瑞星卡卡安全论坛

为什么我的小雨伞总是打不开？什么监控怎么开都开启不了？

呵呵，巧了，我今天也碰到这个问题了。你用反病毒专家扫描下就可以了。基本上是这样。是瑞星被病毒控制了。

ai反病毒专家扫描了，没用啊！

【回复“mmmmsony”的帖子】
病毒木马屏蔽了瑞星实时监控
建议进入安全模式下断网查杀

我安全模式下查了，没有用阿！我用反病毒专家扫了后就好用了。清除了三个恶意代码阿。

那就下载最新版本，重新安装一下吧。

【回复“好运常在”的帖子】
http://forum.ikaka.com/topic.asp?board=28&artid=6979213
下载HIJACKTHIS导出全部日志

jackThis_zwwºº»¯°æɨÃèÈÕÖ¾ V1.99.1
±£´æÓÚ      9:12:51, ÈÕÆÚ 2006-3-14
²Ù×÷ϵͳ£º  Windows 2000 SP4 (WinNT 5.00.2195)
ä¯ÀÀÆ÷£º    Internet Explorer v6.00 SP1 (6.00.2800.1106)

µ±Ç°ÔËÐеĽø³Ì£º         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
d:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\SYSTEM32\RUNDLL32.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
E:\Program Files\SolidWorks\COSMOS\FloWorks\bincfw\StandAloneSlv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\flexlm\Sw2005_SP0_licenses\SolidWorks SolidNetWork License Manager\lmgrd.exe
C:\Program Files\Common Files\COMM\Network.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\flexlm\Sw2005_SP0_licenses\SolidWorks SolidNetWork License Manager\SW_D.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
d:\program files\rising\rfw\RfwMain.exe
D:\Program Files\Thunder Network\ThunderMini\ThunderMini.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Rising\Rav\Rav.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\hj\HijackThis1991zww.exe

R3 - URLSearchHook: VeryCD Search Class - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v6.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QuickBtn - {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} - C:\Program Files\CoolWebsite\QuickLink.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO: ÑÅ»¢ÖúÊÖ - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O2 - BHO: VeryCD³¼ËÑË÷ - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\DOWNLO~1\CnsHook.dll
O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\yisou\yisoub.dll
O3 - IE¹¤¾ßÀ¸ÔöÏî: @msdxmLC.dll,-1@2052,µç̨(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - IE¹¤¾ßÀ¸ÔöÏî: Ò»Ëѹ¤¾ßÌõ - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\yisou\yisou.dll
O3 - IE¹¤¾ßÀ¸ÔöÏî: ÑÅ»¢ÖúÊÖ - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O3 - IE¹¤¾ßÀ¸ÔöÏî: VeryCD³¼ËÑË÷ - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O3 - IE¹¤¾ßÀ¸ÔöÏî: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - IE¹¤¾ßÀ¸ÔöÏî: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QuickBtn - {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} - C:\Program Files\CoolWebsite\QuickLink.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO: ÑÅ»¢ÖúÊÖ - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} -

C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O2 - BHO: VeryCD³¼ËÑË÷ - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\DOWNLO~1\CnsHook.dll
O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\yisou\yisoub.dll
O3 - IE¹¤¾ßÀ¸ÔöÏî: @msdxmLC.dll,-1@2052,µç̨(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - IE¹¤¾ßÀ¸ÔöÏî: Ò»Ëѹ¤¾ßÌõ - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\yisou\yisou.dll
O3 - IE¹¤¾ßÀ¸ÔöÏî: ÑÅ»¢ÖúÊÖ - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O3 - IE¹¤¾ßÀ¸ÔöÏî: VeryCD³¼ËÑË÷ - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O3 - IE¹¤¾ßÀ¸ÔöÏî: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
files\google\googletoolbar2.dll
O4 - Æô¯ÏîHKLM\\Run: [helper.dll] C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - Æô¯ÏîHKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - Æô¯ÏîHKLM\\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - Æô¯ÏîHKLM\\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - Æô¯ÏîHKLM\\Run: [thunder_mini] D:\Program Files\Thunder Network\ThunderMini\ThunderMini.exe
O4 - Æô¯ÏîHKLM\\Run: [Update] C:\Program Files\Common Files\UPDAT\Update.exe
O4 - Æô¯ÏîHKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - Æô¯ÏîHKLM\\Run: [RfwMain] "D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - Æô¯ÏîHKLM\\Run: [ai] F:\AI·´¾×¨¼Ò0[1].6R\AI·´¾×¨¼Ò0.6R.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - IEÓÒ¼ü²Ëµ¥ÖеÄÐÂÔöÏîÄ¿:  >> ²ÊÐÅ·¢ËÍ << -

res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm
O8 - IEÓÒ¼ü²Ëµ¥ÖеÄÐÂÔöÏîÄ¿: !ËÑÒ»ËÑ - res://C:\WINNT\DOWNLO~1\CnsMinEx.dll/1003
O8 - IEÓÒ¼ü²Ëµ¥ÖеÄÐÂÔöÏîÄ¿: !ËÑÒ»ËÑ(&S) - res://C:\Program Files\yisou\yisou.dll/232
O8 - IEÓÒ¼ü²Ëµ¥ÖеÄÐÂÔöÏîÄ¿: &ʹÓÃÃÔÄãѸÀ×ÏÂÔØ - D:\Program Files\Thunder Network\ThunderMini\geturl.htm
O8 - IEÓÒ¼ü²Ëµ¥ÖеÄÐÂÔöÏîÄ¿: Google ËÑË÷(&G) - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - IEÓÒ¼ü²Ëµ¥ÖеÄÐÂÔöÏîÄ¿: ʹÓÃÍø¼Ê¿ì³µÏÂÔØ - D:\Program Files\FlashGet\jc_link.htm
O8 - IEÓÒ¼ü²Ëµ¥ÖеÄÐÂÔöÏîÄ¿: ʹÓÃÍø¼Ê¿ì³µÏÂÔØÈ«²¿Á´½Ó - D:\Program Files\FlashGet\jc_all.htm
O8 - IEÓÒ¼ü²Ëµ¥ÖеÄÐÂÔöÏîÄ¿: ·´ÏòÁ´½Ó - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - IEÓÒ¼ü²Ëµ¥ÖеÄÐÂÔöÏîÄ¿: Ìí¼Óµ½ÑÅ»¢©ÔÄ(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT
O8 - IEÓÒ¼ü²Ëµ¥ÖеÄÐÂÔöÏîÄ¿: ÀàËÆÍøÒ³ - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - IEÓÒ¼ü²Ëµ¥ÖеÄÐÂÔöÏîÄ¿: »º´æµÄÍøÒ³¿ìÕÕ - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - IEÓÒ¼ü²Ëµ¥ÖеÄÐÂÔöÏîÄ¿: ·­ÒëÓ¢ÎÄ×Ö´Ê(&T) - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - IEÓÒ¼ü²Ëµ¥ÖеÄÐÂÔöÏîÄ¿: ºÀ½Ü³¼½â°ÔV8ʵʱ²¥·Å - C:\Herosoft\HeroV8\MPURLGET.HTM
O8 - IEÓÒ¼ü²Ëµ¥ÖеÄÐÂÔöÏîÄ¿: ÑÅ»¢ËÑË÷ - res://C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/246
O9 - ä¯ÀÀÆ÷îÍâµÄ°´Å¥: Ãâ·Ñ¾«²ÊÊÓƵ³Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - ä¯ÀÀÆ÷îÍâµÄ¡°¹¤¾ß¡±²Ëµ¥Ïî: ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - ä¯ÀÀÆ÷îÍâµÄ°´Å¥: ʵÓÃÍøÖ·µ¼º½ - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\CoolWebsite\QuickLink.dll
O9 - ä¯ÀÀÆ÷îÍâµÄ°´Å¥: ºÀ½Ü³¼½â°ÔV8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - ä¯ÀÀÆ÷îÍâµÄ¡°¹¤¾ß¡±²Ëµ¥Ïî: ºÀ½Ü³¼½â°ÔV8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - ä¯ÀÀÆ÷îÍâµÄ°´Å¥: Yahoo 1GµçÓÊ - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - ä¯ÀÀÆ÷îÍâµÄ°´Å¥: Ñ°±¦ÀÖȤà - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - ä¯ÀÀÆ÷îÍâµÄ°´Å¥: ÖÐÎÄÉÏÍø - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - ä¯ÀÀÆ÷îÍâµÄ¡°¹¤¾ß¡±²Ëµ¥Ïî: ÖÐÎÄÉÏÍø - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll

O9 - ä¯ÀÀÆ÷îÍâµÄ°´Å¥: ÑÅ»¢ÖúÊÖ - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - ä¯ÀÀÆ÷îÍâµÄ°´Å¥: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - ä¯ÀÀÆ÷îÍâµÄ¡°¹¤¾ß¡±²Ëµ¥Ïî: MMSAssist¹¤¾ßÌõÉèÖà - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - ä¯ÀÀÆ÷îÍâµÄ°´Å¥: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - ä¯ÀÀÆ÷îÍâµÄ¡°¹¤¾ß¡±²Ëµ¥Ïî: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - ä¯ÀÀÆ÷îÍâµÄ°´Å¥: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - ä¯ÀÀÆ÷îÍâµÄ¡°¹¤¾ß¡±²Ëµ¥Ïî: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - ä¯ÀÀÆ÷îÍâµÄ°´Å¥: Çé¾°ÁÄÌì - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - ä¯ÀÀÆ÷îÍâµÄ°´Å¥: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - ä¯ÀÀÆ÷îÍâµÄ¡°¹¤¾ß¡±²Ëµ¥Ïî: ÐÞ¸´ä¯ÀÀÆ÷ - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - ä¯ÀÀÆ÷îÍâµÄ°´Å¥: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - ä¯ÀÀÆ÷îÍâµÄ¡°¹¤¾ß¡±²Ëµ¥Ïî: ÇåÀíÉÏÍø¼Ç¼ - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O10 - δ֪µÄÎļþÔÚ Winsock LSP: c:\winnt\system32\cdnns.dll
O11 - Options group: [!CNS]  ÉÏÍøÖúÊÖ-µØÖ·À¸ËÑË÷
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.80_20060123.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{99855E0E-0F55-48C5-94D6-B387CFA1FD27}: NameServer = 10.16.14.100,10.16.14.110
O23 - NT ·þÎñ: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - NT ·þÎñ: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - NT ·þÎñ: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT ·þÎñ: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINNT\system32\nvsvc32.exe
O23 - NT ·þÎñ: Remote Solver for COSMOSFloWorks 2006 - Unknown owner - E:\Program Files\SolidWorks\COSMOS\FloWorks\bincfw\StandAloneSlv.exe
O23 - NT ·þÎñ: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - NT ·þÎñ: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT ·þÎñ: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - NT ·þÎñ: SolidWorks SolidNetWork License Manager - Macrovision Corporation - C:\flexlm\Sw2005_SP0_licenses\SolidWorks SolidNetWork License Manager\lmgrd.exe
O23 - NT ·þÎñ: Network System (Universal Disk Manager) - COMENET TECHNOLOGY - C:\Program Files\Common Files\COMM\Network.exe

我查了估计90%是backdoor这个病毒搞的鬼。我不会下载日志。

建议好好整理一下楼主的日志
02项怎么有的还在03项后面？
看得眼花

日记导出来就这个样，我在UE下另存的DOC文件

【回复“mmmmsony”的帖子】
楼主用的是哪国的操作系统？
好多日志选项无法辨认

发作症状：小雨伞没有，工具栏的按钮不起作用，后来桌面上的程序也没反应了，再后来鼠标左右键都不起作用，就剩下光标划来滑去。

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      10:33:39, 日期 2006-3-14
操作系统：  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\SYSTEM32\RUNDLL32.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
E:\Program Files\SolidWorks\COSMOS\FloWorks\bincfw\StandAloneSlv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\flexlm\Sw2005_SP0_licenses\SolidWorks SolidNetWork License Manager\lmgrd.exe
C:\Program Files\Common Files\COMM\Network.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\flexlm\Sw2005_SP0_licenses\SolidWorks SolidNetWork License Manager\SW_D.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
D:\Program Files\Thunder Network\ThunderMini\ThunderMini.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\SolidWorks\sldworks.exe
C:\DOCUME~1\a\LOCALS~1\Temp\SolidWorksLicTemp.0001
d:\program files\rising\rfw\rfwsrv.exe
D:\Program Files\Rising\Rfw\RfwMain.exe
F:\hj\HijackThis1991zww.exe

R3 - URLSearchHook: VeryCD Search Class - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v6.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QuickBtn - {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} - C:\Program Files\CoolWebsite\QuickLink.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O2 - BHO: VeryCD超级搜索 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\DOWNLO~1\CnsHook.dll
O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\yisou\yisoub.dll
O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - IE工具栏增项: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\yisou\yisou.dll
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O3 - IE工具栏增项: VeryCD超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - 启动项HKLM\\Run: [helper.dll] C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - 启动项HKLM\\Run: [thunder_mini] D:\Program Files\Thunder Network\ThunderMini\ThunderMini.exe
O4 - 启动项HKLM\\Run: [Update] C:\Program Files\Common Files\UPDAT\Update.exe
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [RfwMain] "D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [ai] F:\AI反毒专家0[1].6R\AI反毒专家0.6R.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - IE右键菜单中的新增项目:  >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm
O8 - IE右键菜单中的新增项目: !搜一搜 - res://C:\WINNT\DOWNLO~1\CnsMinEx.dll/1003
O8 - IE右键菜单中的新增项目: !搜一搜(&S) - res://C:\Program Files\yisou\yisou.dll/232
O8 - IE右键菜单中的新增项目: &使用迷你迅雷下载 - D:\Program Files\Thunder Network\ThunderMini\geturl.htm
O8 - IE右键菜单中的新增项目: Google 搜索(&G) - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 反向链接 - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - IE右键菜单中的新增项目: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT
O8 - IE右键菜单中的新增项目: 类似网页 - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - IE右键菜单中的新增项目: 缓存的网页快照 - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - IE右键菜单中的新增项目: 翻译英文字词(&T) - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - IE右键菜单中的新增项目: 豪杰超级解霸V8实时播放 - C:\Herosoft\HeroV8\MPURLGET.HTM
O8 - IE右键菜单中的新增项目: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/246
O9 - 浏览器额外的按钮: 免费精彩视频超流畅在线观看 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - 浏览器额外的“工具”菜单项: 播霸电视 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - 浏览器额外的按钮: 实用网址导航 - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\CoolWebsite\QuickLink.dll
O9 - 浏览器额外的按钮: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - 浏览器额外的“工具”菜单项: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - 浏览器额外的按钮: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - 浏览器额外的按钮: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - 浏览器额外的“工具”菜单项: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - 浏览器额外的按钮: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - 浏览器额外的按钮: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - 浏览器额外的“工具”菜单项: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\cdnns.dll

O11 - Options group: [!CNS]  上网助手-地址栏搜索
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.80_20060123.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{99855E0E-0F55-48C5-94D6-B387CFA1FD27}: NameServer = 10.16.14.100,10.16.14.110
O23 - NT 服务: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - NT 服务: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - NT 服务: Remote Solver for COSMOSFloWorks 2006 - Unknown owner - E:\Program Files\SolidWorks\COSMOS\FloWorks\bincfw\StandAloneSlv.exe
O23 - NT 服务: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - NT 服务: SolidWorks SolidNetWork License Manager - Macrovision Corporation - C:\flexlm\Sw2005_SP0_licenses\SolidWorks SolidNetWork License Manager\lmgrd.exe
O23 - NT 服务: Network System (Universal Disk Manager) - COMENET TECHNOLOGY - C:\Program Files\Common Files\COMM\Network.exe

终是小红伞，瑞星怎么那么差劲？我安装瑞星还不到一个月呢！

【回复“mmmmsony”的帖子】
结束C:\Program Files\Common Files\COMM\Network.exe进程

修复
R3 - URLSearchHook: VeryCD Search Class - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O2 - BHO: QuickBtn - {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} - C:\Program Files\CoolWebsite\QuickLink.dll
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O2 - BHO: VeryCD超级搜索 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\yisou\yisoub.dll
O3 - IE工具栏增项: VeryCD超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O4 - 启动项HKLM\\Run: [Update] C:\Program Files\Common Files\UPDAT\Update.exe
O8 - IE右键菜单中的新增项目: >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm
O9 - 浏览器额外的按钮: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - 浏览器额外的“工具”菜单项: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O23 - NT 服务: Network System (Universal Disk Manager) - COMENET TECHNOLOGY - C:\Program Files\Common Files\COMM\Network.exe

卸载
C:\Program Files\YOK.com\
C:\Program Files\CoolWebsite\
C:\Program Files\MMSAssist\
C:\Program Files\yisou\

删除
C:\Program Files\YOK.com\
C:\Program Files\CoolWebsite\
C:\Program Files\MMSAssist\
C:\Program Files\yisou\
C:\Program Files\Common Files\COMM\
C:\Program Files\Common Files\UPDAT\

提示：
若在正常模式下无法解决
建议进入安全模式下操作

另外
楼主可以参考一下
http://forum.ikaka.com/topic.asp?board=28&artid=7866296

呵呵，他的问题大了！我单位共有3台电脑这样。我都轻松用反病毒专家解决了。哈哈。幸运啊，是不是他的病毒比我的先进阿，更厉害啊。