注意：2楼还有点补充


Logfile of HijackThis v1.99.0
Scan saved at 20:04:21, on 2006-5-1
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rfw\rfwmain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\HuaCi\huaci\zsearch.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\ServeHost.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\TEMP\JW6571.EXE
C:\Program Files\SearchNet\SearchNet.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Rising\Rfw\RfwCfg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\lhq\桌面\新建文件夹 (3)\HijackThis\HijackThis.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll (file missing)
O2 - BHO: QuickBtn - {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} - C:\Program Files\CoolWebsite\QuickLink.dll
O2 - BHO: Zhongsou Browser Helper - {2A0176FE-008B-4706-90F5-BBA532A49731} - C:\Program Files\SearchNet\SNHpr.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO: CAISHOW TOOLBAR - {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} - C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: 网络加速 - {5673A7C0-95CC-4646-BB07-3BD71234CEF9} - C:\WINDOWS\system32\MicrosoftNet.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll
O2 - BHO: NewWeb Controller - {9ACEEE30-143F-471A-AA45-72B061FE7D60} - C:\WINDOWS\system32\AdvSC32.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: XBTP03129 - {B52D0B62-0895-47f7-AEC7-4D609AA83D08} - C:\PROGRA~1\kuaiso\Kuaiso.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O3 - Toolbar: 系统标准按钮(&E) - {6B2455FD-3669-4555-8DF8-69FD5BC846F8} - C:\WINDOWS\system32\SystemToolbar.dll
O3 - Toolbar: 实用搜索 - {15ADF205-4C54-4cfe-AC88-1EA0BA6D06A0} - C:\Program Files\ScanToolbar\ScanBar.dll
O3 - Toolbar: Kuaiso Toolsbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\kuaiso\Kuaiso.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RfwMain] C:\Program Files\Rising\Rfw\rfwmain.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [NMGameX_AutoRun] C:\WINDOWS\system32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\UPDAT\Update.exe
O4 - HKLM\..\Run: [MoveSearch] C:\Program Files\HuaCi\huaci\zsearch.exe
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [rundll32] C:\WINDOWS\system32\rundll64.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [Desktop] C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll
O4 - HKLM\..\Run: [SearchNet_Up] "C:\Program Files\SearchNet\ServeUp.exe"
O4 - HKLM\..\Run: [res] C:\WINDOWS\system32\res.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [caishowmanage] C:\Program Files\CaiShow Tech\CaiShow\UpdateManager.EXE
O4 - HKCU\..\Run: [pbmini] C:\Program Files\pcast\PodcastbarMini\PodcastBarMiniStater.exe
O8 - Extra context menu item:  >> 彩信发送 << - res://C:\Program Files\MMSAssist\Mmsass~1.dll/mms.htm
O8 - Extra context menu item: &RSDN Search - res://C:\Program Files\ScanToolbar\ScanBar.dll/GoRSDN.dll.htm
O8 - Extra context menu item: Google 搜索(&G) - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 反向链接 - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 用炫彩图铃发送该图片 - C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm
O8 - Extra context menu item: 类似网页 - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: 缓存的网页快照 - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: 翻译英文字词(&T) - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: 闪客精灵 - C:\Program Files\SourceTec\闪客精灵\InternetExplorer.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O9 - Extra button: 免费精彩视频超流畅在线观看 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 播霸电视 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: 实用网址导航 - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\CoolWebsite\QuickLink.dll
O9 - Extra button: 新浪UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8} - D:\新建文件夹\UC\uc.exe (file missing)
O9 - Extra button: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://tomatolei.com (file missing)
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - Extra 'Tools' menuitem: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - Extra button: Kuaiso Toolsbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\kuaiso\Kuaiso.dll
O9 - Extra 'Tools' menuitem: Kuaiso Toolsbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\kuaiso\Kuaiso.dll
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: 闪客精灵 - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\闪客精灵\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: 闪客精灵 - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\闪客精灵\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B0602B5-E29D-4C21-951D-7D753B1E4B05}: NameServer = 211.98.192.3,211.67.81.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAA24C8E-9ADE-40C8-822A-6860AFF6ED20}: NameServer = 211.98.192.3,211.67.81.6
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: OfficeScanNT 实时扫描 - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT 个人防火墙 - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Remote Log - 北京中搜在线软件有限公司 - C:\WINDOWS\system32\ServeHost.exe
O23 - Service: Rising Personal Firewall Service - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: OfficeScanNT 侦听程序 - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

我用瑞星在线查毒查出了Trojan.DL开头的病毒，可是他只给查不给杀，我下载了江民杀毒，是免费版（他给提供了序列号）杀了两次，好象还是不成，我机子上装的有瑞星防火墙，他的日志里面有：系统禁止本地rundll32.exe连接网络的请求，地址为：TCP，地址为路径为c/windows/system32/rundll32.exe
还有几个文件也是这样，请问这正常么？
也莫名其妙的出现了这个东西“NavAngel”，删了后等重启还是有！！！
而且雅虎助手也是莫名其妙的出现的，怎么删除没了啊？？？



播霸电视
Remote Log - 北京中搜在线软件有限公司
O9 - Extra button: 免费精彩视频超流畅在线观看
R3 - URLSearchHook: 雅虎助手{
这些东西我都不想要，不知道怎么来的
还有番茄花园是什么玩意啊，不要可以吗？


现在自动把主页改成http://www.9991.com/了，晕拉

不能沉下去，我正等着呢~~~

上去等人啊，555555

坚决不能沉

引用:

【轩辕小聪的贴子】【回复“特派员身份”的帖子】 病毒名是否Trojan.DL.Small.ibr？应该是的，因为看到了机子里有相关文件。参考http://forum.ikaka.com/topic.asp?board=28&artid=7948848 ...........................

好象大部分是TrojanDownloader

引用:

【mmtt的贴子】机器里流氓软件很多,,,,建议去下个流氓软件 清理助手 清理一下 ...........................

谢谢，今天没时间了，明天就去下

引用:

【mmtt的贴子】还有,,,机器启动项也过多,,,会使机器的开启和关闭很迟钝 可以通过 开始->运行->输入"msconfig"->选择"启动项"选项卡 按照个人需要进行设定 ...........................

哎，很惭愧，我都不认识那些项，IMJGMIG,TINTSETP,rfwmain,realsched,IMSCMIG,pccntmon,Rund1132,spoolsv,Update,zsearch,YLive,rundll64,yassistse,Run,Serveup,res,dumprep,RavTask,ctfmon,UpdateManager,PodcastBArmini,能看出那些是系统必需的么，应用的我一概不要了，能看出么？？？这是最前面的 名字

引用:

【轩辕小聪的贴子】TrojanDownloader病毒的病毒文件名称与具体路径说一下。 ...........................

谢谢斑竹，不过我杀的时候没仔细记，我明天再杀一遍，然后把路径帖上来，希望到时帮我看看！

引用:

【轩辕小聪的贴子】看来楼主自己搞不定，算了，虽然麻烦，还是把详细处理方法一个一个搞出来吧，楼主请稍等一下。 ...........................

好，