瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 高手帮忙看看,总有广告弹出,解决不了,急

1   1  /  1  页   跳转

高手帮忙看看,总有广告弹出,解决不了,急

收藏
bunengwan
头像
初生襁褓狮
  • 帖子:1
  • 注册: 2006-06-20
  • 来自:
发表于: 2006-06-20 09:24 | 只看楼主 短消息 资料
字号: 1楼

高手帮忙看看,总有广告弹出,解决不了,急

HijackThis_815汉化版扫描日志 V1.99.1
保存于      9:12:22, 日期 2006-6-20
操作系统:  Windows XP SP2 (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程:         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
f:\Program Files\Rising\Rav\CCenter.exe
C:\WINNT\System32\svchost.exe
f:\Program Files\Rising\Rav\Ravmond.exe
f:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
F:\Program Files\Rising\Rfw\rfwmain.exe
F:\Program Files\Rising\Rav\RavTask.exe
C:\WINNT\system32\USB_Kbd\Versato.exe
F:\Program Files\加密大师\SVOH0ST.EXE
C:\WINNT\system32\ctfmon.exe
F:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\TDdownload\新建文件夹\HijackThis1991\HijackThis1991.exe

R3 - URLSearchHook: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file)
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - (no file)
O2 - BHO: (no name) - {45A26E38-F931-4C6F-8106-FBB8534FB0AF} - C:\WINNT\trunk_16.dll
O2 - BHO: IEYHlprObj Class - {5C761D09-377E-4EAC-ADA1-C9CDE39B5674} - C:\WINNT\IEYHelper.dll
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - (no file)
O2 - BHO: estAliveObj Class - {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} - C:\WINNT\estAlive.dll
O2 - BHO: iehelper - {C1DE9E98-839F-4055-AEDF-781852C25895} - C:\WINNT\system32\aperferer.dll
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\kakatool.dll
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [PHIME2002ASync] ; C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] ; C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [RfwMain] "f:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [Super Rabbit SRRestore] F:\Program Files\MagicSet\srrest.exe /autosave
O4 - 启动项HKLM\\Run: [RavTask] "f:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [Versato] C:\WINNT\system32\USB_Kbd\Versato.exe
O4 - 启动项HKLM\\Run: [SVOH0ST] f:\Program Files\加密大师\SVOH0ST.EXE un
O4 - 启动项HKLM\\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O9 - 浏览器额外的按钮: 比较购物搜索 - {A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINNT\YayaBands.dll
O9 - 浏览器额外的“工具”菜单项: The AskYaya VerticalBar - {A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINNT\YayaBands.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com.cn/webscanner/kavwebscan_unicode.cab
O16 - DPF: {5932517A-3326-4439-A708-1C98EDB5C549} (Downloader Class) - file://C:\Documents and Settings\All Users\Application Data\Share Helper\Cast\GGS\d1730c418a\js\iMopDl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149297797654
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149313249281
O17 - HKLM\System\CCS\Services\Tcpip\..\{1023059B-2023-49CF-9A9A-DE206EDCF5D6}: NameServer = 211.90.88.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{1023059B-2023-49CF-9A9A-DE206EDCF5D6}: NameServer = 211.90.88.129
O23 - NT 服务: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - NT 服务: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - f:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - f:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - f:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - f:\Program Files\Rising\Rav\Ravmond.exe

最后编辑2006-06-20 14:48:31
分享到:
gototop
 
我无邪
头像
高贵耄耋狮
  • 帖子:20720
  • 注册: 2004-06-10
  • 来自:广西玉林
发表于: 2006-06-20 14:56 | 短消息 资料
字号: 2楼

关闭所有浏览窗口以及一些不必要的程序
运行Hijackthis,扫描结束后在下列选项前打上勾,然后选"修复"
R3 - URLSearchHook: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file)
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - (no file)
O2 - BHO: (no name) - {45A26E38-F931-4C6F-8106-FBB8534FB0AF} - C:\WINNT\trunk_16.dll
O2 - BHO: IEYHlprObj Class - {5C761D09-377E-4EAC-ADA1-C9CDE39B5674} - C:\WINNT\IEYHelper.dll
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - (no file)
O2 - BHO: estAliveObj Class - {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} - C:\WINNT\estAlive.dll
O2 - BHO: iehelper - {C1DE9E98-839F-4055-AEDF-781852C25895} - C:\WINNT\system32\aperferer.dll
O9 - 浏览器额外的按钮: 比较购物搜索 - {A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINNT\YayaBands.dll
O9 - 浏览器额外的“工具”菜单项: The AskYaya VerticalBar - {A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINNT\YayaBands.dll
双击我的电脑,工具,文件夹选项,查看,单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件(推荐)"复选框。在提示确定更改时,单击“是”,清除“隐藏已知文件类型的扩展名
删除
C:\WINNT\YayaBands.dll
C:\WINNT\system32\aperferer.dll
C:\WINNT\estAlive.dll
C:\WINNT\IEYHelper.dll
C:\WINNT\trunk_16.dll
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT