瑞星卡卡安全论坛

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      10:38:06, 日期 2006-6-1
操作系统：  Windows XP SP1 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msime.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\mnew6win.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
D:\Rising\Rav\RavTask.exe
C:\PROGRA~1\baigoo\bgoomain.exe
C:\WINDOWS\System32\rundll32.exe
C:\defender24.exe
C:\WINDOWS\System32\svchost.exe
D:\Rising\Rav\Ravmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\win32sprot.exe
C:\Documents and Settings\Bluewater\桌面\HijackThis1991zww.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: MSN 工具栏 - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\zh-cn\msntb.dll
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O4 - 启动项HKLM\\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [SoundMan] soundman.exe
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - 启动项HKLM\\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - 启动项HKLM\\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - 启动项HKLM\\Run: [RavTask] "d:\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [bgoomain.exe] C:\PROGRA~1\baigoo\bgoomain.exe
O4 - 启动项HKLM\\Run: [xmn32] rundll32.exe C:\WINDOWS\System32\xmn32.dll,start
O4 - 启动项HKLM\\Run: [defender] C:\\defender24.exe
O4 - 启动项HKLM\\Run: [keyboard] C:\\keyboard24.exe
O4 - 启动项HKLM\\Run: [newname] C:\\newname24.exe
O4 - 启动项HKLM\\Run: [RavScanBD] "D:\Rising\Rav\ScanBD.exe" /INST
O4 - 启动项HKLM\\Run: [Windows Security Protocol] win32sprot.exe
O4 - 启动项HKLM\\RunServices: [Windows Security Protocol] win32sprot.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LocalSystem] C:\WINDOWS\system\svchost.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\Program Files\xunlei\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\Program Files\xunlei\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT
O8 - IE右键菜单中的新增项目: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [CDNCLIENT]  中文上网
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {7FC22A16-79E6-4787-9C96-B6359BB1106D} (DigitalTrafic Control) - http://www.jt.sh.cn/trafficmap/jtj.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E203D68-4BE6-42B4-B8F6-B207C511C3F5}: NameServer = 202.96.209.6 202.96.209.133
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: pmnkl - pmnkl.dll (file missing)
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\enn2l15o1.dll
O23 - NT 服务: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - NT 服务: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - NT 服务: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - NT 服务: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - NT 服务: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - NT 服务: mnew6win - Unknown owner - C:\WINDOWS\system32\mnew6win.exe
O23 - NT 服务: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - NT 服务: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Rising\Rav\Ravmond.exe
O23 - NT 服务: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - NT 服务: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - NT 服务: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - NT 服务: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

真的很急  本人对病毒一窍不通 求高人帮忙

看日志有病毒，好像有什么传奇盗号的之类的，楼主先升级病毒库
进安全模式下全面查一下毒吧

Adware.Dinkum.aC:\WINDOWS\system32lvpo0973e.dll
Backdoor.RBot.hsvC:\WINDOWS\system32win32sprot.exe
Trojan.Clicker.Clickbank.aC:\WINDOWS\Tempbw2.com
Trojan.Clicker.Clickbank.aC:\WINDOWSicont.exe
Trojan.Clicker.Clickbank.aC:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\EUSK7WIHAppWrap[1].exe
Adware.Dinkum.aC:\System Volume Information\_restore{D7CF3D9E-189B-4FD5-AB28-4C52C51EE0EE}\RP98A0057644.exe
Trojan.DL.AdLoad.cwC:\System Volume Information\_restore{D7CF3D9E-189B-4FD5-AB28-4C52C51EE0EE}\RP98A0057645.exe
Trojan.DL.AdservsC:\System Volume Information\_restore{D7CF3D9E-189B-4FD5-AB28-4C52C51EE0EE}\RP98A0057646.exe
Adware.Dinkum.aC:\System Volume Information\_restore{D7CF3D9E-189B-4FD5-AB28-4C52C51EE0EE}\RP98A0058601.dll
Backdoor.BlackHole.axC:\System Volume Information\_restore{D7CF3D9E-189B-4FD5-AB28-4C52C51EE0EE}\RP98A0058602.dll
Backdoor.BlackHole.axC:\System Volume Information\_restore{D7CF3D9E-189B-4FD5-AB28-4C52C51EE0EE}\RP98A0058603.exe
Adware.Dinkum.aC:\System Volume Information\_restore{D7CF3D9E-189B-4FD5-AB28-4C52C51EE0EE}\RP98A0058604.dll
Adware.Dinkum.aC:\System Volume Information\_restore{D7CF3D9E-189B-4FD5-AB28-4C52C51EE0EE}\RP98A0058612.dll
Adware.Dinkum.aC:\System Volume Information\_restore{D7CF3D9E-189B-4FD5-AB28-4C52C51EE0EE}\RP98A0058620.dll
Adware.Dinkum.aC:\System Volume Information\_restore{D7CF3D9E-189B-4FD5-AB28-4C52C51EE0EE}\RP98A0058638.dll
Adware.Dinkum.aC:\System Volume Information\_restore{D7CF3D9E-189B-4FD5-AB28-4C52C51EE0EE}\RP98A0058639.dll
Adware.Dinkum.aC:\System Volume Information\_restore{D7CF3D9E-189B-4FD5-AB28-4C52C51EE0EE}\RP98A0059625.dll
Adware.Dinkum.aC:\System Volume Information\_restore{D7CF3D9E-189B-4FD5-AB28-4C52C51EE0EE}\RP98A0059627.dll

有谁能帮帮小弟啊

断网，关闭系统还原，
关闭IE等浏览器，清空临时文件夹
然后再进安全模式全盘查杀

查杀完之后，再扫个日志帖到论坛上看看~~
（看你的日志，有N多个问题，既然有杀软，就让它先上吧！）

我的电脑》属性》系统还原》关闭所有盘的系统还原》确定

清空临时文件夹的方法：
IE》属性》删除文件（包括脱机文件）》确定

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      14:09:00, 日期 2006-6-1
操作系统：  Windows XP SP1 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\soundman.exe
C:\WINDOWS\system32\mnew6win.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Monitor\netmon.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
D:\Rising\Rav\RavTask.exe
C:\PROGRA~1\baigoo\bgoomain.exe
C:\defender24.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Rising\Rav\Rav.exe
C:\Documents and Settings\Bluewater\My Documents\HijackThis1991zww.exe
C:\WINDOWS\System32\msime.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: MSN 工具栏 - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\zh-cn\msntb.dll
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O4 - 启动项HKLM\\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [SoundMan] soundman.exe
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - 启动项HKLM\\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - 启动项HKLM\\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - 启动项HKLM\\Run: [RavTask] "d:\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [bgoomain.exe] C:\PROGRA~1\baigoo\bgoomain.exe
O4 - 启动项HKLM\\Run: [defender] C:\\defender24.exe
O4 - 启动项HKLM\\Run: [keyboard] C:\\keyboard24.exe
O4 - 启动项HKLM\\Run: [newname] C:\\newname24.exe
O4 - 启动项HKLM\\Run: [RavScanBD] "D:\Rising\Rav\ScanBD.exe" /INST
O4 - 启动项HKLM\\Run: [libznc] rundll32.exe C:\WINDOWS\System32\libznc.dll,start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LocalSystem] C:\WINDOWS\system\svchost.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\Program Files\xunlei\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\Program Files\xunlei\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT
O8 - IE右键菜单中的新增项目: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [CDNCLIENT]  中文上网
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {7FC22A16-79E6-4787-9C96-B6359BB1106D} (DigitalTrafic Control) - http://www.jt.sh.cn/trafficmap/jtj.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E203D68-4BE6-42B4-B8F6-B207C511C3F5}: NameServer = 202.96.209.6 202.96.209.133
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: pmnkl - pmnkl.dll (file missing)
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\m6julg1916.dll
O23 - NT 服务: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - NT 服务: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - NT 服务: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - NT 服务: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - NT 服务: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - NT 服务: mnew6win - Unknown owner - C:\WINDOWS\system32\mnew6win.exe
O23 - NT 服务: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - NT 服务: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Rising\Rav\Ravmond.exe
O23 - NT 服务: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - NT 服务: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - NT 服务: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - NT 服务: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


按照楼上的大哥操作了 这是全盘杀毒后的日志 在帮忙看下谢谢

有没有杀出什么？
感觉好像没有变化~~

杀了之后 瑞星查不出了 但是是诺顿老是有警报 说有木马

还老是弹出广告出来  郁闷呢

C:\WINDOWS\system32\mnew6win.exe
C:\Program Files\Network Monitor\netmon.exe
C:\defender24.exe
C:\WINDOWS\System32\msime.exe
结束上面的进程的运行~`
将以下几个文件找到，放进文件夹中打包（压缩）发到baohe版主的邮箱中~~
baohelin@yahoo.com.cn

C:\\defender24.exe
C:\WINDOWS\System32\msime.exe
C:\\keyboard24.exe
C:\\newname24.exe
C:\WINDOWS\system\svchost.exe
C:\WINDOWS\system32\m6julg1916.dll

下面是些有问题的项（暂时列出~~）
O4 - 启动项HKLM\\Run: [defender] C:\\defender24.exe
O4 - 启动项HKLM\\Run: [keyboard] C:\\keyboard24.exe
O4 - 启动项HKLM\\Run: [newname] C:\\newname24.exe
O4 - 启动项HKLM\\Run: [libznc] rundll32.exe C:\WINDOWS\System32\libznc.dll,start
O4 - HKCU\..\Run: [LocalSystem] C:\WINDOWS\system\svchost.exe
O20 - Winlogon Notify: pmnkl - pmnkl.dll (file missing)
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\m6julg1916.dll
O23 - NT 服务: mnew6win - Unknown owner - C:\WINDOWS\system32\mnew6win.exe
O23 - NT 服务: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

有问题的项要先修复吗？

按第10楼说的，先结束那些进程，找到那些文件，打包发给版主，然后修复那些项目，最后删除已打包发送的文件。记住打包文件时要加密码virus，以避免被版主的邮箱杀毒（正是诺顿）杀掉。

加了密码附件不让上传 郁闷

可清除下列内容:R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [CDNCLIENT] 中文上网
另外建议你把有关瑞星的启动项保留,其它启动项全部去掉.并不影响正常使用.

开始→运行→输入services.msc，打开“服务”→查找mnew6win，Network Monitor →双击→启动类型→禁止→停止→应用→确定。禁止mnew6win，Network Monitor这2个服务 （每一个逗号隔开的就是一个病毒的服务，请逐一禁用）
重启
请到www.27814939.ys168.com下载诺顿进程管理器终止所有RUNDLL32.EXE，C:\WINDOWS\System32\msime.exe，C:\WINDOWS\system\svchost.exe，C:\\newname24.exe，C:\\keyboard24.exe，C:\\defender24.exe的进程（如果有的话）
双击我的电脑--工具---文件夹选项--查看--单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示您确定更改时，单击“是”
关闭所有浏览窗口以及一些不必要的程序
运行Hijackthis，扫描结束后在下列选项前打上勾，然后选"修复""（如果有的话）
O4 - 启动项HKLM\\Run: [defender] C:\\defender24.exe
O4 - 启动项HKLM\\Run: [keyboard] C:\\keyboard24.exe
O4 - 启动项HKLM\\Run: [newname] C:\\newname24.exe
O4 - 启动项HKLM\\Run: [libznc] rundll32.exe C:\WINDOWS\System32\libznc.dll,start
O4 - HKCU\..\Run: [LocalSystem] C:\WINDOWS\system\svchost.exe
O20 - Winlogon Notify: pmnkl - pmnkl.dll (file missing)
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\m6julg1916.dll
O23 - NT 服务: mnew6win - Unknown owner - C:\WINDOWS\system32\mnew6win.exe
O23 - NT 服务: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
删除
C:\WINDOWS\system32\winmer.exe
C:\WINDOWS\system32\mnew6win.exe
C:\WINDOWS\System32\msime.exe
C:\Program Files\Network Monitor
C:\WINDOWS\system32\mnew6win.exe
C:\WINDOWS\system32\m6julg1916.dll
C:\WINDOWS\system\svchost.exe
C:\WINDOWS\System32\libznc.dll
C:\\defender24.exe
C:\\keyboard24.exe
C:\\newname24.exe
修复后请重启
如果还没有解决问题
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

3

2006-06-02,18:16:39

System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows XP Professional Service Pack 1 - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <LocalSystem><C:\WINDOWS\system\svchost.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <MSPY2002><C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <SoundMan><soundman.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <nwiz><nwiz.exe /install>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RavTask><"d:\Rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RavScanBD><"D:\Rising\Rav\ScanBD.exe" /INST>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <IESAddr><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  <RealTray><; >

启动文件夹
服务
[Canon Camera Access Library 8 / CCALib8]
  <C:\Program Files\Canon\CAL\CALMAIN.exe><Canon Inc.>
[Symantec Event Manager / ccEvtMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[mnew6win / mnew6win]
  <C:\WINDOWS\system32\mnew6win.exe -s><N/A>
[NVIDIA Driver Helper Service / NVSvc]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[RsRavMon Service / RsRavMon]
  <"D:\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SavRoam / SavRoam]
  <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc]
  <C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>

==================================
浏览器加载项
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[MSN 工具栏]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Toolbar\01.01.2607.0\zh-cn\msntb.dll, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, N/A>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\System32\CMBEdit.dll, >
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[DigitalTrafic Control]
  {7FC22A16-79E6-4787-9C96-B6359BB1106D} <C:\WINDOWS\DOWNLO~1\DIGITA~1.OCX, Broad-way>
[MsnMessengerSetupDownloadControl Class]
  {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} <C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[&使用迅雷下载]
  <D:\Program Files\xunlei\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\Program Files\xunlei\Program\GetAllUrl.htm, N/A>
[添加到雅虎订阅(&Y)]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A>

正在运行的进程
[PID: 1852][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\system32\tFpisrv.dll]  <N/A><N/A>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  <Symantec Corporation><10.0.1.1000>
    [C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrguil.dll]  <Sony Ericsson Mobile Communications AB><1, 1, 2, 0>
[PID: 180][C:\WINDOWS\soundman.exe]  <Avance Logic, Inc.><5, 0, 0, 0>
[PID: 356][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3427>
[PID: 364][C:\Program Files\Common Files\Symantec Shared\ccApp.exe]  <Symantec Corporation><103.5.4.3>
    [C:\Program Files\Common Files\Symantec Shared\ccL35.dll]  <Symantec Corporation><103.5.4.3>
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  <Symantec Corporation><103.5.4.3>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL]  <Symantec Corporation><103.5.4.3>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL]  <Symantec Corporation><103.5.4.3>
    [C:\WINDOWS\System32\SYMREDIR.DLL]  <Symantec Corporation><5.5.2.1>
    [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll]  <Symantec Corporation><103.5.4.3>
    [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll]  <Symantec Corporation><103.5.4.3>
    [C:\Program Files\Symantec AntiVirus\SavEmail.dll]  <Symantec Corporation><10.0.1.1000>
    [c:\windows\rsvpsp.dll]  <N/A><N/A>
[PID: 436][C:\PROGRA~1\SYMANT~1\VPTray.exe]  <Symantec Corporation><10.0.1.1000>
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  <Symantec Corporation><9.5.0.44>
    [C:\Program Files\Symantec AntiVirus\Cliscan.dll]  <Symantec Corporation><10.0.1.1000>
    [C:\PROGRA~1\SYMANT~1\NAVNTUTL.DLL]  <Symantec Corporation><10.0.1.1000>
    [C:\Program Files\Symantec AntiVirus\Cliproxy.dll]  <Symantec Corporation><10.0.1.1000>
[PID: 804][D:\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [D:\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [D:\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 956][C:\WINDOWS\System32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 1208][D:\Rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 19>
    [D:\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
    [D:\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
    [D:\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [D:\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [D:\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 3860][C:\Program Files\MSN Messenger\msnmsgr.exe]  <Microsoft Corporation><7.5.0324>
    [c:\windows\rsvpsp.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\msdmo.dll]  <N/A><N/A>
    [d:\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 2160][C:\WINDOWS\system32\rundll32.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\system32\guard.tmp]  <N/A><N/A>
    [c:\windows\rsvpsp.dll]  <N/A><N/A>
[PID: 2624][C:\Documents and Settings\Bluewater\My Documents\sreng\SREng.exe]  <Smallfrogs Studio><2.0.12.350>
    [c:\windows\rsvpsp.dll]  <N/A><N/A>

==================================
文件关联
.TXT  Error. [NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
    c:\windows\rsvpsp.dll(N/A, N/A)
MSAFD Tcpip [UDP/IP]
    c:\windows\rsvpsp.dll(N/A, N/A)
MSAFD Tcpip [RAW/IP]
    c:\windows\rsvpsp.dll(N/A, N/A)

==================================

晕倒，楼主先照第15楼说的处理完了，再扫SREng日志。

按照15楼的做了啊~~~

C:\WINDOWS\system\svchost.exe除了这个 删除不了

请到http://forum.ikaka.com/topic.asp?board=67&artid=5188931
下载WinsockXPFix和LSPFix
mnew6win / mnew6win]
<C:\WINDOWS\system32\mnew6win.exe -s><N/A>
这个怀疑有问题，请问楼主是否知道，如果你也不知道，建议删除
运行System Repair Engineer，点“启动项目，服务，勾选“隐藏微软服务”选中病毒服务mnew6win，选择“删除所选服务”“否”最后重启
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
在安全模式下，删除
C:\WINDOWS\system32\guard.tmp

c:\windows\rsvpsp.dll这一项，一直没有得到很确却的肯定，我决定试一试，删除这一个DLL，如果你愿意的话。提示，有一定的风危。但我心中也有一定的成数，建议你尝试一下。
运行LSPFix.exe
删除
rsvpsp.dll
附说明一份
LSPFix.exe这个软件主要用来辅助修复HijackThis扫描发现的O10项。
使用时，请关闭所有IE界面和文件夹界面后运行LSPFix，运行后，把要修复的那一个O10项从左边转到右边，点“Finish”即可。（不过这之前，需要在“I know what I`m doing”前面打勾。）
修复后，请运行WinsockXPFix，让它修复一下。

在安全模式下随便解决
C:\WINDOWS\system\svchost.exe
方法就像以前那样，先终止它的进程（如果有的话）然后用System Repair Engineer修复，最好把它删除
要删除的东东有
c:\windows\rsvpsp.dll
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\mnew6win.exe
C:\WINDOWS\system\svchost.exe
修复后，请重启，烦再扫份报告粘上来。

忘了，以上两个软件可以从这个帖子下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931