不知道怎么中的，没次打开我已经设定好的空白浏览器时，瑞星就弹出警告框，说


注册表项：  HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
发现：      修改<Start Page>值为<http://www.234567.com/>改注册项
进程名称：  C:\WINDOWS\system32\IEXPL0RE.exe

这个该如何解决啊！

以下是卡卡扫到的日志
Logfile of Kaka v2. 0. 0. 9 Scan Module v2. 0. 0. 1
Scan saved at 01:50:13, on 2001-01-01
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))


Running processes:
[smss.exe]
CommandLine =

[csrss.exe]
CommandLine = C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[winlogon.exe]
CommandLine = winlogon.exe

[services.exe]
CommandLine = C:\WINDOWS\system32\services.exe

[lsass.exe]
CommandLine = C:\WINDOWS\system32\lsass.exe

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k DcomLaunch

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k rpcss

[CCenter.exe]
CommandLine = "C:\Program Files\Rising\Rav\CCenter.exe"

[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k netsvcs

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k NetworkService

[RavMonD.exe]
CommandLine = "C:\Program Files\Rising\Rav\Ravmond.exe"

[rfwsrv.exe]
CommandLine = "c:\program files\rising\rfw\rfwsrv.exe"

[Explorer.EXE]
CommandLine = C:\WINDOWS\Explorer.EXE

[spoolsv.exe]
CommandLine = C:\WINDOWS\system32\spoolsv.exe

[RavStub.exe]
CommandLine = "C:\Program Files\Rising\Rav\RavStub.exe" /RAVMOND

[RFWMAIN.EXE]
CommandLine =  -StartUp

[Rainlendar.exe]
CommandLine = "C:\Program Files\Rainlendar\Rainlendar.exe"

[WinRoll.exe]
CommandLine = "C:\Program Files\WinRoll\WinRoll.exe"

[YzShadow.exe]
CommandLine = "C:\Program Files\YZShadow\YZShadow.exe"

[jusched.exe]
CommandLine = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"

[RavTask.exe]
CommandLine = "C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM

[RavMon.exe]
CommandLine = "C:\Program Files\Rising\Rav\Ravmon.exe" -SYSTEM

[realsched.exe]
CommandLine = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[ctfmon.exe]
CommandLine = "C:\WINDOWS\system32\ctfmon.exe"

[wdfmgr.exe]
CommandLine = C:\WINDOWS\system32\wdfmgr.exe

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k LocalService

[wuauclt.exe]
CommandLine = "C:\WINDOWS\system32\wuauclt.exe"

[conime.exe]
CommandLine = C:\WINDOWS\system32\conime.exe

[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k HTTPFilter

[IEXPL0RE.exe]
CommandLine = C:\WINDOWS\system32\IEXPL0RE.exe http://band.234567.com/ads/home.htm

[IEXPL0RE.exe]
CommandLine = C:\WINDOWS\system32\IEXPL0RE.exe http://band.234567.com/ads/home.htm

[Rav.exe]
CommandLine = "C:\Program Files\Rising\Rav\Rav.exe"

[IEXPL0RE.exe]
CommandLine = C:\WINDOWS\system32\IEXPL0RE.exe http://band.234567.com/ads/home.htm

[iexplore.exe]
CommandLine = "C:\Program Files\Internet Explorer\iexplore.exe"

[IEXPL0RE.exe]
CommandLine = C:\WINDOWS\system32\IEXPL0RE.exe http://band.234567.com/ads/home.htm

[KkScan.exe]
CommandLine = "C:\Program Files\Rising\KakaToolBar\KkScan.exe"

R3 - Default URLSearchHook is missing
O2 - BHO: Internet Explorer helper Objects - {9C9F9B89-B243-4613-9710-87060F137118} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSIEHE~1.DLL
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe
O4 - HKLM\..\Run: [Rainlendar] C:\Program Files\Rainlendar\Rainlendar.exe
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [WinRoll] C:\Program Files\WinRoll\WinRoll.exe
O4 - HKLM\..\Run: [YzDock] C:\Program Files\YzDock\YzDock.exe
O4 - HKLM\..\Run: [YZShadow] C:\Program Files\YZShadow\YZShadow.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe
O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - Startup: desktop.ini =
O4 - Global Startup: desktop.ini =
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\Tencent\QQ\SendMMS.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2642597-795D-4353-B145-0148F8190C52}: NameServer = 211.90.88.129 211.95.1.97
O18 - Filter : application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll
O18 - Filter : application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll
O18 - Filter : application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O23 - Service: Human Interface Device Access (HidServ) -  - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\Rising\Rav\CCenter.exe"
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\Rising\Rav\Ravmond.exe"

O4 - HKCU\..\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe
启动项
C:\WINDOWS\system32\Realplayer.exe
C:\WINDOWS\system32\Realplayer.exe
运行中的程序
C:\WINDOWS\system32\brlmon.dll

解决方法
解决方法如下
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
ALT+CTRL+DELETE调出任务管理器,终止explorer.exe 还有Realplayer.exe的进程
点“文件”“新任务”“浏览”找到C:\WINDOWS\system32\Realplayer.exe
删除Realplayer.exe
点“文件”“新任务”“浏览”找到C:\WINDOWS\explorer.exe,双击打开
请下载SRENG2, 下载地址：http://free5.ys168.com/?ufwihgu168

运行(双击)System Repair Engineer，使用“启动项目，注册表”来删除以下选项。
C:\WINDOWS\system32\Realplayer.exe
C:\WINDOWS\system32\Realplayer.exe
删除
C:\WINDOWS\system32\brlmon.dll

显示隐藏文件
删除
C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSIEHE~1.DLL

C:\WINDOWS\system32\Realplayer.exe
病毒可能回在brlmon.dll,RavMon.dll,Rsvtub.dll（
这3个文件会有一个，因为是3个变种）还有就是,寻找类似v2006XXXX.rar的文件
把它删除 XXXX代表日期 比如 0829 0830 0831 0901 0902.


修复后，请下载SREng2 ，使用“智能扫描”，按下“扫描”按钮进行扫描，
扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完，分次粘完，请不要修改。

下载地址
http://free5.ys168.com/?ufwihgu168

SREng2 这个软件怎么打开啊，老是弹出什么本软件已过期之类的授权对话框

引用:

【坊间记忆的贴子】SREng2 这个软件怎么打开啊，老是弹出什么本软件已过期之类的授权对话框 ………………

如图

注意你系统的时间是否正确
你的系统还有病毒的，修复后快扫个日志粘上来。