Logfile of HijackThis v1.99.1
Scan saved at 22:14:24, on 2006-2-5
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HijackThis.exe

O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F2EB8999-766E-4BF6-AAAD-188D398C0D0B} (PBActiveX40 Control) - http://www4.bj.cmbchina.com/download/pb45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{20BB52E4-5270-4120-AD6A-50344A4E3CE8}: NameServer = 203.196.0.6,202.106.0.20
O20 - Winlogon Notify: H323TSP - C:\WINNT\system32\l04qlah51d4.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

以上的C:\WINNT\system32\rundll32.exe肯定有问题在普通模式里进程能杀掉 但重起还有
但在安全模式杀不掉！！！
下面是我的hosts文件我只要改完他保存完利马他就该回成下面那样，还不时的弹网页国外的真不知道该怎么办了，请打虾们帮帮我吧，小弟在这里先谢谢了




127.0.0.1  localhost
127.0.0.1  sds-qckads.com
127.0.0.1  status.qckads.com
127.0.0.1  www.qoolaid.com
127.0.0.1  www.qoologic.com
127.0.0.1  www.CLKPrecision.com
127.0.0.1  www.urllogic.com
127.0.0.1  www.clkoptimizer.com
127.0.0.1  www.isearch.com
127.0.0.1  isearch.com
127.0.0.1  www.idownload.com
127.0.0.1  idownload.com
127.0.0.1  www.mytotalsearch.com
127.0.0.1  mytotalsearch.com
127.0.0.1  www.lop.com
127.0.0.1  lop.com
127.0.0.1  www.websearch.com
127.0.0.1  websearch.com
127.0.0.1  www.page-not-found.net
127.0.0.1  page-not-found.net
127.0.0.1  www.isearchhere.com
127.0.0.1  isearchhere.com
127.0.0.1  as.adwave.com
127.0.0.1  sr.adwave.com
127.0.0.1  www.adwave.com
127.0.0.1  adwave.com EVENT:HOST:127.0.0.1
127.0.0.1  www.pacimedia.com
127.0.0.1  www.exactsearch.net
127.0.0.1  www.contextplus.net

请先参考
【推荐】被www.ad-w-a-r-e.com劫持的解决办法
http://forum.ikaka.com/topic.asp?board=67&artid=7736743

他是什么原理啊？？？为什么杀杀不掉啊？