凡是有地址栏的下面都出现U88的导航条，开网页还会跳出各种广告，收藏夹等易遭袭击的地方也是U88,好讨厌阿！！！
帮我看下怎么解决~~~~多谢阿~~~~~~~~~~！！


HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 19:32:54, on 2006-02-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\BCUP.EXE
C:\PROGRAM FILES\SKYNET\FIREWALL\PFW.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
E:\工具\杀毒\新建文件夹\HIJACKTHIS1.97_QOO\HIJACKTHIS.EXE

O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSHOOK.DLL
O2 - BHO: (no name) - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\SYSTEM\XUNLEIBHO_V5.DLL
O2 - BHO: (no name) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - E:\
O2 - BHO: viviband - {15DDE989-CD45-4561-BF99-D22C0D5C2B85} - C:\WINDOWS\DOWNLO~1\VIVIMIN.DLL
O2 - BHO: (no name) - {1002C84D-A326-2D3C-13F3-2C2474392A91} - C:\WINDOWS\SYSTEM\FLASHHLP.DLL
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRAM FILES\INTERNET EXPLORER\2052\IEHELPER.DLL
O3 - Toolbar: ????? - {4DA2EE61-6399-4C39-AEB9-0D990E610D29} - C:\WINDOWS\SYSTEM\BOCAITOOLBAR.DLL (file missing)
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: ????? - {15DDE989-CD45-4561-BF99-D22C0D5C2B85} - C:\WINDOWS\DOWNLO~1\VIVIMIN.DLL
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3 - (no file)
O3 - Toolbar: (no name) - {8E718888-423F-11D2-876E-00A0C9082467 - (no file)
O3 - Toolbar: (no name) - {15DDE989-CD45-4561-BF99-D22C0D5C2B85 - (no file)
O3 - Toolbar: ????? - {3FFD59AA-280D-4AB3-B420-0CFF2B332316} - C:\PROGRAM FILES\INTERNET EXPLORER\2052\TOOLBARU88.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CNSMIN.DLL,Rundll32
O4 - HKLM\..\Run: [BCUpdate] C:\WINDOWS\SYSTEM\BCUP.exe
O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\PROGRAM FILES\SKYNET\FIREWALL\pfw.exe
O4 - Startup: Windows 资源管理器.lnk
O4 - Startup: MS-DOS 方式.pif
O4 - Startup: Outlook Express.lnk
O4 - Startup: Internet Explorer.lnk
O4 - Startup: Microsoft Access.lnk
O4 - Startup: Microsoft Excel.lnk
O4 - Startup: Microsoft FrontPage.lnk
O4 - Startup: Microsoft Outlook.lnk
O4 - Startup: Windows Media Player.lnk
O4 - Startup: Adobe Photoshop 7.0.lnk
O4 - Startup: Adobe ImageReady 7.0.lnk
O4 - Startup: MSN Messenger 7.0.lnk
O4 - Startup: 金山加加.lnk
O8 - Extra context menu item: 添加到QQ表情 - E:\
O8 - Extra context menu item: &使用迅雷下载 - E:\
O8 - Extra context menu item: 使用影音传送带下载 - E:\
O8 - Extra context menu item: 使用影音传送带下载全部链接 - E:\
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\
O8 - Extra context menu item: 收藏此页到新浪ViVi - http://vivi.sina.com.cn/collect/click.php?agent=viviband
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: QQ (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O11 - Options group: [!CNS] 
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?1078562935140
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/ravkill/rsonline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {7FC22A16-79E6-4787-9C96-B6359BB1106D} (DigitalTrafic Control) - http://www.jt.sh.cn/trafficmap/jtj.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
O16 - DPF: {339C1EE2-1029-46B8-81F1-360217F26FC4} (VGAPlayer Control) - http://219.144.186.220/glx/1/VGAPlayer.cab
O16 - DPF: {3359C0B1-2363-40B3-AFCA-1ABC799AC486} - http://reg.ssreader.com/ssreaderplug.ocx
O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown3.cab
O16 - DPF: {15DDE989-CD45-4561-BF99-D22C0D5C2B85} (
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

日志不全，请下载最新版本HijackThis1.99.1

O4 - Startup: Windows 资源管理器.lnk
O4 - Startup: MS-DOS 方式.pif
O4 - Startup: Outlook Express.lnk
O4 - Startup: Internet Explorer.lnk
O4 - Startup: Microsoft Access.lnk
O4 - Startup: Microsoft Excel.lnk
O4 - Startup: Microsoft FrontPage.lnk
O4 - Startup: Microsoft Outlook.lnk
O4 - Startup: Windows Media Player.lnk
O4 - Startup: Adobe Photoshop 7.0.lnk
O4 - Startup: Adobe ImageReady 7.0.lnk
O4 - Startup: MSN Messenger 7.0.lnk
O4 - Startup: 金山加加.lnk
怎么这么多快捷方式？

结束C:\WINDOWS\SYSTEM\BCUP.EXE进程

修复
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3 - (no file)
O3 - Toolbar: (no name) - {8E718888-423F-11D2-876E-00A0C9082467 - (no file)
O3 - Toolbar: (no name) - {15DDE989-CD45-4561-BF99-D22C0D5C2B85 - (no file)
O3 - Toolbar: ????? - {3FFD59AA-280D-4AB3-B420-0CFF2B332316} - C:\PROGRAM FILES\INTERNET EXPLORER\2052\TOOLBARU88.DLL
O4 - HKLM\..\Run: [BCUpdate] C:\WINDOWS\SYSTEM\BCUP.exe
O4 - Startup: MS-DOS 方式.pif
O4 - Startup: Outlook Express.lnk
O4 - Startup: Internet Explorer.lnk
O4 - Startup: Microsoft Access.lnk
O4 - Startup: Microsoft Excel.lnk
O4 - Startup: Microsoft FrontPage.lnk
O4 - Startup: Microsoft Outlook.lnk
O4 - Startup: Windows Media Player.lnk
O4 - Startup: Adobe Photoshop 7.0.lnk
O4 - Startup: Adobe ImageReady 7.0.lnk
O4 - Startup: MSN Messenger 7.0.lnk
O4 - Startup: 金山加加.lnk

删除
C:\PROGRAM FILES\INTERNET EXPLORER\2052\TOOLBARU88.DLL
C:\WINDOWS\SYSTEM\BCUP.exe
C:\PROGRAM FILES\INTERNET EXPLORER\2052文件夹

若无法删除
请进入安全模式下删除
或用KILLBOX来删除
或参考http://www.xfilt.com/tech/trojan-horse.htm

谢谢~~~