我用的是WIN2000，用Spybot扫描中了Haxdoor-H，但清楚不掉，用瑞星扫描没反应。经常毫无征兆莫名其妙的重起，靠，昨天干了两个多小时的活儿，眼看就要完工了，啪的重起，又得从头再来，请大侠相助，怎么干掉它？

【回复“buc300”的帖子】请把你的日志扫描后发上来！以便大家分析！http://forum.ikaka.com/topic.asp?board=28&artid=6979213一楼附件中的就是扫描工具！

谢谢你的回复，可是我怎么找不到是哪一个啊？能不能在这里发一个扫描工具啊

是不是用HijackThis_zww扫描啊？扫好了，在附件里，请帮我看看。

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      20:26:22, 日期 2005-9-6
操作系统：  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
D:\瑞星\Rising\Rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\北京通信\宽带E~1\app\pppoeservice.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
D:\瑞星\Rising\Rfw\RfwMain.exe
D:\瑞星\RAV\RAVTIMER.EXE
D:\瑞星\RAV\RAVMON.EXE
C:\WINNT\system32\internat.exe
C:\Documents and Settings\wyx\桌面\HijackThis1991zww.exe

R3 - 默认的URLSearchHook丢失。用HijackThis修复
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - IE工具栏增项: 卡卡安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\kakatool.dll
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [AdbusUpdate] ; C:\WINNT\system32\adbus\update.exe
O4 - 启动项HKLM\\Run: [hcuninstall] C:\WINNT\system32\1113556311pigUinstl.exe
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [StormCodec_Helper] "D:\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [RfwMain] "D:\瑞星\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [NTdhcp] C:\WINNT\system32\NTdhcp.exe
O4 - 启动项HKLM\\Run: [RavTimer] D:\瑞星\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] D:\瑞星\RAV\RAVMON.EXE -SYSTEM
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: VP-EYE.lnk = C:\VP-EYE\control\vpeyev1.exe
O4 - Startup: 腾讯QQ.lnk = D:\qq\QQ.exe
O4 - Global Startup: Microsoft Office.lnk = D:\office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: 使用搜狗直通车下载 - C:\PROGRA~1\P4P\dl.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\qq\SendMMS.htm
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的按钮: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O18 - 列举现有的协议: mbox - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINNT\system32\mbprot.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - NT 服务: bahbnb - Unknown owner - \\61.49.181.15\E$\vbrun6nt.exe" -service (file missing)
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: htboy - Unknown owner - \\61.49.181.155\D$\vbrun6nt.exe" -service (file missing)
O23 - NT 服务: jeaaq - Unknown owner - \\61.49.180.202\E$\fensvc32.exe" -service (file missing)
O23 - NT 服务: lzzmu - Unknown owner - \\61.49.181.246\E$\vbrun6nt.exe" -service (file missing)
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - NT 服务: nzpyuh - Unknown owner - \\61.51.93.112\E$\vbrun6nt.exe" -service (file missing)
O23 - NT 服务: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\北京通信\宽带E~1\app\pppoeservice.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - D:\瑞星\Rising\Rfw\rfwsrv.exe
O23 - NT 服务: rnpgy - Unknown owner - \\61.49.181.155\E$\fnesvc32.exe" -service (file missing)
O23 - NT 服务: Remote Administrator Service (r_server) - Unknown owner - C:\WINNT\system\svchast.exe" /service (file missing)
O23 - NT 服务: yhrngkx - Unknown owner - \\61.51.92.162\E$\fnesvc32.exe" -service (file missing)
O23 - NT 服务: yjxifso - Unknown owner - \\61.49.105.54\D$\vcvhost.exe" -service (file missing)
O23 - NT 服务: zzbfu - Unknown owner - \\61.49.105.10\E$\vbrun6nt.exe" -service (file missing)

修复
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

安全模式下删除
C:\WINNT\system32\adbus\update.exe
C:\WINNT\system32\1113556311pigUinstl.exe
C:\WINNT\system32\NTdhcp.exe

谢谢楼上，请教修复
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
这两项具体怎么修复啊？能不能再讲得详细点，谢谢！

有人吗