Logfile of HijackThis v1.99.1
Scan saved at 11:38:01, on 2005-07-11
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2462.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\Rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Rising\Rfw\rfwmain.exe
C:\PROGRA~1\Yahoo!\MiniMsgr\YMiniSvr.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\wpf1\桌面\HijackThis.exe

R3 - URLSearchHook: CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\downlo~1\cnshook.dll
R3 - URLSearchHook: assist - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\assist\assist.dll
R3 - URLSearchHook: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\assist\asbar.dll
O2 - BHO: URLMonitor Class - {3ED9FFDA-79DB-4B2D-99B7-16EA3C4A3A92} - C:\WINNT\System32\hap.dll
O2 - BHO: DownloadValue Class - {616D4040-5712-4F0F-BCF1-5C6420A99E14} - C:\WINNT\System32\winhtp.dll
O2 - BHO: ReviseHelper Class - {749D1D7D-1969-4014-A98D-9E867E7508D0} - C:\WINNT\Downloaded Program Files\PageRevisor.dll
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\assist\asbar.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\downlo~1\cnshook.dll
O2 - BHO: YMIN IEBand - {D4F7605B-084D-4353-A1E1-C1BC3161938C} - C:\PROGRA~1\Yahoo!\MiniMsgr\ymini.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\assist\asbar.dll
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINNT\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RfwMain] C:\Program Files\Rising\Rfw\rfwmain.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MiniMsgr] C:\PROGRA~1\Yahoo!\MiniMsgr\YMiniSvr.exe
O4 - HKLM\..\RunServices: [lntrenat] C:\WINNT\lntrenat.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O8 - Extra context menu item: !搜一搜 - res://C:\WINNT\downlo~1\CnsMinEx.dll/1003
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: (no name) - {233A9694-667E-11d1-9DFB-006097D5040A} - (no file)
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 3721中文邮 - {5D73EE86-05F1-49ed-B850-E423120EC329} - http://cmail.3721.com?fb=client (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: 联系人 - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - C:\Program Files\Internet Explorer\iecont.dll
O9 - Extra button: 词霸 - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: 雅虎邮箱通 - {D1B76CE4-CCCA-4B22-9ECB-09F85C140904} - C:\PROGRA~1\Yahoo!\MiniMsgr\ymini.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  网络实名
O11 - Options group: [!MySearch] 搜索助手(MySearch)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=iear=iesearch(&A)
O16 - DPF: {12345678-1234-1234-1234-123456789011} - http://www.jcwz.net/game/weiptl.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2D040187-27EB-4F13-8AAB-1C8AFA20BA58} (WebReportX Control) - http://211.88.5.36/webprint/WebReportProj1.ocx
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://cn.download.yahoo.com/dl/install/yinst0401.cab
O16 - DPF: {86BC8440-8693-4076-A144-6BAF942B40B0} (RegMore Class) - http://mysearch.8848.com/mysearch/MySearch.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {99888952-AC62-437C-AFC6-7B5CF05A7F2F} (IEDown Class) - http://download.ourgame.com/IEDown.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {CF051549-EDE1-40F5-B440-BCD646CF2C25} (Ppinstall Control) - http://www.163.com/wwwimages/sms/ppinstall22.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{070568F7-44B6-4940-8CC3-1C963DADAEF4}: NameServer = 202.102.134.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{070568F7-44B6-4940-8CC3-1C963DADAEF4}: NameServer = 202.102.134.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{070568F7-44B6-4940-8CC3-1C963DADAEF4}: NameServer = 202.102.134.68
O17 - HKLM\System\CS3\Services\Tcpip\..\{070568F7-44B6-4940-8CC3-1C963DADAEF4}: NameServer = 202.102.134.68
O17 - HKLM\System\CS4\Services\Tcpip\..\{070568F7-44B6-4940-8CC3-1C963DADAEF4}: NameServer = 202.102.134.68
O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll
O18 - Filter: text/html - {65CBAF77-19CA-4B81-86D5-7835D59BEA85} - C:\WINNT\System32\SoMP3.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Messenger - Unknown owner - C:\WINNT\System32\xin.exe (file missing)
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: Remote Control Service (SoulService) - Unknown owner - spoo1sv.exe (file missing)
O23 - Service: windows media player center - Unknown owner - C:\WINNT\System32\QQ.exe (file missing)

C:\WINNT\System32\SoMP3.dll
查找与上面文件相同时间文件删除

O4 - HKLM\..\RunServices: [lntrenat] C:\WINNT\lntrenat.exe是个问题

建议修复：
O2 - BHO: URLMonitor Class - {3ED9FFDA-79DB-4B2D-99B7-16EA3C4A3A92} - C:\WINNT\System32\hap.dll
O2 - BHO: DownloadValue Class - {616D4040-5712-4F0F-BCF1-5C6420A99E14} - C:\WINNT\System32\winhtp.dll
O2 - BHO: ReviseHelper Class - {749D1D7D-1969-4014-A98D-9E867E7508D0} - C:\WINNT\Downloaded Program Files\PageRevisor.dll
O23 - Service: Messenger - Unknown owner - C:\WINNT\System32\xin.exe (file missing)
O23 - Service: Remote Control Service (SoulService) - Unknown owner - spoo1sv.exe (file missing)
O23 - Service: windows media player center - Unknown owner - C:\WINNT\System32\QQ.exe (file missing)
修复后重起进安全模式--我的电脑--工具--文件夹选项--查看--显示所有文件（包括上下2个隐藏的勾都去掉）
查找并删除（如果有的话）
C:\WINNT\System32\hap.dll
C:\WINNT\System32\winhtp.dll
C:\WINNT\Downloaded Program Files\PageRevisor.dll
C:\WINNT\System32\xin.exe
C:\WINNT\System32\QQ.exe
spoo1sv.exe（注意：这个是数字“1”不是字母“l”请不要删错了）
如果删不掉请下载killbox强行解决

R3 - URLSearchHook: CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\downlo~1\cnshook.dll
O2 - BHO: URLMonitor Class - {3ED9FFDA-79DB-4B2D-99B7-16EA3C4A3A92} - C:\WINNT\System32\hap.dll
O2 - BHO: DownloadValue Class - {616D4040-5712-4F0F-BCF1-5C6420A99E14} - C:\WINNT\System32\winhtp.dll
O2 - BHO: ReviseHelper Class - {749D1D7D-1969-4014-A98D-9E867E7508D0} - C:\WINNT\Downloaded Program Files\PageRevisor.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\downlo~1\cnshook.dll
O4 - HKLM\..\RunServices: [lntrenat] C:\WINNT\lntrenat.exe
O9 - Extra button: (no name) - {233A9694-667E-11d1-9DFB-006097D5040A} - (no file)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {12345678-1234-1234-1234-123456789011} - http://www.jcwz.net/game/weiptl.exe
O18 - Filter: text/html - {65CBAF77-19CA-4B81-86D5-7835D59BEA85} - C:\WINNT\System32\SoMP3.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Messenger - Unknown owner - C:\WINNT\System32\xin.exe (file missing)
O23 - Service: Remote Control Service (SoulService) - Unknown owner - spoo1sv.exe (file missing)
O23 - Service: windows media player center - Unknown owner - C:\WINNT\System32\QQ.exe (file missing)
在下感觉以上几项由嫌疑，但由于对hijackthis了解不时很多，一时不敢确定，请大家帮忙参解一下!

多谢楼上两位，艾玛，好久没有见你了，多谢出手相助！
我这就试试看！

R3 - URLSearchHook: CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\downlo~1\cnshook.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\downlo~1\cnshook.dll
这2个是3721的东东
O2 - BHO: URLMonitor Class - {3ED9FFDA-79DB-4B2D-99B7-16EA3C4A3A92} - C:\WINNT\System32\hap.dll
O2 - BHO: DownloadValue Class - {616D4040-5712-4F0F-BCF1-5C6420A99E14} - C:\WINNT\System32\winhtp.dll
这2个是木马病毒，有很多朋友都有中，杀
O2 - BHO: ReviseHelper Class - {749D1D7D-1969-4014-A98D-9E867E7508D0} - C:\WINNT\Downloaded Program Files\PageRevisor.dll
这个是8848的搜索插件，比较占资源，影响搜索效果，杀
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
这2项是安全的。
O23 - Service: Messenger - Unknown owner - C:\WINNT\System32\xin.exe (file missing)
O23 - Service: Remote Control Service (SoulService) - Unknown owner - spoo1sv.exe (file missing)
O23 - Service: windows media player center - Unknown owner - C:\WINNT\System32\QQ.exe (file missing)
这3项80%有问题，非常可疑，最好kill掉
其他的就不太确定了
等待高手指教

引用:

【飞天揽月的贴子】多谢楼上两位，艾玛，好久没有见你了，多谢出手相助！ 我这就试试看！ ...........................

是好久未见你了吧哈，及时打上WIN2000和IE的最新补丁，您一直未打上补丁。你的IE太多的插件装着呢

sp4补丁

http://download.microsoft.com/download/a/5/d/a5d03b5f-576b-43ce-8f3c-e648c37272ee/Windows2000-KB891861-x86-CHS.EXE

多谢艾玛，我现在去打补丁。
不过，刚才按照hijackthis上面谈到的修改项目，我进行了修复。遗憾的是现在还是不能上网，但能够上局域网。

引用:

【飞天揽月的贴子】多谢艾玛，我现在去打补丁。 不过，刚才按照hijackthis上面谈到的修改项目，我进行了修复。遗憾的是现在还是不能上网，但能够上局域网。 ...........................

下载先择自动修复一下试试

如果问题还没有解决的话，请用HijackThis再扫描一个LOG发上来。