Logfile of HijackThis v1.99.1
Scan saved at 19:44:20, on 2006-12-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rfw\rfwmain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Windows\system32\JOVCKR.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\AntiSpyware\runiep.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Rising\Rav\RavMonD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\wuauclt.exe
D:\有用软件\木马\HijackThis.exe

O1 - Hosts: 202.109.114.142 survey88.allyes.com
O1 - Hosts: 202.109.114.142 adtaobao.allyes.com
O1 - Hosts: 202.109.114.142 smarttaobao.allyes.com
O1 - Hosts: 202.109.114.142 code.qihoo.com
O1 - Hosts: 202.109.114.142 union.mop.com
O1 - Hosts: 202.109.114.142 js.kkunion.com
O1 - Hosts: 202.109.114.142 v.kkunion.com
O1 - Hosts: 202.109.114.142 v.21cn.com
O1 - Hosts: 202.109.114.142 iplusms.allyes.com
O1 - Hosts: 202.109.114.142 mms.t2t2.com
O1 - Hosts: 202.109.114.142 ivr.dobig.net
O1 - Hosts: 202.109.114.142 www.u8u.com
O1 - Hosts: 202.109.114.142 u.u8u.com
O1 - Hosts: 202.109.114.142 img.zhangxiu.com
O1 - Hosts: 202.109.114.142 tl.linktone.com
O1 - Hosts: 202.109.114.142 channel.e78.com
O1 - Hosts: 202.109.114.142 u.7town.com
O1 - Hosts: 202.109.114.142 union.95ol.com.cn
O1 - Hosts: 202.109.114.142 mms1.95ol.com.cn
O1 - Hosts: 202.109.114.142 mfs.95ol.com.cn
O1 - Hosts: 202.109.114.142 tl.a8.com
O1 - Hosts: 202.109.114.142 ad01.a8.com
O1 - Hosts: 202.109.114.142 u2.caiku.com
O1 - Hosts: 202.109.114.142 mms.caiku.com
O1 - Hosts: 202.109.114.142 code1.caiku.com
O1 - Hosts: 202.109.114.142 pub.lele.com
O1 - Hosts: 202.109.114.142 u.lele.com
O1 - Hosts: 202.109.114.142 7town.com
O1 - Hosts: 202.109.114.142 tvsend.7town.com
O1 - Hosts: 202.109.114.142 ivrsend.7town.com
O1 - Hosts: 202.109.114.142 tlt.7town.com
O1 - Hosts: 202.109.114.142 gsend.7town.com
O1 - Hosts: 202.109.114.142 smssend.7town.com
O1 - Hosts: 202.109.114.142 mmssend.moyu.com
O1 - Hosts: 202.109.114.142 91ivr.com
O1 - Hosts: 202.109.114.142 myad.91ivr.com
O1 - Hosts: 202.109.114.142 u.91ivr.com
O1 - Hosts: 202.109.114.142 union.91ivr.com
O1 - Hosts: 203.191.146.205 corep.dmcast.com
O1 - Hosts: 203.191.146.205 m081.dmcast.com
O1 - Hosts: 203.191.146.205 dcww.dmcast.com
O1 - Hosts: 203.191.146.205 renren.dmcast.com
O1 - Hosts: 203.191.146.205 files.henbang.net
O1 - Hosts: 203.191.146.205 bannerbox.cn
O1 - Hosts: 203.191.146.205 www.bannerbox.cn
O1 - Hosts: 203.191.146.205 action.coopen.cn
O1 - Hosts: 203.191.146.205 u4.sky99.cn
O1 - Hosts: 203.191.146.205 u1.sky99.cn
O1 - Hosts: 203.191.146.205 u2.sky99.cn
O1 - Hosts: 203.191.146.205 u3.sky99.cn
O1 - Hosts: 203.191.146.205 sky99.cn
O1 - Hosts: 203.191.146.205 u.sky99.cn
O1 - Hosts: 203.191.146.205 u.ete.cn
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 www.365tan.com
O1 - Hosts: 203.191.146.205 www.winopen.cn
O1 - Hosts: 203.191.146.205 www.tanip.com
O1 - Hosts: 203.191.146.205 alexaanywhere.com
O1 - Hosts: 203.191.146.205 jssb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ns250.alexaanywhere.com
O1 - Hosts: 203.191.146.205 sb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 pop.9v.cn
O1 - Hosts: 203.191.146.205 xuni.myad.cn
O1 - Hosts: 203.191.146.205 iebar.t2t2.com
O1 - Hosts: 203.191.146.205 error.newcell.cn
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O1 - Hosts: 203.191.146.205 cns.3721.com
O1 - Hosts: 203.191.146.205 seek.3721.com
O1 - Hosts: 203.191.146.205 name.cnnic.cn
O1 - Hosts: 203.191.146.205 toolsbar.kuaiso.com
O1 - Hosts: 203.191.146.205 www.kuaiso.com
O1 - Hosts: 203.191.146.205 kuaiso.com
O1 - Hosts: 203.191.146.205 www.copyso.com
O1 - Hosts: 203.191.146.205 union.copyso.com
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O1 - Hosts: 203.191.146.205 ok.mop-hz.com
O1 - Hosts: 203.191.146.205 www.ncast.cn
O1 - Hosts: 203.191.146.205 www.ads3721.com
O1 - Hosts: 203.191.146.205 360.ads3721.com
O1 - Hosts: 203.191.146.205 www.maohehe.com
O1 - Hosts: 203.191.146.205 www.5566.net
O1 - Hosts: 203.191.146.205 5566.net
O1 - Hosts: 203.191.146.205 www.gjj.cc
O1 - Hosts: 203.191.146.205 gjj.cc
O1 - Hosts: 203.191.146.205 www.9495.com
O1 - Hosts: 203.191.146.205 9495.com
O1 - Hosts: 203.191.146.205 my123.com
O1 - Hosts: 203.191.146.205 www.my123.com
O1 - Hosts: 203.191.146.205 7b.com.cn
O1 - Hosts: 203.191.146.205 www.7b.com.cn
O1 - Hosts: 203.191.146.205 www.3567.com
O1 - Hosts: 203.191.146.205 3567.com
O1 - Hosts: 203.191.146.205 www.37021.com
O1 - Hosts: 203.191.146.205 37021.com
O1 - Hosts: 203.191.146.205 www.haourl.com
O1 - Hosts: 203.191.146.205 haourl.com
O1 - Hosts: 203.191.146.205 www.37021.net
O1 - Hosts: 203.191.146.205 37021.net
O1 - Hosts: 203.191.146.205 www.4199.com
O1 - Hosts: 203.191.146.205 4199.com
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQIEHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file)
O4 - HKLM\..\Run: [PHIME2002A] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\RunOnce: [Super Rabbit SRCK] "C:\Program Files\Super Rabbit\MagicSet\srck.exe" /autokill:264,198
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 使用BitComet下载(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: 使用BitComet下载全部链接 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQIEHelper.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O17 - HKLM\System\CCS\Services\Tcpip\..\{0684C455-8DCC-4A59-9BD1-692B213F8DBA}: NameServer = 202.103.44.150 202.103.24.68
O17 - HKLM\System\CS3\Services\Tcpip\..\{0684C455-8DCC-4A59-9BD1-692B213F8DBA}: NameServer = 202.103.44.150 202.103.24.68
O23 - Service: 2820B083 - Unknown owner - C:\WINDOWS\system32\2820B083.EXE (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: LGKaiSiteS (LGKaiSite) - Unknown owner - C:\Windows\system32\JOVCKR.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\RavMonD.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Promise Technology, Inc. - (no file)

查找HOSTS文件，用记事打开，清除里面的
只留这一项：127.0.0.1

卸载QQ,删除整个QQ目录
2,用黄山IE修复专家8.31版本CTRL+D强力修复

右键IE防漏墙→启动瑞星卡卡上网助手→IE及系统修复→把HOSTS文件里所有01选中后点击修复
用HijackThis修复
O23 - Service: 2820B083 - Unknown owner - C:\WINDOWS\system32\2820B083.EXE (file missing)