日志文件 Trend Micro HijackThis v 2.0.2
日志保存时间: 10:36:59,2008-8-11
操作系统: Windows 2000 SP4 (WinNT 5.00.2195)
IE版本: Internet Explorer v6.00 SP1 (6.00.2800.1106)
启动模式: 正常
正在运行的进程:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\csrss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\PROGRAM FILES\RISING\RAV\ravmond.exe
e:\program files\rising\rfw\rfwsrv.exe
e:\program files\rising\rfw\rfwproxy.exe
e:\program files\rising\rfw\rfwstub.exe
E:\PROGRAM FILES\RISING\RAV\RavStub.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\CTSvcCDA.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\Rising\Rav\CCenter.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\Explorer.EXE
E:\Program Files\racer-njgd\racer.exe
E:\Program Files\Rising\Rav\RavTask.exe
e:\program files\rising\rfw\RfwMain.exe
E:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE
E:\Program Files\Rising\Rav\Ravmon.exe
E:\Program Files\Rising\AntiSpyware\rstray.exe
E:\WINNT\system32\internat.exe
E:\Program Files\racer-njgd\RacerKp.exe
E:\Program Files\Rising\AntiSpyware\ras.exe
E:\Program Files\Rising\AntiSpyware\knownsvr.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\HijackThis 汉化版\HijackThis.exe
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - E:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O3 - IE 工具栏: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NewsUpd] E:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [EPSON Stylus C63 Series] ; E:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I3C2.EXE /P23 "EPSON Stylus C63 Series" /O6 "USB001" /M "Stylus C63"
O4 - HKLM\..\Run: [racer] E:\Program Files\racer-njgd\racer.exe
O4 - HKLM\..\Run: [RavTask] "E:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "E:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [StormCodec_Helper] "E:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [CreativeMixer] E:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [runeip] "E:\Program Files\Rising\AntiSpyware\rstray.exe" /startup
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKUS\.DEFAULT\..\Run: [Internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] E:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: RsAutorunsDisabled
O4 - Startup: 腾讯QQ.lnk = E:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: E-Color.lnk = E:\Program Files\E-Color\Common\IconMgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - 扩展右键菜单项: 使用迅雷下载 - E:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - 扩展右键菜单项: 使用迅雷下载全部链接 - E:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - 扩展右键菜单项: 添加到QQ表情 - E:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - 额外的按钮: (未命名) - RsAutorunsDisabled - (没有文件)
O9 - 额外的按钮: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (没有文件)
O9 - 额外的“工具”菜单项目: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (没有文件)
O9 - 额外的按钮: BitComet 资源搜索 - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - (没有文件)
O9 - 额外的“工具”菜单项目: BitComet 资源搜索 - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - (没有文件)
O9 - 额外的按钮: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - (没有文件)
O9 - 额外的“工具”菜单项目: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - (没有文件)
O10 - Unknown file in Winsock LSP: e:\winnt\system32\nwprovau.dll
O16 - DPF: {017767CF-2834-11D4-98F9-00C0DF242218} (INtess-ICDV3.0 WECC Client Control) - http://221.131.129.25/images/iccctrls.cab
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218220708265
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.games.sina.com.cn/sinaTV/downloader.cab
O16 - DPF: {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} (Tencent Safety Online Base Module) - http://safe.qq.com/cgi-bin/tso/TSOBase.ocx
O20 - AppInit_DLLs: kmon.dll
O23 - NT 服务:  Creative Service for CDROM Access - Creative Technology Ltd - E:\WINNT\System32\CTSvcCDA.exe
O23 - NT 服务:  Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - NT 服务:  NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - E:\WINNT\System32\nvsvc32.exe
O23 - NT 服务:  Rising Proxy  Service (RfwProxySrv) - Beijing Rising Information Technology Co., Ltd. - e:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务:  Rising Personal Firewall Service (RfwService) - Beijing Rising Information Technology Co., Ltd. - e:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务:  Rising Process Communication Center (RsCCenter) - Beijing Rising Information Technology Co., Ltd. - E:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务:  Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
--
文件结束 - 5515 字节

楼主可以使用System Repair Engineer扫描日志作为附件上传
下载页面：http://www.kztechs.com/sreng/download.html
操作方法：
1、下载后解压缩，运行SREngPS.EXE；
2、如果无法打开请看此贴http://bbs.ikaka.com/showtopic-8517758.aspx
3、依次点击【智能扫描】-【扫描】，耐心等待，扫描结束后点击【保存报告】；
4、选择保存路径，文件名保持默认，直接点击【保存】；
5、将日志文件SREngLOG.log作为附件上传，同时务必详细描述问题现象，如果有查杀不净的病毒务必提供病毒名和路径。
注意：扫描前请尽量关闭QQ、游戏、下载工具、媒体播放器等应用程序。

附件: SREngLOG.log (2008-8-11 10:57:33, 35.34 K)
该附件被下载次数 159

日志我没发现什么问题 我想问一下 IE关闭是提示什么问题?

建议用卡卡或者360修复一下IE

ie--应用程序错误
0*301b5f05指令引用的0*30243dac内存。该内存不能为“written”。

卸载IE  重新下载安装 或修复都可以