被51115劫持了，按论坛里的办法试了，还是不行，大哥帮我看下

HijackThis_815汉化版扫描日志 V1.99.1
保存于      11:10:33, 日期 2006-1-5
操作系统：  Windows XP  (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 (6.00.2600.0000)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system\Rund213.exe
C:\WINDOWS\system\Rund553.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\lk\桌面\HijackThis1991zww.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - 启动项HKLM\\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [internat.exe] internat.exe
O4 - 启动项HKLM\\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - 启动项HKLM\\Run: [Rund213.exe] C:\WINDOWS\system\Rund213.exe
O4 - 启动项HKLM\\Run: [Rund553.exe] C:\WINDOWS\system\Rund553.exe
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - 浏览器额外的按钮: 相关站点 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: 相关站点 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\wintcp.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\wintcp.dll
O14 - IERESET.INF: START_PAGE_URL=about:blank
O14 - IERESET.INF: MS_START_PAGE_URL=about:blank
O15 - 添加的受信任的 IP 地址范围: http://172.16.20.4
O16 - DPF: {23739A7E-5741-4D1C-88D5-D50B18F7C347} (iWebOffice Control) - http://172.16.20.4:8090/rloa/wordOLE/iWebOffice2003.ocx
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {448A5F6B-8C03-4B54-A338-F00237C508AD} - http://www.51uc.com/cab/WEBChatRoom_1_39.cab
O16 - DPF: {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} (pcastup Class) - http://ps.itv.mop.com/dn/files/vodupdate_1.0.0.8_20051009.cab
O16 - DPF: {991481A7-4669-4E15-8C24-100404E1F5CB} (Blueskyvoice Control) - http://chat.xj169.com/blueskyvoice_60.cab
O16 - DPF: {99888952-AC62-437C-AFC6-7B5CF05A7F2F} (IEDown Class) - http://download.ourgame.com/IEDown.cab
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab
O16 - DPF: {C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} (Kingsoft DUBA OnlineScan) - http://ol.db.kingsoft.com/antiscan/setup/KAVClean.CAB
O16 - DPF: {CDD1C2A2-92B9-11D7-A1C2-0003FFEE98C7} (eway365.contrl_word) - http://172.16.20.4:8888/eoa/modules/gongwen/eway.CAB
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O16 - DPF: {FA7D78BA-3EA7-4E52-B0E2-0772F577E6CC} (VideoOcx Control) - http://chat.xj163.cn/roomui/videoocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F42E311-7C45-43BB-878A-F3AE2FD099FD}: NameServer = 172.16.21.4,61.128.99.133
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\system32\igfxsrvc.dll
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe

【回复“手足无措呀”的帖子】
大概是一个变种.
打开任务管理器,终止进程:
C:\WINDOWS\system\Rund213.exe
C:\WINDOWS\system\Rund553.exe

用 hijackthis修复:
O4 - 启动项HKLM\\Run: [Rund213.exe] C:\WINDOWS\system\Rund213.exe
O4 - 启动项HKLM\\Run: [Rund553.exe] C:\WINDOWS\system\Rund553.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

删除:
C:\WINDOWS\system\Rund213.exe
C:\WINDOWS\system\Rund553.exe

基本同意楼上朋友意见

下载
WinsockXPFix.exe
http://www.pchell.com/downloads/WinsockXPFix.exe
双击运行

重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows

运行Hijackthis，扫描结束后在下列选项前打上勾，然后选修复“Fix Checked”：

O4 - 启动项HKLM\\Run: [Rund213.exe] C:\WINDOWS\system\Rund213.exe
O4 - 启动项HKLM\\Run: [Rund553.exe] C:\WINDOWS\system\Rund553.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {23739A7E-5741-4D1C-88D5-D50B18F7C347} (iWebOffice Control) - http://172.16.20.4:8090/rloa/wordOLE/iWebOffice2003.ocx
O16 - DPF: {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} (pcastup Class) - http://ps.itv.mop.com/dn/files/vodupdate_1.0.0.8_20051009.cab
O16 - DPF: {CDD1C2A2-92B9-11D7-A1C2-0003FFEE98C7} (eway365.contrl_word) - http://172.16.20.4:8888/eoa/modules/gongwen/eway.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F42E311-7C45-43BB-878A-F3AE2FD099FD}: NameServer = 172.16.21.4,61.128.99.133


显示隐藏文件

双击我的电脑--工具---文件夹选项--查看选项卡--单击选取"显示隐藏文件或文件夹"--清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示您确定更改时，单击“是”--单击“确定”。

然后找到如下文件并删除（如果有的话）。

C:\WINDOWS\system\Rund213.exe
C:\WINDOWS\system\Rund553.exe

现在好了，太感谢了