Logfile of HijackThis v1.99.0
Scan saved at 20:31:21, on 2005-11-28
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\KAV2005\KWatch.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\system32\svchost.exe
C:\KAV2005\KPfwSvc.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\SOUNDMAN.EXE
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\KAV2005\KAVPFW.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\explorer.exe
L:\movie\1\Tencent\QQLive\QQLive.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\cdmdownld\xdotnbtort.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX02.172\HijackThis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - _{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: yPhtb - _{33BBE430-0E42-4f12-B075-8D21ACB10DCB} - (no file)
O2 - BHO: Anti Fish - _{38928D50-8A48-44C2-945F-D2F23F771410} - (no file)
O2 - BHO: (no name) - _{4D666C23-7BA2-A154-933C-CAEA3036C4D2} - (no file)
O2 - BHO: YDragSearch - _{62EED7C6-9F02-42f9-B634-98E2899E147B} - (no file)
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll (file missing)
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - L:\movie\1\Tencent\QQ\QQIEHelper.dll
O2 - BHO: (no name) - {CB8892F5-524F-7030-0796-3412787E3850} - C:\WINNT\system32\cdmdownld\xdotnbtort.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Management Instrumentation] rem wmimgr.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [KavPFW] "C:\KAV2005\KAVPFW.EXE"
O8 - Extra context menu item: 上传到QQ网络硬盘 - L:\movie\1\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - L:\movie\1\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - L:\movie\1\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - L:\movie\1\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/246
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - L:\movie\1\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - L:\movie\1\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - L:\movie\1\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - L:\movie\1\Tencent\QQ\QQIEHelper.dll
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=4809
O16 - DPF: {C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} (Kingsoft DUBA OnlineScan) - http://zs.kingsoft.com/duba/OCX/KAVClean.CAB
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O16 - DPF: {F138084D-84D7-48CD-BEA8-04772457516E} (VqqSpeedDlProxy Class) - http://218.85.138.27/vqqsdl1009.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B478A723-522C-48CC-AC80-B48FC5788749}: NameServer = 192.168.1.1,202.96.134.134
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare NT Utilities 2.6 - DameWare Development LLC - C:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - Service: DameWare Mini Remote Control - DameWare Development - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: Kingsoft Personal Firewall Service - Kingsoft Corporation - C:\KAV2005\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service - Kingsoft Corporation - C:\KAV2005\KWatch.EXE
O23 - Service: psidaemon - Unknown - C:\padspwr\Security\License_Management\LMGRD.EXE
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: System Startup Service  - Unknown - C:\WINNT\svcproc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

kv?

【回复“romer”的帖子】
O23 - Service: System Startup Service - Unknown - C:\WINNT\svcproc.exe————一只木马。
——————————————————
O4 - HKLM\..\Run: [Windows Management Instrumentation] rem wmimgr.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
不知道这两项是什么。

进程文件：Ssk 或者 Ssk.exe
进程名称： SurfSideKick Adware
 
描述：
Ssk.exe是SurfSideKick广告软件的一部分。该程序会显示不同类型的广告，包括弹出广告。基于保护隐私起见，建议删除该进程。


出品者： 未知N/A
属于： SurfSideKick Adware

系统进程： 否
后台程序： 是
使用网络： 否
硬件相关： 否
常见错误： 未知N/A
内存使用： 未知N/A 
安全等级 (0-5): 2
间谍软件： 是
Adware: 是
病毒： 否
木马: 否

建议楼主点此链接学习怎样杀毒，很详细。
爱虫病毒的变种？。。。

进程文件： Ssk or Ssk.exe
进程名称： SurfSideKick Adware
进程类别：系统进程
英文描述：
Ssk.exe is a process associated with the SurfSideKick Adware. The application is used to display various types of adverts including pop-ups. This process should be removed to protect your personal privacy.
中文参考：
Ssk.exe是SurfSideKick广告软件的一部分。该程序会显示不同类型的广告，包括弹出广告。基于保护隐私起见，建议删除该进程。
出品者：N/A
属于：SurfSideKick Adware
系统进程：No
后台程序：Yes
网络相关：No
常见错误：N/A
内存使用：N/A
安全等级 (0-5): 2
间谍软件：Yes
广告软件：Yes
病毒：No
木马：No


存在安全风险进程列表   
180ax.exe  a.exe  actalert.exe
adaware.exe  Alchem.exe  alevir.exe
aqadcup.exe  archive.exe  arr.exe
ARUpdate.exe  asm.exe  av.exe
avserve.exe  avserve2.exe  backWeb.exe
bargains.exe  basfipm.exe  belt.exe
Biprep.exe  blss.exe  bokja.exe
bootconf.exe  bpc.exe  brasil.exe
BRIDGE.DLL  Buddy.exe  BUGSFIX.EXE
bundle.exe  bvt.exe  cashback.exe
cdaEngine  cmd32.exe  cmesys.exe
conime.exe  conscorr.exe  crss.exe
cxtpls.exe  datemanager.exe  dcomx.exe
Desktop.exe  directs.exe  divx.exe
dllreg.exe  dmserver.exe  dpi.exe
dssagent.exe  dvdkeyauth.exe  emsw.exe
exdl.exe  exec.exe  EXP.EXE
explore.exe  explored.exe  Fash.exe
ffisearch.exe  fntldr.exe  fsg_4104.exe
FVProtect.exe  game.exe  gator.exe
gmt.exe  goidr.exe  hbinst.exe
hbsrv.exe  hwclock.exe  hxdl.exe
hxiul.exe  iedll.exe  iedriver.exe
IEHost.EXE  iexplorer.exe  infus.exe
infwin.exe  intdel.exe  isass.exe
istsvc.exe  jawa32.exe  jdbgmrg.exe
kazza.exe  keenvalue.exe  kernel32.exe
lass.exe  lmu.exe  loader.exe
lssas.exe  mapisvc32.exe  mario.exe
md.exe  mfin32.exe  mmod.exe
mostat.exe  msapp.exe  msbb.exe
msblast.exe  mscache.exe  msccn32.exe
mscman.exe  msdm.exe  msgfix.exe
msiexec16.exe  msinfo.exe  mslagent.exe
mslaugh.exe  msmc.exe  msmgt.exe
msmsgri32.exe  MSN.exe  msrexe.exe
mssvc32.exe  mssys.exe  msvxd.exe
mwsoemon.exe  mwsvm.exe  netd32.exe
nls.exe  nssys32.exe  nstask32.exe
nsupdate.exe  ntfs64.exe  NTOSA32.exe
omniscient.exe  onsrvr.exe  optimize.exe
P2P Networking.exe  pcsvc.exe  pgmonitr.exe
PIB.exe  powerscan.exe  prizesurfer.exe
prmt.exe  prmvr.exe  ray.exe
rb32.exe  rcsync.exe  rk.exe
run32dll.exe  rundll16.exe  ruxdll32.exe
saap.exe  sahagent.exe  saie.exe
sais.exe  salm.exe  satmat.exe
save.exe  savenow.exe  sc.exe
scam32.exe  scrsvr.exe  scvhost.exe
SearchUpdate33.exe  SearchUpgrader.exe  soap.exe
spoler.exe  Ssk.exe  start.exe
stcloader.exe  Susp.exe  svc.exe
svchosts.exe  svshost.exe  SyncroAd.exe
sysfit.exe  system.exe  system32.exe
tb_setup.exe  TBPS.EXE  teekids.exe
tibs3.exe  trickler.exe  ts.exe
ts2.exe  tsa.exe  tsadbot.exe
tsl.exe  tsm2.exe  Tvm.exe
tvmd.exe  tvtmd.exe  update.exe
updater.exe  updmgr.exe  VVSN.exe
wast.exe  web.exe  webdav.exe
webrebates.exe  webrebates0.exe  win-bugsfix.exe
win_upd2.exe  win32.exe  win32us.exe
winactive.exe  winad.exe  winadalt.exe
winadctl.exe  WinAdTools.exe  WINdirect.exe
windows.exe  wingo.exe  wininetd.exe
wininit.exe  winlock.exe  winlogin.exe
winmain.exe  winnet.exe  winppr32.exe
winrarshell32.exe  WinRatchet.exe  WinSched.exe
winservn.exe  winshost.exe  winssk32.exe
winstart.exe  winstart001.exe  WinStatKeep.exe
wintaskad.exe  Wintime.exe  wintsk32.exe
winupdate.exe  winupdt.exe  winupdtl.exe
winxp.exe  wmon32.exe  wnad.exe
wo.exe  wovax.exe  wsup.exe
wsxsvc.exe  wtoolsa.exe  WToolsA.exe
wtoolss.exe  wuamgrd.exe  wupdate.exe
wupdater.exe  wupdmgr.exe  wupdt.exe

进程文件： smss 或者 smss.exe
进程名称： Session Manager Subsystem
 
描述：
smss.exe是微软Windows操作系统的一部分。该进程调用对话管理子系统和负责操作你系统的对话。这个程序对你系统的正常运行是非常重要的。注意：smss.exe也可能是Win32.Ladex.a木马。该木马允许攻击者访问你的计算机，窃取密码和个人数据。该进程的安全等级是建议立即删除。



出品者： Microsoft Corp.
属于：Microsoft Windows Operating System

系统进程： 是
后台程序： 是
使用网络： 否
硬件相关： 否
常见错误： 未知N/A
内存使用： 未知N/A 
安全等级 (0-5): 0
间谍软件： 否
Adware: 否
病毒： 否
木马: 否