各位版主，各位高手们大家好，我想请问一下，我的浏览器被这个恶意网站劫持，使用hijackthis 1.99.1汉化版和卡卡上网安全助手（推荐修复与彻底修复都已使用过并重新启动了电脑）均无法完全修复，在修复之后过一段时间该网站就会自动将自己注册为默认主页，并且每隔一段时间自动弹出该网站的窗口，请问这个问题该如何解决？附上卡卡上网安全助手和hijackthis的扫描日志如下：

HijackThis_815汉化版扫描日志 V1.99.1
保存于      17:37:43, 日期 2006-1-15
操作系统：  Windows XP  (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 (6.00.2600.0000)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\usb.exe
C:\Program Files\Filseclab\Twister\twister.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Common Files\Filseclab\FilMsg.exe
C:\Program Files\Thunder Network\Thunder\Thunder.exe
C:\Program Files\Rising\KakaToolBar\KkScan.exe
C:\Program Files\HijackThis1991汉化版\HijackThis1991zww.exe

R3 - 默认的URLSearchHook丢失。用HijackThis修复
O1 - Hosts: 218.85.139.122 minisite.qq.com
O1 - Hosts: 218.85.139.122 www.minisite.qq.com
O1 - Hosts: 218.85.139.122 cnww.net
...（O1部分还有若干项，已略去）
O1 - Hosts: 218.85.139.122 chinanim.com
O1 - Hosts: 218.85.139.122 www.chinanim.com
O1 - Hosts: 218.85.139.122 comicer.com
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\kakatool.dll
O4 - 启动项HKLM\\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
O4 - 启动项HKLM\\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s
O4 - 启动项HKLM\\Run: [usb] C:\WINDOWS\System32\usb.exe
O4 - 启动项HKLM\\Run: [twister] "C:\Program Files\Filseclab\Twister\twister.exe" -a
O4 - 启动项HKLM\\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - 启动项HKLM\\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
O4 - 启动项HKLM\\Run: [桌面图标文字自动透明] C:\Program Files\Wom\WinMem.exe XP
O4 - 启动项HKLM\\Run: [DAEMON Tools] "H:\DAEMON Tools\daemon.exe" -lang 2052
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: usb.exe
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Microtek 扫描仪探测器.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: 费尔消息服务.lnk = C:\Program Files\Common Files\Filseclab\FilMsg.exe
O10 - 未知的文件在 Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - 未知的文件在 Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - 未知的文件在 Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - 未知的文件在 Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - 未知的文件在 Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O11 - Options group: [TBH] QQ地址栏搜索
O23 - NT 服务: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

卡卡上网安全助手扫描日志：

Logfile of Kaka v2. 0. 0. 5 Scan Module v2. 0. 0. 1
Scan saved at 17:39:29, on 2006-01-15
Platform: Microsoft Windows XP Personal  (Build 2600)
MSIE: Internet Explorer v6.00  (6.00.2600.0000 (xpclient.010817-1148))


Running processes:
[SMSS.EXE]
CommandLine =

[CSRSS.EXE]
CommandLine = C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[WINLOGON.EXE]
CommandLine = winlogon.exe

[SERVICES.EXE]
CommandLine = C:\WINDOWS\system32\services.exe

[LSASS.EXE]
CommandLine = C:\WINDOWS\system32\lsass.exe

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\system32\svchost -k rpcss

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\System32\svchost.exe -k netsvcs

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\System32\svchost.exe -k NetworkService

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\System32\svchost.exe -k LocalService

[SPOOLSV.EXE]
CommandLine = C:\WINDOWS\system32\spoolsv.exe

[WDFMGR.EXE]
CommandLine = C:\WINDOWS\System32\wdfmgr.exe

[EXPLORER.EXE]
CommandLine = C:\WINDOWS\Explorer.EXE

[realsched.exe]
CommandLine = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[USB.EXE]
CommandLine = "C:\WINDOWS\System32\usb.exe"

[Twister.exe]
CommandLine = "C:\Program Files\Filseclab\Twister\twister.exe" -a

[GNOTIFY.EXE]
CommandLine = "C:\Program Files\Google\Gmail Notifier\gnotify.exe"

[XFILTER.EXE]
CommandLine = "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a

[CTFMON.EXE]
CommandLine = "C:\WINDOWS\System32\ctfmon.exe"

[ScannerFinder.exe]
CommandLine = "C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe"

[FilMsg.exe]
CommandLine = "C:\Program Files\Common Files\Filseclab\FilMsg.exe"

[Thunder.exe]
CommandLine = "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s

[KkScan.exe]
CommandLine = "C:\Program Files\Rising\KakaToolBar\KkScan.exe"

[HijackThis1991zww.exe]
CommandLine = "C:\Program Files\HijackThis1991汉化版\HijackThis1991zww.exe"

[notepad.exe]
CommandLine = C:\WINDOWS\System32\NOTEPAD.EXE C:\Program Files\HijackThis1991汉化版\hijackthis.log

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,default_page_url=http://168wz.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=http://168wz.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://168wz.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,default_page_url=http://168wz.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=http://168wz.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://168wz.net
R3 - Default URLSearchHook is missing
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\kakatool.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
O4 - HKLM\..\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s
O4 - HKLM\..\Run: [usb] C:\WINDOWS\System32\usb.exe
O4 - HKLM\..\Run: [twister] "C:\Program Files\Filseclab\Twister\twister.exe" -a
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
O4 - HKLM\..\Run: [桌面图标文字自动透明] C:\Program Files\Wom\WinMem.exe XP
O4 - HKLM\..\Run: [DAEMON Tools] "H:\DAEMON Tools\daemon.exe" -lang 2052
O4 - Startup: desktop.ini =
O4 - Startup: usb.exe =
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: desktop.ini =
O4 - Global Startup: Microtek 扫描仪探测器.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: 费尔消息服务.lnk = C:\Program Files\Common Files\Filseclab\FilMsg.exe
O10 - Unknown file in Winsock LSP: C:\Program Files\Filseclab\xfilter\XFILTER.DLL
O10 - Unknown file in Winsock LSP: C:\Program Files\Filseclab\xfilter\XFILTER.DLL
O10 - Unknown file in Winsock LSP: C:\Program Files\Filseclab\xfilter\XFILTER.DLL
O10 - Unknown file in Winsock LSP: C:\Program Files\Filseclab\xfilter\XFILTER.DLL
O10 - Unknown file in Winsock LSP: C:\Program Files\Filseclab\xfilter\XFILTER.DLL
O11 - Options group: [TBH] QQ地址栏搜索
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O23 - Service: Application Management (AppMgmt) -  - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Crypkey License (Crypkey License) -  - crypserv.exe
O23 - Service: Human Interface Device Access (HidServ) -  - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: kavsvc (kavsvc) - Kaspersky Lab - "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"

请大家帮忙解决一下，先谢谢大家了！

利用www.virustotal.com检查C:\windows\system32\usb.exe的结果如下：

AntivirusVersionUpdateResult
AntiVir6.33.0.7701.14.2006TR/Qhost.EQ
Avast4.6.695.001.15.2006no virus found
AVG71801.14.2006no virus found
Avira6.33.0.7701.14.2006TR/Qhost.EQ
BitDefender7.201.15.2006BehavesLike:Trojan.StartPage
CAT-QuickHeal8.0001.14.2006no virus found
ClamAVdevel-2005112301.15.2006no virus found
DrWeb4.3301.14.2006STPAGE.Trojan
eTrust-Iris7.1.194.001.14.2006no virus found
eTrust-Vet12.4.1.001.13.2006no virus found
Ewido3.501.15.2006no virus found
Fortinet2.54.0.001.15.2006StartPage.C!tr
F-Prot3.16c01.13.2006no virus found
Ikarus0.2.59.001.13.2006no virus found
Kaspersky4.0.2.2401.15.2006no virus found
McAfee467401.13.2006Generic StartPage.c
NOD32v21.136501.14.2006no virus found
Norman5.70.1001.13.2006W32/Malware
Panda9.0.0.401.14.2006Adware/Startpage.AOP
Sophos4.01.001.15.2006no virus found
Symantec8.001.15.2006no virus found
TheHacker5.9.2.07401.14.2006no virus found
UNA1.8301.13.2006no virus found
VBA323.10.501.15.2006no virus found

同时在c盘根目录下发现与C:\windows\system32\usb.exe完全相同的文件。将此2文件手动删除后，无法在“我的电脑”下通过双击打开C盘，提示为：

Windows无法定位“usb.exe”。
该程序用于打开“文件”类型的文件。
请重新定位该文件的位置。

但是通过在“我的电脑”窗口中的地址栏输入“c:”即可进入C盘。
当时并未多加注意，直接在hijackthis中修复了所有的O1项和R3项。重新启动后，主页再次被修改。已删除的c:\usb.exe和c:\windows\system32\usb.exe也再次出现。

此时再次使用hijackthis进行扫描，结果与修复前除R3项之外完全相同。
请1楼的朋友及其他各路高手都来看看吧，谢谢了。

新的完全版hijackthis扫描日志：

HijackThis_815汉化版扫描日志 V1.99.1
保存于      19:05:35, 日期 2006-1-15
操作系统：  Windows XP  (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 (6.00.2600.0000)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Filseclab\Twister\twister.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Common Files\Filseclab\FilMsg.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Thunder Network\Thunder\Thunder.exe
C:\Program Files\HijackThis1991汉化版\HijackThis1991zww.exe

O1 - Hosts: 218.85.139.122 minisite.qq.com
O1 - Hosts: 218.85.139.122 www.minisite.qq.com
O1 - Hosts: 218.85.139.122 cnww.net
O1 - Hosts: 218.85.139.122 www.cnww.net
O1 - Hosts: 218.85.139.122 zhao123.com
O1 - Hosts: 218.85.139.122 www.zhao123.com
O1 - Hosts: 218.85.139.122 4399.com
O1 - Hosts: 218.85.139.122 www.4399.com
O1 - Hosts: 218.85.139.122 chinagames.net
O1 - Hosts: 218.85.139.122 www.chinagames.net
O1 - Hosts: 218.85.139.122 tiexue.net
O1 - Hosts: 218.85.139.122 www.tiexue.net
O1 - Hosts: 218.85.139.122 qq163.com
O1 - Hosts: 218.85.139.122 www.qq163.com
O1 - Hosts: 218.85.139.122 tt67.com
O1 - Hosts: 218.85.139.122 www.tt67.com
O1 - Hosts: 218.85.139.122 chinamp3.com
O1 - Hosts: 218.85.139.122 www.chinamp3.com
O1 - Hosts: 218.85.139.122 pg168.com
O1 - Hosts: 218.85.139.122 www.pg168.com
O1 - Hosts: 218.85.139.122 yymp3.com
O1 - Hosts: 218.85.139.122 www.yymp3.com
O1 - Hosts: 218.85.139.122 yy138.com
O1 - Hosts: 218.85.139.122 www.yy138.com
O1 - Hosts: 218.85.139.122 dj99.com
O1 - Hosts: 218.85.139.122 www.dj99.com
O1 - Hosts: 218.85.139.122 sogua.com
O1 - Hosts: 218.85.139.122 www.sogua.com
O1 - Hosts: 218.85.139.122 snsn.net
O1 - Hosts: 218.85.139.122 www.snsn.net
O1 - Hosts: 218.85.139.122 flash8.net
O1 - Hosts: 218.85.139.122 www.flash8.net
O1 - Hosts: 218.85.139.122 mop.com
O1 - Hosts: 218.85.139.122 www.mop.com
O1 - Hosts: 218.85.139.122 tianyaclub.com
O1 - Hosts: 218.85.139.122 www.tianyaclub.com
O1 - Hosts: 218.85.139.122 xici.net
O1 - Hosts: 218.85.139.122 www.xici.net
O1 - Hosts: 218.85.139.122 ucanlove.com
O1 - Hosts: 218.85.139.122 www.ucanlove.com
O1 - Hosts: 218.85.139.122 cmfu.com
O1 - Hosts: 218.85.139.122 www.cmfu.com
O1 - Hosts: 218.85.139.122 21red.net
O1 - Hosts: 218.85.139.122 www.21red.net
O1 - Hosts: 218.85.139.122 pconline.com.cn
O1 - Hosts: 218.85.139.122 www.pconline.com.cn
O1 - Hosts: 218.85.139.122 donews.com
O1 - Hosts: 218.85.139.122 www.donews.com
O1 - Hosts: 218.85.139.122 pcauto.com.cn
O1 - Hosts: 218.85.139.122 www.pcauto.com.cn
O1 - Hosts: 218.85.139.122 wo99.com
O1 - Hosts: 218.85.139.122 www.wo99.com
O1 - Hosts: 218.85.139.122 flashempire.com
O1 - Hosts: 218.85.139.122 www.flashempire.com
O1 - Hosts: 218.85.139.122 showgood.tv
O1 - Hosts: 218.85.139.122 www.showgood.tv
O1 - Hosts: 218.85.139.122 flashfan.net
O1 - Hosts: 218.85.139.122 www.flashfan.net
O1 - Hosts: 218.85.139.122 long21.net
O1 - Hosts: 218.85.139.122 www.long21.net
O1 - Hosts: 218.85.139.122 socom
O1 - Hosts: 218.85.139.122 www.socom
O1 - Hosts: 218.85.139.122 flashhome.net
O1 - Hosts: 218.85.139.122 www.flashhome.net
O1 - Hosts: 218.85.139.122 cnflash.net
O1 - Hosts: 218.85.139.122 www.cnflash.net
O1 - Hosts: 218.85.139.122 flashsky.com
O1 - Hosts: 218.85.139.122 www.flashsky.com
O1 - Hosts: 218.85.139.122 hunansky.com
O1 - Hosts: 218.85.139.122 www.hunansky.com
O1 - Hosts: 218.85.139.122 52flash.net
O1 - Hosts: 218.85.139.122 www.52flash.net
O1 - Hosts: 218.85.139.122 flashh.com
O1 - Hosts: 218.85.139.122 www.flashh.com
O1 - Hosts: 218.85.139.122 flashsun.com
O1 - Hosts: 218.85.139.122 www.flashsun.com
O1 - Hosts: 218.85.139.122 7k7k.com
O1 - Hosts: 218.85.139.122 www.7k7k.com
O1 - Hosts: 218.85.139.122 xuanxuan.com
O1 - Hosts: 218.85.139.122 www.xuanxuan.com
O1 - Hosts: 218.85.139.122 flash88.net
O1 - Hosts: 218.85.139.122 www.flash88.net
O1 - Hosts: 218.85.139.122 91flash.com
O1 - Hosts: 218.85.139.122 www.91flash.com
O1 - Hosts: 218.85.139.122 doingflash.com
O1 - Hosts: 218.85.139.122 www.doingflash.com
O1 - Hosts: 218.85.139.122 skyhits.com
O1 - Hosts: 218.85.139.122 www.skyhits.com
O1 - Hosts: 218.85.139.122 ting78.com
O1 - Hosts: 218.85.139.122 www.ting78.com
O1 - Hosts: 218.85.139.122 91.com
O1 - Hosts: 218.85.139.122 www.91.com
O1 - Hosts: 218.85.139.122 flashchina.net
O1 - Hosts: 218.85.139.122 www.flashchina.net
O1 - Hosts: 218.85.139.122 flash8.com.cn
O1 - Hosts: 218.85.139.122 www.flash8.com.cn
O1 - Hosts: 218.85.139.122 f130.net
O1 - Hosts: 218.85.139.122 www.f130.net
O1 - Hosts: 218.85.139.122 chinanim.com
O1 - Hosts: 218.85.139.122 www.chinanim.com
O1 - Hosts: 218.85.139.122 comicer.com
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\kakatool.dll
O4 - 启动项HKLM\\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
O4 - 启动项HKLM\\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s
O4 - 启动项HKLM\\Run: [usb] C:\WINDOWS\System32\usb.exe
O4 - 启动项HKLM\\Run: [twister] "C:\Program Files\Filseclab\Twister\twister.exe" -a
O4 - 启动项HKLM\\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - 启动项HKLM\\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
O4 - 启动项HKLM\\Run: [桌面图标文字自动透明] C:\Program Files\Wom\WinMem.exe XP
O4 - 启动项HKLM\\Run: [DAEMON Tools] "H:\DAEMON Tools\daemon.exe" -lang 2052
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: usb.exe
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Microtek 扫描仪探测器.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: 费尔消息服务.lnk = C:\Program Files\Common Files\Filseclab\FilMsg.exe
O10 - 未知的文件在 Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - 未知的文件在 Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - 未知的文件在 Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - 未知的文件在 Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - 未知的文件在 Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O11 - Options group: [TBH] QQ地址栏搜索
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/aliedit.cab
O23 - NT 服务: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

在安全模式下执行了“天使之剑”朋友所描述的操作。

在修复“O4 - Startup: usb.exe”项时失败，提示如下：

Unable to delete the file:

O4 - Startup: usb.exe

该文件“    may be in use. Use Task Manager to shutdown this program and run HijackThis again to delete the file.

但在任务管理器中，并没有发现相关的进程。无奈中，只好在删除了c:\usb.exe、c:\autorun.inf和c:\windows\system32\usb.exe后，重启到正常模式，发现以上3个文件已不存在，Internet属性中，主页一项已经恢复为正常的about:blank，但是打开IE浏览器后，显示的仍然是http://168wz.net/这个网站。因为我此前已经在防火墙中屏蔽了该网站，所以我认为现在并没有再次感染病毒，但是问题并没有完全解决。在Windows正常模式下使用hijackthis仍然无法删除“O4 - Startup: usb.exe”这一项，提示同前。

新的hijackthis日志：

HijackThis_815汉化版扫描日志 V1.99.1
保存于      19:47:08, 日期 2006-1-15
操作系统：  Windows XP  (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 (6.00.2600.0000)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Filseclab\Twister\twister.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Common Files\Filseclab\FilMsg.exe
C:\Program Files\HijackThis1991汉化版\HijackThis1991zww.exe
C:\Program Files\Thunder Network\Thunder\Thunder.exe

O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\kakatool.dll
O4 - 启动项HKLM\\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
O4 - 启动项HKLM\\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s
O4 - 启动项HKLM\\Run: [twister] "C:\Program Files\Filseclab\Twister\twister.exe" -a
O4 - 启动项HKLM\\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - 启动项HKLM\\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
O4 - 启动项HKLM\\Run: [桌面图标文字自动透明] C:\Program Files\Wom\WinMem.exe XP
O4 - 启动项HKLM\\Run: [DAEMON Tools] "H:\DAEMON Tools\daemon.exe" -lang 2052
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: usb.exe
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Microtek 扫描仪探测器.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: 费尔消息服务.lnk = C:\Program Files\Common Files\Filseclab\FilMsg.exe
O10 - 未知的文件在 Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - 未知的文件在 Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - 未知的文件在 Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - 未知的文件在 Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - 未知的文件在 Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O11 - Options group: [TBH] QQ地址栏搜索
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/aliedit.cab
O18 - 列举现有的协议: ipp - (no CLSID) - (no file)
O18 - 列举现有的协议: msdaipp - (no CLSID) - (no file)
O23 - NT 服务: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

各位斑竹，各位高手大家好，问题已经解决了，现将修复过程总结如下：

1.在安全模式下，删除c:\usb.exe, c:\windows\system32\usb.exe, c:\autorun.inf, c:\Documents and Settings\USERNAME\「开始」菜单\程序\启动\usb.exe（其中\USERNAME\代表您的用户名）

2.在安全模式下，备份后删除C:\WINDOWS\system32\drivers\etc\hosts文件

3.在安全模式下，使用HijackThis修复“O4 - 启动项HKLM\\Run: [usb] C:\WINDOWS\System32\usb.exe”

4.使用卡卡上网安全助手中的系统修复功能，选择 IE反劫持修复——全选——修复，问题解决！

在第一步中所删除的四个文件均为该病毒所产生的文件，病毒侵入系统后，修改了C:\WINDOWS\system32\drivers\etc\hosts文件，将大量网站的域名映射到http://168wz.net/的IP地址，并且修改了注册表中关于IE起始页面、默认搜索页面、默认本地页面等多项内容。当用户在“我的电脑”中点击C盘图标时，病毒通过c:\autorun.inf调用c:\usb.exe，重新开始病毒进程。在用户重新启动计算机时，通过c:\Documents and Settings\USERNAME\「开始」菜单\程序\启动\usb.exe，病毒将重建所有的文件和注册表内容。使用HijackThis 1.99.1 汉化版无法解决IE被劫持问题，建议下载使用卡卡上网安全助手。

非常感谢“天使之剑”网友和“魔法学徒”斑竹的热心帮忙！