有个文件c盘根下tcpip.exe, 还有wor.exe没有找到在哪，启动项里有
我在局域网内，很多电脑都有同种症状，帮看看，谢谢

操作系统xp1





Logfile of HijackThis v1.99.1
Scan saved at 19:48:35, on 2005-12-21
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ASUSKBService.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\VdCap03C\BisonCom.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\WINDOWS\System32\ctfmon.exe
D:\download\d\SRIECLI.EXE
C:\WINDOWS\System32\wor.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
E:\Program Files\BitSpirit\BitSpirit.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\BLUEWA~1\LOCALS~1\Temp\Rar$EX00.451\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\11\11\QQIEHelper.dll
O2 - BHO: Ad Class - {812886BE-AB50-4EAE-92CF-9AD63437E3EF} - C:\WINDOWS\SeAd\SeAd43a1843d.dll (file missing)
O2 - BHO: BHO Class - {9A556B8F-FD02-420E-A1FD-9DB33808254E} - C:\WINDOWS\SePpBar\SeLineBar43a1843d.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - D:\download\d\HaokanBar.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - D:\download\d\HaokanBar.dll
O3 - Toolbar: 天天搜索(&T) - {102293E4-758B-4483-946B-714EBCEC91B8} - C:\WINDOWS\SePpBar\SeToolBar43a1843a.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] ; C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BisonCom] C:\WINDOWS\VdCap03C\BisonCom
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NMGameX_AutoRun] ; C:\WINDOWS\System32\Rundll32.exe nmgamex.dll,LiveProcess /aa
O4 - HKLM\..\Run: [MoveSearch] C:\Program Files\HuaCi\huaci\zsearch.exe
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SeUpdateExe] C:\WINDOWS\SePpBar\SeUpdate43a1843e.exe -sedutyvisit
O4 - HKLM\..\Run: [SeAdUpdate] C:\WINDOWS\SeAd\SeAdUpdate43a19ee5.exe
O4 - HKLM\..\Run: [Windows Workstation Service] wor.exe
O4 - HKLM\..\RunServices: [Windows Workstation Service] wor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] D:\download\d\SRIECLI.EXE /LOAD
O4 - HKCU\..\Run: [Windows Workstation Service] wor.exe
O4 - HKCU\..\RunServices: [Windows Workstation Service] wor.exe
O4 - Startup: 腾讯QQ.lnk = E:\11\11\QQ.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\11\11\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\11\11\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\11\11\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\11\11\SendMMS.htm
O8 - Extra context menu item: 用比特精灵下载(&B) - E:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: 天天搜索 - {102293E4-758B-4483-946B-714EBCEC91B8} - C:\WINDOWS\SePpBar\SeToolBar43a1843a.dll
O9 - Extra 'Tools' menuitem: 天天搜索 - {102293E4-758B-4483-946B-714EBCEC91B8} - C:\WINDOWS\SePpBar\SeToolBar43a1843a.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\11\11\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\11\11\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\11\11\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\11\11\QQIEHelper.dll
O15 - Trusted Zone: *.192.168.0.249
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://C:\Herosoft\HeroV8\DVDSkin\defskin\HTML\swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A8DD24B-1CE2-41F7-8AB6-42BFC7C2C214}: NameServer = 219.149.194.55,219.150.32.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A6E6D6A-54A7-458E-B3FF-EB855D73F902}: NameServer = 219.149.194.55,219.150.32.132
O20 - AppInit_DLLs: KB7218152.LOG
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O21 - SSODL: SysTrays - {590498A3-4131-4D8F-BA4B-36791A9803B1} - C:\WINDOWS\System32\DLMain.dll
O23 - Service: .Net Boot Service - Unknown owner - C:\WINDOWS\System32\big5_gb2312.exe
O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ASUSKBService.exe
O23 - Service: Local Network Service - Unknown owner - C:\WINDOWS\System32\SeedServ.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: take - Unknown owner - C:\WINDOWS\take.exe

病毒路径、

在C盘根下有个tcpip.exe文件，是不是这个？还有个进程是wor.exe，帮看看，谢谢

结束进程wor.exe

删除tcpip.exe和wor.exe

最好用HIJACKTHIS导出日志

有日志了, 帮看看,谢谢

【回复“才刚刚开始”的帖子】
C:\WINDOWS\System32\wor.exe
C:\tcpip.exe
C:\WINDOWS\take.exe
找到这三个文件，打包，发到：baohelin@yahoo.com.cn。帮你看看是什么鬼。

发完了,不知道收到没?  163信箱病毒扫描不知道阻没阻止

【回复“才刚刚开始”的帖子】
收到你的RAR包。
暂时离线。
初步断定——三个都是木马。有具体结果后，通报你。