刚开始上网的时候，打开baidu.com就跳出来了，但又不是每个网站都跳，不知算不算被劫持？

请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

卡卡助手提示即将访问的网站是一个不良网站，地址为http://www.ad-w-a-r-e.com/cgi-bin/popupv3?id={6dc175b5-611d-a2c7-8faf-2d21c2814e77}&type=normal&mskip=1&rnd=13054

2006-06-22,09:36:51

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <IgfxTray><C:\WINDOWS\System32\igfxtray.exe>  [Intel Corporation]
    <HotKeysCmds><C:\WINDOWS\System32\hkcmd.exe>  [Intel Corporation]
    <KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize>  [Kaspersky Lab]
    <dddclient><; C:\Program Files\DuDu\DddClient\DuDuAccsvc.exe>  []
    <HPDJ Taskbar Utility><; C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe>  [HP]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer]
    <WinlogonNotify: Installer><C:\WINDOWS\system32\o0lu0a39ed.dll>  []

==================================
启动文件夹
服务
[BrSplService / Brother XP spl Service]
  <C:\WINDOWS\System32\brsvc01a.exe><brother Industries Ltd>
[C-DillaSrv / C-DillaSrv]
  <C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[Command Service / cmdService]
  <C:\WINDOWS\d3lk\command.exe><N/A>
[DuDu Accelerator / DuDuProsvc]
  <><N/A>
[kavsvc / kavsvc]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"><Kaspersky Lab>
[Local Security Authority Subsystem Service / lsass]
  <"C:\WINDOWS\lsass.exe"><N/A>
[Network Monitor / Network Monitor]
  <C:\Program Files\Network Monitor\netmon.exe service><N/A>
[nvsec(nvsec) / NvSec]
  <"C:\WINDOWS\system32\nvsec.exe"><N/A>
[Remote Administrator Service / r_server]
  <"C:\Program Files\Common Files\r_server.exe" /service><N/A>
[UsbScaner Service  / UsbScaner]
  <C:\Program Files\uusee\mp4\usbscaner.exe><Hoola Digital Media  Co.,Ltd>
[Microsoft Windows Spooler Service / Windows Spooler Service]
  <"C:\WINDOWS\services.exe"><N/A>

==================================
浏览器加载项
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[InstaFred]
  {1F831FA1-42FC-11D4-95A6-0080AD30DCE1} <C:\WINDOWS\DOWNLO~1\InstFred.ocx, Autodesk, Inc.>
[AcDcToday 控件]
  {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} <C:\WINDOWS\DOWNLO~1\ACDCTO~1.OCX, Autodesk>
[NOXLATE-BANR]
  {AE563722-B4F5-11D4-A415-00108302FDFD} <C:\WINDOWS\DOWNLO~1\InstBanr.ocx, Autodesk, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[AcPreview 控件]
  {F281A59C-7B65-11D3-8617-0010830243BD} <C:\WINDOWS\DOWNLO~1\ACPREV~1.OCX, Autodesk>

==================================
正在运行的进程
[PID: 1252][C:\WINDOWS\system32\rundll32.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\system32\osbc32.dll]  <N/A><N/A>
    [C:\WINDOWS\d3lk\asappsrv.dll]  <><2.1.3.466>
[PID: 1972][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\d3lk\asappsrv.dll]  <><2.1.3.466>
    [C:\WINDOWS\System32\igfxpph.dll]  <Intel Corporation><3.0.0.3865>
    [C:\WINDOWS\System32\hccutils.DLL]  <Intel Corporation><3.0.0.3865>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\shellex.dll]  <Kaspersky Lab><5.0.388.1>
[PID: 224][C:\WINDOWS\SOUNDMAN.EXE]  <Realtek Semiconductor Corp.><5.1.0.29>
    [C:\WINDOWS\d3lk\asappsrv.dll]  <><2.1.3.466>
[PID: 240][C:\WINDOWS\System32\hkcmd.exe]  <Intel Corporation><3.0.0.3865>
    [C:\WINDOWS\System32\hccutils.DLL]  <Intel Corporation><3.0.0.3865>
    [C:\WINDOWS\System32\igfxdev.dll]  <Intel Corporation><3.0.0.3865>
    [C:\WINDOWS\System32\igfxsrvc.dll]  <Intel Corporation><3.0.0.3865>
    [C:\WINDOWS\System32\igfxhk.dll]  <Intel Corporation><3.0.0.3865>
    [C:\WINDOWS\System32\igfxres.dll]  <Intel Corporation><3.0.0.3865>
    [C:\WINDOWS\d3lk\asappsrv.dll]  <><2.1.3.466>
[PID: 252][C:\WINDOWS\System32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\d3lk\asappsrv.dll]  <><2.1.3.466>
[PID: 1156][C:\Program Files\uusee\mp4\DevMonApp.exe]  <Hoola Digital Media  Co.,Ltd><1, 0, 6, 0>
    [C:\Program Files\uusee\mp4\ConnAPI.DLL]  <Nokia.><6, 0, 23, 0>
    [C:\WINDOWS\d3lk\asappsrv.dll]  <><2.1.3.466>
[PID: 1528][C:\WINDOWS\System32\conime.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\d3lk\asappsrv.dll]  <><2.1.3.466>
[PID: 3860][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\d3lk\asappsrv.dll]  <><2.1.3.466>
    [C:\WINDOWS\System32\KakaTool.dll]  <Beijing Rising Technology Co., Ltd.><2, 0, 0, 9>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll]  <Kaspersky Lab><5.0.1.18>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll]  <Kaspersky Lab><5.0.388.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll]  <Kaspersky Lab><5.0.388.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll]  <Kaspersky Lab><5.0.388.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll]  <Kaspersky Lab><5.0.388.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll]  <Kaspersky Lab><5.0.388.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll]  <Kaspersky Lab><5.0.388.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll]  <Kaspersky Lab><5.0.388.2>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll]  <Kaspersky Lab><5.0.388.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll]  <Kaspersky Lab><5.0.388.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\tempfile.ppl]  <Kaspersky Lab><5.0.388.0>
    [C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx]  <Macromedia, Inc.><8,0,24,0>
[PID: 1020][C:\WINDOWS\notepad.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\d3lk\asappsrv.dll]  <><2.1.3.466>
[PID: 3868][C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\d3lk\asappsrv.dll]  <><2.1.3.466>
    [C:\WINDOWS\System32\KakaTool.dll]  <Beijing Rising Technology Co., Ltd.><2, 0, 0, 9>
[PID: 2584][C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\d3lk\asappsrv.dll]  <><2.1.3.466>
    [C:\WINDOWS\System32\KakaTool.dll]  <Beijing Rising Technology Co., Ltd.><2, 0, 0, 9>
[PID: 2276][D:\软件\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\WINDOWS\d3lk\asappsrv.dll]  <><2.1.3.466>

==================================
文件关联
.TXT  Error. [notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. [hh.exe %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [notepad.exe %1]
.INF  Error. [notepad.exe %1]
.VBS  Error. [wscript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

r_server.exe 是我安装的，很小巧，喜欢用

谢谢我无邪兄

每隔几分钟就会跳出来，每次打开窗口都是重新开一个ie进程（我们打开多个窗口其实只有一个ie进程）。

运行System Repair Engineer，使用“系统修复，文件关联，勾选“全选”点“修复”使所有扩展名都恢复正常
以上这两项如果你也不知道，就删除
nvsec(nvsec) / NvSec]
<"C:\WINDOWS\system32\nvsec.exe"><N/A>
UsbScaner Service / UsbScaner]
<C:\Program Files\uusee\mp4\usbscaner.exe><Hoola Digital Media Co.,Ltd>
运行System Repair Engineer，点“启动项目，服务，点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务Command Service，DuDu Accelerator，Local Security Authority Subsystem Service，Network Monitor，Microsoft Windows Spooler Service，nvsec(nvsec)，UsbScaner Service 选择“删除服务”点“设置”选择“否”最后重启。（每一个逗号隔开的就是一个病毒的服务，请逐一删除）
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
运行System Repair Engineer，使用“启动项目，注册表”来删除以下选项。
C:\WINDOWS\system32\o0lu0a39ed.dll
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
删除
C:\WINDOWS\services.exe
C:\Program Files\Network Monitor
C:\WINDOWS\lsass.exe
C:\WINDOWS\d3lk
C:\WINDOWS\system32\nvsec.exe
C:\Program Files\uusee
C:\WINDOWS\system32\o0lu0a39ed.dll
C:\WINDOWS\system32\osbc32.dll