Logfile of HijackThis v1.99.1
Scan saved at 21:22:49, on 2006-2-21
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\conime.exe
d:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\YWxhbg\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ChinaNet\VnetClient.exe
D:\Program Files\Tencent\QQ\QQ.exe
d:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
d:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\huang\LOCALS~1\Temp\Rar$EX00.422\HijackThis.exe

O1 - Hosts: 218.83.160.85 bbs1.90hk.com
O1 - Hosts: 218.83.160.85 bbs1.90hk.net
O1 - Hosts: 218.83.160.85 tk288.com
O1 - Hosts: 218.83.160.85 www.tk288.com
O1 - Hosts: 218.83.160.85 tm337.com
O1 - Hosts: 218.83.160.85 www.tm337.com
O1 - Hosts: 218.83.160.85 tm3721.com
O1 - Hosts: 218.83.160.85 www.tm3721.com
O1 - Hosts: 218.83.160.85 555528.com
O1 - Hosts: 218.83.160.85 www.555528.com
O1 - Hosts: 218.83.160.85 kkk800.com
O1 - Hosts: 218.83.160.85 www.kkk800.com
O1 - Hosts: 218.83.160.85 999077.com
O1 - Hosts: 218.83.160.85 www.999077.com
O1 - Hosts: 218.83.160.85 555518.com
O1 - Hosts: 218.83.160.85 www.555518.com
O1 - Hosts: 218.83.160.85 555528.com
O1 - Hosts: 218.83.160.85 www.555528.com
O1 - Hosts: 218.83.160.85 555548.com
O1 - Hosts: 218.83.160.85 www.555548.com
O1 - Hosts: 218.83.160.85 8k8888.com
O1 - Hosts: 218.83.160.85 www.8k8888.com
O1 - Hosts: 218.83.160.85 bj38.com
O1 - Hosts: 218.83.160.85 www.bj38.com
O1 - Hosts: 218.83.160.85 7777k.com
O1 - Hosts: 218.83.160.85 www.7777k.com
O1 - Hosts: 218.83.160.85 kk517.com
O1 - Hosts: 218.83.160.85 www.kk517.com
O1 - Hosts: 218.83.160.85 798888.com
O1 - Hosts: 218.83.160.85 www.798888.com
O1 - Hosts: 218.83.160.85 666638.com
O1 - Hosts: 218.83.160.85 www.666638.com
O1 - Hosts: 218.83.160.85 58606.com
O1 - Hosts: 218.83.160.85 www.58606.com
O1 - Hosts: 218.83.160.85 hongkong49.cn
O1 - Hosts: 218.83.160.85 www.hongkong49.cn
O1 - Hosts: 218.83.160.85 25588.com
O1 - Hosts: 218.83.160.85 www.25588.com
O1 - Hosts: 218.83.160.85 k8118.com
O1 - Hosts: 218.83.160.85 www.k8118.com
O1 - Hosts: 218.83.160.85 hhh777.com
O1 - Hosts: 218.83.160.85 www.hhh777.com
O1 - Hosts: 218.83.160.85 tm658.com
O1 - Hosts: 218.83.160.85 www.tm658.com
O1 - Hosts: 218.83.160.85 2233kk.net
O1 - Hosts: 218.83.160.85 www.2233kk.net
O1 - Hosts: 218.83.160.85 44599.com
O1 - Hosts: 218.83.160.85 www.44599.com
O1 - Hosts: 218.83.160.85 46188.com
O1 - Hosts: 218.83.160.85 www.46188.com
O1 - Hosts: 218.83.160.85 77790.net
O1 - Hosts: 218.83.160.85 www.77790.net
O1 - Hosts: 218.83.160.85 tm003.com
O1 - Hosts: 218.83.160.85 www.tm003.com
O1 - Hosts: 218.83.160.85 cm68.com
O1 - Hosts: 218.83.160.85 www.cm68.com
O1 - Hosts: 218.83.160.85 77688.com
O1 - Hosts: 218.83.160.85 www.77688.com
O1 - Hosts: 218.83.160.85 77688.net
O1 - Hosts: 218.83.160.85 www.77688.net
O1 - Hosts: 218.83.160.85 4394.com
O1 - Hosts: 218.83.160.85 www.4394.com
O1 - Hosts: 218.83.160.85 cc5588.com
O1 - Hosts: 218.83.160.85 www.cc5588.com
O1 - Hosts: 218.83.160.85 68676.com
O1 - Hosts: 218.83.160.85 www.68676.com
O1 - Hosts: 218.83.160.85 68909.com
O1 - Hosts: 218.83.160.85 www.68909.com
O1 - Hosts: 218.83.160.85 228tk.net
O1 - Hosts: 218.83.160.85 www.228tk.net
O1 - Hosts: 218.83.160.85 xg7788.com
O1 - Hosts: 218.83.160.85 www.xg7788.com
O1 - Hosts: 218.83.160.85 bj858.com
O1 - Hosts: 218.83.160.85 www.bj858.com
O1 - Hosts: 218.83.160.85 44288.com
O1 - Hosts: 218.83.160.85 www.44288.com
O1 - Hosts: 218.83.160.85 kk6688.com
O1 - Hosts: 218.83.160.85 www.kk6688.com
O1 - Hosts: 218.83.160.85 kk4949.com
O1 - Hosts: 218.83.160.85 www.kk4949.com
O1 - Hosts: 218.83.160.85 44788.com
O1 - Hosts: 218.83.160.85 www.44788.com
O1 - Hosts: 218.83.160.85 44788.net
O1 - Hosts: 218.83.160.85 www.44788.net
O1 - Hosts: 218.83.160.85 03cn.com
O1 - Hosts: 218.83.160.85 www.03cn.com
O1 - Hosts: 218.83.160.85 44337.com
O1 - Hosts: 218.83.160.85 www.44337.com
O1 - Hosts: 218.83.160.85 tk288.net
O1 - Hosts: 218.83.160.85 www.tk288.net
O1 - Hosts: 218.83.160.85 tk96.net
O1 - Hosts: 218.83.160.85 www.tk96.net
O1 - Hosts: 218.83.160.85 kkk8888.com
O1 - Hosts: 218.83.160.85 www.kkk8888.com
O1 - Hosts: 218.83.160.85 6k36.com
O1 - Hosts: 218.83.160.85 www.6k36.com
O1 - Hosts: 218.83.160.85 168777.com
O1 - Hosts: 218.83.160.85 www.168777.com
O1 - Hosts: 218.83.160.85 12367.com
O1 - Hosts: 218.83.160.85 www.12367.com
O1 - Hosts: 218.83.160.85 xg838.com
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\kakatool.dll
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [KAVPersonal50] "d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [RfwMain] "d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\sp4custom.dll
O4 - HKLM\..\Run: [3721] C:\$NtUninstallQ5926809$\3721.bat
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\sp4custom.dll
O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\3721.bat
O16 - DPF: {0400AC1C-EEF0-4638-A501-31D5A0DC2002} - http://s3.liaoliao.com:1995/VTrans.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} - http://s3.liaoliao.com:1995/talk.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{80B1DC81-10C9-4FE9-AD4B-15EB86D8317B}: NameServer = 202.101.224.69 202.101.226.68
O20 - AppInit_DLLs: KB494002.LOG
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\mv02l9do1.dll
O21 - SSODL: DLMon - {590498A3-4131-4D8F-BA4B-36791A0803B1} - C:\WINDOWS\System32\DLMain.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YWxhbg\command.exe
O23 - Service: kavsvc - Kaspersky Lab - d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Task Helper - Unknown owner - C:\WINDOWS\System32\SVCH0ST.EXE

急急急！！！

开始→控制面板→性能和维护→管理工具→服务→查找Command Service、Task Helper→右击→属性→启动类型→禁止→应用→停止→确定。

重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows

运行Hijackthis，扫描结束后在下列选项前打上勾，然后选修复“Fix Checked”：

所有01项
O4 - HKLM\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\sp4custom.dll
O4 - HKLM\..\Run: [3721] C:\$NtUninstallQ5926809$\3721.bat
O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\sp4custom.dll
O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\3721.bat
O20 - AppInit_DLLs: KB494002.LOG
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\mv02l9do1.dll
O21 - SSODL: DLMon - {590498A3-4131-4D8F-BA4B-36791A0803B1} - C:\WINDOWS\System32\DLMain.dll (file missing)

显示隐藏文件

双击我的电脑--工具---文件夹选项--查看选项卡--单击选取"显示隐藏文件或文件夹"--清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示您确定更改时，单击“是”--单击“确定”。

然后找到如下文件并删除（如果有的话）。

C:\$NtUninstallQ5926809$\整个目录
KB494002.LOG（请用开始菜单中的搜索功能查找）
C:\WINDOWS\YWxhbg\整个目录
C:\WINDOWS\System32\SVCH0ST.EXE（注意中间是数字0）
C:\WINDOWS\system32\mv02l9do1.dll  这一项如果无法删除请参考

http://forum.ikaka.com/topic.asp?board=67&artid=7736743

thanks!!!