本人的电脑中招，会经常弹出一些广告页面，弹出时在系统“\WINNT\system32”文件夹里会生成一个guard.tmp的文件，在后台会有一个rundll32.exe的进程（原已有一个，现在变成两个），只有先删除这个进程后，才能删除guard.tmp的文件，但删除完过一会儿，他又会自动生成。并且弹出广告页面，请各位高手有见过这个病毒（或木马）的指点一下，谢谢

HijackThis V1.99.1汉化版下载及英文原版下载地址（二楼）
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
用上面的软件扫个日志来看看~`

Logfile of HijackThis v1.99.1
Scan saved at 12:36:08, on 2006-2-7
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\WINNT\System32\svchost.exe
e:\Program Files\Borland\InterBase\bin\ibguard.exe
D:\WINNT\system32\drivers\KodakCCS.exe
D:\Program Files\Network Monitor\netmon.exe
D:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\System32\SCardSvr.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\inetsrv\inetinfo.exe
D:\Program Files\SyGate\SHN\sgserv.exe
e:\Program Files\Borland\InterBase\bin\ibserver.exe
D:\WINNT\Explorer.EXE
D:\Program Files\SyGate\SHN\Sygate.exe
D:\WINNT\system32\internat.exe
D:\Program Files\VnetClient1.6\VnetClient.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Foxmail\Foxmail.exe
D:\Program Files\Maxthon\Maxthon.exe
D:\Documents and Settings\Administrator\桌面\248783200522382732\HijackThis.exe

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [checkinstall] D:\Program Files\ICBCPe~1\ICBC\BHDC(Personal)\CheckInstall.exe
O4 - HKLM\..\Run: [MenuOrder] D:\Program Files\ICBCPe~1\ICBC\BHDC(Personal)\MenuOrder\MenuOrder.exe
O4 - HKLM\..\Run: [SyGateManager] D:\Program Files\SyGate\SHN\Sygate.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: 网络快车.lnk = D:\Program Files\VnetClient1.6\VnetClient.exe
O4 - Startup: 腾讯QQ.lnk = D:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: 使用网际快车下载 - D:\PROGRA~1\FLASHGET\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BEA082C-08D8-41B0-B442-37F08C4CA8C2}: NameServer = 202.96.128.86 202.96.128.166
O17 - HKLM\System\CCS\Services\Tcpip\..\{72E70F29-1784-496D-B805-C95801D0D99F}: NameServer = 202.96.128.68,202.96.134.134
O17 - HKLM\System\CCS\Services\Tcpip\..\{833EE639-5E20-44CE-BCF3-3FE679FABA1A}: NameServer = 202.96.128.68,202.96.134.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{4BEA082C-08D8-41B0-B442-37F08C4CA8C2}: NameServer = 202.96.128.86 202.96.128.166
O20 - Winlogon Notify: App Paths - D:\WINNT\system32\gp00l3dm1.dll (file missing)
O20 - Winlogon Notify: ExtShellViews - D:\WINNT\system32\mvl4l93q1.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Command Service (cmdService) - Unknown owner - D:\WINNT\aHRt\command.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - e:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - e:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - D:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: Network Monitor - Unknown owner - D:\Program Files\Network Monitor\netmon.exe
O23 - Service: ptssvc - KODAK - D:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: SyGateService (SaService) - Sygate technologies Inc. - D:\Program Files\SyGate\SHN\sgserv.exe
O23 - Service: SP service (SPsys) - Unknown owner - D:\WINNT\system32\spsys.exe (file missing)

谢谢，有劳你了

修复
O23 - Service: SP service (SPsys) - Unknown owner - D:\WINNT\system32\spsys.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - D:\Program Files\Network Monitor\netmon.exe

楼上的很少到这里回贴的，顶顶再说:-)

已照3楼的兄弟修复了一下，重启后，还是会弹出来，烦请再诊断，谢谢

【回复“htm123”的帖子】删除相关文件。
D:\WINNT\system32\spsys.exe
D:\Program Files\Network Monitor\netmon.exe