日志如下
Logfile of HijackThis v1.99.1
Scan saved at 10:28:38, on 2006-9-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\rfwproxy.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
c:\windows\system32\inetsrv\csrss.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Downloads\HijackThis.exe

R3 - URLSearchHook: Micrsoft SearchBar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Micrsoft SearchBar\SearchBar.dll
O2 - BHO: IEMonitor Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\Program Files\DeskAdTop\deskipn.dll (file missing)
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4896.dll (file missing)
O2 - BHO: (no name) - {295CD217-AD34-4B66-91BA-48D5EFD9CA20} - C:\WINDOWS\system32\NBBHO.dll
O2 - BHO: raObject Class - {46F194EB-B7DB-4B7A-BD42-5FF39FD17664} - C:\PROGRA~1\pcast\hbcast.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O2 - BHO: BHOImp Class - {70AFF2CB-9DA2-499C-8D15-900729FCE83D} - C:\WINDOWS\system32\YHBO.dll
O2 - BHO: XBTP03129 - {B07D1F6B-6B8C-4904-8EE8-5E5A2B4624B3} - C:\PROGRA~1\MICRSO~1\SEARCH~1.DLL
O2 - BHO: Macromedia. Flash8 Object - {C61A70F3-505E-4B90-916F-627A8706B4BC} - c:\WINDOWS\system32\COMBoHEvent.dll
O2 - BHO: QuickBtn - {D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7} - C:\Program Files\kuzhan\kuzhan.dll (file missing)
O2 - BHO: Microsoft Solo Browser Helper Object - {E3DB85B5-C559-4894-B474-42E89FAA1EFD} - C:\WINDOWS\system32\wlbs.dll
O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINDOWS\d33o2401.dll (file missing)
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll (file missing)
O3 - Toolbar: Micrsoft SearchBar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Micrsoft SearchBar\SearchBar.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [C:\DOCUME~1\new\LOCALS~1\Temp\popopopopopo.exe] C:\DOCUME~1\new\LOCALS~1\Temp\popopopopopo.exe
O4 - HKLM\..\Run: [C:\WINDOWS\SearchBar06049.exe] C:\WINDOWS\SearchBar06049.exe
O4 - HKLM\..\Run: [C:\WINDOWS\110045setup.exe] C:\WINDOWS\110045setup.exe
O4 - HKLM\..\Run: [C:\WINDOWS\bind_40254.exe] C:\WINDOWS\bind_40254.exe
O4 - HKLM\..\Run: [C:\WINDOWS\cocomusic51.exe] C:\WINDOWS\cocomusic51.exe
O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O4 - HKLM\..\Run: [C:\WINDOWS\Setup-168.exe] C:\WINDOWS\Setup-168.exe
O4 - HKLM\..\Run: [C:\WINDOWS\tshz168.exe] C:\WINDOWS\tshz168.exe
O4 - HKLM\..\Run: [Desktop] C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll
O4 - HKLM\..\Run: [AddrPlus3] C:\PROGRA~1\TENCENT\Adplus\stup.exe C:\PROGRA~1\TENCENT\Adplus\Adplus.dll Rundll32
O4 - HKLM\..\Run: [RichMedia] C:\WINDOWS\system32\Rundll32.exe  "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows
O4 - HKLM\..\Run: [C:\WINDOWS\ie.exe] C:\WINDOWS\ie.exe
O4 - HKLM\..\Run: [C:\WINDOWS\SetupCmd.exe] C:\WINDOWS\SetupCmd.exe
O4 - HKLM\..\Run: [C:\WINDOWS\7025avpa.exe] C:\WINDOWS\7025avpa.exe
O4 - HKLM\..\Run: [C:\WINDOWS\setup_110017.exe] C:\WINDOWS\setup_110017.exe
O4 - HKLM\..\Run: [C:\WINDOWS\bind_40029.exe] C:\WINDOWS\bind_40029.exe
O4 - HKLM\..\Run: [C:\WINDOWS\kw_rg_lyric_051.exe] C:\WINDOWS\kw_rg_lyric_051.exe
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [boot-hf] c:\windows\BOOT-hf.exe
O4 - HKCU\..\Run: [svc] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [msnnt] C:\WINDOWS\winampa.exe
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\QQ2005\QQ.exe
O4 - Startup: office文件检索.exe
O8 - Extra context menu item: 使用影音传送带下载 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\QQ2005\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\QQ2005\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\QQ2005\SendMMS.htm
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O9 - Extra button: 微软 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\QQ2005\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\QQ2005\QQ.EXE (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\msplus.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\srvdll.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\srvdll.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msplus.dll
O11 - Options group: [CDNCLIENT]  中文上网
O11 - Options group: [TBH]  搜搜地址栏搜索
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2B78C2C-EDFE-4FED-9C87-A380EE3093CF}: NameServer = 10.160.0.5
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINDOWS\d33d2401.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

请高手指点

c:\windows\system32\inetsrv\csrss.exe
以上这一项，看以下的帖子
http://forum.ikaka.com/topic.asp?board=28&artid=8171746
需要在安全模式下解决，一会进入再说。

建议你下载超级兔子。
http://www.pctutu.com/srmsdown.asp
安装好后，打开“超级兔子优化王”“专业卸载,卸载所有提示的垃圾软件，卸载是不要打开任何浏览窗口。卸载不了可以重启后再去卸载。

请到http://forum.ikaka.com/topic.asp?board=67&artid=5188931，下载，LSPFix.exe，WinsockXPFix这两个软件
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
运行Hijackthis，扫描结束后在下列选项前打上勾，然后选"修复
O4 - HKCU\..\Run: [svc] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [msnnt] C:\WINDOWS\winampa.exe
O4 - HKLM\..\Run: [C:\WINDOWS\ie.exe] C:\WINDOWS\ie.exe
O4 - HKLM\..\Run: [C:\WINDOWS\SetupCmd.exe] C:\WINDOWS\SetupCmd.exe
O4 - HKLM\..\Run: [C:\WINDOWS\7025avpa.exe] C:\WINDOWS\7025avpa.exe
O4 - HKLM\..\Run: [C:\WINDOWS\setup_110017.exe] C:\WINDOWS\setup_110017.exe
O4 - HKLM\..\Run: [C:\WINDOWS\bind_40029.exe] C:\WINDOWS\bind_40029.exe
O4 - HKLM\..\Run: [C:\WINDOWS\kw_rg_lyric_051.exe] C:\WINDOWS\kw_rg_lyric_051.exe
O4 - HKLM\..\Run: [RichMedia] C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows
O4 - HKLM\..\Run: [C:\WINDOWS\Setup-168.exe] C:\WINDOWS\Setup-168.exe
O4 - HKLM\..\Run: [C:\WINDOWS\tshz168.exe] C:\WINDOWS\tshz168.exe
O4 - HKLM\..\Run: [C:\DOCUME~1\new\LOCALS~1\Temp\popopopopopo.exe] C:\DOCUME~1\new\LOCALS~1\Temp\popopopopopo.exe
O4 - HKLM\..\Run: [C:\WINDOWS\SearchBar06049.exe] C:\WINDOWS\SearchBar06049.exe
O4 - HKLM\..\Run: [C:\WINDOWS\110045setup.exe] C:\WINDOWS\110045setup.exe
O4 - HKLM\..\Run: [C:\WINDOWS\bind_40254.exe] C:\WINDOWS\bind_40254.exe
O4 - HKLM\..\Run: [C:\WINDOWS\cocomusic51.exe] C:\WINDOWS\cocomusic51.exe
O2 - BHO: Microsoft Solo Browser Helper Object - {E3DB85B5-C559-4894-B474-42E89FAA1EFD} - C:\WINDOWS\system32\wlbs.dll
O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINDOWS\d33o2401.dll (file missing)
O2 - BHO: BHOImp Class - {70AFF2CB-9DA2-499C-8D15-900729FCE83D} - C:\WINDOWS\system32\YHBO.dll
O2 - BHO: (no name) - {295CD217-AD34-4B66-91BA-48D5EFD9CA20} - C:\WINDOWS\system32\NBBHO.dll
O2 - BHO: raObject Class - {46F194EB-B7DB-4B7A-BD42-5FF39FD17664} - C:\PROGRA~1\pcast\hbcast.dll


运行LSPFix.exe
删除
msplus.dll
srvdll.dll
附说明一份
LSPFix.exe这个软件主要用来辅助修复HijackThis扫描发现的O10项。
使用时，请关闭所有IE界面和文件夹界面后运行LSPFix，运行后，把要修复的那一个O10项从左边转到右边，点“Finish”即可。（不过这之前，需要在“I know what I`m doing”前面打勾。）
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
删除
c:\windows\system32\msplus.dll
c:\windows\system32\srvdll.dll
c:\windows\system32\msplus.dll
C:\WINDOWS\svchost.exe
C:\WINDOWS\winampa.exe
C:\WINDOWS\ie.exe
C:\WINDOWS\7025avpa.e
C:\WINDOWS\SetupCmd.exe
C:\WINDOWS\setup_110017.exe
C:\WINDOWS\bind_40029.exe
C:\WINDOWS\kw_rg_lyric_051.exe
C:\PROGRA~1\pcast
C:\WINDOWS\Setup-168.exe
C:\WINDOWS\tshz168.exe
C:\DOCUME~1\new\LOCALS~1\Temp
C:\WINDOWS\SearchBar06049.exe
C:\WINDOWS\110045setup.exe
:\WINDOWS\bind_40254.exe
C:\WINDOWS\cocomusic51.exe
C:\WINDOWS\system32\wlbs.dll
C:\WINDOWS\system32\YHBO.dll
C:\WINDOWS\system32\NBBHO.dll
修复后重启，如果无法上网，请运行WinsockXPFix，让它修复一下。
回到正常模式，请再扫日志粘上来。
如果总是无法修复
看以下的帖子
解决Winsock LSP“浏览器劫持”的一些方法
http://forum.ikaka.com/topic.asp?board=67&artid=8162074

完后重启。
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

哥哥太谢谢你了．我马上就做