最近好像被这两个网站粘住了。

1..千姿花艺XXXX集团
这个网站广告的网址是http://www.cy360.net/qd/index_01.html?hb=popunder_ad
经常是在用Google的时候就会弹出来，一搜索就出来，有时还出来两三个，烦得很。

2.中国招商加盟网
这个网站广告的网址是http://www.goto88.cn/?hb=popunder_ad
同样是在浏览网页的时候弹出来的。经常出现在两个网站，一个是新浪，一个是天涯。

经常打开的时候就不清不楚的弹出来。因为这些网站都是比较正规的，所以觉得不可能是恶意网页，应该是中毒或者被劫持，不知道朋友们有没有遇到这种情况？谢谢。

下载HijackThisV1.99.1把生成的log日志文件的内容发上来

http://forum.ikaka.com/topic.asp?board=67&artid=5188931

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      01:02:52, 日期 2006-04-10
操作系统：  Windows XP SP1 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\NILaunch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\Logi_MwX.Exe
c:\WINDOWS\System32\Drivers\trcboot.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\C4ebreg\c4ebreg.exe
c:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\C4ebreg\isamtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopQQPlugin.exe
D:\02_NON~1\07_MP\02_工具\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSNShellNew\MSNShell\BIN\MSNShell.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\DrvMon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
D:\02_NonBusiness\01_Origin Soft\Desktop\DesktopSprite2\DesktopSprite.exe
C:\Program Files\Skype\Phone\Skype.exe
c:\sdwork\issimsvc.exe
D:\02_NonBusiness\07_MP\02_工具\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\IBM\Infoprint Select\ipnotify.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\WINDOWS\WRTService.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\WINDOWS\System32\Drivers\ldlcserv.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\C4ebreg\isamsmt.exe
C:\Program Files\Tencent\2005\TIMPlatform.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
C:\Program Files\Tencent\2005\QQ.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\淘宝网\淘宝旺旺\WangWang.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wisptis.exe
C:\Program Files\sterm\STerm.exe
C:\HJ\HijackThis1991汉化版\HijackThis1991zww.exe

R3 - 默认的URLSearchHook丢失。用HijackThis修复
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit32.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\2005\QQIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo2\KUGOO3~1.OCX
O2 - BHO: HBObject Class - {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} - C:\PROGRA~1\HBClient\hbhelper.dll
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - 启动项HKLM\\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - 启动项HKLM\\Run: [ATIModeChange] Ati2mdxx.exe
O4 - 启动项HKLM\\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - 启动项HKLM\\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - 启动项HKLM\\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - 启动项HKLM\\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - 启动项HKLM\\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - 启动项HKLM\\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" -a
O4 - 启动项HKLM\\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - 启动项HKLM\\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - 启动项HKLM\\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - 启动项HKLM\\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - 启动项HKLM\\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - 启动项HKLM\\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - 启动项HKLM\\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - 启动项HKLM\\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - 启动项HKLM\\Run: [Logitech Utility] Logi_MwX.Exe
O4 - 启动项HKLM\\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - 启动项HKLM\\Run: [C4EBReg] "C:\Program Files\C4ebreg\c4ebreg.exe" /q
O4 - 启动项HKLM\\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - 启动项HKLM\\Run: [ISAMTray] "C:\Program Files\C4ebreg\isamtray.exe"
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [RichMedia] C:\WINDOWS\System32\Rundll32.exe  "C:\PROGRA~1\HBClient\hbhelper.dll",WaitWindows
O4 - 启动项HKLM\\Run: [PCSuiteTrayApplication] D:\02_NON~1\07_MP\02_工具\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSNShell] C:\Program Files\MSNShellNew\MSNShell\BIN\MSNShell.exe autorun
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\System32\DrvMon.exe
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DesktopSprite] D:\02_NonBusiness\01_Origin Soft\Desktop\DesktopSprite2\DesktopSprite.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] D:\02_NonBusiness\07_MP\02_工具\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: Wallpaper Calendar.lnk = C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe
O4 - Global Startup: Infoprint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - IE右键菜单中的新增项目: Add Person to NotesBuddy... - C:\Program Files\IBM\NotesBuddy\AddPersonN.html
O8 - IE右键菜单中的新增项目: Add Picture to NotesBuddy... - C:\Program Files\IBM\NotesBuddy\AddImageN.html
O8 - IE右键菜单中的新增项目: Download with &Shareaza - res://C:\Program Files\超级BT下载软件\Plugins\RazaWebHook.dll/3000
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - C:\PROGRA~1\KuGoo2\KuGoo3DownX.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 在Foxmail中添加该RSS频道/频道组 - res://C:\WINDOWS\System32\fmrsslink.dll/201
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\20052\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\20052\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\20052\SendMMS.htm
O9 - 浏览器额外的按钮: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - 浏览器额外的“工具”菜单项: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\02_NonBusiness\06_Game\浩方对战平台\GameClient.exe
O9 - 浏览器额外的按钮: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - 浏览器额外的按钮: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - 浏览器额外的“工具”菜单项: 创建移动收藏... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\20052\QQ.EXE (file missing)
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\20052\QQ.EXE (file missing)
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\2005\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\2005\QQIEHelper.dll
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - 浏览器额外的“工具”菜单项: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com

O16 - DPF: ST MRC ST31IF1 PMR-90722999000 - https://www-1.ibm.com/sametime/stmeetingroomclient/STMeetingRoomClient.cab
O16 - DPF: {0400AC1C-EEF0-4638-A501-31D5A0DC2002} (VTPlug3 Class) - http://202.96.140.15:1995/VTrans.cab
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {2BFAA61B-5C83-4865-8281-D8BDBF863061} (PGEdit Class) - https://www.gnetpg.com/PG_ATL.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://219.111.15.20:10080/kxhcm10.ocx
O16 - DPF: {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} (V2 Control) - http://www.bluesky.cn/download/v2_60.cab
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://202.96.140.15:1995/talk.cab
O16 - DPF: {6BB0C189-3676-4711-AA75-E2801D6B0E27} (AvlFTP Control) - http://benchmark.avl.com.cn/cab/avlFtp.cab
O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} (JNILoader Control) - https://www-1.ibm.com/sametime/stmeetingroomclient/STJNILoader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3.ibm.com/tools/print/plugin/gpwsx2.7.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cn.ibm.com
O17 - HKLM\Software\..\Telephony: DomainName = cn.ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BBA2867-7005-4994-983A-ECC3937C3C39}: Domain = domain
O17 - HKLM\System\CCS\Services\Tcpip\..\{D41E7B53-6838-468D-AD0A-DF9ACA28B63B}: Domain = ibm.com
O18 - 列举现有的协议: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\System32\mbprot.dll
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - NT 服务: AppnNode - IBM Corporation - c:\WINDOWS\System32\Drivers\appnnode.exe
O23 - NT 服务: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - NT 服务: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - NT 服务: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - NT 服务: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - NT 服务: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - NT 服务: Windows Fing (Fingrwx) - Unknown owner - C:\WINDOWS\System32\Frwx.exe (file missing)
O23 - NT 服务: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - NT 服务: Windows Internet/Server (Internet) - Unknown owner - C:\WINDOWS\system32\RavExt\winlogo.exe (file missing)
O23 - NT 服务: Internet_Server (InternetServer) - Unknown owner - C:\WINDOWS\IE_Server.exe (file missing)
O23 - NT 服务: ISAM SMT Service (ISAMsmt) - IBM Global Services - C:\Program Files\C4ebreg\isamsmt.exe
O23 - NT 服务: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - NT 服务: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - NT 服务: IBM Enterprise Extender (ldlcserv) - IBM Corporation - c:\WINDOWS\System32\Drivers\ldlcserv.exe
O23 - NT 服务: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - NT 服务: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - NT 服务: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - NT 服务: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - NT 服务: IBM Trace Facility (TrcBoot) - IBM Corporation - c:\WINDOWS\System32\Drivers\trcboot.exe
O23 - NT 服务: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - NT 服务: WRT Service (WRTService) - Unknown owner - C:\WINDOWS\WRTService.exe

大家帮忙看一看啊，无限感激

没有人理俺，再顶

R3 - 默认的URLSearchHook丢失。用HijackThis修复
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O23 - NT 服务: Windows Fing (Fingrwx) - Unknown owner - C:\WINDOWS\System32\Frwx.exe (file missing)
O23 - NT 服务: Windows Internet/Server (Internet) - Unknown owner - C:\WINDOWS\system32\RavExt\winlogo.exe (file missing)
O23 - NT 服务: Internet_Server (InternetServer) - Unknown owner - C:\WINDOWS\IE_Server.exe (file missing)
O23 - NT 服务: WRT Service (WRTService) - Unknown owner - C:\WINDOWS\WRTService.exe
停止服务:开始--控制面版--管理工具--服务--找到＂ WRT Service ＂“Windows Internet”“Windows Fing ”“Internet_Server ”这四个服务，改成＂已禁用＂
然后重启，删除C:\WINDOWS\IE_Server.exe ，C:\WINDOWS\system32\RavExt\winlogo.exe ，C:\WINDOWS\System32\Frwx.exe
开始，运行，输入regedit，用注册表的搜索功能分别搜索，IE_Server.exe ，winlogo.exe ，Frwx.exe ，WRTService.exe找到后删除与它相关的选项。

对了，如果找不到，先打开我的电脑，工具，查看，选中“显示所有文件和文件夹”还有清除勾选的“隐藏系统文件”这两个选项