瑞星实时监控时常提示有病毒:windows\system32\DLMON.DLL
每次都能杀掉,但过一会又出来了,病毒名称显示为:Trojan.DL.Agent.dlo



HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 15:16:10, on 2005-12-7
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SkyNet\FireWall\PFW.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BitSpirit\BitSpirit.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\3721\ske\TrojanAssistant.exe
E:\hijackthis1.97_qoo\HijackThis.exe

O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll (file missing)
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing)
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\NetTransport 2\NTIEHelper.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\Program Files\SkyNet\FireWall\PFW.exe
O4 - HKLM\..\Run: [hzcmicli] C:\lotus\CMI\CO-CMICli.exe
O4 - HKLM\..\Run: [KvMonXP] C:\Program Files\KV2005\KVMonXP.kxp /auto
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [YDTMain.exe] C:\PROGRA~1\YDT\YDTMain.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [JrRClean] E:\ren\
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [CBitSpirit] "C:\Program Files\BitSpirit\BitSpirit.exe" /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Global Startup: NTUSER.DAT
O4 - Global Startup: NTUSER.DAT.LOG
O8 - Extra context menu item:  >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm
O8 - Extra context menu item: 使用影音传送带下载 - C:\Program Files\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - C:\Program Files\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O8 - Extra context menu item: 用比特精灵下载(&B) - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: 百度-搜索MP3 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度-搜索图片 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度-搜索新闻 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 百度-搜索歌词 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDULYRIC.HTM
O8 - Extra context menu item: 百度-搜索网页 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度-搜索贴吧 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUPOST.HTM
O8 - Extra context menu item: 百度-词典搜索 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDU_DIC.HTM
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: QQ (HKLM)
O11 - Options group: [!CNS] 
O16 - DPF: {B851E8B9-CC88-479C-8F58-F1C9E21E3E7B} (Handwriting Remark Control) - http://hnoa.huainan.gov.cn/HRemark.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF30C02A-861F-4688-A37B-4DA248079EB6}: NameServer = 211.91.88.129

我的情况也是这样的~~和楼主一样~
请大家帮我们解答一下~~谢谢了~~请详细一点

请高手帮助看一下,急~~~~~~~~~~~~~~~~~~`

日志不全，重新扫描一个
或用Autoruns保存一个日志发上来
日志保存方法:选择File->Save菜单项
保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)

工具的下载、使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7318038

用Autoruns保存的日志:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ CBitSpiritThe powerful and easy-to-use BitTorrent ClientLANSPIRIT.NETc:\program files\bitspirit\bitspirit.exe

+ hzcmicliCO-CMI 客户端c:\lotus\cmi\co-cmicli.exe

+ JrRCleane:\ren\电脑消磁圣手\电脑消磁圣手\电脑消磁圣手.exe

+ KvMonXPFile not found: C:\Program Files\KV2005\KVMonXP.kxp

+ MSPY2002c:\windows\system32\ime\pintlgnt\imscinst.exe

+ RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmon.exe

+ RavTimerRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtimer.exe

+ SKYNET Personal FireWall天网个人版防火墙ChinaECGc:\program files\skynet\firewall\pfw.exe

+ TkBellExeRealNetworks SchedulerRealNetworks, Inc.c:\program files\common files\real\update_ob\realsched.exe

+ YDTMain.exeFile not found: C:\PROGRA~1\YDT\YDTMain.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ SysTraysc:\windows\system32\dlmain.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

+ Shell Extensions for RealOne PlayerRealPlayer Shell ExtensionsRealNetworks, Inc.c:\program files\real\realplayer\rpshell.dll

+ Yahoo Trojan Cleannerc:\program files\3721\ske\contmenu.dll

+ Yahoo!PhotoFile not found: C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll

+ 粉碎文件File not found: C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Web 文件夹c:\program files\common files\microsoft shared\web folders\msonsext.dll

+ 金山毒霸File not found: C:\KAV6\KAVEXT.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ DragSearch BHOFile not found: C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL

+ MMSAssist BHOMMSAssistc:\program files\mmsassist\mmsass~1.dll

+ NTIECatcher ClassNet Transport IE Helper ModuleXic:\program files\nettransport 2\ntiehelper.dll

+ Yahoo!PhotoFile not found: C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ @shdoclc.dll,-864c:\windows\web\related.htm

+ Yahoo 1G电邮File not found: http://cn.mail.yahoo.com/promo/rd1

+ 清理上网记录File not found: http://assistant.3721.com/clean1.htm?fb=Cns

+ 情景聊天File not found: http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/

+ 上网助手File not found: http://assistant.3721.com/index.htm?fb=Cns

+ 手机短信File not found: http://sms.3721.com/ie/index.htm?pid=U_3721_assist

+ 腾讯QQQQTENCENTc:\program files\tencent\qq\qq.exe

+ 修复浏览器File not found: http://assistant.3721.com/security1.htm?fb=Cns

+ 寻宝乐趣多File not found: http://hot.3721.com/rd/shop_btn.htm

HKLM\System\CurrentControlSet\Services

+ .Net Boot Servicec:\windows\system32\big5_gb2312.exe

+ Local Network Servicec:\windows\system32\seedserv.exe

+ RsCCenterCCenterrisingc:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMonBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe

HKLM\System\CurrentControlSet\Services

+ ac97intcIntel(r) Integrated Controller Hub Audio DriverIntel Corporationc:\windows\system32\drivers\ac97intc.sys

+ aksusbAladdin USB Key DriverAladdin Knowledge Systemsc:\windows\system32\drivers\aksusb.sys

+ ALCXSENSSensaura WDM 3D Audio DriverSensaura Ltdc:\windows\system32\drivers\alcxsens.sys

+ ALCXWDMRealtek AC'97 Audio Driver (WDM)Realtek Semiconductor Corp.c:\windows\system32\drivers\alcxwdm.sys

+ ati2mtaaATI RAGE 128 Miniport DriverATI Technologies Inc.c:\windows\system32\drivers\ati2mtaa.sys

+ ati2mtagATI Radeon Miniport DriverATI Technologies Inc.c:\windows\system32\drivers\ati2mtag.sys

+ BaseTDIbasetdiRisingc:\windows\system32\drivers\basetdi.sys

+ d347busPnP BIOS Extension c:\windows\system32\drivers\d347bus.sys

+ d347prtSCSI miniport c:\windows\system32\drivers\d347prt.sys

+ ExpScanerExpScan.sysc:\program files\rising\rav\expscan.sys

+ GMSIPCIFile not found: G:\INSTALL\GMSIPCI.SYS

+ hardlockHardlock Device Driver for Windows NTAladdin Knowledge Systemsc:\windows\system32\drivers\hardlock.sys

+ HaspntHASP Kernel Device Driver for Windows NTAladdin Knowledge Systemsc:\windows\system32\drivers\haspnt.sys

+ HookContTDI HOOK DriverRising tech Co. ltdc:\program files\rising\rav\hookcont.sys

+ HookRegc:\program files\rising\rav\hookreg.sys

+ HookSys瑞星c:\program files\rising\rav\hooksys.sys

+ kmsinputc:\windows\system32\drivers\kmsinput.sys

+ KRegExc:\windows\system32\drivers\kregex.sys

+ PProtectFile not found: C:\WINDOWS\system32\drivers\PProtect.sys

+ prodrv06StarForce Protection Environment DriverProtection Technologyc:\windows\system32\drivers\prodrv06.sys

+ prohlp02StarForce Protection Helper DriverProtection Technologyc:\windows\system32\drivers\prohlp02.sys

+ prosync1StarForce Protection Synchronization DriverProtection Technologyc:\windows\system32\drivers\prosync1.sys

+ PStripPowerStrip support NT kernel-mode driverEnTech Taiwanc:\windows\system32\drivers\pstrip.sys

+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys

+ rtl8029NDIS 5.0 driverRealtek Semiconductor Corporationc:\windows\system32\drivers\rtl8029.sys

+ rtl8139NDIS 5.0 driver                                                                  Realtek Semiconductor Corporation                                                c:\windows\system32\drivers\rtl8139.sys

+ SecdrvSafeDisc driverc:\windows\system32\drivers\secdrv.sys

+ sfhlp01StarForce Protection Helper DriverProtection Technologyc:\windows\system32\drivers\sfhlp01.sys

+ SkkbdfPS/2 Keyboard Filter Driver for Win2000Silitek Corp.c:\windows\system32\drivers\skkbdf.sys

+ SKNFWc:\windows\system32\drivers\sknfw.sys

+ SONYPVU1Sony USB Lower Filter driverSony Corporationc:\windows\system32\drivers\sonypvu1.sys

+ SQTECH9060Universal Serial Bus Camera DriverService & Quality Technology CO., LTD.c:\windows\system32\drivers\capt9060.sys

+ viaagp1VIA NT AGP FilterVIA Technologies, Inc.c:\windows\system32\drivers\viaagp1.sys

+ VIAudioVIA Audio WDM Driver VIA Technologies, Inc.c:\windows\system32\drivers\ac97via.sys

+ ZSMC302Video streaming and Capture Device DriverVMc:\windows\system32\drivers\usbvm31b.sys

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls

+ KB2357802.LOGFile not found: KB2357802.LOG

HKCU\Control Panel\Desktop\Scrnsave.exe

+ TheSim~1.scrScreensaverShot Incc:\windows\system32\the simpsons.scr

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ HP LaserJet 5 Language MonitorWin32 Language Monitor for direct connect HP printersHewlett-Packardc:\windows\system32\hpdcmon.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
+ SysTraysc:\windows\system32\dlmain.dll
HKLM\System\CurrentControlSet\Services

+ Local Network Servicec:\windows\system32\seedserv.exe

删除启动项
重启
删除c:\windows\system32\seedserv.exe；c:\windows\system32\dlmain.dll试试


若+ .Net Boot Servicec:\windows\system32\big5_gb2312.exe不是你安装的也一样处理