使用HijackThis 扫描后产生的，大家帮我看看，哪个要修复？ - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛使用HijackThis 扫描后产生的，大家帮我看看，哪个要修复？

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

使用HijackThis 扫描后产生的，大家帮我看看，哪个要修复？

ghgz 初生襁褓狮帖子:2 注册: 2005-12-21 来自:	发表于： 2005-12-21 16:08 \| 只看楼主短消息资料字号：小中大 1楼使用HijackThis 扫描后产生的，大家帮我看看，哪个要修复？ Logfile of HijackThis v1.99.1 Scan saved at 15:45:23, on 2005-12-21 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\PROGRAM FILES\RISING\RAV\Ravmond.exe C:\PROGRAM FILES\RISING\RAV\RavStub.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\cisvc.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\nvsvc32.exe C:\Program Files\Rising\Rav\RavService.exe C:\WINNT\system32\regsvc.exe C:\Program Files\Rising\Rav\CCenter.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Common Files\SAND\qqfacerclient.exe C:\Program Files\HHVcdV7Sys\VC7SecS.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\inetsrv\inetinfo.exe C:\WINNT\Mixer.exe C:\Program Files\Rising\Rav\RavTimer.exe C:\Program Files\Rising\Rav\RavTray.exe C:\Program Files\Rising\Rav\RavMon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\HHVcdV7Sys\VC7Play.exe C:\WINNT\system32\internat.exe C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe C:\WINNT\svchost.exe C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\PPLive TV\PPPlayer.exe C:\Program Files\Internet Explorer\lib\U88.exe C:\Program Files\Common Files\Synacast\SynaLive\PE.exe C:\WINNT\system32\cidaemon.exe C:\WINNT\system32\cidaemon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE G:\软件\hijackthis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: i&Bar搜索引擎 - {2E7D3330-EB94-4518-B0FE-E05379A5C1DA} - C:\PROGRA~1\iBar\10002\iBar.dll O2 - BHO: Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll (file missing) O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing) O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINNT\system32\stdup.dll O2 - BHO: NXIECatcher Class - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll O2 - BHO: BrowserHAP Class - {AEF6F648-78D8-4456-BEE7-5ADE23D209FD} - C:\PROGRA~1\HBClient\hapast.dll O2 - BHO: MacroMediapd - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - C:\WINNT\system32\microapmddt.dll O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Internet Explorer\lib\stdie.dll O3 - Toolbar: i&Bar搜索引擎 - {2E7D3330-EB94-4518-B0FE-E05379A5C1DA} - C:\PROGRA~1\iBar\10002\iBar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [RavTimer] C:\Program Files\Rising\Rav\RavTimer.exe O4 - HKLM\..\Run: [RavTray] C:\Program Files\Rising\Rav\RavTray.exe O4 - HKLM\..\Run: [RavMon] C:\Program Files\Rising\Rav\RavMon.exe -system O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\UPDATE\Update.exe O4 - HKLM\..\Run: [hbpassport] C:\PROGRA~1\HBClient\hbast.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [VC7Player] C:\Program Files\HHVcdV7Sys\VC7Play.exe O4 - HKCU\..\Run: [Internat.exe] internat.exe O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" O4 - HKCU\..\Run: [update8] C:\WINNT\aupdate.exe O8 - Extra context menu item: 使用搜狗直通车下载 - C:\PROGRA~1\P4P\dl.htm O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm O9 - Extra button: 常用网址 - {36B39F01-7B48-44AD-A165-5849CD8EF562} - C:\WINNT\system32\SHDOCVW.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O16 - DPF: {045E1C91-8D89-44F5-8F66-B67CE56E6124} (eBeamClientPanel Control) - http://www.xiaoxique.com.cn/Portal/xxq/jsvnet/Player/objects/WBClientPanel.cab O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab O16 - DPF: {61A68EA1-BA1B-461F-BFCB-57718190834D} (ViPlayer) - http://www.86516.com/qqy/ViPlayer.cab O16 - DPF: {7A97B026-F3BB-49F6-BEAC-75021AD45B4E} (SLAProbe Control) - http://xnjc.jsinfo.net:81/sla/SLAProbe/SLAProbe.ocx O16 - DPF: {8EF11386-FCAF-426D-88B0-62C68E9B5770} (XPlayerOCX Control) - http://download.collegesoft.com.cn/product/publish/xplayer.cab O16 - DPF: {96996894-D69B-4FD0-92ED-0950891FFA5C} (TwodaysOCX.PPT) - http://172.16.1.15:8088/plugin/TwodaysOCX.CAB O16 - DPF: {9C628796-B6F0-4ED5-8CDC-888AB2CF145F} (Ftpcontrol Control) - http://172.16.1.14/derup/page/ftpcontrol.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{41958C33-35C0-47AA-AA84-31D7BA41AA59}: NameServer = 61.147.37.1 O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINNT\system32\mbprot.dll O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: RavService - Unknown owner - C:\Program Files\Rising\Rav\RavService.exe" /service (file missing) O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: QQFace (Universal Disk Manager) - COMENET TECHNOLOGY - C:\Program Files\Common Files\SAND\qqfacerclient.exe O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - C:\Program Files\HHVcdV7Sys\VC7SecS.exe 2005-12-21 19:35:27
ghgz 初生襁褓狮帖子:2 注册: 2005-12-21 来自:	分享到：

二号初生襁褓狮帖子:146 注册: 2005-07-18 来自:	发表于： 2005-12-21 17:17 \| 短消息资料字号：小中大 2楼请先说明有什么问题
二号初生襁褓狮帖子:146 注册: 2005-07-18 来自:

飞跃迷离社区嘉宾帖子:7351 注册: 2004-10-15 来自:	发表于： 2005-12-21 18:49 \| 短消息资料字号：小中大 3楼重新启动到安全模式（进入安全模式的方法:重新启动电脑, 开机自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。）开始→控制面板→性能和维护→管理工具→服务→查找QQFace→右击→属性→启动类型→禁止→应用→停止→确定。先终止下面的进程（关闭所有窗口，同时按下CTRL+ALT+DELETE，在打开的窗口中选中要终止的进程，然后按下“结束任务”或者“结束进程”，最后关闭该窗口。 C:\WINNT\svchost.exe C:\Program Files\Internet Explorer\lib\U88.exe 请关闭所有IE界面，重新使用HijackThis扫描一次，选中下面建议修复的项目，让HijackThis修复，修复前请允许HijackThis保留备份。（如果楼主知道是安全的可以不必勾选） O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINNT\system32\stdup.dll O2 - BHO: BrowserHAP Class - {AEF6F648-78D8-4456-BEE7-5ADE23D209FD} - C:\PROGRA~1\HBClient\hapast.dll O2 - BHO: MacroMediapd - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - C:\WINNT\system32\microapmddt.dll O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\UPDATE\Update.exe O4 - HKLM\..\Run: [hbpassport] C:\PROGRA~1\HBClient\hbast.exe O16 - DPF: {96996894-D69B-4FD0-92ED-0950891FFA5C} (TwodaysOCX.PPT) - http://172.16.1.15:8088/plugin/TwodaysOCX.CAB O16 - DPF: {9C628796-B6F0-4ED5-8CDC-888AB2CF145F} (Ftpcontrol Control) - http://172.16.1.14/derup/page/ftpcontrol.cab O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINNT\system32\mbprot.dll 然后打开我的电脑→再点工具→打开文件夹选项→查看→把隐藏受保护的系统文件（推荐）和隐藏已知文件类型的扩展名的勾去掉→再显示所有文件→找到以下文件并删除：(如果有的话) C:\WINNT\system32\stdup.dll C:\WINNT\svchost.exe C:\WINNT\system32\microapmddt.dll C:\WINNT\system32\mbprot.dll 删除文件夹C:\Program Files\Internet Explorer\lib 删除文件夹C:\PROGRA~1\HBClient 删除文件夹C:\Program Files\Common Files\UPDATE 删除文件夹C:\Program Files\Common Files\SAND
飞跃迷离社区嘉宾帖子:7351 注册: 2004-10-15 来自:

叱咤花甲狮

帖子:2584
注册: 2005-07-02
来自:

发表于： 2005-12-21 19:35 | 短消息资料

字号：小中大 4楼

引用:

【飞跃迷离的贴子】
...........................

学习！！

gototop

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT