昨天晚上搜索免费在线电影，结果中毒，中毒现象：
1。盘system32文件夹内出现后缀为EXE的文件名字为1-8的8个不同的可执行文件，C盘目录下出现10几个可执行文件，点开IE就自动弹出N个窗口，然后在桌面创建3个铃声下载，在线电影之类的图标，后来手动删除那些可执行文件后，又用ewido anti-spyware和杀毒软件进行查杀，查到了几个恶意插件和一个木马，处理过后还是有弹出窗口情况，然后又用修复IE修复，还是未果。。。
2。离奇的是，听朋友说超级兔子可以比较好的处理这样的情况，之前装的6.85的然后没卸载直接重新装的7.1的，结果一装上去可好，我只要一运行超级兔子7.1就自动关机，运行他的上网精灵也一样自动关机。。然后我想看一下进程管理，
3。卡卡上网助手的进程管理，一打开。。和超级兔子情况一样。。也自动关机。。无语了
4。然后我在百度上搜索“弹出窗口查杀”，看到百度知道的一个页，一打开，然后他自动变成自动弹出的铃声下载页。。可是地址还是那个百度知道的地址。。。（貌似屏蔽百度。。）试了其他的多没事，就是屏蔽百度的页。。昏倒
请高人麻烦看下是何原因。。受不了了昨天整了几个小时

Logfile of HijackThis v1.99.1
Scan saved at 11:27:17, on 2006-10-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
D:\Program Files\KAV2007\KWatch.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
d:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\KAV2007\KAVStart.exe
D:\Program Files\SkyNet\FireWall\PFW.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\KAV2007\KMailMon.EXE
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Tencent\QQ\QQ.exe
E:\HijackThis.exe

R3 - URLSearchHook: 上网助手 - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\Assist\assist.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O1 - Hosts: 222.189.228.4 www.hao123.com
O1 - Hosts: 222.189.228.4 www.7b.com.cn
O1 - Hosts: 222.189.228.4 www.7939.com
O1 - Hosts: 222.189.228.4 www.360safe.com
O1 - Hosts: 222.189.228.4 360safe.com
O1 - Hosts: 222.189.228.4 update.360safe.com
O1 - Hosts: 222.189.228.4 dl.360safe.com
O1 - Hosts: 222.189.228.4 bbs.360safe.com
O1 - Hosts: 222.189.228.4 count16.51yes.com
O1 - Hosts: 222.189.228.4 count18.51yes.com
O1 - Hosts: 222.189.228.4 count20.51yes.com
O1 - Hosts: 222.189.228.4 www.btbaicai.com
O1 - Hosts: 222.189.228.4 btbaicai.com
O1 - Hosts: 222.189.228.4 www.pctutu.com
O1 - Hosts: 222.189.228.4 www.7322.com
O1 - Hosts: 222.189.228.4 www.5566.net
O1 - Hosts: 222.189.228.4 www.9991.com
O1 - Hosts: 222.189.228.4 forum.ikaka.com
O1 - Hosts: 222.189.228.4 www.ikaka.com
O1 - Hosts: 222.189.228.4 www.piaoxue.com
O1 - Hosts: 222.189.228.4 forum.jiangmin.com
O1 - Hosts: 222.189.228.4 update.jiangmin.com
O1 - Hosts: 222.189.228.4 post.baidu.com
O1 - Hosts: 222.189.228.4 zhidao.baidu.com
O1 - Hosts: 222.189.228.4 update.rising.com.cn
O1 - Hosts: 222.189.228.4 online.rising.com.cn
O1 - Hosts: 222.189.228.4 dl.pconline.com.cn
O1 - Hosts: 222.189.228.4 space.uwants.com
O1 - Hosts: 222.189.228.4 www.pcav.cn
O1 - Hosts: 222.189.228.4 mopery.hits.io
O1 - Hosts: 222.189.228.4 www.goodmv.cn
O1 - Hosts: 222.189.228.4 www.5566.net
O1 - Hosts: 222.189.228.4 www.piaoxue.com
O1 - Hosts: 222.189.228.4 www.luosoft.com
O1 - Hosts: 222.189.228.4 luosoft.com
O1 - Hosts: 222.189.228.4 www.7255.com
O1 - Hosts: 222.189.228.4 dl.pconline.com.cn
O1 - Hosts: 222.189.228.4 www.spjoy.com
O1 - Hosts: 222.189.228.4 c01.caishow.com
O1 - Hosts: 222.189.228.4 c02.caishow.com
O1 - Hosts: 222.189.228.4 c03.caishow.com
O1 - Hosts: 222.189.228.4 c04.caishow.com
O1 - Hosts: 222.189.228.4 www.caishow.com
O1 - Hosts: 222.189.228.4 union.caishow.com
O1 - Hosts: 222.189.228.4 ad01.a8.com
O1 - Hosts: 222.189.228.4 ad02.a8.com
O1 - Hosts: 222.189.228.4 sg.a8.com
O1 - Hosts: 222.189.228.4 www.adanywhere.cn
O1 - Hosts: 222.189.228.4 ip.adanywhere.cn
O1 - Hosts: 222.189.228.4 ip1.adanywhere.cn
O1 - Hosts: 222.189.228.4 ip2.adanywhere.cn
O1 - Hosts: 222.189.228.4 www.bannerbox.cn
O1 - Hosts: 222.189.228.4 www.caiqiyue.com
O1 - Hosts: 222.189.228.4 toolsbar.kuaiso.com
O1 - Hosts: 222.189.228.4 www.kuaiso.com
O1 - Hosts: 222.189.228.4 www.2t2t.cn
O1 - Hosts: 222.189.228.4 3.a.kal.cn
O1 - Hosts: 222.189.228.4 ip.alexaanywhere.com
O1 - Hosts: 222.189.228.4 go.ipcenter.cn
O1 - Hosts: 222.189.228.4 www.2yin.cn
O1 - Hosts: 222.189.228.4 wwww.systeel.com.cn
O1 - Hosts: 222.189.228.4 go.baibaoxiang.cn
O1 - Hosts: 222.189.228.4 www.gao58.com
O1 - Hosts: 222.189.228.4 www.2tu.cn
O1 - Hosts: 222.189.228.4 www.91tu.cn
O1 - Hosts: 222.189.228.4 www.haotop.com
O1 - Hosts: 222.189.228.4 news01.virussky.com
O1 - Hosts: 222.189.228.4 news02.virussky.com
O1 - Hosts: 222.189.228.4 news03.virussky.com
O1 - Hosts: 222.189.228.4 news04.virussky.com
O1 - Hosts: 222.189.228.4 news40.virussky.com
O1 - Hosts: 222.189.228.4 news41.virussky.com
O1 - Hosts: 222.189.228.4 news42.virussky.com
O1 - Hosts: 222.189.228.4 www.an85.com
O1 - Hosts: 222.189.228.4 an85.com
O1 - Hosts: 222.189.228.4 www.ycdy.com
O1 - Hosts: 222.189.228.4 ycdy.com
O1 - Hosts: 222.189.228.4 down.virussky.com
O1 - Hosts: 222.189.228.4 update.virussky.com
O1 - Hosts: 222.189.228.4 www.maipao.com
O1 - Hosts: 222.189.228.4 www.sina-baidu.com
O1 - Hosts: 222.189.228.4 www.maohehe.com
O1 - Hosts: 222.189.228.4 www.1717kan.cn
O1 - Hosts: 222.189.228.4 www.feixue.net
O1 - Hosts: 222.189.228.4 www.xingkongitv.com
O1 - Hosts: 222.189.228.4 about-blank.cc
O1 - Hosts: 222.189.228.4 www.xfkz.com
O1 - Hosts: 222.189.228.4 xfkz.com
O1 - Hosts: 222.189.228.4 www.365tan.com
O1 - Hosts: 222.189.228.4 cg.9e3.com
O1 - Hosts: 222.189.228.4 www.qqplayer.net
O1 - Hosts: 222.189.228.4 www.sosok.com
O1 - Hosts: 222.189.228.4 img.zhangxiu.com
O1 - Hosts: 222.189.228.4 www.okeaa.com
O1 - Hosts: 222.189.228.4 www.winopen.cn
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v13.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: KAVAntiFishing - {55302805-482E-470E-8A57-6795A1487F90} - D:\Program Files\KAV2007\KAVAFish.DLL
O2 - BHO: (no name) - {AF3876B1-7D5F-4F0F-BECA-A6324D125A48} - C:\WINDOWS\system32\ATIDEMGREDEM.dll
O2 - BHO: (no name) - {D3931E9E-AE61-46B1-99BA-91C438A2C855} - C:\WINDOWS\system32\wp2372111.dll
O2 - BHO: Flash Object Class - {FBBCF512-3DD7-4017-9CFA-892761F77751} - C:\WINDOWS\system32\FlashObject.dll
O2 - BHO: AdSwpr - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - D:\PROGRA~1\IE修复~1\IERBar.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O3 - Toolbar: &IE修复专家 - {123249EB-F891-44C4-946F-450064F9080E} - D:\PROGRA~1\IE修复~1\IERBar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [DAEMON Tools] "d:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KavStart] "D:\Program Files\KAV2007\KAVStart.exe" -startup
O4 - HKLM\..\Run: [SKYNET Personal FireWall] D:\Program Files\SkyNet\FireWall\PFW.exe
O4 - HKLM\..\Run: [A] C:\WINDOWS\system32\rundll32.exe mont.dll s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?SystemDrive%\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: cidaemon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 金山毒霸反钓鱼... - D:\Program Files\KAV2007\KAF\ShowSet.htm
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: 136741M.BMP
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - d:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - D:\Program Files\KAV2007\KWatch.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

上面是hijackthis的扫描日志 。。。