 注册: 2004-09-14 来自:	发表于： 2005-09-30 10:08 \| 只看楼主短消息资料字号：小中大 7楼还有什么问题吗？
T_back2005 初生襁褓狮帖子:34 注册: 2004-09-14 来自:

花落花又开社区嘉宾帖子:6782 注册: 2005-04-16 来自:	发表于： 2005-09-30 13:30 \| 短消息资料字号：小中大 8楼【回复“T_back2005”的帖子】修复: O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present 其他没问题.
花落花又开社区嘉宾帖子:6782 注册: 2005-04-16 来自:

<<上一主题|下一主题>>

1 / 1 页

跳转页

T_back2005 初生襁褓狮帖子:34 注册: 2004-09-14 来自:	发表于： 2005-09-27 11:01 \| 只看楼主短消息资料字号：小中大 1楼帮我看看HijackThis扫描报告有什么问题【求助】 Logfile of HijackThis v1.98.2 Scan saved at 10:17:55, on 2005-9-27 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe d:\Program Files\Borland\InterBase\bin\ibguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\BCUP.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\Sina\UC\uc.exe d:\Program Files\Borland\InterBase\bin\ibserver.exe C:\WINDOWS\system32\wuauclt.exe D:\Program Files\Maxthon\Maxthon.exe D:\Program Files\HijackThis\HijackThis.exe R3 - URLSearchHook: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINDOWS\system32\diybar2\diybar2.dll O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: IDDTInitObj Class - {15DDE989-CD45-4561-BF99-D22C0D5C2B74} - D:\PROGRA~1\SINA\UC\UCddt\ddtinit.dll O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} - C:\WINDOWS\system32\MSTXRC.DLL O2 - BHO: LinkFilter Class - {4022F902-ABC7-4C79-924F-BB26F1D355A2} - C:\WINDOWS\system32\diybar2\diybar2.dll O2 - BHO: MmsSend Class - {43A8AFD1-5C9C-4ADB-BABB-407254BC0F34} - C:\WINDOWS\DOWNLO~1\SENSKY~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IEBHOLiver Class - {54F8C0E2-34F9-474F-B47F-2CFCFE2300A2} - C:\WINDOWS\system32\IMULiver.dll O2 - BHO: IEhelper Class - {55FE8157-23FA-43C6-91A1-3E4094E9A38D} - d:\PROGRA~1\网络缰猪韁\HCIEPL~1.DLL (file missing) O2 - BHO: KillObj Class - {66C28884-4E5D-494B-80C9-CAA27528FD6D} - d:\PROGRA~1\Sina\ddt\ddtkillw.ocx O2 - BHO: IEBHOObj Class - {9A0527C1-4D5F-4e45-9D28-6257F75EDDB1} - C:\WINDOWS\system32\imuiepls.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O3 - Toolbar: 博采 - {4DA2EE61-6399-4C39-AEB9-0D990E610D29} - C:\WINDOWS\system32\BOCAIT~1.DLL O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll O3 - Toolbar: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - D:\PROGRA~1\SINA\UC\UCddt\DDTONG~1.DLL O3 - Toolbar: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINDOWS\system32\diybar2\diybar2.dll O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [BCUpdate] C:\WINDOWS\system32\BCUP.exe O4 - HKLM\..\Run: [Init] regsvr32 /s C:\WINDOWS\system32\MSTXRC.DLL MsWinb.exe O4 - HKLM\..\Run: [MsWinb] rem D:\Program Files\白猫清理工\MsWinb.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Init] regsvr32 /s C:\WINDOWS\system32\MSTXRC.DLL MsWinb.exe O4 - HKCU\..\Run: [MsWinb] rem D:\Program Files\白猫清理工\MsWinb.exe O4 - Startup: QQ.lnk O4 - Startup: 新浪UC.lnk = D:\Program Files\Sina\UC\uc.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: 添加到新浪点点通阅读器 - res://D:\Program Files\Sina\RssReader\rssreader.exe/RSSFEED.js O8 - Extra context menu item: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\geturl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\getallurl.htm O8 - Extra context menu item: FlashSmart下载Flash - D:\Program Files\FlashSmart\flashsmart.htm O8 - Extra context menu item: 使用Kugoo下载 - D:\PROGRA~1\KUGOO2\KugooDownX.htm O8 - Extra context menu item: 使用彩信超级自写发送到手机 - http://mms.sina.com.cn/mmsnews.html O8 - Extra context menu item: 使用搜狗直通车下载 - C:\PROGRA~1\P4P\dl.htm O8 - Extra context menu item: 使用新浪下载助手下载 - D:\PROGRA~1\SINA\UC\UCddt\sinadl.htm O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: 发送图片到手机 - C:\PROGRA~1\P4P\cx.htm O8 - Extra context menu item: 发送图片到手机(&M) - http://sms.sina.com.cn/diy/send.html?from=467 O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 新浪搜索 - http://cha.sina.com.cn/ddt.html O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\SendMMS.htm O9 - Extra button: 商机直通车 - {13b0c05c-ef05-4bf6-b0ea-f6111af25544} - (no file) O9 - Extra button: 新浪UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8} - D:\Program Files\Sina\UC\UC.exe O9 - Extra button: (no name) - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - (no file) O9 - Extra 'Tools' menuitem: Link Filter - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - (no file) O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing) O9 - Extra button: 卓越 - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - d:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll O9 - Extra button: 网际飞音 - {8E4E4123-AAC7-42CA-AF1B-68CE70B8D385} - D:\Program Files\Donor\donor.exe O9 - Extra 'Tools' menuitem: 网际飞音(&D) - {8E4E4123-AAC7-42CA-AF1B-68CE70B8D385} - D:\Program Files\Donor\donor.exe O9 - Extra button: 金山词霸 - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - d:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE (file missing) O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra button: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-195?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing) O9 - Extra 'Tools' menuitem: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-195?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing) O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {974AD624-EA50-4831-A6C0-3040F6665396} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: 新浪点点通阅读器 - {974AD624-EA50-4831-A6C0-3040F6665396} - (no file) (HKCU) O9 - Extra button: 新浪点点通阅读器 - {F0646DC8-58CD-4C64-8F6B-525043914685} - d:\PROGRA~1\Sina\ddt\rssband.dll (HKCU) O16 - DPF: shortcut - http://news.xinhuanet.com/caixin/shortcutxinhua.CAB O16 - DPF: {15DDE989-CD45-4561-BF99-D22C0D5C2B85} - http://vivi.sina.com.cn/control/vivi.cab O16 - DPF: {28E0FA88-ABA8-4937-A247-3031F1A11165} (Installer Class) - http://pi.51.net/download/diybar2.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://cn.download.yahoo.com/dl/install/yinst0401.cab O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab O16 - DPF: {40CFEA79-ED5B-4B2B-8B8D-B567E40AF812} (sslclient Control) - http://www.tol24.com/download/ocx/sslclientnew.cab O16 - DPF: {54F8C0E2-34F9-474F-B47F-2CFCFE2300A2} (IEBHOLiver Class) - http://download.imu.com.cn/client/chatatwill/ie/imuliver.cab O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (天下搜索) - http://iebar.t2t2.com/iebar.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124674753198 O16 - DPF: {7253A666-8D4A-11D7-A4DC-00E04C504779} (BDC Control) - http://218.64.91.53:81/BDC.cab O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab O16 - DPF: {98A62E3F-A8C5-4EF0-8A00-C70CF9D18A89} (LoaderCore Class) - http://tb.sogou.com/DLLoader.cab O16 - DPF: {99888952-AC62-437C-AFC6-7B5CF05A7F2F} (IEDown Class) - http://download.ourgame.com/IEDown.cab O16 - DPF: {9A0527C1-4D5F-4E45-9D28-6257F75EDDB1} (IEBHOObj Class) - http://download.imuweb.com/client/chatatwill/ie/imuiepls.cab O16 - DPF: {C14D003A-DA41-4FEE-8204-62A94EAA29D1} (GLWebAvt Control) - http://bbs.ourgame.com/image/GLWebAvt.cab O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/ravkill/rsonline.cab O16 - DPF: {FB812CBB-A87E-4BA6-BD49-7C984D192EBB} (Cdrawer Object) - http://211.157.100.212/code/bk_htmlview.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{38CF6D1C-892F-4B66-A5E5-FF66BAE11AB6}: NameServer = 61.166.150.101 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll 2005-09-30 13:30:11
T_back2005 初生襁褓狮帖子:34 注册: 2004-09-14 来自:	分享到：

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 帮我看看HijackThis扫描报告有什么问题【求助】

帮我看看HijackThis扫描报告有什么问题【求助】

帮我看看HijackThis扫描报告有什么问题【求助】

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛帮我看看HijackThis扫描报告有什么问题【求助】