Logfile of HijackThis v1.99.1
Scan saved at 11:14:23, on 2005-7-31
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\csrss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
E:\PROGRAM FILES\RISING\RAV\RavStub.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\msdtc.exe
E:\WINNT\System32\tcpsvcs.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\System32\llssrv.exe
E:\WINNT\System32\WINDOW~1\Server\nspmon.exe
E:\WINNT\System32\WINDOW~1\Server\nscm.exe
E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
E:\WINNT\System32\rsvp.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\snmp.exe
E:\WINNT\system32\stisvc.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\System32\wins.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\dns.exe
E:\WINNT\System32\inetsrv\inetinfo.exe
E:\WINNT\System32\WINDOW~1\Server\nspm.exe
E:\WINNT\System32\WINDOW~1\Server\nsum.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\Dfssvc.exe
E:\WINNT\Explorer.EXE
E:\WINNT\System32\Rundll32.exe
E:\WINNT\SOUNDMAN.EXE
E:\WINNT\System32\igfxtray.exe
E:\WINNT\System32\hkcmd.exe
E:\Program Files\Wom\WinMem.exe
E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
E:\PROGRA~1\RISING\RAV\RAVMON.EXE
E:\WINNT\system32\rundll32.exe
E:\PROGRA~1\SKYNET\FIREWALL\PFW.exe
E:\WINNT\etb\pokapoka62.exe
E:\WINNT\System32\internat.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\cmd.exe
E:\Program Files\Tencent\QQ\QQ.exe
E:\WINNT\System32\dllhost.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\rising\Rav\Rav.exe
E:\Program Files\rising\Rav\RsAgent.exe
E:\WINNT\msagent\AgentSvr.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Documents and Settings\Administrator\My Documents\HijackThis.exe

O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - E:\WINNT\DOWNLO~1\CnsHook.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] E:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] E:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Windows内存整理] E:\Program Files\Wom\WinMem.exe
O4 - HKLM\..\Run: [RavTimer] E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] E:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [helper.dll] E:\WINNT\system32\rundll32.exe E:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe E:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [SKYNET Personal FireWall] E:\PROGRA~1\SKYNET\FIREWALL\PFW.exe
O4 - HKLM\..\Run: [System service62] E:\WINNT\etb\pokapoka62.exe
O4 - HKLM\..\Run: [Media Access] E:\Program Files\Media Access\MediaAccK.exe
O4 - HKCU\..\Run: [internat] internat.exe
O8 - Extra context menu item: !搜一搜 - res://E:\WINNT\DOWNLO~1\CnsMinEx.dll/1003
O8 - Extra context menu item: !搜一搜(&S) - res://E:\Program Files\yisou\yisou.dll/232
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=206671_1006 (file missing)
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B0F5BC3-2BAE-48C3-AB64-69FD043BD666}: NameServer = 202.101.103.54 202.101.103.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{924924AA-3791-4946-A27D-605BED3676E2}: NameServer = 192.168.0.1
O20 - Winlogon Notify: igfxcui - E:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\Ravmond.exe

请帮忙看我的日志，电脑中了病毒。病毒名： backdoor.Rbot.hvw
瑞星杀完了又有，请告知怎么彻底清除，谢谢！

请装全补丁

谢谢！

backdoor.Rbot.hvw病毒要怎么清除呢？
杀完后重启还是存在。 郁闷ING！

在安全模式下查杀

已经在安全模式下杀了，没查到病毒

另：电脑自动跳出这个框，好象是注册表有错误需修改，可以点确定吗？ 不知道是什么，请帮忙指教！

Computer Performance Recommendation

?/td>  Errors in your computer's registry database, if present, could case slow performance, slow startup, or erratic operation including system freezes and crashes.

To ensure that your system is operating correctly, we recommend that you run Registry Cleaner now, which will scan for and, if found, correct up to 20 different registry errors that could be causing slow performance.
Click OK to download Registry Cleaner which can scan for registry errors now.
?/font>


?/td>

The free Registry Cleaner software in this advertisement provided courtesy SysTweak.com, which is not affiliated with Microsoft Corporation.


?/p>

E:\WINNT\System32\wins.exe
这个是什么

对不起搞错了,这个是系统的正常进程.

【回复“现在进行时”的帖子】

我也不知道啊。怎么办？

瑞星杀毒结果查出病毒在：
E:\WINNT\System32\wininit.exe

我可不可以直接找出这个文件然后直接手工删除啊？
我对电脑一窍不通，请指教啊。
那是程序文件，怕不小心删除了影响运行。

在线等。。。

【回复“冰儿123456”的帖子】
转到安全模式下修复此项:
O4 - HKLM\..\Run: [System service62] E:\WINNT\etb\pokapoka62.exe

删除文件:

E:\WINNT\etb\pokapoka62.exe

到windows update打全补丁.