用了最新的瑞星查到startpage，但是始终清不掉

Logfile of HijackThis v1.99.1
Scan saved at 20:49:38, on 2005-11-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\WINDOWS\system32\rundll32.exe
E:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\kxmixer.exe
E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Winamp\winamp.exe
D:\Program Files\BitComet Accelerator\BitComet Accelerator.exe
F:\BitComet\BitComet.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Maxthon\Maxthon.exe
E:\hijack\HijackThis199.exe

O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\system32\kxmixer.exe --startup
O4 - HKLM\..\Run: [RavTimer] E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] E:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\getAllurl.htm
O8 - Extra context menu item: &使用迷你迅雷下载 - D:\Program Files\Thunder Network\ThunderMini\geturl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - D:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 查看 Exif/GPS/IPTC 信息 - d:\Program Files\Opanda\IExif 2.25\IExifCom.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\qq\SendMMS.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O17 - HKLM\System\CCS\Services\Tcpip\..\{E183DBC7-CFCE-416E-A6E4-E115BC80C70C}: NameServer = 202.96.128.166 61.144.56.101
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\hrl0053me.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: SSH Sentinel (SSHIPM) - Unknown owner - d:\Program Files\SSH Communications Security\SSH Sentinel\sshipm.exe" -d (file missing)
O23 - Service: SSH Sentinel Monitor (SSHMONITOR) - Unknown owner - d:\Program Files\SSH Communications Security\SSH Sentinel\sshmonitor.exe

【回复“yorkinlin”的帖子】
修复;O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\hrl0053me.dll

另,请清空一下IE缓存.
开始--控制面版--internet选项--删除文件--删除所有脱机内容

谢谢版主，我试过修复，但是仍然删除不了，脱机内容我也清空了，重启以后有变成了另外一个DLL


Logfile of HijackThis v1.99.1
Scan saved at 22:36:03, on 2005-11-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\WINDOWS\system32\rundll32.exe
E:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\kxmixer.exe
E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
E:\PROGRA~1\RISING\RAV\RAVMON.EXE
E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\UltraEdit\Uedit32.exe
D:\Program Files\Maxthon\Maxthon.exe
E:\hijack\HijackThis199.exe

O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\system32\kxmixer.exe --startup
O4 - HKLM\..\Run: [RavTimer] E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] E:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\getAllurl.htm
O8 - Extra context menu item: &使用迷你迅雷下载 - D:\Program Files\Thunder Network\ThunderMini\geturl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - D:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 查看 Exif/GPS/IPTC 信息 - d:\Program Files\Opanda\IExif 2.25\IExifCom.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\qq\SendMMS.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O17 - HKLM\System\CCS\Services\Tcpip\..\{E183DBC7-CFCE-416E-A6E4-E115BC80C70C}: NameServer = 202.96.128.166 61.144.56.101
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\lvlq0935e.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: SSH Sentinel (SSHIPM) - Unknown owner - d:\Program Files\SSH Communications Security\SSH Sentinel\sshipm.exe" -d (file missing)
O23 - Service: SSH Sentinel Monitor (SSHMONITOR) - Unknown owner - d:\Program Files\SSH Communications Security\SSH Sentinel\sshmonitor.exe

请使用
【推荐】Look2Me Remover
http://forum.ikaka.com/topic.asp?board=67&artid=7440953
中介绍的工具进行修复

刚刚试过Look2Me Remover,检查到注册表有选项，但是删除以后再检查仍然看到有，到底是怎么回事啊？？好烦啊。。瑞星就老是报startpage



Logfile of HijackThis v1.99.1
Scan saved at 23:11:18, on 2005-11-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\WINDOWS\system32\rundll32.exe
E:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\kxmixer.exe
E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
E:\hijack\HijackThis199.exe

O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\system32\kxmixer.exe --startup
O4 - HKLM\..\Run: [RavTimer] E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] E:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\getAllurl.htm
O8 - Extra context menu item: &使用迷你迅雷下载 - D:\Program Files\Thunder Network\ThunderMini\geturl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - D:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 查看 Exif/GPS/IPTC 信息 - d:\Program Files\Opanda\IExif 2.25\IExifCom.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\qq\SendMMS.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\l8j8li1u18.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: SSH Sentinel (SSHIPM) - Unknown owner - d:\Program Files\SSH Communications Security\SSH Sentinel\sshipm.exe" -d (file missing)
O23 - Service: SSH Sentinel Monitor (SSHMONITOR) - Unknown owner - d:\Program Files\SSH Communications Security\SSH Sentinel\sshmonitor.exe

用Look2Me每次扫描删除以后，重启再扫描都会扫描到另外一个改了名字的选项

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\BITS

BITS每次都会变化成另外的名字，手动删除也没用。。。
惨。。。到底怎么回事

再试试
http://forum.ikaka.com/topic.asp?board=67&artid=7358637
中介绍的方法

魔法学徒:试过了，但还是不行，提示无法删除DLL文件，在安全模式下也是一样！！难道真的要格式化才能解决？？

建议您关闭系统还原、清空IE临时文件夹在安全模式下用Look2Me再次查杀！

引用:

【飞跃迷离的贴子】建议您关闭系统还原、清空IE临时文件夹在安全模式下用Look2Me再次查杀！ ...........................

试过了！还是不行，再次运行Look2Me仍然查到注册表有疑问