我的主页被www.9348.cn/?205454的网站所修改了，虽然我在注册表里把startpage改回来，可是一会它又改回去了，请各位高手给予指点迷津，谢谢！

下面是hijackthis的扫描日志

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:10:57, on 2009-7-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCENTER.EXE
C:\Program Files\Rising\Rfw\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rfw\RavTask.exe
C:\Program Files\Rising\Rfw\rfwsrv.exe
C:\Program Files\Rising\Rav\RavMonD.exe
C:\Program Files\Rising\Rav\rsnetsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\StormII\stormliv.exe
C:\Program Files\Rising\Rav\ScanFrm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\SafeSignCertReg.exe
C:\Program Files\Rising\Rav\RsTray.exe
C:\Program Files\Rising\Rfw\RsTray.exe
D:\Program Files\360\360safebox\safeboxTray.exe
D:\Program Files\360\360Safe\safemon\360tray.exe
C:\WINDOWS\system32\ctfmon.exe
D:\360\360se\360SE.exe
C:\Program Files\Rising\Rav\RsMain.exe
C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
D:\Program Files\arswp\ArSwp.exe
D:\病毒\HiJackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - d:\Program Files\360\360Safe\safemon\safemon.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [CertificateRegistration] ; SafeSignCertReg.exe
O4 - HKLM\..\Run: [RavTray] "C:\Program Files\Rising\Rav\RsTray.exe" -system
O4 - HKLM\..\Run: [RFWTray] "C:\Program Files\Rising\Rfw\RsTray.exe" -system
O4 - HKLM\..\Run: [搜狐电视机网页版] C:\Program Files\sohutv_web\SysTrayIcon.exe "C:\Program Files\sohutv_web" "f57a3a621a219df5c5c91f70b7b80d2c" "1.0.0.10" ""
O4 - HKLM\..\Run: [360Safebox] "d:\Program Files\360\360safebox\safeboxTray.exe" /r
O4 - HKLM\..\Run: [360Safetray] d:\Program Files\360\360Safe\safemon\360tray.exe /start
O4 - HKLM\..\Run: [P2PMain] ; D:\Program Files\SooYuu3.0\SooYuu.exe
O4 - HKLM\..\Run: [RavScanBD] ; "C:\Program Files\Rising\Rav\ScanBD.exe" /INST
O4 - HKLM\..\Run: [runeip] ; "D:\Program Files\runiep.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: 使用迅雷下载 - D:\Program Files\Program\GetUrl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - D:\Program Files\Program\GetAllUrl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\QQ\AddEmotion.htm
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\Program Files\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\Program Files\Thunder.exe
O15 - Trusted Zone: http://www.icbc.com.cn
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://3way.kotoo.com/plugin/PowerPlr.ocx
O16 - DPF: {3AA9CF07-DF20-48FF-98BE-DED276E40146} (GDGetTokenInfo Class) - https://b2c.icbc.com.cn/icbc/GDReadPub.cab
O16 - DPF: {448A5F6B-8C03-4B54-A338-F00237C508AD} (WEBChatRoomOCX Control) - http://uc.sina.com.cn/download/chat/chat_1.1.63.69/cab/WEBChatRoom_1.1.63.69.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) - https://img.alipay.com/download/2121/aliedit.cab
O16 - DPF: {5CB840B5-A94E-4AD9-B785-4866E3B04476} (InfoSecNetSign Class) - https://mybank.icbc.com.cn/icbc/ICBCNetSignG.dll
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} (Tencent Safety Online Base Module) - http://safe.qq.com/cgi-bin/tso/TSOBase.ocx
O16 - DPF: {C35D7AE1-0865-4A30-BF07-29FA29324155} (CSetLET Class) - https://mybank.icbc.com.cn/icbc/perbank/GDSetLET.cab
O16 - DPF: {E4BFF825-2E50-4BCC-8497-6EFDFB6C9B3D} (AxUSBKey Class) - https://mybank.icbc.com.cn/icbc/newperbank/USBKEY.cab
O16 - DPF: {E847C78C-C210-4195-8799-FBF3BF89797D} (金山毒霸在线产品升级) - [url=http://cu004.www.duba.net/duba/scan/Package/KOSInit.cab]http://cu004.www.duba.net/duba/scan/Package/KOSInit.cab[/url]
O18 - Protocol: soyu - {951C2E2E-0233-4C10-A4F4-858354DC2EE8} - (no file)
O23 - Service: Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - d:\Program Files\StormII\stormliv.exe
O23 - Service: Rav Process Communication Center (RavCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCENTER.EXE
O23 - Service: Rising RavTask Manager (RavTask) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\RavTask.exe
O23 - Service: Rfw Process Communication Center (RfwCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rfw\CCENTER.EXE
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising RfwTask Manager (RfwTask) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rfw\RavTask.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\RavMonD.exe
O23 - Service: Rising Scan Service (RsScanSrv) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\ScanFrm.exe
--
End of file - 6428 bytes

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; 360SE)

高手呢？菜鸟在等哦……

HJ日志没看出什么

下载Sreng(http://www.kztechs.com/sreng/download.html)

打开Sreng.exe==>智能扫描==>勾选 检查进程模块的数字签名==>点 扫描==>扫描完成后按下“保存报告”按钮

保存报告日志文件（SREng.LOG），把SREng.LOG的扩展名改成“.txt”后以附件的形式发上来

要是Sreng.exe不能运行，直接重命名为123.bat运行

你的日志不完整。请按楼上方法下载sreng扫描日志并上传

又是主页篡改  试试下面这两个方法吧
      1.打开360装机必备——升级360安全卫士到最新版本

　　升级到最新版本后，打开360安全卫士——清理恶评插件

　　打开360安全卫士——高级——修复ie
    2.可能是桌面上和快速启动项的浏览器快捷方式被恶意替换了，右击桌面上的浏览器快捷方式选择属性看下目标指向是不是被改了。(例如下图被改为365kong.com、http://www.78ys.com/)
删除。

附上刚刚扫描的日志！请帮忙看一下！

以下驱动不认得，欢迎讨论。。
[abzwtu / abzwtu][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\abzwtu><N/A>

[adbk / lygimz][Running/Boot Start]
  <\SystemRoot\system32\drivers\adbkf.syss><N/A>
[wtqrol / wtqrol][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\wtqrol><N/A>
[zwurrp / zwurrp][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\zwurrp><N/A>

的确很少见，后缀名都没有。

C:\WINDOWS\system32\abzwtu
C:\WINDOWS\system32\adbkf.syss
C:\WINDOWS\system32\wtqrol
C:\WINDOWS\system32\zwurrp
上面文件用XDelBox一次性删除
(enao.ys168.com 下载)
复制上面所有要删除的文件，打开XDelBox,在待删除列表点 右键==>选择 剪贴版导入不检查路径==>点 右键==>选择==>立刻重启执行删除

删除注册表
  <{64C29133-5E8F-46E6-B8DA-9142180ECA8A}><C:\WINDOWS\fonts\kBPpf2WUfQ.fon>  [File is missing]
    <{93EC6B33-16B4-4110-BBC1-8B4A20E321C5}><C:\WINDOWS\system32\uXrgQ8ZEp.dll>  [File is missing]
    <{0D267113-499A-4EEF-998D-C45731C1B313}><C:\WINDOWS\system32\VnTU2WAqUcZA6.dll>  [File is missing]
    <{1892A9AF-1612-4256-93D2-1934DB1C1DA2}><C:\WINDOWS\fonts\YE8Yb4xPtN.fon>  [File is missing]
    <{D44271FA-C3A0-4D04-B4A8-A979DCDBFA11}><C:\WINDOWS\fonts\GRps74ZaCfTa.fon>  [File is missing]

删除驱动服务
[abzwtu / abzwtu][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\abzwtu><N/A>
[adbk / lygimz][Running/Boot Start]
  <\SystemRoot\system32\drivers\adbkf.syss><N/A>
[wtqrol / wtqrol][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\wtqrol><N/A>
[zwurrp / zwurrp][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\zwurrp><N/A>