Logfile of HijackThis v1.99.1
Scan saved at 10:02:50, on 2006-6-28
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Downloads\Ringz Studio\Storm Downloader\StormDownloader.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\System32\svchost.exe
C:\DZH5\internet\hypwise.exe
C:\Program Files\Internet Explorer\iexplore.exe
\192.168.1.7\e$\HijackThis.exe

O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: DPCUpdater Object - {E291663A-2D6F-4B56-B9DF-AE239AEF6A5B} - C:\WINNT\system32\efeec.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: 比特精灵搜索工具栏 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Downloads\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [MINI_BFYY] C:\Downloads\Ringz Studio\Storm Downloader\StormDownloader.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname5.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe
O4 - HKLM\..\Run: [libwz] rundll32.exe C:\WINNT\system32\libwz.dll,start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O8 - Extra context menu item: &使用暴风下载器下载 - C:\Downloads\Ringz Studio\Storm Downloader\geturl.htm
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 用比特精灵下载(&B) - C:\Downloads\BitSpirit\bsurl.htm
O9 - Extra button: 易趣购物 - {DE607143-AC19-423e-864A-4D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {DE607143-AC19-423e-864A-4D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O20 - AppInit_DLLs: APIHookDll.dll
O20 - Winlogon Notify: efeec - C:\WINNT\system32\efeec.dll
O20 - Winlogon Notify: Explorer - C:\WINNT\system32\fp8603lse.dll (file missing)
O20 - Winlogon Notify: Syncmgr - C:\WINNT\system32\m6ls0g37e6.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

开始→运行→输入services.msc，打开“服务”→查找 Network Monitor→双击→启动类型→禁止→停止→应用→确定。禁止Network Monitor这个服务
将修复以下选项，如果你知道，就不必修复。
ALT+CTRL+DELETE调出任务管理器,终止所有RUNDLL32.EXE 的进程
关闭所有浏览窗口以及一些不必要的程序
运行Hijackthis，扫描结束后在下列选项前打上勾，然后选"修复""
O2 - BHO: DPCUpdater Object - {E291663A-2D6F-4B56-B9DF-AE239AEF6A5B} - C:\WINNT\system32\efeec.dll
O4 - HKLM\..\Run: [newname] C:\windows\newname5.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe
O4 - HKLM\..\Run: [libwz] rundll32.exe C:\WINNT\system32\libwz.dll,start
O20 - Winlogon Notify: efeec - C:\WINNT\system32\efeec.dll
O20 - Winlogon Notify: Explorer - C:\WINNT\system32\fp8603lse.dll (file missing)
O20 - Winlogon Notify: Syncmgr - C:\WINNT\system32\m6ls0g37e6.dll (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
删除
C:\Program Files\Network Monitor
C:\WINNT\system32\efeec.dll
C:\WINNT\system32\libwz.dll
C:\windows\mousepad5.exe
C:\windows\newname5.exe

【回复“kevinchu”的帖子】
修复
O2 - BHO: DPCUpdater Object - {E291663A-2D6F-4B56-B9DF-AE239AEF6A5B} - C:\WINNT\system32\efeec.dll
O4 - HKLM\..\Run: [newname] C:\windows\newname5.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe
O4 - HKLM\..\Run: [libwz] rundll32.exe C:\WINNT\system32\libwz.dll,start
O20 - Winlogon Notify: efeec - C:\WINNT\system32\efeec.dll
O20 - Winlogon Notify: Explorer - C:\WINNT\system32\fp8603lse.dll (file missing)
O20 - Winlogon Notify: Syncmgr - C:\WINNT\system32\m6ls0g37e6.dll (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

卸载
C:\Program Files\Network Monitor\

删除
C:\Program Files\Network Monitor\
C:\WINNT\system32\efeec.dll
C:\windows\newname5.exe
C:\windows\mousepad5.exe
C:\WINNT\system32\libwz.dll