也许还有木马程序  谢谢~~~


Logfile of HijackThis v1.99.1
Scan saved at 3:42:58 PM, on 7/7/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\tool\金山\KWatch.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\WINDOWS\System32\rundll32.exe
D:\tool\金山\KAVStart.exe
C:\WINDOWS\System32\ctfmon.exe
D:\tool\金山\KavPFW.exe
D:\tool\金山\KMailMon.EXE
D:\QQ\TIMPlatform.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
D:\tool\金山\KPfwSvc.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\北京通信\宽带E~1\app\pppoeservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
D:\tool\adkiller2005\adkilller\Ad&sexKiller.exe
D:\TT\TTraveler.exe
D:\tool\HijackThis v1.99\HijackThis.exe

R3 - URLSearchHook: Tencent Url Search Hook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\WINDOWS\Downloaded Program Files\TBHMain.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\WINDOWS\Downloaded Program Files\TBHMain.dll
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O2 - BHO: URLMonitor Class - {3ED9FFDA-79DB-4B2D-99B7-16EA3C4A3A92} - C:\WINDOWS\System32\hap.dll
O2 - BHO: Wbho Class - {40E3A34A-3282-41F8-AD2C-051BAB96AD4A} - C:\WINDOWS\System32\Usign.dll (file missing)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\QQ\QQIEHelper.dll
O2 - BHO: DownloadValue Class - {616D4040-5712-4F0F-BCF1-5C6420A99E14} - C:\WINDOWS\System32\winhtp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SKYNET Personal FireWall] D:\tool\ììí?\Firewall\pfw.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [dmastu] rundll32.exe C:\Progra~1\DESKTO~1\Cast\dmipn.dll,Always
O4 - HKLM\..\Run: [KavStart] "D:\tool\?eé?\KAVStart.exe" -startup
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\RunServices: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IEXPLORE.EXE] IEXPLORE.EXE Http://www.qyw520.net
O4 - HKCU\..\Run: [KavPFW] "D:\tool\?eé?\KavPFW.exe"
O4 - HKCU\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\RunServices: [services] C:\WINDOWS\services.exe
O4 - Startup: 腾讯QQ.lnk = D:\QQ\QQ.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\tool\OFFICE\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\QQ\SendMMS.htm
O9 - Extra button: ?D??é?í? - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - Extra 'Tools' menuitem: ?D??é?í? - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: ìú??QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQì?2ê1¤??ì?éè?? - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\QQ\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [CDNCLIENT]  ?D??é?í?
O11 - Options group: [TBH] QQμ??·à????÷
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0B19D42-E8B5-42C2-97CB-F37BB95B759F}: NameServer = 202.106.0.20 202.106.46.151
O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\System32\mbprot.dll
O18 - Protocol: mbox - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\System32\mbprot.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Unknown owner - D:\tool\?eé?\KPfwSvc.EXE (file missing)
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Unknown owner - D:\tool\?eé?\KWatch.EXE (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\±±??í¨D?\?í′?E~1\app\pppoeservice.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

重新启动到安全模式（进入安全模式的方法:重新启动电脑, 开机自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。）

请关闭所有IE界面，重新使用HijackThis扫描一次，选中下面建议修复的项目，让HijackThis修复，修复前请允许HijackThis保留备份。（如果楼主知道是安全的可以不必勾选）
O2 - BHO: URLMonitor Class - {3ED9FFDA-79DB-4B2D-99B7-16EA3C4A3A92} - C:\WINDOWS\System32\hap.dll
O2 - BHO: Wbho Class - {40E3A34A-3282-41F8-AD2C-051BAB96AD4A} - C:\WINDOWS\System32\Usign.dll (file missing)
O2 - BHO: DownloadValue Class - {616D4040-5712-4F0F-BCF1-5C6420A99E14} - C:\WINDOWS\System32\winhtp.dll
O4 - HKLM\..\Run: [dmastu] rundll32.exe C:\Progra~1\DESKTO~1\Cast\dmipn.dll,Always
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\RunServices: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [IEXPLORE.EXE] IEXPLORE.EXE Http://www.qyw520.net
O4 - HKCU\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\RunServices: [services] C:\WINDOWS\services.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\System32\mbprot.dll
O18 - Protocol: mbox - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\System32\mbprot.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing)

然后打开我的电脑。。再点工具。。打开文件夹选项。。。查看。。。把隐藏受保护的系统文件（推荐）和隐藏已知文件类型的扩展名的勾去掉。再显示所有文件。 用WINDOWS的查找功能进行查找并删除：
C:\WINDOWS\System32\hap.dll
C:\WINDOWS\System32\Usign.dll
C:\WINDOWS\System32\winhtp.dll
C:\Progra~1\DESKTO~1\Cast\dmipn.dll
C:\WINDOWS\services.exe
C:\WINDOWS\System32\mbprot.dll
C:\WINDOWS\System32\vbsys2.dll

请楼主按第1楼飞跃迷离朋友的回复处理。

另外建议

停止并禁用服务：
Kingsoft Personal Firewall Service (KPfwSvc)
Kingsoft Antivirus KWatch Service (KWatchSvc)

用HijackThis修复：

O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Unknown owner - D:\tool\?eé?\KPfwSvc.EXE (file missing)

O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Unknown owner - D:\tool\?eé?\KWatch.EXE (file missing)


删除文件夹：C:\Progra~1\DESKTO~1

请问:我已经按上面的方法修复过了,但以下的这些文件在安全模式下有的找不到,即使删除了下回再查找时又会出现,怎么办呢?? 我的系统是XP

C:\WINDOWS\System32\hap.dll
C:\WINDOWS\System32\Usign.dll
C:\WINDOWS\System32\winhtp.dll
C:\Progra~1\DESKTO~1\Cast\dmipn.dll
C:\WINDOWS\services.exe
C:\WINDOWS\System32\mbprot.dll
C:\WINDOWS\System32\vbsys2.dll

显示所有的文件和文件夹

有些恶意代码文件具有系统，隐藏等属性，并可能受到系统的保护，这不利于我们寻找和删除它们。


让它们显示出来的方法：

1. 启动 我的电脑或Windows 资源管理器。
2. 单击“查看”菜单 (Windows 95/98/NT) 或“工具”菜单 (Windows Me/2000/XP)，然后单击“选项”或“文件夹选项”。
3. 单击“查看”选项卡。
4. 取消选中“隐藏已知文件类型的扩展名”。
5. 执行下列操作之一：
Windows 95/NT。单击“显示所有文件”。
Windows 98。在“高级设置”框的“隐藏文件”文件夹下，单击“显示所有文件”。
Windows Me/2000/XP：取消“隐藏受保护的操作系统文件”前的钩，并在“隐藏文件和文件夹”文件夹下，单击“显示所有文件和文件夹”。
6. 单击“应用”，然后单击“确定
2。如果文件夹选项组不显示：

请打开注册表，定位到：

KEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL分支
双击右边的窗口中Type键值项，把值改为: radio
关闭注册表编辑器，重新启动计算机

【回复“牛牛12112”的帖子】
如果问题仍在，请再扫个日志上来