老是自动弹出广告，有什么www.search－h网站的各种办法都试过了，还是不行，可能中了adware,谢谢哪位帮个忙，怎样修复


Logfile of HijackThis v1.99.0
Scan saved at 15:56:13, on 2005-11-04
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
E:\PROGRAM FILES\RISING\RAV\RavStub.exe
d:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\windat.exe
C:\WINNT\cytob.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\WinPoET\WrOS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
d:\program files\rising\rfw\RfwMain.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\Program Files\WinPoET\WinPPPoverEthernet.exe
E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
E:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\WINNT\system32\Internat.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\rundll32.exe
C:\Documents and Settings\Administrator\桌面\HijackThis.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 卡卡安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\kakatool.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Poco] ; d:\Program Files\PP\pp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [z-wrdialer] C:\Program Files\WinPoET\iVasionWinPoET.exe
O4 - HKLM\..\Run: [a-winpoet-service] C:\Program Files\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [RavTimer] E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] E:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [RfwMain] "d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKCU\..\Run: [Internat.exe] Internat.exe
O4 - HKCU\..\Run: [MsnMsgr] ; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Kuro_M3] ;
O4 - HKCU\..\Run: [Steam] ; D:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [b37cbd456a7389b022d4bcb6eaf2bbeb] "F:\Downloads\d120wps60.12012.0.exe" -t 12012.0
O4 - Global Startup: qq2003.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab_adult/MediaAccessVerisign/ie/bridge-c9.cab
O16 - DPF: {3A2B370C-BA0A-11D1-B137-0000F8753F5D} (Microsoft Chart Control 6.0 (SP4) (OLEDB)) - http://www.fangdi.com.cn/mschart.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/048e07f4ed0b3793cb05/netzip/RdxIE601_cn.cab
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (天下搜索) - http://iebar.t2t2.com/iebar.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130660590765
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://202.96.140.15:1995/talk.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {7A818607-0D4D-4C09-AB73-E4FC105FD9C3} (Web800 Control) - http://radio.cga.com.cn/mdc800.cab
O16 - DPF: {878FD82B-A4A2-494C-80F2-4938B345AD10} (SetupChat.SetupControl) - http://www.9liao.com.cn/setup/SetupChat.CAB
O16 - DPF: {8819C261-5B61-4628-908C-9BE795EABEC3} (IE Class) - http://www.95599.cn/download/ABC.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {C3485CCB-9037-41EF-B72C-749709AB68AA} (YLClientOCX.ClientOCX) - http://www.9liao.com.cn/ClientOCX.CAB
O16 - DPF: {CA828031-4325-11D4-BDB2-00105A776E78} (SMI MapView Control) - http://61.152.127.175/GIS/smiwmap.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://D:\Herosoft\HeroV8\DVDSkin\defskin\HTML\swflash.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://pcaststatic.mop.com/dn/files/pCastCtl_1.0.0.67_20050915.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA03B2AA-0DB1-4059-88AB-83C746CE2B4E}: NameServer = 202.96.209.5 202.101.8.18
O18 - Protocol: mbox - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINNT\system32\mbprot.dll
O20 - AppInit_DLLs: apihookdll.dll
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PPPoE Service - Unknown - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: Rising Personal Firewall Service - Beijing Rising Technology Corporation Limited - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center - rising - E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: Windows Archiver - Unknown - C:\WINNT\windat.exe
O23 - Service: WindowsSysBoot - Unknown - C:\WINNT\cytob.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET\WrOS.EXE

【回复“xiejunxiang”的帖子】



请楼主使用下面的两个多引擎扫描器扫描下列文件：
C:\WINNT\windat.exe
C:\WINNT\cytob.exe
多引擎扫描之Virustotal：

http://www.virustotal.com/
多引擎扫描之Jotti：

http://virusscan.jotti.org/


请务必将报告贴全。
将以下文件上报瑞星：
C:\WINNT\windat.exe
C:\WINNT\cytob.exe
建议卸载：
天下搜索
180搜
清空IE临时文件，暂时关闭系统还原。
建议下载并使用CoolWeb粉碎机：
[必读]本版说明及常用小软件下载第3楼有教程和下载地址。

http://forum.ikaka.com/topic.asp?board=67&artid=5188931。
重新启动至安全模式，关闭所有不必要的窗口，使用HijackThis扫描后修复（在需要修复的项目前面打对勾，然后按“Fix checked”或“修复”，修复前会询问您是否需要备份，请选择“Yes”或“是”）：
O23 - Service: Windows Archiver - Unknown - C:\WINNT\windat.exe
O23 - Service: WindowsSysBoot - Unknown - C:\WINNT\cytob.exe
显示隐藏文件和系统文件，删除（如果存在的话）：
C:\WINNT\windat.exe
C:\WINNT\cytob.exe
下载CleanUp!：
【整理】系统清理工具图文介绍

http://forum.ikaka.com/topic.asp?board=67&artid=7241088
待修复完成，如果问题依旧，请附上新的在安全模式下扫描的HijackThis扫描日志。
以上建议仅供参考，如果您认识其中的一些设置抑或是您的手动设置，就不必执行。

大哥，还是不行啊

Logfile of HijackThis v1.99.0
Scan saved at 21:13:19, on 2005-11-06
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
E:\PROGRAM FILES\RISING\RAV\RavStub.exe
d:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\WinPoET\WrOS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\Program Files\WinPoET\WinPPPoverEthernet.exe
d:\program files\rising\rfw\RfwMain.exe
E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
E:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\WINNT\system32\Internat.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\msiexec.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\Administrator\桌面\HijackThis.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 卡卡安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\kakatool.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Poco] ; d:\Program Files\PP\pp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [z-wrdialer] C:\Program Files\WinPoET\iVasionWinPoET.exe
O4 - HKLM\..\Run: [a-winpoet-service] C:\Program Files\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [RavTimer] E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] E:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [RfwMain] "d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKCU\..\Run: [Internat.exe] Internat.exe
O4 - HKCU\..\Run: [MsnMsgr] ; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Kuro_M3] ;
O4 - HKCU\..\Run: [Steam] ; D:\Valve\Steam\Steam.exe -silent
O4 - Global Startup: qq2003.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab_adult/MediaAccessVerisign/ie/bridge-c9.cab
O16 - DPF: {3A2B370C-BA0A-11D1-B137-0000F8753F5D} (Microsoft Chart Control 6.0 (SP4) (OLEDB)) - http://www.fangdi.com.cn/mschart.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/048e07f4ed0b3793cb05/netzip/RdxIE601_cn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130660590765
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://202.96.140.15:1995/talk.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {7A818607-0D4D-4C09-AB73-E4FC105FD9C3} (Web800 Control) - http://radio.cga.com.cn/mdc800.cab
O16 - DPF: {878FD82B-A4A2-494C-80F2-4938B345AD10} (SetupChat.SetupControl) - http://www.9liao.com.cn/setup/SetupChat.CAB
O16 - DPF: {8819C261-5B61-4628-908C-9BE795EABEC3} (IE Class) - http://www.95599.cn/download/ABC.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {C3485CCB-9037-41EF-B72C-749709AB68AA} (YLClientOCX.ClientOCX) - http://www.9liao.com.cn/ClientOCX.CAB
O16 - DPF: {CA828031-4325-11D4-BDB2-00105A776E78} (SMI MapView Control) - http://61.152.127.175/GIS/smiwmap.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://D:\Herosoft\HeroV8\DVDSkin\defskin\HTML\swflash.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://pcaststatic.mop.com/dn/files/pCastCtl_1.0.0.67_20050915.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: mbox - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINNT\system32\mbprot.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINNT\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx
O20 - AppInit_DLLs: apihookdll.dll
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PPPoE Service - Unknown - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: Rising Personal Firewall Service - Beijing Rising Technology Corporation Limited - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center - rising - E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET\WrOS.EXE

C:\WINNT\windat.exe
C:\WINNT\cytob.exe
我把这2个文件删除了，查出很多病毒
好像还有灰鸽子病毒

现在广告网页还是会自动弹出

【回复“xiejunxiang”的帖子】
您好，为了方便帮您解决问题，请您使用hijackthis把扫描的日志贴到贴子上来。

hijackthis下载：http://forum.ikaka.com/download.asp?id=5188960
hijackthis使用：http://it.rising.com.cn/newSite/Channels/anti_virus/Antivirus_Faq/TopicExplorerPagePackage/hijackthis.htm

谢谢
Logfile of HijackThis v1.99.0
Scan saved at 23:11:50, on 2005-11-06
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
E:\PROGRAM FILES\RISING\RAV\RavStub.exe
d:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\WinPoET\WrOS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\WinPoET\WinPPPoverEthernet.exe
E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
E:\PROGRA~1\RISING\RAV\RAVMON.EXE
D:\Program Files\Rising\Rfw\rfwmain.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\WINNT\system32\Internat.exe
C:\WINNT\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\桌面\HijackThis.exe
C:\WINNT\notepad.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 卡卡安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\kakatool.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Poco] ; d:\Program Files\PP\pp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [z-wrdialer] C:\Program Files\WinPoET\iVasionWinPoET.exe
O4 - HKLM\..\Run: [a-winpoet-service] C:\Program Files\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [RavTimer] E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] E:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [RfwMain] "d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKCU\..\Run: [Internat.exe] Internat.exe
O4 - HKCU\..\Run: [MsnMsgr] ; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Kuro_M3] ;
O4 - HKCU\..\Run: [Steam] ; D:\Valve\Steam\Steam.exe -silent
O4 - Global Startup: qq2003.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\Program Files\浩方对战平台\GameClient.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab_adult/MediaAccessVerisign/ie/bridge-c9.cab
O16 - DPF: {3A2B370C-BA0A-11D1-B137-0000F8753F5D} (Microsoft Chart Control 6.0 (SP4) (OLEDB)) - http://www.fangdi.com.cn/mschart.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/048e07f4ed0b3793cb05/netzip/RdxIE601_cn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130660590765
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://202.96.140.15:1995/talk.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {7A818607-0D4D-4C09-AB73-E4FC105FD9C3} (Web800 Control) - http://radio.cga.com.cn/mdc800.cab
O16 - DPF: {878FD82B-A4A2-494C-80F2-4938B345AD10} (SetupChat.SetupControl) - http://www.9liao.com.cn/setup/SetupChat.CAB
O16 - DPF: {8819C261-5B61-4628-908C-9BE795EABEC3} (IE Class) - http://www.95599.cn/download/ABC.cab
O16 - DPF: {C3485CCB-9037-41EF-B72C-749709AB68AA} (YLClientOCX.ClientOCX) - http://www.9liao.com.cn/ClientOCX.CAB
O16 - DPF: {CA828031-4325-11D4-BDB2-00105A776E78} (SMI MapView Control) - http://61.152.127.175/GIS/smiwmap.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://D:\Herosoft\HeroV8\DVDSkin\defskin\HTML\swflash.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://pcaststatic.mop.com/dn/files/pCastCtl_1.0.0.67_20050915.cab
O18 - Protocol: mbox - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINNT\system32\mbprot.dll
O20 - AppInit_DLLs: apihookdll.dll
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PPPoE Service - Unknown - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: Rising Personal Firewall Service - Beijing Rising Technology Corporation Limited - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center - rising - E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET\WrOS.EXE

【回复“xiejunxiang”的帖子】
http://angelsword.bokee.com/inc/black.gif
清空IE临时文件，暂时关闭系统还原。重新启动至安全模式，关闭所有不必要的窗口，使用HijackThis扫描后修复（在需要修复的项目前面打对勾，然后按“Fix checked”或“修复”，修复前会询问您是否需要备份，请选择“Yes”或“是”）：
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: mbox - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINNT\system32\mbprot.dll
显示隐藏文件和系统文件，删除（如果存在的话）：
C:\WINNT\system32\mbprot.dll
C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
待修复完成，如果问题依旧，请附上新的在安全模式下扫描的HijackThis扫描日志。
以上建议仅供参考，如果您认识其中的一些设置抑或是您的手动设置，就不必执行。

谢谢，我用诺顿已经解决了，看来瑞星还是要提高啊

WinFixer