前几天在QQ上不小心点了个网站``
  中了病毒```
  能查杀出来``杀了该病毒后`重起还会有````
  还弹出很多网站来~~~~
  如:http://pp.vcd789.net/quit1.htm
    http://mm.dymm8.net/quit2.htm
    http://pp.vcd789.net/quit2.htm
  希望卡卡能把这几个恶意网站记录下来~~~
我找到文件删除过``但是重起了还回有~~
个人估计在注册表里有问题`但是不知道怎么解决`
有人能帮下小弟吗```
  联系QQ:1015377

由于机子是网吧的收银机｀｀上面装了｀公安的很多系统｀｀
　我们自己从装系统的话｀公安的系统我们自己不能装｀
希望你们能帮帮小弟我
｀

扫个日志上来看看吧！

怎么扫`搞不懂``还没明白那样意思`
  提示哈``

你去下个HijackThis或sreng工具扫一个上来看看!

好的谢谢~~`

Logfile of HijackThis v1.99.1
Scan saved at 10:12:09, on 2007-02-20
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Rising\Rav\Ravmond.exe
d:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\rzx\Net110\rzxsevce.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\wuaucll.exe
C:\WINDOWS\system32\driver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\AntiSpyware\runiep.exe
D:\Wx2004\Server.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
d:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
d:\Program Files\rzx\Net110\SysMon.exe
d:\Program Files\Rising\Rav\Ravmon.exe
d:\Program Files\rzx\Net110\LSParser.exe
d:\Program Files\rzx\Net110\Lsui.exe
D:\Wx2004\Store.exe
D:\Wx2004\rzxsurename.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\QQ\QQ.exe
E:\QQ\TIMPlatform.exe
E:\工具\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe wuaucll.exe
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ssServ] D:\Wx2004\Server.exe
O4 - HKLM\..\Run: [SYSMON] d:\Program Files\rzx\Net110\SysMon.exe
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bgswitch] C:\WINDOWS\system32\bgswitch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\QQ\SendMMS.htm
O9 - Extra button: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra 'Tools' menuitem: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tomatolei.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC21C790-2D70-4489-969E-DA8946BF3BDC}: NameServer = 202.98.192.68,202.98.198.168
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: RzxSevce - 深圳任子行网络技术有限公司 - d:\Program Files\rzx\Net110\rzxsevce.exe

是不是这个啊~

Logfile of HijackThis v1.99.1
Scan saved at 10:16:51, on 2007-02-20
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Rising\Rav\Ravmond.exe
d:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\rzx\Net110\rzxsevce.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\wuaucll.exe
C:\WINDOWS\system32\driver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\AntiSpyware\runiep.exe
D:\Wx2004\Server.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
d:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
d:\Program Files\rzx\Net110\SysMon.exe
d:\Program Files\Rising\Rav\Ravmon.exe
d:\Program Files\rzx\Net110\LSParser.exe
d:\Program Files\rzx\Net110\Lsui.exe
D:\Wx2004\Store.exe
D:\Wx2004\rzxsurename.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\QQ\QQ.exe
E:\QQ\TIMPlatform.exe
E:\工具\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe wuaucll.exe
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ssServ] D:\Wx2004\Server.exe
O4 - HKLM\..\Run: [SYSMON] d:\Program Files\rzx\Net110\SysMon.exe
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bgswitch] C:\WINDOWS\system32\bgswitch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\QQ\SendMMS.htm
O9 - Extra button: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra 'Tools' menuitem: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tomatolei.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC21C790-2D70-4489-969E-DA8946BF3BDC}: NameServer = 202.98.192.68,202.98.198.168
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: RzxSevce - 深圳任子行网络技术有限公司 - d:\Program Files\rzx\Net110\rzxsevce.exe

结束进程:
C:\WINDOWS\wuaucll.exe
C:\WINDOWS\system32\driver.exe
按下面修改注册表:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
删除:
C:\WINDOWS\wuaucll.exe
C:\WINDOWS\system32\driver.exe