我的 運行 輸入指令后就打不開了。。。。（已經殺過毒了。。還是老樣子打不開。。）下面是我剛掃描的日誌。。請各位道上的高手。。甚至於高手中的高手出來幫小弟指點一下迷津。。。（系統是我昨天剛剛從新安裝過的）


日志文件: 趋势科技 HijackThis v2.0.0 (BETA)
保存时间: 15:03:19, on 2007-6-17
操作系统: Windows XP SP2 (WinNT 5.01.2600)
启动模式: 正常


正在运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Rising\AntiSpyware\runiep.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\好東西\ha_hijackthisv2_pp\HA_HijackThisv2_PP\HiJackThis_v2.exe


O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HijackThis startup scan] D:\好東西\ha_hijackthisv2_pp\HA_HijackThisv2_PP\HijackThis.exe /startupsc
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - 扩展右键菜单项: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O15 - Trusted Zone: http://www.icbc.com.cn
O17 - HKLM\System\CCS\Services\Tcpip\..\{7AA27071-AB18-4159-8F0D-AC4B5D045195}: NameServer = 202.96.209.6,202.96.209.133
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (无 CLSID) - (没有文件)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msdaipp - (无 CLSID) - (没有文件)
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O22 - SharedTaskScheduler: Browseui 预加载程序 - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: 组件类别缓存程序 - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe


--
文件结束 - 5905 字节


拜托。。拜托。。

Autoruns日誌：


HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms           
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup           
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup           
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon           
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon           
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit           
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell           
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell           
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell           
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell           
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman           
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce           
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx           
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run           
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run           
+ !AVG Anti-Spyware    AVG Anti-Spyware    (已校验)  GRISOFT LTD    c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe
+ BigDogPath    Still Image (STI) Driver    (未校验)      VM.    c:\windows\vm_sti.exe
+ RavTask    RavTimer    (未校验)      Beijing Rising Technology Co., Ltd.    c:\program files\rising\rav\ravtask.exe
+ RfwMain    Rising Personal FireWall Main Program    (未校验)      Beijing Rising Technology Co., Ltd.    c:\program files\rising\rfw\rfwmain.exe
+ runeip    Rising AntiSpyware Monitor    (未校验)      Beijing Rising Technology Co., Ltd.    c:\program files\rising\antispyware\runiep.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx           
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce           
+ KKDelay    RunOnce Application    (未校验)      Beijing Rising Technology Co., Ltd.    c:\program files\rising\antispyware\runonce.exe
C:\Documents and Settings\All Users\「开始」菜单\程序\启动           
C:\Documents and Settings\Administrator\「开始」菜单\程序\启动           
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load           
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run           
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run           
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run           
HKCU\Software\Microsoft\Windows\CurrentVersion\Run           
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce           
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce           
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx           
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run           
HKLM\SOFTWARE\Classes\Protocols\Filter           
HKLM\SOFTWARE\Classes\Protocols\Handler           
+ ms-itss    Microsoft? InfoTech Storage System Library    (未校验)      Microsoft Corporation    c:\program files\common files\microsoft shared\information retrieval\msitss.dll
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components           
+ 0            文件未找到:    About:Home
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components           
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components           
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler           
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad           
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad           
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks           
+ AVG Anti-Spyware 7.5    AVG Anti-Spyware shellexecutehook    (已校验)  GRISOFT LTD    c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved           
+ Display Panning CPL Extension            文件未找到:    deskpan.dll
+ RISING    Rising Shell Ext Module    (未校验)      Beijing Rising Technology Co., Ltd.    c:\windows\system32\ravext.dll
+ Shell Extensions for RealOne Player    RealPlayer Shell Extensions    (已校验)  RealNetworks, Inc.    c:\program files\real\realplayer\rpshell.dll
+ WinRAR shell extension            c:\program files\winrar\rarext.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved           
HKCU\Software\Classes\Folder\Shellex\ColumnHandlers           
HKCU\Software\Microsoft\Ctf\LangBarAddin           
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects           
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks           
HKLM\Software\Microsoft\Internet Explorer\Toolbar           
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars           
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars           
HKCU\Software\Microsoft\Internet Explorer\Extensions           
HKLM\Software\Microsoft\Internet Explorer\Extensions           
安排日程                 
HKLM\System\CurrentControlSet\Services           
+ AVG Anti-Spyware Guard    AVG Anti-Spyware guard    (已校验)  GRISOFT LTD    c:\program files\grisoft\avg anti-spyware 7.5\guard.exe
+ RfwService    Rising Personal FireWall Service    (未校验)      Beijing Rising Technology Co., Ltd.    c:\program files\rising\rfw\rfwsrv.exe
+ RsCCenter    CCenter    (未校验)      Beijing Rising Technology Co., Ltd.    c:\program files\rising\rav\ccenter.exe
+ RsRavMon    RavMond    (未校验)      Beijing Rising Technology Co., Ltd.    c:\program files\rising\rav\ravmond.exe
HKLM\System\CurrentControlSet\Services           
+ AVG Anti-Spyware Driver        (已校验)  GRISOFT LTD    c:\program files\grisoft\avg anti-spyware 7.5\guard.sys
+ AvgAsCln    AVG7 Clean Driver    (已校验)  GRISOFT LTD    c:\windows\system32\drivers\avgascln.sys
+ BaseTDI    basetdi    (未校验)      Beijing Rising Technology Co., Ltd.    c:\windows\system32\drivers\basetdi.sys
+ ExpScaner    ExpScan.sys        c:\program files\rising\rav\expscan.sys
+ GMSIPCI            文件未找到:    H:\INSTALL\GMSIPCI.SYS
+ HookCont    HookCont    (未校验)      Rising    c:\program files\rising\rav\hookcont.sys
+ HookReg            c:\program files\rising\rav\hookreg.sys
+ HookSys    Hooksys    (未校验)      Rising    c:\program files\rising\rav\hooksys.sys
+ HookUrl    HookUrl    (未校验)      Beijing Rising Technology Co., Ltd.    c:\program files\rising\rfw\hookurl.sys
+ MEMSCAN    MemScan Driver    (未校验)      瑞星软件有限公司    c:\program files\rising\rav\memscan.sys
+ mProcRs    Rising Personal FireWall  mprocrs.sys    (未校验)      Beijing Rising Technology Co., Ltd.    c:\program files\rising\rfw\mprocrs.sys
+ npkcrypt    nProtect KeyCrypt Driver    (未校验)      INCA Internet Co., Ltd.    c:\program files\tencent\qq\npkcrypt.sys
+ RsAntiSpyware    RsBoot    (未校验)      Beijing Rising    c:\windows\system32\drivers\rsboot.sys
+ RsFwDrv    nt_fwdrv    (未校验)      Beijing Rising Technology Co., Ltd.    c:\program files\rising\rfw\rsfwdrv.sys
+ RsNTGDI    RsNTGDI    (未校验)      Beijing Rising Technology Co., Ltd.    c:\windows\system32\drivers\rsntgdi.sys
+ RSPPSYS    RSPPSYS.SYS    (未校验)      Rising    c:\program files\rising\rav\rsppsys.sys
+ Tcpip    TCP/IP Protocol Driver    (未校验)      Microsoft Corporation    c:\windows\system32\drivers\tcpip.sys
+ ZSMC301b    Video streaming and Capture Device Driver    (未校验)      VM    c:\windows\system32\drivers\usbvm31b.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute           
+ KKNative.exe    NativeAp    (未校验)      Beijing Rising Technology Co., Ltd.    c:\windows\system32\kknative.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options           
HKLM\Software\Microsoft\Command Processor\Autorun           
HKCU\Software\Microsoft\Command Processor\Autorun           
HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)           
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls           
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls           
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System           
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost           
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify           
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL           
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman           
HKCU\Control Panel\Desktop\Scrnsave.exe           
HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImageName           
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9           
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors           
+ Microsoft Document Imaging Writer Monitor    Microsoft? Document Imaging    (未校验)      Microsoft Corporation    c:\windows\system32\mdimon.dll
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders           
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages           
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages           
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages           
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order           
拜托。。拜托。。

下载 System Repair Engineer，
http://www.kztechs.com/sreng/download.html
解压缩sreng2.zip
运行SREng.exe
智能扫描--扫描--保存报告
日志贴上来 一次贴不完分次粘贴
(扫描时关闭能关闭的程序，如QQ，讯雷等）