瑞星监控和防火墙在正常模式下都运行不了,安全模式下能杀毒.
HijackThis在正常模式下也不能运行(打开后很开就跳掉了,来不及显示日志),安全模式下的日志如下,请大侠帮忙看看啊!!

Logfile of HijackThis v1.99.1
Scan saved at 8:38:47, on 2006-8-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\Userinit.exe
C:\WINDOWS\Explorer.EXE
E:\HijackThis.exe

O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: YOK超级搜索 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll
O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - C:\WINDOWS\system32\WinSC.dll (file missing)
O2 - BHO: Subconscious Intruder - {E2218499-2FD4-4EED-A94A-7F0B9C6E300E} - C:\WINDOWS\system32\Inte32.dll (file missing)
O3 - Toolbar: YOK超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccenter] C:\Program Files\rising\Rav\CCenter.exe
O4 - HKLM\..\Run: [C:\WINDOWS\wd2_051117_WIS205_mini.exe] C:\WINDOWS\wd2_051117_WIS205_mini.exe
O4 - HKLM\..\Run: [Update] C:\WINDOWS\Temp\iequery.exe
O4 - HKLM\..\Run: [Systems32] C:\WINDOWS\system32\WinSever.exe
O4 - HKLM\..\Run: [zt] C:\Program Files\Intel\svhost32.exe
O4 - HKLM\..\Run: [Mysee Alert] "C:\Program Files\GAOV\Mysee Alert\Mysee Alert.exe" -notray
O4 - HKLM\..\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe
O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O4 - HKLM\..\RunServices: [RavMon] C:\Program Files\rising\rav\RavMon.exe /AUTO
O4 - HKLM\..\RunServices: [ccenter] C:\Program Files\rising\Rav\CCenter.exe
O4 - HKCU\..\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: YOK超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - http://www.yok.com (file missing)
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D193221-4BA7-410C-A098-FA33FCF61397}: NameServer = 220.187.24.2,220.187.24.6
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINDOWS\system\128d8a70.dll (file missing)
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology

HijackThis_815汉化版扫描日志 V1.99.1
保存于      8:52:54, 日期 2006-8-30
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msime.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\WinSever.exe
C:\Program Files\GAOV\Mysee Alert\Mysee Alert.exe
C:\WINDOWS\system32\Realplayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\HijackThis1991zww.exe

O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: YOK超级搜索 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll
O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - C:\WINDOWS\system32\WinSC.dll (file missing)
O2 - BHO: Subconscious Intruder - {E2218499-2FD4-4EED-A94A-7F0B9C6E300E} - C:\WINDOWS\system32\Inte32.dll (file missing)
O3 - IE工具栏增项: YOK超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [ccenter] C:\Program Files\rising\Rav\CCenter.exe
O4 - 启动项HKLM\\Run: [C:\WINDOWS\wd2_051117_WIS205_mini.exe] C:\WINDOWS\wd2_051117_WIS205_mini.exe
O4 - 启动项HKLM\\Run: [Update] C:\WINDOWS\Temp\iequery.exe
O4 - 启动项HKLM\\Run: [Systems32] C:\WINDOWS\system32\WinSever.exe
O4 - 启动项HKLM\\Run: [zt] C:\Program Files\Intel\svhost32.exe
O4 - 启动项HKLM\\Run: [Mysee Alert] "C:\Program Files\GAOV\Mysee Alert\Mysee Alert.exe" -notray
O4 - 启动项HKLM\\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe
O4 - 启动项HKLM\\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O4 - 启动项HKLM\\RunServices: [RavMon] C:\Program Files\rising\rav\RavMon.exe /AUTO
O4 - 启动项HKLM\\RunServices: [ccenter] C:\Program Files\rising\Rav\CCenter.exe
O4 - HKCU\..\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: YOK超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - http://www.yok.com (file missing)
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D193221-4BA7-410C-A098-FA33FCF61397}: NameServer = 220.187.24.2,220.187.24.6
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINDOWS\system\128d8a70.dll (file missing)
O23 - NT 服务: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

大侠都到哪去了?

运行Hijackthis，把下面的选中打上钩，修复
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - C:\WINDOWS\system32\WinSC.dll (file missing)
O2 - BHO: Subconscious Intruder - {E2218499-2FD4-4EED-A94A-7F0B9C6E300E} - C:\WINDOWS\system32\Inte32.dll (file missing)
O4 - 启动项HKLM\\Run: [C:\WINDOWS\wd2_051117_WIS205_mini.exe] C:\WINDOWS\wd2_051117_WIS205_mini.exe
O4 - 启动项HKLM\\Run: [Update] C:\WINDOWS\Temp\iequery.exe
O4 - 启动项HKLM\\Run: [Systems32] C:\WINDOWS\system32\WinSever.exe
O4 - 启动项HKLM\\Run: [zt] C:\Program Files\Intel\svhost32.exe
O4 - 启动项HKLM\\Run: [Mysee Alert] "C:\Program Files\GAOV\Mysee Alert\Mysee Alert.exe" -notray
O4 - 启动项HKLM\\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINDOWS\system\128d8a70.dll (file missing)


O4 - 启动项HKLM\\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe
启动项
C:\WINDOWS\system32\Realplayer.exe
C:\WINDOWS\system32\Realplayer.exe
运行中的程序
C:\WINDOWS\system32\brlmon.dll

解决方法
解决方法如下
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
ALT+CTRL+DELETE调出任务管理器,终止explorer.exe 还有Realplayer.exe的进程
点“文件”“新任务”“浏览”找到C:\WINDOWS\system32\Realplayer.exe
删除Realplayer.exe
点“文件”“新任务”“浏览”找到C:\WINDOWS\explorer.exe,双击打开
下载：SRENG2  下载地址：http://free5.ys168.com/?ufwihgu168
运行(双击)System Repair Engineer，使用“启动项目，注册表”来删除以下选项。
C:\WINDOWS\system32\Realplayer.exe
C:\WINDOWS\system32\Realplayer.exe
删除
C:\WINDOWS\system32\brlmon.dll
把主页改回来。


修复后，使用“智能扫描”，按下“扫描”按钮进行扫描，
扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完，分次粘完，请不要修改。

2006-08-31,08:50:34

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <msnmsgr><; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SoundMan><; SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <ccenter><; C:\Program Files\rising\Rav\CCenter.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <RavMon><; C:\Program Files\rising\rav\RavMon.exe /AUTO>  [Beijing Rising Technology Co., Ltd.]
    <ccenter><; C:\Program Files\rising\Rav\CCenter.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <KernelFaultCheck><; C:\WINDOWS\system32\msime.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\SYSTEM32\Userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{288BD9BD-F0DC-46B1-81B5-2B61DF8077CE}><C:\WINDOWS\system32\ztt2.DLL>  []
    <{CF49F9F2-A8D3-464F-83EC-6AFC6573C267}><C:\WINDOWS\system32\jhcmd2.dll>  []
    <{BEEADE0D-47BB-4F20-AD26-5E5F172BF97C}><C:\Program Files\Internet Explorer\PLUGINS\system32.sys>  []

==================================
启动文件夹
服务
[Rising Proxy  Service / RfwProxySrv]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <C:\Program Files\rising\rav\CCenter.exe><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows Firewall/Internet Connection Sharing (SIC) / Service33224]
  <c:\windows\system32\winloger.exe><N/A>

==================================
浏览器加载项
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <d:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[YOK超级搜索]
  {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} <C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll, www.YOK.com>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <d:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[YOK超级搜索]
  {F869BB38-FFEF-4589-B986-610B7AD0ADA2} <http://www.yok.com, N/A>
[YOK超级搜索]
  {F869BB38-FFEF-4589-B986-610B7AD0ADA2} <C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll, www.YOK.com>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[]
  {04F3BFB0-9D30-42F9-943F-C170F5630A6E} <C:\WINDOWS\system32\Ykka.dll, N/A>
[]
  {1002C3E2-EB57-451B-A12B-4EC107FCC37A} <C:\WINDOWS\system32\Ibmr.dll, N/A>
[]
  {19CDF38C-06E3-45D3-B9C3-D1CB64DE34E8} <C:\WINDOWS\system32\Zliwsx.dll, N/A>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[]
  {2414AA53-5954-4A5C-8E13-33E2F1C4DCDD} <C:\WINDOWS\system32\Cpvi.dll, N/A>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[]
  {25714970-F58B-447F-8BC1-83AE33C4734F} <C:\WINDOWS\system32\Tghcn.dll, N/A>
[]
  {2A3DD199-4D22-4BF4-84C6-914D0404F5E8} <C:\WINDOWS\system32\Ahbrz.dll, N/A>
[]
  {3427FE4F-9C1C-4E9C-8901-850C3C491FF7} <C:\WINDOWS\system32\Hbvk.dll, N/A>
[]
  {38C06E0D-C80B-433C-8206-DD5CA3EF029A} <C:\WINDOWS\system32\Wkbwu.dll, N/A>
[]
  {3A85D9AC-FD48-479D-92E4-A7BC6312EE71} <C:\WINDOWS\system32\Jxzjt.dll, N/A>
[]
  {3E3BAC78-2352-46D1-88EC-FA7F48AFB613} <C:\WINDOWS\system32\Kcszyq.dll, N/A>
[]
  {4E03C4AF-0798-4942-8C6E-446FEC09DD92} <C:\WINDOWS\system32\Mhgyl.dll, N/A>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[CMCBooter Object]
  {53AF6E02-F18F-4228-AC13-3E79773FBE50} <C:\WINDOWS\system32\Booter.ocx, 北京高维视讯科技有限公司>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <d:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[]
  {5FA17154-47F9-4156-9AA7-A5E8723F5F27} <C:\WINDOWS\system32\Mqjgyb.dll, N/A>
[]
  {636B0B03-EC88-4129-948E-3ED1537C180E} <C:\WINDOWS\system32\Pxgcky.dll, N/A>
[]
  {64A6E217-D96B-40BF-ABAE-A021DA863F6D} <C:\WINDOWS\system32\Vjktq.dll, N/A>
[]
  {669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\ssup.dll, TENCENT>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[]
  {71700636-F638-4C44-9577-B520612995F6} <C:\WINDOWS\system32\Wupbuk.dll, N/A>
[]
  {721BE4DB-9FCD-45E2-A661-229C12A7D1F4} <C:\WINDOWS\system32\Dxulk.dll, N/A>
[YOK超级搜索]
  {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} <C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll, www.YOK.com>
[CMCLoader Object]
  {779769CA-82F1-4973-BBA7-515E6C7BFD0E} <C:\Program Files\GAOV\Mysee2\MycLive.dll, 北京高维视讯科技有限公司>
[]
  {79D59809-DF82-42CC-B89E-F84273B99F12} <C:\WINDOWS\system32\Bqbtpb.dll, N/A>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[CNNIC_IDN]
  {9A578C98-3C2F-4630-890B-FC04196EF420} <C:\WINDOWS\system32\cdn.dll, CNNIC>
[]
  {9F38CA80-FD54-4A83-9BCE-4BD9FE28EB97} <C:\WINDOWS\system32\Djhph.dll, N/A>
[]
  {A2606F55-E77D-4150-AC0C-B2F602CD6AC7} <C:\WINDOWS\system32\Gzmohu.dll, N/A>
[]
  {A8C27AA2-12F7-4F70-8801-2EDA50A24B77} <C:\WINDOWS\system32\Czcssz.dll, N/A>
[]
  {AA27BD0C-C2DC-4CC5-8FD9-75145AE90F42} <C:\WINDOWS\system32\Lelboy.dll, N/A>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[]
  {C5536DF0-BDF7-473C-8112-2351423BF89A} <C:\WINDOWS\system32\Uwjxs.dll, N/A>
[RniQflvb Class]
  {CB5CA83D-CC3C-7360-5E9C-A5FF117ED2C4} <C:\WINDOWS\DOWNLO~1\htgeg.dll, bxcpesoft>
[AUDIO__MID Moniker Class]
  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
  {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[]
  {D97DD9B5-461E-4809-BAF7-4F25988A2471} <C:\WINDOWS\system32\Lyop.dll, N/A>
[]
  {D9CAF839-7AFD-49AD-ACF9-7859E5B9CEF8} <C:\WINDOWS\system32\Fevejr.dll, N/A>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[]
  {E507C757-46AF-4E2F-8150-F89017C6EF78} <C:\WINDOWS\system32\Lzljj.dll, N/A>
[]
  {ECE469B3-8E6E-4C1E-BE5A-8325565E28F2} <C:\WINDOWS\system32\Kgyz.dll, N/A>
[YOK超级搜索]
  {F869BB38-FFEF-4589-B986-610B7AD0ADA2} <C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll, www.YOK.com>
[&使用迅雷下载]
  <d:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <d:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

正在运行的进程
[PID: 460][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 508][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 532][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 576][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 588][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 748][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 796][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 860][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 984][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1040][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1240][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\ztt2.DLL]  <N/A><N/A>
    [C:\WINDOWS\system32\jhcmd2.dll]  <N/A><N/A>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll]  <www.YOK.com><2.0.1.8>
[PID: 1292][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  <Windows (R) 2000 DDK provider><5.00.2195.1620>
[PID: 504][C:\WINDOWS\system32\wuauclt.exe]  <Microsoft Corporation><5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 836][E:\sreng2\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\WINDOWS\system32\jhcmd2.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\ztt2.DLL]  <N/A><N/A>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

帮偶看看啊~~

不知道

关闭所有浏览窗口以及一些不必要的程序
运行(双击)System Repair Engineer，使用“系统修复，浏览器加载项”来删除以下选项。
C:\WINDOWS\system32\Ykka.dll
C:\WINDOWS\system32\Ibmr.dll
C:\WINDOWS\system32\Zliwsx.dll
C:\WINDOWS\system32\Cpvi.dll
C:\WINDOWS\system32\Tghcn.dll
<C:\WINDOWS\system32\Tghcn.dll
C:\WINDOWS\system32\Ahbrz.dll
C:\WINDOWS\system32\Hbvk.dll
C:\WINDOWS\system32\Jxzjt.dll
C:\WINDOWS\system32\Kcszyq.dll
C:\WINDOWS\system32\Mhgyl.dll
C:\WINDOWS\system32\Wupbuk.dll
C:\WINDOWS\system32\Bqbtpb.dll
C:\WINDOWS\system32\Lelboy.dll
C:\WINDOWS\system32\Lyop.dll
C:\WINDOWS\system32\Fevejr.dll
C:\WINDOWS\system32\Kgyz.dll
运行(双击)System Repair Engineer，点“启动项目，服务，点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务Windows Firewall/Internet Connection Sharing (SIC) ，选择“删除服务”点“设置”选择“否”
请到www.27814939.ys168.com,点“我的软件”下载KillBox.exe
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
双击打开KillBox.exe，分别删除
C:\WINDOWS\system32\msime.exe
C:\WINDOWS\system32\ztt2.DLL
C:\WINDOWS\system32\jhcmd2.dll
C:\Program Files\Internet Explorer\PLUGINS\system32.sys
c:\windows\system32\winloger.exe
C:\WINDOWS\system32\Ykka.dll
C:\WINDOWS\system32\Ibmr.dll
C:\WINDOWS\system32\Zliwsx.dll
C:\WINDOWS\system32\Cpvi.dll
C:\WINDOWS\system32\Tghcn.dll
<C:\WINDOWS\system32\Tghcn.dll
C:\WINDOWS\system32\Ahbrz.dll
C:\WINDOWS\system32\Hbvk.dll
C:\WINDOWS\system32\Jxzjt.dll
C:\WINDOWS\system32\Kcszyq.dll
C:\WINDOWS\system32\Mhgyl.dll
C:\WINDOWS\system32\Wupbuk.dll
C:\WINDOWS\system32\Bqbtpb.dll
C:\WINDOWS\system32\Lelboy.dll
C:\WINDOWS\system32\Lyop.dll
C:\WINDOWS\system32\Fevejr.dll
C:\WINDOWS\system32\Kgyz.dll
（删除时勾选“删除前先结束Explorer.EXE进程”不行再试着勾选"删除DLL文件前反注册此文件"
运行(双击)System Repair Engineer，使用“启动项目，注册表”来删除以下选项。
C:\WINDOWS\system32\msime.exe
C:\WINDOWS\system32\ztt2.DLL
C:\WINDOWS\system32\jhcmd2.dll
C:\Program Files\Internet Explorer\PLUGINS\system32.sys
完后重启，再扫个日志粘上来。