这是在带网络连接的安全模式下打开的。

HijackThis_815汉化版扫描日志 V1.99.1
保存于      9:35:54, 日期 2006-11-13
操作系统：  Windows XP SP1 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\sys32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\DllHost.exe
C:\Documents and Settings\无锡绿业物资有限公司1\桌面\HijackThis1991zww.exe
C:\Program Files\Internet Explorer\iexplore.exe

R3 - URLSearchHook: Abobe Flash Play9 - {BD328E49-38AB-42CB-8EEA-73AA4CD2A6FD} - C:\Program Files\Abobe Flash Play9\Abobe Flash Player 9.dll
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\PROGRA~1\ABOBEF~2\tbhelper.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\explorer.exe
O1 - Hosts: 222.88.90.22 www.4199.com
O1 - Hosts: 222.88.90.22 4199.com
O1 - Hosts: 222.88.90.22 www.9505.com
O1 - Hosts: 222.88.90.22 9505.com
O1 - Hosts: 222.88.90.22 7939.com
O1 - Hosts: 222.88.90.22 www.7939.com
O1 - Hosts: 222.88.90.22 www.3448.com
O1 - Hosts: .72g.com
O1 - Hosts: 203.171.236.215 www.muchina.com
O1 - Hosts: 203.171.236.215 xyq.163.com
O1 - Hosts: 203.171.236.215 xy2.163.com
O1 - Hosts: 203.171.236.215 www.the9.com
O1 - Hosts: 203.171.236.215 www.5173.com
O1 - Hosts: 203.171.236.215 www.tkgame.com
O1 - Hosts: 59.34.197.239 www.baidu.com
O1 - Hosts: 59.34.197.239 baidu.com
O1 - Hosts: 59.34.197.239 www.sohu.com
O1 - Hosts: 59.34.197.239 sohu.com
O1 - Hosts: 59.34.197.239 www.sina.com
O1 - Hosts: 59.34.197.239 sina.com
O1 - Hosts: 59.34.197.239 www.sina.com.cn
O1 - Hosts: 59.34.197.239 sina.com.cn
O1 - Hosts: 59.34.197.239 www.163.com
O1 - Hosts: 59.34.197.239 163.com
O1 - Hosts: 59.34.197.239 www.google.com
O1 - Hosts: 59.34.197.239 google.com
O1 - Hosts: 59.34.197.239 www.qq.com
O1 - Hosts: 59.34.197.239 qq.com
O1 - Hosts: 59.34.197.239 www.hao123.com
O1 - Hosts: 59.34.197.239 hao123.com
O1 - Hosts: 59.34.197.239 ttlttt.com
O1 - Hosts: 59.34.197.239 www.ddspn.com

O2 - BHO: (no name) - {003169BC-AB68-482F-AEA6-B51A47BDDB83} - C:\WINDOWS\system32\ATIAngetser.dll
O2 - BHO: IEMonitor Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\Program Files\DeskAdTop\deskipn.dll
O2 - BHO: MyLoader Class - {09BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38} - C:\Documents and Settings\All Users\Application Data\Microsoft\giudfidjg\trgjiw.dll
O2 - BHO: IeEventObj Class - {0FAFD871-DFE0-496D-8953-0D5BA28E9766} - C:\Program Files\Internet Explorer\PLUGINS\AviPlayer.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush.dll
O2 - BHO: Google Bar  - {12365484-96a1-6974-3269-123555124655} - C:\WINDOWS\System32\GoogleBar.dll
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\UserData\IEHelper_5196.dll
O2 - BHO: MsXmlExObj Class - {449840D6-2E92-47B5-AED3-B03A41CE9CE4} - C:\WINDOWS\System32\MSXMLR~1.DLL
O2 - BHO: raObject Class - {46F194EB-B7DB-4B7A-BD42-5FF39FD17664} - C:\PROGRA~1\pcast\hbcast.dll
O2 - BHO: DabObj Class - {70D509DD-32A5-4E11-B9C1-865433C8443C} - C:\WINDOWS\System32\dabapi.dll
O2 - BHO: 360安全卫士 - {8C7A85DB-99B6-4477-B14B-28FC27766244} - C:\WINDOWS\System32\gcnbfkrb.dll
O2 - BHO: (no name) - {930FD663-1720-4E8A-BC62-681A8BCEA428} - C:\WINDOWS\system32\adsnwer.dll
O2 - BHO: Spoolsv Class - {9C363D55-07D7-433d-A13E-D9C105202F6F} - C:\WINDOWS\System32\drivers\spoolsv.dll
O2 - BHO: (no name) - {A878C4B6-640F-4C84-953F-31F38D9D4C80} - C:\WINDOWS\system32\ATSerioserar.dll
O2 - BHO: XBTBPos00 - {BD72EF1D-E47A-454F-AEA5-9F4C3ABE4EE5} - C:\PROGRA~1\ABOBEF~2\CAB301~1.DLL
O2 - BHO: TBSB00889 - {E9582697-E409-4312-B454-4B43F994D9DF} - C:\PROGRA~1\ABOBEF~1\ABOBEF~1.DLL
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\System32\AlxTB1.dll
O3 - IE工具栏增项: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - F:\BitComet\BitCometBar\BitCometBar0.1.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing)
O3 - IE工具栏增项: Abobe Flash Play9 - {BD328E49-38AB-42CB-8EEA-73AA4CD2A6FD} - C:\Program Files\Abobe Flash Play9\Abobe Flash Player 9.dll
O3 - IE工具栏增项: Abobe Flash Play 9 - {055187D9-1D7B-4C60-8324-F53F935E8AEE} - C:\Program Files\Abobe Flash Play 9\Cab301b48.dll
O3 - IE工具栏增项: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\System32\SHDOCVW.DLL

O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PreAnnotate] C:\WINDOWS\System32\PreAnntt.exe
O4 - 启动项HKLM\\Run: [SubOlccr] C:\Patriot\SubOlccr.exe
O4 - 启动项HKLM\\Run: [RfwMain] "F:\Program Files\rav\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [RavTask] "F:\Program Files\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - 启动项HKLM\\Run: [QuickTime Task] "F:\新建文件夹\Storm Codec\qttask.exe" -atboottime
O4 - 启动项HKLM\\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - 启动项HKLM\\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - 启动项HKLM\\Run: [Tray] C:\WINDOWS\command\rundll32.exe
O4 - 启动项HKLM\\Run: [rzt] C:\WINDOWS\Intel\rundll32.exe
O4 - 启动项HKLM\\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - 启动项HKLM\\Run: [xy] C:\WINDOWS\Download\svhost32.exe
O4 - 启动项HKLM\\Run: [wl] C:\WINDOWS\Download\svhost32.exe
O4 - 启动项HKLM\\Run: [winla] c:\winla\winla.exe
O4 - 启动项HKLM\\Run: [RichMedia] C:\WINDOWS\System32\Rundll32.exe  "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows
O4 - 启动项HKLM\\Run: [Desktop] C:\WINDOWS\System32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll
O4 - 启动项HKLM\\Run: [r] C:\WINDOWS\down\rundll32.exe
O4 - 启动项HKLM\\Run: [wdfmgr32] C:\WINDOWS\System32\wdfmgr32.exe
O4 - 启动项HKLM\\Run: [systemdll] regsvr32 /s c:\WINDOWS\system32\system.dll
O4 - 启动项HKLM\\Run: [system] C:\WINDOWS\system32\system.exe
O4 - 启动项HKLM\\Run: [dabrun] rundll32.exe "C:\WINDOWS\System32\dabapi.dll",Rundll32
O4 - 启动项HKLM\\Run: [C:\WINDOWS\System32\15.exe] C:\WINDOWS\System32\15.exe
O4 - 启动项HKLM\\RunServices: [system] C:\WINDOWS\system32\system.exe
O4 - 启动项HKLM\\RunOnce: [getmid] rundll32.exe C:\WINDOWS\System32\dabapi.dll,Rundll32 getmid
O4 - 启动项HKLM\\RunOnce: [RavStub] "F:\Program Files\Rav\ravstub.exe" /RUNONCE
O4 - 启动项HKLM\\RunOnce: [xbcqvf86] %systemroot%\system32\Rundll32.exe %systemroot%\system32\xbcqvf86.dll,DllUnregisterServer
O4 - 启动项HKLM\\RunOnce: [kkicfc80] %systemroot%\system32\Rundll32.exe %systemroot%\system32\kkicfc80.dll,DllUnregisterServer
O4 - 启动项HKLM\\RunOnce: [ebiugd65] %systemroot%\system32\Rundll32.exe %systemroot%\system32\ebiugd65.dll,DllUnregisterServer
O4 - 启动项HKLM\\RunOnce: [dwntrk81] %systemroot%\system32\Rundll32.exe %systemroot%\system32\dwntrk81.dll,DllUnregisterServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - IE右键菜单中的新增项目: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - IE右键菜单中的新增项目: Alexa Web Search - http://client.alexa.com/holiday/script/actions/search.htm
O8 - IE右键菜单中的新增项目: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - IE右键菜单中的新增项目: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - IE右键菜单中的新增项目: Get Alexa Data - http://client.alexa.com/holiday/script/actions/sitedata.htm
O8 - IE右键菜单中的新增项目: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
O8 - IE右键菜单中的新增项目: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm
O8 - IE右键菜单中的新增项目: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - IE右键菜单中的新增项目: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - IE右键菜单中的新增项目: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O10 - 未知的文件在 Winsock LSP: c:\windows\kbmw.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\kbmw.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\kbmw.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\kbmw.dll
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://vod.wuxi.cn/plugin/PowerPlr.ocx
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/normalbank/AxSafeControls.cab
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) - http://dl_dir.qq.com/3dshow/3DShowVM.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2165DA8-C4A7-48AC-9B94-23F38E6BA361}: NameServer = 221.228.255.1

O20 - AppInit_DLLs: 578685M.BMP
O21 - SSODL: NetWork - {FC055E7D-8144-4706-8586-2F1C49FCDD2A} - C:\WINDOWS\System32\cmspl.dll
O23 - NT 服务: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - NT 服务: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - NT 服务: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - NT 服务: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - f:\program files\rav\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - F:\Program Files\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - F:\Program Files\Rav\Ravmond.exe

运行Hijackthis，把下面的选中打上钩，修复
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\explorer.exe
O1 - Hosts: 222.88.90.22 www.4199.com
O1 - Hosts: 222.88.90.22 4199.com
O1 - Hosts: 222.88.90.22 www.9505.com
O1 - Hosts: 222.88.90.22 9505.com
O1 - Hosts: 222.88.90.22 7939.com
O1 - Hosts: 222.88.90.22 www.7939.com
O1 - Hosts: 222.88.90.22 www.3448.com
O1 - Hosts: .72g.com
O1 - Hosts: 203.171.236.215 www.muchina.com
O1 - Hosts: 203.171.236.215 xyq.163.com
O1 - Hosts: 203.171.236.215 xy2.163.com
O1 - Hosts: 203.171.236.215 www.the9.com
O1 - Hosts: 203.171.236.215 www.5173.com
O1 - Hosts: 203.171.236.215 www.tkgame.com
O1 - Hosts: 59.34.197.239 www.baidu.com
O1 - Hosts: 59.34.197.239 baidu.com
O1 - Hosts: 59.34.197.239 www.sohu.com
O1 - Hosts: 59.34.197.239 sohu.com
O1 - Hosts: 59.34.197.239 www.sina.com
O1 - Hosts: 59.34.197.239 sina.com
O1 - Hosts: 59.34.197.239 www.sina.com.cn
O1 - Hosts: 59.34.197.239 sina.com.cn
O1 - Hosts: 59.34.197.239 www.163.com
O1 - Hosts: 59.34.197.239 163.com
O1 - Hosts: 59.34.197.239 www.google.com
O1 - Hosts: 59.34.197.239 google.com
O1 - Hosts: 59.34.197.239 www.qq.com
O1 - Hosts: 59.34.197.239 qq.com
O1 - Hosts: 59.34.197.239 www.hao123.com
O1 - Hosts: 59.34.197.239 hao123.com
O1 - Hosts: 59.34.197.239 ttlttt.com
O1 - Hosts: 59.34.197.239 www.ddspn.com
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\UserData\IEHelper_5196.dll
O3 - IE工具栏增项: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\System32\SHDOCVW.DLL

O4 - 启动项HKLM\\Run: [Tray] C:\WINDOWS\command\rundll32.exe
O4 - 启动项HKLM\\Run: [rzt] C:\WINDOWS\Intel\rundll32.exe
O4 - 启动项HKLM\\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - 启动项HKLM\\Run: [xy] C:\WINDOWS\Download\svhost32.exe
O4 - 启动项HKLM\\Run: [wl] C:\WINDOWS\Download\svhost32.exe
O4 - 启动项HKLM\\Run: [winla] c:\winla\winla.exe
O4 - 启动项HKLM\\Run: [RichMedia] C:\WINDOWS\System32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows
O4 - 启动项HKLM\\Run: [Desktop] C:\WINDOWS\System32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll
O4 - 启动项HKLM\\Run: [r] C:\WINDOWS\down\rundll32.exe
O4 - 启动项HKLM\\Run: [systemdll] regsvr32 /s c:\WINDOWS\system32\system.dll
O4 - 启动项HKLM\\Run: [system] C:\WINDOWS\system32\system.exe
O4 - 启动项HKLM\\Run: [dabrun] rundll32.exe "C:\WINDOWS\System32\dabapi.dll",Rundll32
O4 - 启动项HKLM\\Run: [C:\WINDOWS\System32\15.exe] C:\WINDOWS\System32\15.exe
O4 - 启动项HKLM\\RunServices: [system] C:\WINDOWS\system32\system.exe
O4 - 启动项HKLM\\RunOnce: [getmid] rundll32.exe C:\WINDOWS\System32\dabapi.dll,Rundll32 getmid
O4 - 启动项HKLM\\RunOnce: [xbcqvf86] %systemroot%\system32\Rundll32.exe %systemroot%\system32\xbcqvf86.dll,DllUnregisterServer
O4 - 启动项HKLM\\RunOnce: [kkicfc80] %systemroot%\system32\Rundll32.exe %systemroot%\system32\kkicfc80.dll,DllUnregisterServer
O4 - 启动项HKLM\\RunOnce: [ebiugd65] %systemroot%\system32\Rundll32.exe %systemroot%\system32\ebiugd65.dll,DllUnregisterServer
O4 - 启动项HKLM\\RunOnce: [dwntrk81] %systemroot%\system32\Rundll32.exe %systemroot%\system32\dwntrk81.dll,DllUnregisterServer
O10 - 未知的文件在 Winsock LSP: c:\windows\kbmw.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\kbmw.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\kbmw.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\kbmw.dll
O20 - AppInit_DLLs: 578685M.BMP

显示隐藏文件
删除：     
C:\WINDOWS\system32\explorer.exe
C:\WINDOWS\System32\SHDOCVW.DLL
C:\WINDOWS\command\rundll32.exe
C:\WINDOWS\Intel\rundll32.exe
C:\Program Files\Microsoft\svhost32.exe
C:\WINDOWS\Download\svhost32.exe
C:\WINDOWS\Download\svhost32.exe
c:\winla\winla.exe
C:\WINDOWS\down\rundll32.exe
C:\WINDOWS\System32\15.exe
%systemroot%\system32\dwntrk81.dll
%systemroot%\system32\ebiugd65.dll
%systemroot%\system32\kkicfc80.dll
%systemroot%\system32\xbcqvf86.dll
c:\windows\kbmw.dll
578685M.BMP搜索一下

01项和02项、10项没法修复的，版主帮忙看看吧

查找HOSTS文件，用记事打开，清除里面的
只留这一项：127.0.0.1

清除不掉，修改后保存老是说hosts正在被使用，无法修改。

请下载SREng2（最新版） ，使用“智能扫描”，按下“扫描”按钮进行扫描，
扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完，分次粘完，请不要修改。

下载地址
http://www.kztechs.com/sreng/sreng2.zip