老自动弹网站以下是本机日志：


Logfile of HijackThis v1.99.1
Scan saved at 13:14:36, on 2005-6-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Rising\AntiSpyware\runiep.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rfw\rfwmain.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\pps\PPStream\PPStream\PPStream.exe
C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
D:\Downloads\HijackThis.exe

R3 - URLSearchHook: (no name) - {D0F323C1-F0A2-4D07-82F2-72002F638107} - (no file)
R3 - URLSearchHook: (no name) - {432053B9-B579-469D-985B-ADA27240CAE6} - (no file)
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {11F09AFC-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush.dll
O2 - BHO: (no name) - {C74CDF30-68C2-49B4-9918-EBD66B8D9FBF} - C:\WINDOWS\system32\mqekpbbutuffo.dll (file missing)
O2 - BHO: TBSB04805 - {FA91DE7A-D85F-4F35-8204-4D7C957A154B} - C:\Program Files\搜索栏(S)\tbu05944\sobar.dll
O2 - BHO: ff Class - {FAAAC0F6-94BE-4466-934B-7C53666A2F41} - C:\WINDOWS\system32\23c1.dll
O3 - Toolbar: 工具栏(T) - {42A2F05F-E171-4CEF-852F-02475F698C24} - C:\Program Files\搜索栏(S)\tbu05944\sobar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [RavStub] "C:\PROGRAM FILES\RISING\RAV\ravstub.exe" /RUNONCE
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\QQ2007\AddToNetDisk.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\QQ2007\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\QQ2007\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\QQ2007\SendMMS.htm
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: 工具栏(T) - {42A2F05F-E171-4CEF-852F-02475F698C24} - C:\Program Files\搜索栏(S)\tbu05944\sobar.dll
O9 - Extra 'Tools' menuitem: 工具栏(T) - {42A2F05F-E171-4CEF-852F-02475F698C24} - C:\Program Files\搜索栏(S)\tbu05944\sobar.dll
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\QQ2007\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\QQ2007\QQ.EXE
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2007/OL2006.cab
O23 - Service: AD0CC120 - Unknown owner - C:\WINDOWS\system32\2159B148.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: WinZXServiceNow - Unknown owner - C:\DOCUME~1\cj\LOCALS~1\Temp\RAVZX.EXE (file missing)

慢慢看来。。。。。。。。

论坛高手在哪里？？为小弟指点一下

运行Hijackthis，把下面的选中打上钩，修复
R3 - URLSearchHook: (no name) - {D0F323C1-F0A2-4D07-82F2-72002F638107} - (no file)
R3 - URLSearchHook: (no name) - {432053B9-B579-469D-985B-ADA27240CAE6} - (no file)

控制面板－－管理工具－－服务－－查找--AD0CC120,,,Remote Packet Capture Protocol v.0 ,,,WinZXServiceNow--启动类型－－设置为已禁止--服务类型－－设置为停止

删除：
C:\WINDOWS\system32\2159B148.EXE
%ProgramFiles%\WinPcap\rpcapd.exe"
"%ProgramFiles%\WinPcap\rpcapd.ini
C:\DOCUME~1\cj\LOCALS~1\Temp\RAVZX.EXE