发现：
c:\windows\downloaded program files\lianzhong_cns.exe 怀疑为3721广告.
C:\WINDOWS\Downloaded Program Files\ZCOMSetup.exe 发现木马:tro2006-5-21-GL,48648
C:\WINDOWS\Downloaded Program Files\barhelp24.0.dll 怀疑为baidu广告
c:\windows\downloaded program files\iebar23.0.dll发现广告.天下搜索
购买后可以清除此广告:天下搜索
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\barhelp24.0.dll 怀疑为baidu广告
c:\windows\downloaded program files\conflict.1\iebar23.0.dll发现广告.天下搜索

特别是打开显示所有文件及系统文件，仍然看不到C:\WINDOWS\Downloaded Program Files下的任何文件！急！
特别要命的是那个C:\WINDOWS\Downloaded Program Files\ZCOMSetup.exe

各位大虾救救老弟！

Logfile of HijackThis v1.99.1
Scan saved at 20:28:13, on 2006-07-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
D:\internet\淘宝旺旺\淘宝旺旺\WangWang.exe
C:\WINDOWS\system32\ctfmon.exe
D:\internet\淘宝旺旺\淘宝旺旺\WangWang.exe
C:\Program Files\Rising\Rav\RAVTASK.EXE
C:\Program Files\Rising\Rav\Ravmond.exe
C:\Program Files\Rising\Rav\RAVMON.EXE
C:\Program Files\Rising\Rav\RavStub.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.422\HijackThis.exe

R3 - URLSearchHook: (no name) - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - (no file)
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O15 - Trusted Zone: http://www.icbc.com.cn
O17 - HKLM\System\CCS\Services\Tcpip\..\{16676E9B-57B5-4964-B9CF-24BDFD142B8E}: NameServer = 202.100.96.68 202.100.96.69
O17 - HKLM\System\CS1\Services\Tcpip\..\{16676E9B-57B5-4964-B9CF-24BDFD142B8E}: NameServer = 202.100.96.68 202.100.96.69
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

http://forum.ikaka.com/topic.asp?board=28&artid=8105899
下载HijackThis...把日志帖上来..


重复帖..

清空缓存...关闭系统还原再杀.........