瑞星卡卡安全论坛

被v.511.cc劫持，无法修复！QQ也上不去！隐身登陆拦是灰色的

Logfile of HijackThis v1.99.0
Scan saved at 14:53:30, on 2005-12-3
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
e:\program files\rising\rfw\rfwsrv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\nvsvc32.exe
E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
E:\Program Files\Rising\Rfw\rfwmain.exe
D:\WINNT\system32\internat.exe
D:\WINNT\system32\conime.exe
E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
E:\PROGRAM FILES\RISING\RAV\RavStub.exe
e:\program files\rising\rav\RAVMON.EXE
F:\进程杀手\HijackThis_cn\HijackThis\HijackThis.exe

O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - D:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: (no name) - {77FEF28E-EB96-44FF-B511-3185DEA48697}? - (no file)
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - D:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - D:\WINNT\System32\kakatool.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] D:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB001" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RavTimer] E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] E:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [RfwMain] "E:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\TENCENT1\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\TENCENT1\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\TENCENT1\QQ\SendMMS.htm
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - D:\WINNT\System32\nvsvc32.exe
O23 - Service: Rising Personal Firewall Service - Beijing Rising Technology Corporation Limited - e:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center - rising - E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\Ravmond.exe

这个网站杀了很久了，就是没弄掉！
系统一启动就跳出！

这个是刚刚扫的记录，帮我看看吧


Logfile of HijackThis v1.99.0
Scan saved at 15:21:16, on 2005-12-3
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
e:\program files\rising\rfw\rfwsrv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\nvsvc32.exe
E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
E:\Program Files\Rising\Rfw\rfwmain.exe
D:\WINNT\system32\internat.exe
D:\WINNT\system32\conime.exe
E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
E:\PROGRAM FILES\RISING\RAV\RavStub.exe
e:\program files\rising\rav\RAVMON.EXE
E:\Program Files\浩方对战平台\GameClient.exe
F:\进程杀手\HijackThis_cn\HijackThis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - D:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: (no name) - {77FEF28E-EB96-44FF-B511-3185DEA48697}? - (no file)
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - D:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - D:\WINNT\System32\kakatool.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] D:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB001" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RavTimer] E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] E:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [RfwMain] "E:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\Program Files\浩方对战平台\GameClient.exe
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - D:\WINNT\System32\nvsvc32.exe
O23 - Service: Rising Personal Firewall Service - Beijing Rising Technology Corporation Limited - e:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center - rising - E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\Ravmond.exe

请用System Repair Engineer扫个日志上来

下载地址见置顶贴
[必读]本版说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931

O2 - BHO: (no name) - {77FEF28E-EB96-44FF-B511-3185DEA48697}? - (no file)
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] D:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB001" /M "Stylus Photo R210"
修复上面各项

修复hosts文件

hosts文件里保存有WINDOWS系统记录的IP地址与域名的对应关系。

有些网页恶意代码会修改这个文件迫使我们访问恶意网页/网站。

检修方法和步骤是：

　　1。关闭所有浏览器窗口


　　２。开始--》运行...

　　如果你使用的是win 98,请输入(建议复制/粘贴过去)：attrib %SystemRoot%\hosts -h -r -s

　　如果你使用的是win 2000/xp，请输入(建议复制/粘贴过去)：attrib %SystemRoot%\system32\drivers\etc\hosts -h -r -s

　　点[确定]按钮。


　　３。开始--》运行...

　　如果你使用的是win 98，请输入(建议复制/粘贴过去)：notepad %SystemRoot%\hosts

　　如果你使用的是win 2000/xp，请输入(建议复制/粘贴过去)：notepad %SystemRoot%\system32\drivers\etc\hosts

　　点[确定]按钮。

　　４。hosts文件的内容将显示在记事本中，请保留包含127.0.0.1的行，把其它行全部删除。
　　保存修改后，重新启动计算机看看。

注：hosts文件不是系统必须的，有些电脑中可能没有这个文件。

2005-12-03,15:53:08

System Repair Engineer 1.1.0.269
    Windows 2000 Professional Service Pack 4 - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <Internat.exe><internat.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <EPSON Stylus Photo R210 Series><D:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB001" /M "Stylus Photo R210">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <NvCplDaemon><RUNDLL32.EXE NvQTwk,NvCplDaemon initialize>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <nwiz><nwiz.exe /install>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RavTimer><E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RavMon><E:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RfwMain><"E:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Synchronization Manager><mobsync.exe /logon>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><D:\WINNT\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

==================================
启动文件夹
服务
[Autodesk Licensing Service / Autodesk Licensing Service]
  <"D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk, Inc.>
[Logical Disk Manager Administrative Service / dmadmin]
  <D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Macromedia Licensing Service / Macromedia Licensing Service]
  <"D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[NVIDIA Driver Helper Service / NVSvc]
  <D:\WINNT\System32\nvsvc32.exe><NVIDIA Corporation>
[Rising Personal Firewall Service / RfwService]
  <e:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Corporation Limited>
[Rising Process Communication Center / RsCCenter]
  <E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE><rising>
[RsRavMon Service / RsRavMon]
  <E:\PROGRAM FILES\RISING\RAV\Ravmond.exe><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[BandIE Class]
  <D:\PROGRA~1\baidu\bar\baidubar.dll>
[浩方对战平台]
  <E:\Program Files\浩方对战平台\GameClient.exe>
[百度超级搜霸]
  <D:\PROGRA~1\baidu\bar\baidubar.dll>
[卡卡上网安全助手]
  <D:\WINNT\System32\kakatool.dll>
[Update Class]
  <D:\WINNT\System32\iuctl.dll>
[Shockwave Flash Object]
  <D:\WINNT\System32\macromed\flash\Flash.ocx>
[Rising Web Scan Object]
  <D:\WINNT\Downloaded Program Files\OL2005.dll>

==================================
正在运行的进程
[PID: 156][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 180][\??\D:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 200][\??\D:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6714>
[PID: 228][D:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.6700>
    [D:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 240][D:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.6695>
[PID: 400][E:\PROGRAM FILES\RISING\RAV\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><17, 0, 1, 57>
    [E:\PROGRAM FILES\RISING\RAV\guidll.dll]  <rising><17, 0, 0, 13>
    [E:\PROGRAM FILES\RISING\RAV\RsCommX.dll]  <rising><17, 0, 0, 3>
    [E:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL]  <Rising Corp.><17, 0, 0, 7>
    [E:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  <rising><17, 0, 0, 60>
    [E:\Program Files\Rising\Rav\Scanner.dll]  <Rising><17, 0, 0, 43>
    [E:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
    [E:\Program Files\Rising\Rav\libload.dll]  <Rising><17, 0, 0, 14>
    [E:\Program Files\Rising\Rav\VirusLib.dll]  <Rising><17, 0, 0, 26>
    [E:\PROGRAM FILES\RISING\RAV\MailMon.dll]  < ><17, 0, 0, 9>
    [E:\Program Files\Rising\Rav\engine.dll]  <rising><17, 0, 0, 40>
    [E:\Program Files\Rising\Rav\SpamEng.dll]  <N/A><17, 0, 0, 7>
    [E:\Program Files\Rising\Rav\UnExe.dll]  <Rising><17, 0, 0, 27>
    [E:\PROGRAM FILES\RISING\RAV\MemMon.dll]  <北京瑞星><17, 8, 0, 0>
    [E:\PROGRAM FILES\RISING\RAV\expscan.dll]  <N/A><17, 0, 0, 6>
    [E:\Program Files\Rising\Rav\ScanEx.dll]  <Rising><17, 0, 0, 33>
    [E:\Program Files\Rising\Rav\PostTrt.dll]  <Rising><17, 0, 0, 21>
    [E:\PROGRAM FILES\RISING\RAV\mPorts.dll]  <Beijing Rising Technology Corporation Limited><3, 0, 0, 3>
    [E:\Program Files\Rising\Rav\NvFile.dll]  <瑞星><17, 0, 0, 13>
    [E:\PROGRAM FILES\RISING\RAV\regmon.dll]  < ><17, 0, 0, 12>
    [E:\PROGRAM FILES\RISING\RAV\HookWeb.dll]  <rising><17, 0, 0, 4>
    [E:\Program Files\Rising\Rav\ScanMac.dll]  <rising><17, 0, 0, 19>
    [E:\Program Files\Rising\Rav\ScanSct.dll]  <rising><17, 0, 0, 31>
    [E:\Program Files\Rising\Rav\ScanExec.dll]  <N/A><17, 0, 0, 21>
    [E:\Program Files\Rising\Rav\Unpacker.dll]  <rising><17, 0, 0, 19>
    [E:\Program Files\Rising\Rav\ExtOLE.dll]  <rising><17, 0, 0, 21>
[PID: 428][E:\PROGRAM FILES\RISING\RAV\RavStub.exe]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 27>
    [E:\PROGRAM FILES\RISING\RAV\RsCommX.dll]  <rising><17, 0, 0, 3>
    [E:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
[PID: 448][e:\program files\rising\rfw\rfwsrv.exe]  <Beijing Rising Technology Corporation Limited><3, 2, 0, 0>
    [e:\program files\rising\rfw\Rfwdrv.dll]  <Beijing Rising Technology Corporation Limited><3, 0, 1, 5>
    [e:\program files\rising\rfw\rfwrule.dll]  <Beijing Rising Technology Corporation Limited><3, 1, 0, 0>
    [e:\program files\rising\rfw\rfwlog.dll]  <Beijing Rising Technology Corporation Limited><3, 1, 0, 2>
[PID: 524][D:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 560][D:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.6659>
    [D:\WINNT\system32\EBPMON24.DLL]  <SEIKO EPSON CORPORATION><1, 10, 0, 0>
[PID: 604][D:\WINNT\System32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 636][D:\WINNT\System32\nvsvc32.exe]  <NVIDIA Corporation><6.13.10.2832>
[PID: 712][E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE]  <rising><17, 0, 0, 1>
[PID: 776][D:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
[PID: 816][D:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 1024][D:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [D:\WINNT\System32\AcSignIcon.dll]  <Autodesk><16.1.63.0>
    [D:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  <Autodesk><16.1.63.0>
    [D:\PROGRA~1\baidu\bar\baidubar.dll]  <Baidu.com, Inc.><2, 0, 2, 47>
[PID: 1068][e:\program files\rising\rfw\RfwMain.exe]  <Beijing Rising Technology Corporation Limited><3, 1, 0, 19>
    [e:\program files\rising\rfw\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 40>
    [e:\program files\rising\rfw\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
    [e:\program files\rising\rfw\PngDll.dll]  <Rising><17, 0, 0, 2>
[PID: 1108][D:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE]  <SEIKO EPSON CORPORATION><3.00>
[PID: 1132][E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 39>
    [E:\PROGRA~1\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
    [E:\PROGRA~1\RISING\RAV\RSAPPMGR.DLL]  <Rising Corp.><17, 0, 0, 7>
    [E:\PROGRA~1\RISING\RAV\CfgDll.dll]  <rising><17, 0, 0, 60>
    [E:\PROGRA~1\RISING\RAV\RsCommX.dll]  <rising><17, 0, 0, 3>
[PID: 1140][E:\PROGRA~1\RISING\RAV\RAVMON.EXE]  <Beijing Rising Technology Co., Ltd.><17, 0, 1, 37>
    [E:\PROGRA~1\RISING\RAV\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 40>
    [E:\PROGRA~1\RISING\RAV\RSAPPMGR.DLL]  <Rising Corp.><17, 0, 0, 7>
    [E:\PROGRA~1\RISING\RAV\CfgDll.dll]  <rising><17, 0, 0, 60>
    [E:\PROGRA~1\RISING\RAV\RsCommX.dll]  <rising><17, 0, 0, 3>
    [E:\PROGRA~1\RISING\RAV\PngDll.dll]  <Rising><17, 0, 0, 2>
    [E:\PROGRA~1\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
[PID: 1176][D:\WINNT\system32\internat.exe]  <Microsoft Corporation><5.00.2920.0000>
[PID: 1504][F:\新建文件夹 (3)\SREng.exe]  <Smallfrogs Studio><1.1.0.269>

==================================
文件关联
.TXT  Error. [txtfile]
.EXE  Error. [exefile]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. [hh.exe %1]
.HLP  OK. [D:\WINNT\System32\winhlp32.exe %1]
.INI  Error. [notepad.exe %1]
.INF  Error. [notepad.exe %1]

==================================

请先修复文件关联，是无法修改主页吗？

不是的，是我一开机，就跳出V.511.CC 这个网站！
主页是好的

接着就跳出更多的网站，比如www.tingcn.com等等。要不你进这个v.511.cc看看，会出现什么情况，
谢谢你了

您进这个网站杀软没有报毒吗？

删除以下文件夹中的内容：
C:\Documents and Settings\用户名\Local Settings\Temp\下的所有文件
C:\Documents and Settings\用户名\LocalSettings\TemporaryInternet Files\下的所有文件

开始报了，后来就没报了，都是自动跳出的

清空一下IE缓存.
开始--控制面版--internet选项--删除文件--删除所有脱几内容.
用hijackthis把启动日志扫上来.

按照你的做法，我发上来

Logfile of HijackThis v1.99.0
Scan saved at 18:40:26, on 2005-12-3
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
E:\PROGRAM FILES\RISING\RAV\RavStub.exe
e:\program files\rising\rfw\rfwsrv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\nvsvc32.exe
E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
e:\program files\rising\rfw\RfwMain.exe
D:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
E:\PROGRA~1\RISING\RAV\RAVMON.EXE
D:\WINNT\system32\internat.exe
E:\Program Files\浩方对战平台\GameClient.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Internet Explorer\iexplore.exe
F:\进程杀手\HijackThis_cn\HijackThis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - D:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: (no name) - {77FEF28E-EB96-44FF-B511-3185DEA48697}? - (no file)
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - D:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - D:\WINNT\System32\kakatool.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] D:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB001" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RavTimer] E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] E:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [RfwMain] "E:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\Program Files\浩方对战平台\GameClient.exe
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - D:\WINNT\System32\nvsvc32.exe
O23 - Service: Rising Personal Firewall Service - Beijing Rising Technology Corporation Limited - e:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center - rising - E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\Ravmond.exe

奇怪，我也上这个站点了，除了报三个毒外，为什么没有其它问题呢？

用hijackthis把启动日志扫上来：打开HijackThis--杂项工具--创建启动列表日志

请用新版HijackThis1.99.1

HijackThis下载地址请参考：
【必读】本版说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931

上了之后，我一启动就经常自动跳出这个几个网站
vod.hy265.com也是的

这个是我刚刚扫上来的，帮我看看！
Logfile of HijackThis v1.99.1
Scan saved at 10:04:06, on 2005-12-5
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
E:\PROGRAM FILES\RISING\RAV\RavStub.exe
e:\program files\rising\rfw\rfwsrv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\nvsvc32.exe
E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
e:\program files\rising\rfw\RfwMain.exe
D:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
E:\PROGRA~1\RISING\RAV\RAVMON.EXE
D:\WINNT\system32\internat.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\TENCENT1\QQ\QQ.exe
E:\Program Files\TENCENT1\QQ\TIMPlatform.exe
F:\新建文件夹 (4)\426101200522225654\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - e:\Program Files\TENCENT1\QQ\QQIEHelper.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - D:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: (no name) - {77FEF28E-EB96-44FF-B511-3185DEA48697}? - (no file)
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - D:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - D:\WINNT\System32\kakatool.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] D:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB001" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RavTimer] E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] E:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [RfwMain] "E:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: 腾讯QQ.lnk = E:\Program Files\TENCENT1\QQ\QQ.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Program Files\TENCENT1\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\TENCENT1\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\TENCENT1\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\TENCENT1\QQ\SendMMS.htm
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\Program Files\浩方对战平台\GameClient.exe
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - e:\Program Files\TENCENT1\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - e:\Program Files\TENCENT1\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - e:\Program Files\TENCENT1\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - e:\Program Files\TENCENT1\QQ\QQIEHelper.dll
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O20 - Winlogon Notify: nwprovau - D:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINNT\System32\nvsvc32.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - e:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\Ravmond.exe

Logfile of Kaka v2. 0. 0. 2 Scan Module v2. 0. 0. 1
Scan saved at 10:58:00, on 2005-12-05
Platform: Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)
MSIE: Internet Explorer v6.00 SP1;Q867801;Q903235;Q837009; (6.00.2800.1106)


Running processes:
[smss.exe]
CommandLine =

[csrss.exe]
CommandLine = D:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[winlogon.exe]
CommandLine = winlogon.exe

[services.exe]
CommandLine = D:\WINNT\system32\services.exe

[lsass.exe]
CommandLine = D:\WINNT\system32\lsass.exe

[Ravmond.exe]
CommandLine = "E:\PROGRAM FILES\RISING\RAV\Ravmond.exe"

[RavStub.exe]
CommandLine = "E:\PROGRAM FILES\RISING\RAV\RavStub.exe" /RAVMOND

[rfwsrv.exe]
CommandLine = "e:\program files\rising\rfw\rfwsrv.exe"

[svchost.exe]
CommandLine = D:\WINNT\system32\svchost -k rpcss

[spoolsv.exe]
CommandLine = D:\WINNT\system32\spoolsv.exe

[svchost.exe]
CommandLine = D:\WINNT\System32\svchost.exe -k netsvcs

[nvsvc32.exe]
CommandLine = D:\WINNT\System32\nvsvc32.exe

[CCENTER.EXE]
CommandLine = "E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE"

[WinMgmt.exe]
CommandLine = D:\WINNT\System32\WBEM\WinMgmt.exe

[svchost.exe]
CommandLine = D:\WINNT\system32\svchost.exe -k wugroup

[Explorer.EXE]
CommandLine = D:\WINNT\Explorer.EXE

[RfwMain.exe]
CommandLine =  -StartUp

[E_S4I3H2.EXE]
CommandLine = "D:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE" /P30 "EPSON Stylus Photo R210 Series" /O6 "USB001" /M "Stylus Photo R210"

[RAVTIMER.EXE]
CommandLine = "E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE"

[RAVMON.EXE]
CommandLine = "E:\PROGRA~1\RISING\RAV\RAVMON.EXE" -SYSTEM

[internat.exe]
CommandLine = "D:\WINNT\system32\internat.exe"

[svchost.exe]
CommandLine = D:\WINNT\System32\svchost.exe -k BITSgroup

[msnmsgr.exe]
CommandLine = "D:\Program Files\MSN Messenger\msnmsgr.exe"

[QQ.exe]
CommandLine = "E:\Program Files\TENCENT1\QQ\QQ.exe"

[TIMPlatform.exe]
CommandLine = "E:\Program Files\TENCENT1\QQ\TIMPlatform.exe" -Embedding

[iexplore.exe]
CommandLine = "D:\Program Files\Internet Explorer\iexplore.exe"

[KkScan.exe]
CommandLine = "D:\Program Files\Rising\KakaToolBar\KkScan.exe"

R3 - Default URLSearchHook is missing
O1 - Hosts: 127.0.0.1 v.511.cc
O1 - Hosts: 127.0.0.1 www.uu500.com
O1 - Hosts: 127.0.0.1      www.tingcn.com
O1 - Hosts: 127.0.0.1      www.cdzp.com
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - e:\Program Files\TENCENT1\QQ\QQIEHelper.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - D:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO:  (file missing)
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - D:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - D:\WINNT\system32\KakaTool.dll
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] D:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB001" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RavTimer] E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] E:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [RfwMain] "E:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - Startup: 腾讯QQ.lnk = E:\Program Files\TENCENT1\QQ\QQ.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Program Files\TENCENT1\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\TENCENT1\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\TENCENT1\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\TENCENT1\QQ\SendMMS.htm
O9 - Extra Button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\Program Files\浩方对战平台\GameClient.exe
O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - e:\Program Files\TENCENT1\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - e:\Program Files\TENCENT1\QQ\QQ.EXE
O9 - Extra Button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - e:\Program Files\TENCENT1\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - e:\Program Files\TENCENT1\QQ\QQIEHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: DirectAnimation Java Classes - file://D:\WINNT\Java\classes\dajava.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O18 - Filter : application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINNT\System32\mscoree.dll
O18 - Filter : application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINNT\System32\mscoree.dll
O18 - Filter : application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINNT\System32\mscoree.dll
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINNT\System32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - D:\WINNT\System32\urlmon.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINNT\System32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - D:\WINNT\System32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - D:\WINNT\System32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - D:\WINNT\System32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - D:\WINNT\System32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINNT\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINNT\System32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINNT\System32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINNT\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - D:\WINNT\System32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - D:\WINNT\System32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINNT\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINNT\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - D:\WINNT\System32\mshtml.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINNT\System32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - D:\WINNT\System32\msdxm.ocx
O20 - Winlogon Notify: nwprovau
O20 - Winlogon Notify: wzcnotif
O23 - Service: Autodesk Licensing Service (Autodesk Licensing Service) - Autodesk, Inc. - "D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\system32\dmadmin.exe /com
O23 - Service: Macromedia Licensing Service (Macromedia Licensing Service) -  - "D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINNT\system32\nvsvc32.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - e:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\Ravmond.exe

用hijackthis把启动日志扫上来：

打开HijackThis--杂项工具--创建启动列表日志

StartupList report, 2005-12-5, 12:34:54
StartupList version: 1.52.2
Started from : F:\新建文件夹 (4)\426101200522225654\HijackThis.EXE
Detected: Windows 2000 SP4 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
E:\PROGRAM FILES\RISING\RAV\RavStub.exe
e:\program files\rising\rfw\rfwsrv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\nvsvc32.exe
E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
e:\program files\rising\rfw\RfwMain.exe
D:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
E:\PROGRA~1\RISING\RAV\RAVMON.EXE
D:\WINNT\system32\internat.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\TENCENT1\QQ\QQ.exe
E:\Program Files\TENCENT1\QQ\TIMPlatform.exe
D:\WINNT\System32\MsiExec.exe
D:\Program Files\Internet Explorer\iexplore.exe
F:\新建文件夹 (4)\426101200522225654\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[D:\Documents and Settings\张洪浪\「开始」菜单\程序\启动]
腾讯QQ.lnk = E:\Program Files\TENCENT1\QQ\QQ.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = D:\WINNT\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

EPSON Stylus Photo R210 Series = D:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB001" /M "Stylus Photo R210"
NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
nwiz = nwiz.exe /install
RavTimer = E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
RavMon = E:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
RfwMain = "E:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
Synchronization Manager = mobsync.exe /logon

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Internat.exe = internat.exe
msnmsgr = "D:\Program Files\MSN Messenger\msnmsgr.exe" /background

--------------------------------------------------

Shell & screensaver key from D:\WINNT\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

QQIEHelper - e:\Program Files\TENCENT1\QQ\QQIEHelper.dll - {54EBD53A-9BC1-480B-966A-843A333CA162}
(no name) - D:\PROGRA~1\baidu\bar\baidubar.dll - {77FEF28E-EB96-44FF-B511-3185DEA48697}
(no name) - (no file) - {77FEF28E-EB96-44FF-B511-3185DEA48697}?

--------------------------------------------------

Enumerating Download Program Files:

[Update Class]
InProcServer32 = D:\WINNT\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38687.9530092593

[Shockwave Flash Object]
InProcServer32 = D:\WINNT\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[Rising Web Scan Object]
InProcServer32 = D:\WINNT\Downloaded Program Files\OL2005.dll
CODEBASE = http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: D:\Config.Msi\8d89f6.rbf||D:\Config.Msi\8d8ac5.rbf||D:\Config.Msi\8d8ad0.rbf||D:\Config.Msi\8d8e87.rbf


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

Network.ConnectionTray: D:\WINNT\system32\NETSHELL.dll
SysTray: stobject.dll
WebCheck: D:\WINNT\System32\webcheck.dll

--------------------------------------------------
End of report, 5,304 bytes
Report generated in 0.180 seconds

Command line options:
  /verbose  - to add additional info on each section
  /complete - to include empty sections and unsuspicious data
  /full    - to include several rarely-important sections
  /force9x  - to include Win9x-only startups even if running on WinNT
  /forcent  - to include WinNT-only startups even if running on Win9x
  /forceall - to include all Win9x and WinNT startups, regardless of platform
  /history  - to list version history only

建议您试试  黄山IE修复专家

下载地址：http://www.crsky.com/soft/3641.html

用了黄山修复器之后的日志，我想问问01的HOSTS里的这些网站是拦截对象。使他们无法打开吗？那是不是自己也可以添加一些进去？


Logfile of Kaka v2. 0. 0. 2 Scan Module v2. 0. 0. 1
Scan saved at 14:13:48, on 2005-12-05
Platform: Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)
MSIE: Internet Explorer v6.00 SP1;Q867801;Q903235;Q837009; (6.00.2800.1106)


Running processes:
[smss.exe]
CommandLine =

[csrss.exe]
CommandLine = D:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[winlogon.exe]
CommandLine = winlogon.exe

[services.exe]
CommandLine = D:\WINNT\system32\services.exe

[lsass.exe]
CommandLine = D:\WINNT\system32\lsass.exe

[Ravmond.exe]
CommandLine = "E:\PROGRAM FILES\RISING\RAV\Ravmond.exe"

[RavStub.exe]
CommandLine = "E:\PROGRAM FILES\RISING\RAV\RavStub.exe" /RAVMOND

[rfwsrv.exe]
CommandLine = "e:\program files\rising\rfw\rfwsrv.exe"

[svchost.exe]
CommandLine = D:\WINNT\system32\svchost -k rpcss

[spoolsv.exe]
CommandLine = D:\WINNT\system32\spoolsv.exe

[svchost.exe]
CommandLine = D:\WINNT\System32\svchost.exe -k netsvcs

[nvsvc32.exe]
CommandLine = D:\WINNT\System32\nvsvc32.exe

[CCENTER.EXE]
CommandLine = "E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE"

[WinMgmt.exe]
CommandLine = D:\WINNT\System32\WBEM\WinMgmt.exe

[svchost.exe]
CommandLine = D:\WINNT\system32\svchost.exe -k wugroup

[Explorer.EXE]
CommandLine = D:\WINNT\Explorer.EXE

[internat.exe]
CommandLine = "D:\WINNT\system32\internat.exe"

[RfwMain.exe]
CommandLine =  -StartUp

[RavMon.exe]
CommandLine = "E:\PROGRAM FILES\RISING\RAV\RAVMON.EXE"

[iexplore.exe]
CommandLine = "D:\Program Files\Internet Explorer\iexplore.exe"

[KkScan.exe]
CommandLine = "D:\Program Files\Rising\KakaToolBar\KkScan.exe"

R3 - Default URLSearchHook is missing
O1 - Hosts: 127.0.0.1                    aifind.info
O1 - Hosts: 127.0.0.1                    allsearcher.info
O1 - Hosts: 127.0.0.1                    cadabra.biz
O1 - Hosts: 127.0.0.1                    ehttp.cc
O1 - Hosts: 127.0.0.1                    freednshost.info
O1 - Hosts: 127.0.0.1                    i-lookup.com
O1 - Hosts: 127.0.0.1                    searchpage.cc
O1 - Hosts: 127.0.0.1                    www.joyiex.com
O1 - Hosts: 127.0.0.1                    www.mj2005.com
O1 - Hosts: 127.0.0.1                    www.mydj2005.com
O1 - Hosts: 127.0.0.1                    www.nkvd.us
O1 - Hosts: 127.0.0.1                    www.smart-finder.biz
O1 - Hosts: 127.0.0.1                    www.xfreehosting.com
O1 - Hosts: 127.0.0.1                    www.xxx166.com
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - e:\Program Files\TENCENT1\QQ\QQIEHelper.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - D:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO:  (file missing)
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - D:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - D:\WINNT\system32\KakaTool.dll
O4 - HKCU\..\Run: [internat.exe] internat.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Program Files\TENCENT1\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\TENCENT1\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\TENCENT1\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\TENCENT1\QQ\SendMMS.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/windows/ie_intl/cn/start/
O16 - DPF: DirectAnimation Java Classes - file://D:\WINNT\system32\dajava.cab
O16 - DPF: Internet Explorer Classes for Java - file://D:\WINNT\system32\iejava.cab
O18 - Filter : application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINNT\System32\mscoree.dll
O18 - Filter : application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINNT\System32\mscoree.dll
O18 - Filter : application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINNT\System32\mscoree.dll
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINNT\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - D:\WINNT\system32\urlmon.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINNT\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - D:\WINNT\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - D:\WINNT\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - D:\WINNT\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - D:\WINNT\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINNT\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINNT\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINNT\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINNT\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - D:\WINNT\System32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - D:\WINNT\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINNT\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINNT\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - D:\WINNT\system32\mshtml.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINNT\system32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - D:\WINNT\System32\msdxm.ocx
O20 - Winlogon Notify: wzcnotif
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\system32\dmadmin.exe /com
O23 - Service: Macromedia Licensing Service (Macromedia Licensing Service) -  - "D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINNT\system32\nvsvc32.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - e:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\Ravmond.exe

【回复“bloodsky”的帖子】修复所有R3，01项。
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present