按照在网上看的删了一些东东还是不行 高手救
HijackThis_815汉化版扫描日志 V1.99.1
保存于      20:54:54, 日期 2006-1-6
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Panda Software\熊猫卫士钛金版2005\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Panda Software\熊猫卫士钛金版2005\Firewall\PavFires.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\svchpst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\services.exe
D:\Program Files\Panda Software\熊猫卫士钛金版2005\PavFnSvr.exe
D:\Program Files\Panda Software\熊猫卫士钛金版2005\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
D:\Program Files\Panda Software\熊猫卫士钛金版2005\pavsrv51.exe
D:\Program Files\Panda Software\熊猫卫士钛金版2005\AVENGINE.EXE
D:\Program Files\Panda Software\熊猫卫士钛金版2005\prevsrv.exe
D:\Program Files\Panda Software\熊猫卫士钛金版2005\PsImSvc.exe
C:\WINDOWS\System32\alg.exe
D:\Program Files\Tencent\TT\TTraveler.exe
C:\WINDOWS\REGEDIT.ExE
D:\Program Files\HijackThis\HijackThis1991zww.exe

F2 - REG:system.ini: Shell=Explorer.exe 1
O2 - BHO: (no name) - {77FEF28E-EB96-44FF-B511-3185DEA48697} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: MacroMediapd - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - C:\WINDOWS\system32\microapmddt.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - D:\PROGRA~1\SUPERR~1\IEG\HAOKAN~2.DLL
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - IE工具栏增项: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - D:\Program Files\BitComet\BitCometBar\BitCometBar0.2.dll (file missing)
O3 - IE工具栏增项: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file)
O3 - IE工具栏增项: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - D:\PROGRA~1\SUPERR~1\IEG\HAOKAN~2.DLL
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - 启动项HKLM\\Run: [RTHDCPL] RTHDCPL.EXE
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [Torjan Program] C:\WINDOWS\services.exe
O4 - 启动项HKLM\\Run: [wininst] wininst.exe
O4 - 启动项HKLM\\Run: [jiahu] C:\WINDOWS\system32\svchpst.exe
O4 - 启动项HKLM\\Run: [APVXDWIN] "D:\Program Files\Panda Software\熊猫卫士钛金版2005\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\Tencent\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\Tencent\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\Tencent\qq\SendMMS.htm
O10 - Broken Internet access because of LSP provider 'd:\program files\panda software\
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://bbsky.wuhan.net.cn/plugin/PowerPlr.ocx
O16 - DPF: {2761225D-F0F2-44E8-A2C9-476FB6A3316A} (QQLive TRadio Control) - http://dl_dir.qq.com/qqtools/trsetup.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://login.5u56.com/com/EGamesPlugin.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/aliedit.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {ACFE8232-03C5-4AEC-AF5E-42B806724096} (KSHScan Control) - http://scan.kingsoft.com/scan/fangyi/KAllScan.CAB
O16 - DPF: {DF6FE46D-1D23-4668-AD3A-CDEA1262B282} (PowerDld Control) - http://bbsky.wuhan.net.cn/plugin/PowerDld.ocx
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://www.tenpay.com/download/qqedit.cab
O18 - 列举现有的协议: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: KB494001.LOG
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - NT 服务: Panda Firewall Service (PAVFIRES) - Panda Software - D:\Program Files\Panda Software\熊猫卫士钛金版2005\Firewall\PavFires.exe
O23 - NT 服务: Panda Function Service (PAVFNSVR) - Panda Software - D:\Program Files\Panda Software\熊猫卫士钛金版2005\PavFnSvr.exe
O23 - NT 服务: Panda Pavkre (Pavkre) - Panda Software - D:\Program Files\Panda Software\熊猫卫士钛金版2005\Pavkre.exe
O23 - NT 服务: Panda PavProt (PavProt) - Panda Software - D:\Program Files\Panda Software\熊猫卫士钛金版2005\PavProt.exe
O23 - NT 服务: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - NT 服务: Panda anti-virus service (PAVSRV) - Panda Software - D:\Program Files\Panda Software\熊猫卫士钛金版2005\pavsrv51.exe
O23 - NT 服务: Panda Preventium+ Service (PREVSRV) - Panda Software - D:\Program Files\Panda Software\熊猫卫士钛金版2005\prevsrv.exe
O23 - NT 服务: Panda IManager Service (PSIMSVC) - Panda Software Internacional - D:\Program Files\Panda Software\熊猫卫士钛金版2005\PsImSvc.exe
O23 - NT 服务: Windows Management Program - Unknown owner - C:\WINDOWS\winpro.exe

开始→控制面板→性能和维护→管理工具→服务→查找Windows Management Program →右击→属性→启动类型→禁止→应用→停止→确定。

重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows

运行Hijackthis，扫描结束后在下列选项前打上勾，然后选修复“Fix Checked”：

O2 - BHO: MacroMediapd - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - C:\WINDOWS\system32\microapmddt.dll
O4 - 启动项HKLM\\Run: [Torjan Program] C:\WINDOWS\services.exe
O4 - 启动项HKLM\\Run: [wininst] wininst.exe
O4 - 启动项HKLM\\Run: [jiahu] C:\WINDOWS\system32\svchpst.exe

显示隐藏文件

双击我的电脑--工具---文件夹选项--查看选项卡--单击选取"显示隐藏文件或文件夹"--清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示您确定更改时，单击“是”--单击“确定”。

然后找到如下文件并删除（如果有的话）。

C:\WINDOWS\system32\microapmddt.dll
C:\WINDOWS\services.exe
wininst.exe（请用开始菜单中的搜索功能查找）
C:\WINDOWS\system32\svchpst.exe
C:\WINDOWS\winpro.exe
C:\WINDOWS\winpro.dll
C:\WINDOWS\winpro_hook.dll
C:\WINDOWS\winprokey.dll