Trojan.DL.VBS.Agent.cgk,这个木马,我的网站也中上了,怎么办?
我的是中学数学网（群英学科）http://www.qyxk.net

Logfile of HijackThis v1.99.1
Scan saved at 12:23:36, on 2006-11-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rfw\rfwmain.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\小桂闹钟v1.80\小桂闹钟v1.80.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Trojan Clean Expert 2006\mmqczj.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\Tencent\QQ\TIMPlatform.exe
D:\Program Files\Tencent\QQ\QQ.exe
C:\Documents and Settings\GuTongFang\桌面\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [小桂闹钟] C:\Program Files\小桂闹钟v1.80\小桂闹钟v1.80.exe
O4 - HKLM\..\Run: [xMapBar] C:\Program Files\xM\hide.exe
O4 - HKLM\..\Run: [木马清除专家] C:\Program Files\Trojan Clean Expert 2006\mmqczj.exe
O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O23 - Service: DHCP Service - Unknown owner - C:\WINDOWS\system32\service.exe (file missing)
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

和你一样

请大家回答一下>...

你把一些小的应用程序卸了再扫个日志上来.
不然,说不清楚,比如你那个小闹钟什么的.exe文件也有可能加木马

HKLM\..\Run: [xMapBar] C:\Program Files\xM\hide.exe
这个是你应用程序?hide.exe!

跟楼主一样，都是弹出那样的窗口

先清空IE临时文件夹和系统还原

然后用SREG把O23 - Service: DHCP Service - Unknown owner - C:\WINDOWS\system32\service.exe (file missing)
这个服务停止或者删除,并把相应的文件删除!

运行Hijackthis，把下面的选中打上钩，修复
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
TEMP文件夹到安全模式下清空