着是我的日志，看看怎么回事

我中的病毒叫foxrar.exe  真恐怖


Logfile of HijackThis v1.99.1
Scan saved at 11:16:37, on 2006-8-14
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\hxupdate\hxgame-update.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\conime.exe
C:\Program Files\Tencent\qq\TIMPlatform.exe
C:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe
C:\Program Files\Common Files\ACD Systems\IDBSvr.exe
C:\Program Files\Tencent\qq\QQ.exe
C:\Program Files\Tencent\qq\qqpet\qqpet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\迅雷5\Program\Thunder5.exe
E:\张寒共享\范蔚\ha_hijackthis_1991\HijackThis.exe

O1 - Hosts: 59.34.216.164 www.haosf.com
O1 - Hosts: 59.34.216.164 haosf.com
O1 - Hosts: 59.34.216.164 www.17ww.com
O1 - Hosts: 59.34.216.164 bbs.17ww.com
O1 - Hosts: 59.34.216.164 17ww.com
O1 - Hosts: 59.34.216.164 www.7gg.net
O1 - Hosts: 59.34.216.164 bbs.7gg.net
O1 - Hosts: 59.34.216.164 7gg.net
O1 - Hosts: 59.34.216.164 www.71gg.net
O1 - Hosts: 59.34.216.164 bbs.71gg.net
O1 - Hosts: 59.34.216.164 71gg.net
O1 - Hosts: 59.34.216.164 www.17455.com
O1 - Hosts: 59.34.216.164 17455.com
O1 - Hosts: 59.34.216.164 www.92045.com
O1 - Hosts: 59.34.216.164 92045.com
O1 - Hosts: 59.34.216.164 www.17113.com
O1 - Hosts: 59.34.216.164 17113.com
O1 - Hosts: 59.34.216.164 www.92045.com
O1 - Hosts: 59.34.216.164 92045.com
O1 - Hosts: 59.34.216.164 www.4000sf.com
O1 - Hosts: 59.34.216.164 4000sf.com
O1 - Hosts: 59.34.216.164 bbs.4000sf.com
O1 - Hosts: 59.34.216.164 www.177g.com
O1 - Hosts: 59.34.216.164 177g.com
O1 - Hosts: 59.34.216.164 www.3000ok.com
O1 - Hosts: 59.34.216.164 www1.3000ok.com
O1 - Hosts: 59.34.216.164 www2.3000ok.com
O1 - Hosts: 59.34.216.164 www3.3000ok.com
O1 - Hosts: 59.34.216.164 3000ok.com
O1 - Hosts: 59.34.216.164 www.30ok.com
O1 - Hosts: 59.34.216.164 www1.30ok.com
O1 - Hosts: 59.34.216.164 www2.30ok.com
O1 - Hosts: 59.34.216.164 www3.30ok.com
O1 - Hosts: 59.34.216.164 30ok.com
O1 - Hosts: 59.34.216.164 www.cqsf999.com
O1 - Hosts: 59.34.216.164 cqsf999.com
O1 - Hosts: 59.34.216.164 www.cqsf999.net
O1 - Hosts: 59.34.216.164 cqsf999.net
O1 - Hosts: 59.34.216.164 www.2345sf.com
O1 - Hosts: 59.34.216.164 2345sf.com
O1 - Hosts: 59.34.216.164 www.17455.com
O1 - Hosts: 59.34.216.164 17455.com
O1 - Hosts: 59.34.216.164 www.176sf.com
O1 - Hosts: 59.34.216.164 www.waigua8.com
O1 - Hosts: 59.34.216.164 waigua8.com
O1 - Hosts: 59.34.216.164 99945.com
O1 - Hosts: 59.34.216.164 www.99945.com
O1 - Hosts: 59.34.216.164 www1.99945.com
O1 - Hosts: 59.34.216.164 www.chinawg.net
O1 - Hosts: 59.34.216.164 chinawg.net
O1 - Hosts: 59.34.216.164 www.wgchina.net
O1 - Hosts: 59.34.216.164 wgchina.net
O1 - Hosts: 59.34.216.164 17126.uc999.com
O1 - Hosts: 59.34.216.164 17126.wg999.com
O1 - Hosts: 59.34.216.164 176sf.com
O1 - Hosts: 59.34.216.164 www.wg999.com
O1 - Hosts: 59.34.216.164 www.uc999.com
O1 - Hosts: 59.34.216.164 wg999.com
O1 - Hosts: 59.34.216.164 uc999.com
O1 - Hosts: 59.34.216.164 www.wg2wg.com
O1 - Hosts: 59.34.216.164 www.78pk.com
O1 - Hosts: 59.34.216.164 78pk.com
O1 - Hosts: 59.34.216.164 www.pk78.com
O1 - Hosts: 59.34.216.164 pk78.com
O1 - Hosts: 59.34.216.164 www.zhaosf.com
O1 - Hosts: 59.34.216.164 zhaosf.com
O1 - Hosts: 59.34.216.164 www.xp13.com
O1 - Hosts: 59.34.216.164 xp13.com
O1 - Hosts: 59.34.216.164 45bang.com
O1 - Hosts: 59.34.216.164 www.45bang.com
O1 - Hosts: 59.34.216.164 gmdqq.com
O1 - Hosts: 59.34.216.164 www.gmdqq.com
O1 - Hosts: 59.34.216.164 99945.com
O1 - Hosts: 59.34.216.164 www.99945.com
O1 - Hosts: 59.34.216.164 95217.com
O1 - Hosts: 59.34.216.164 www.95217.com
O1 - Hosts: 59.34.216.164 www.33520.com
O1 - Hosts: 59.34.216.164 www.mir2mir2.com
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\qq\QQIEHelper.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\迅雷5\ComDlls\XunLeiBHO_002.dll
O2 - BHO: XcgXzxkf Class - {B5210224-0E86-F2F4-FE7D-0F363467F451} - C:\WINNT\DOWNLO~1\syasd.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [IESAddr] P歴
x


O4 - HKLM\..\Run: [hxgame] C:\Program Files\\hxupdate\\hxgame-update.exe
O4 - HKLM\..\Run: [hxgame-update] C:\Program Files\hxupdate\hxgame-update.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\qq\QQ.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &使用迅雷下载 - D:\迅雷5\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\迅雷5\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\qq\QQIEHelper.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cdnns.dll
O11 - Options group: [CDNCLIENT]  中文上网
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B82DFC1-B87F-4FC4-9F3B-CAB6B46224CD}: NameServer = 219.150.150.150,192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5B82DFC1-B87F-4FC4-9F3B-CAB6B46224CD}: NameServer = 219.150.150.150,192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5B82DFC1-B87F-4FC4-9F3B-CAB6B46224CD}: NameServer = 219.150.150.150,192.168.0.1
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINNT\system\8e4d0261.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

【回复“FOUREYE”的帖子】

来个高手救救我啊```

现在我的瑞星都打不开了，说什么致命错误导致无法正常运行

高手都不再吗？晕了啊```高手救命啊```

修复
O2 - BHO: XcgXzxkf Class - {B5210224-0E86-F2F4-FE7D-0F363467F451} - C:\WINNT\DOWNLO~1\syasd.dll
O4 - HKLM\..\Run: [IESAddr] P歴
x


所有01项勾上修复..
删除
C:\WINNT\DOWNLO~1\syasd.dll

http://www.pctutu.com/srmsdown.asp
下载超级兔子..用超级兔子清理王卸载流氓软件...(安全模式...)

清空 那个Temp 文件夹...

等待高手啊

终于等到高手了

现在的日志

高手看下

ogfile of HijackThis v1.99.1
Scan saved at 11:53:19, on 2006-8-14
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\hxupdate\hxgame-update.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\conime.exe
C:\Program Files\Tencent\qq\TIMPlatform.exe
C:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe
C:\Program Files\Common Files\ACD Systems\IDBSvr.exe
C:\Program Files\Tencent\qq\QQ.exe
C:\Program Files\Tencent\qq\qqpet\qqpet.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\张寒共享\范蔚\ha_hijackthis_1991\HijackThis.exe

O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\qq\QQIEHelper.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\迅雷5\ComDlls\XunLeiBHO_002.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [hxgame] C:\Program Files\\hxupdate\\hxgame-update.exe
O4 - HKLM\..\Run: [hxgame-update] C:\Program Files\hxupdate\hxgame-update.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\qq\QQ.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &使用迅雷下载 - D:\迅雷5\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\迅雷5\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\qq\QQIEHelper.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cdnns.dll
O11 - Options group: [CDNCLIENT]  中文上网
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B82DFC1-B87F-4FC4-9F3B-CAB6B46224CD}: NameServer = 219.150.150.150,192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5B82DFC1-B87F-4FC4-9F3B-CAB6B46224CD}: NameServer = 219.150.150.150,192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5B82DFC1-B87F-4FC4-9F3B-CAB6B46224CD}: NameServer = 219.150.150.150,192.168.0.1
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINNT\system\8e4d0261.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe