进注册表，查找 ADMDLL.dll  删除~
开始  》 运行 》输入  Regedit.exe  》确定》编辑》查找  ADMDLL.dll

另，HijackThis V1.99.1汉化版下载及英文原版下载地址（二楼）
http://forum.ikaka.com/topic.asp?board=67&artid=5188931

楼上的大哥大侠们好，下面是我用HijackThis扫描的日志：




HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 23:26:57, on 2006-3-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Rising\Rav\CCenter.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Rising\Rav\Ravmond.exe
E:\WINDOWS\Explorer.EXE
e:\program files\rising\rfw\rfwsrv.exe
E:\Program Files\Rising\Rav\RavStub.exe
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\LEXPPS.EXE
E:\WINDOWS\system32\spoolsv.exe
e:\program files\rising\rfw\RfwMain.exe
C:\MSSQL7\binn\sqlservr.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\ups.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\WINDOWS\system32\NotifyPhoneBook.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Rising\Rav\RavTask.exe
E:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
E:\Program Files\Rising\Rav\Ravmon.exe
E:\WINDOWS\system32\ctfmon.exe
C:\Program Files\wnwb2005\wnwb.exe
E:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Tencent\qq\TBrowser.exe
C:\Downloads\hijackthis1.97_qoo\HijackThis.exe

R3 - URLSearchHook: bho Class - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - E:\PROGRA~1\COMMON~1

\Wnwb\wnwbio.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\WINDOWS\Downloaded Program

Files\ycomp5_1_6_0.dll
O2 - BHO: (no name) - {15DDE989-CD45-4561-BF99-D22C0D5C2B74} - C:\PROGRA~1

\sina\UC\UCddt\ddtinit.dll (file missing)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program

Files\Tencent\qq\QQIEHelper.dll
O2 - BHO: (no name) - {66C28884-4E5D-494B-80C9-CAA27528FD6D} - C:\PROGRA~1

\sina\UC\UCddt\ddtkillw.ocx
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1

\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program

files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Toolbar

Suite\TB\02.05.0000.1105\zh-cn\msntb.dll
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\Net

Transport\NTIEHelper.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - E:\WINDOWS\DOWNLO~1\CnsHook.dll
O2 - BHO: update wnwb - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - E:\PROGRA~1\COMMON~1

\Wnwb\wnwbio.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

E:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
O3 - Toolbar: ????? - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - c:\PROGRA~1

\Kingsoft\FastAIT\IEBand.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1

\FLASHGET\fgiebar.dll
O3 - Toolbar: ????? - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - C:\PROGRA~1

\sina\UC\UCddt\DDTONG~1.DLL
O3 - Toolbar: ????? - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Toolbar

Suite\TB\02.05.0000.1105\zh-cn\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program

files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef

/Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] E:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [pdfFactory 分配器 v1] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3

\fppdis1.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -

osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [RfwMain] "E:\Program Files\rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12

\Languages\CS\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=040506

serial=dr12ccs-9693323-luu lang=CS
O4 - HKLM\..\Run: [NMGameX_AutoRun] E:\WINDOWS\system32\Rundll32.exe nmgamex.dll,LiveProcess

/aa
O4 - HKLM\..\Run: [WangWang] "c:\Program Files\
O4 - HKLM\..\Run: [RavTask] "E:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: MarginTrader.txt
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O8 - Extra context menu item: MSN 搜索(&M) - res://E:\Program Files\MSN Toolbar

Suite\TB\02.05.0000.1105\zh-cn\msntb.dll/search.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 在新的前台选项卡中打开 - res://E:\Program Files\MSN Toolbar

Suite\TAB\02.05.0000.1105\zh-cn\msntabres.dll/230?5ec2ed8a669a4b7faae14ea445ba83a
O8 - Extra context menu item: 在新的后台选项卡中打开 - res://E:\Program Files\MSN Toolbar

Suite\TAB\02.05.0000.1105\zh-cn\msntabres.dll/229?5ec2ed8a669a4b7faae14ea445ba83a
O8 - Extra context menu item: 添加QQ网络收藏夹 - C:\Program Files\Tencent\qq\NAF.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - Extra button: QQ (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O11 - Options group: [!CNS] 
O16 - DPF: {045ADB92-9635-45CE-B25B-F19F825B0E39} (MSTPlayerInstaller Control) -

http://211.157.0.242/Websource_Stream/chs/MSTPlayerInstaller.ocx
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) -

https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)

- http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) -

http://vod.ruyi.com/plugin/PowerPlr.ocx
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -

http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) -

http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) -

https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {52A05F4B-9F0C-4752-BB78-9B6DFD2DE9D5} (HdwCode Control) -

http://www.chinaacc.com/plugin/HdwCode.cab
O16 - DPF: {59CCB4A0-727D-11CF-AC36-00AA00A47DD2} (Timer Object) -

http://activex.microsoft.com/controls/iexplorer/x86/ietimer.cab
O16 - DPF: {6677B060-953E-4E0D-8C08-F1E19C70B80F} (PBBase Class) -

http://www4.bj.cmbchina.com/download/pb36.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) -

https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {8EF30D8E-A828-42B7-8107-85875476D39B} (zxh Control) -

file://H:\active\zxhProj1.inf
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -

http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37886.0092592593
O16 - DPF: {C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} (Kingsoft DUBA OnlineScan) -

http://www.duba.net/antiscan/kavclean.cab
O16 - DPF: {CF051549-EDE1-40F5-B440-BCD646CF2C25} (Ppinstall Control) -

http://popo.163.com/install/ppinstall2.cab
O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) -

http://download.ourgame.com/IEDown2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://cmr.china-

webex.com/client/leverest/training/ieatgpc.cab
O16 - DPF: {E75D308D-B903-11D4-BD46-0050BA6E0CA5} (BtecKBase Class) -

http://www.drcnet.com.cn/fish_dll/bteckbasec.dll
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) -

http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {F2EB8999-766E-4BF6-AAAD-188D398C0D0B} (PBActiveX40 Control) -

http://www4.bj.cmbchina.com/download/pb45.cab
O16 - DPF: {F553811C-C2CE-4A33-90B4-A6D333FDF794} (DreamSetup Control) -

http://61.156.12.73/ddvod/user/help/player/DreamPlayer/DreamSetup.cab
O16 - DPF: {FB812CBB-A87E-4BA6-BD49-7C984D192EBB} (Cdrawer Object) -

http://www.ce.cn/bottom/bk_htmlview.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{508DA911-B45A-487D-818F-FF0C0DA6E296}: NameServer =

218.56.57.58

请帮帮我删除这个ADMDLL.dll好吧，谢谢大侠们啦，偶在此等候.....

求助啊，在线等候....
谢谢。

【回复“奥迪A8”的帖子】
4899端口的关闭：
　 首先说明4899端口是一个远程控制软件（remote administrator)服务端监听的端口，他不能算是一个木马程序，但是具有远程控制功能，通常杀毒软件是无法查出它来的，请先确定该服务是否是你自己开放并且是必需的。如果不是请关闭它。
　
关闭4899端口：
开始-->运行中输入cmd(win98以下为command)
然后cd E:\WINDOWS\system32\
输入r_server.exe /stop
按回车
然后再输入r_server /uninstall /silence
最后到E:\WINDOWS\system32\下删除r_server.exe，admdll.dll和radbrv.dll三个文件

楼上你好
我只能删除了E:\WINDOWS\system32\下的r_server.exe，和raddrv.dll两个文件
找不到 admdll.dll文件啊

【回复“奥迪A8”的帖子】
开始－－运行
输入regedit
确定
进入注册表
搜索admdll.dll
找到后全部删除

呵呵  我重启机器  好了
解决了 没有提示
谢谢楼上的 “不言放弃”这位大侠客！
佩服啊！