Logfile of HijackThis v1.99.1
Scan saved at 16:40:08, on 2006-8-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msime.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system\java.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WinSever.exe
C:\Program Files\GAOV\Mysee Alert\Mysee Alert.exe
C:\WINDOWS\system\java.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system\java.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\HijackThis.exe

O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - C:\WINDOWS\system32\WinSC.dll
O2 - BHO: Subconscious Intruder - {E2218499-2FD4-4EED-A94A-7F0B9C6E300E} - C:\WINDOWS\system32\Inte32.dll
O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINDOWS\system\128o8a70.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccenter] C:\Program Files\rising\Rav\CCenter.exe
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [C:\WINDOWS\wd2_051117_WIS205_mini.exe] C:\WINDOWS\wd2_051117_WIS205_mini.exe
O4 - HKLM\..\Run: [C:\WINDOWS\setup_110017.exe] C:\WINDOWS\setup_110017.exe
O4 - HKLM\..\Run: [C:\WINDOWS\10045_setup.exe] C:\WINDOWS\10045_setup.exe
O4 - HKLM\..\Run: [C:\WINDOWS\101628.exe] C:\WINDOWS\101628.exe
O4 - HKLM\..\Run: [C:\WINDOWS\newweb10317.EXE] C:\WINDOWS\newweb10317.EXE
O4 - HKLM\..\Run: [C:\WINDOWS\tshz168.exe] C:\WINDOWS\tshz168.exe
O4 - HKLM\..\Run: [C:\WINDOWS\Setup-168.exe] C:\WINDOWS\Setup-168.exe
O4 - HKLM\..\Run: [C:\WINDOWS\YOK_904_1007.exe] C:\WINDOWS\YOK_904_1007.exe
O4 - HKLM\..\Run: [MSService_v1.0] C:\WINDOWS\system\java.exe
O4 - HKLM\..\Run: [Update] C:\WINDOWS\Temp\iequery.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [Systems32] C:\WINDOWS\system32\WinSever.exe
O4 - HKLM\..\Run: [zt] C:\Program Files\Intel\svhost32.exe
O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O4 - HKLM\..\Run: [Mysee Alert] "C:\Program Files\GAOV\Mysee Alert\Mysee Alert.exe" -notray
O4 - HKLM\..\RunServices: [RavMon] C:\Program Files\rising\rav\RavMon.exe /AUTO
O4 - HKLM\..\RunServices: [ccenter] C:\Program Files\rising\Rav\CCenter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: IE-Bar.lnk = C:\Program Files\Common Files\IE-Bar\iebar.exe
O8 - Extra context menu item: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\msplus1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msplus1.dll
O11 - Options group: [!CNS]  网络实名
O11 - Options group: [CDNCLIENT]  中文上网
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D193221-4BA7-410C-A098-FA33FCF61397}: NameServer = 220.187.24.2,220.187.24.6
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINDOWS\system\128d8a70.dll
O23 - Service: Network Logon (NetWorkLogon) - Unknown owner - rundll32.exe (file missing)
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

运行hijackthis，把下面的选中打上钩，修复
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll这一项到安全模式下修复
O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - C:\WINDOWS\system32\WinSC.dll
O2 - BHO: Subconscious Intruder - {E2218499-2FD4-4EED-A94A-7F0B9C6E300E} - C:\WINDOWS\system32\Inte32.dll
O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINDOWS\system\128o8a70.dll
O4 - HKLM\..\Run: [C:\WINDOWS\wd2_051117_WIS205_mini.exe] C:\WINDOWS\wd2_051117_WIS205_mini.exe
O4 - HKLM\..\Run: [C:\WINDOWS\setup_110017.exe] C:\WINDOWS\setup_110017.exe
O4 - HKLM\..\Run: [C:\WINDOWS\10045_setup.exe] C:\WINDOWS\10045_setup.exe
O4 - HKLM\..\Run: [C:\WINDOWS\101628.exe] C:\WINDOWS\101628.exe
O4 - HKLM\..\Run: [C:\WINDOWS\newweb10317.EXE] C:\WINDOWS\newweb10317.EXE
O4 - HKLM\..\Run: [C:\WINDOWS\tshz168.exe] C:\WINDOWS\tshz168.exe
O4 - HKLM\..\Run: [C:\WINDOWS\Setup-168.exe] C:\WINDOWS\Setup-168.exe
O4 - HKLM\..\Run: [C:\WINDOWS\YOK_904_1007.exe] C:\WINDOWS\YOK_904_1007.exe
O4 - HKLM\..\Run: [MSService_v1.0] C:\WINDOWS\system\java.exe
O4 - HKLM\..\Run: [Update] C:\WINDOWS\Temp\iequery.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [Systems32] C:\WINDOWS\system32\WinSever.exe
O4 - HKLM\..\Run: [zt] C:\Program Files\Intel\svhost32.exe
O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O4 - HKLM\..\Run: [Mysee Alert] "C:\Program Files\GAOV\Mysee Alert\Mysee Alert.exe" -notray
O4 - Global Startup: IE-Bar.lnk = C:\Program Files\Common Files\IE-Bar\iebar.exe
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINDOWS\system\128d8a70.dll
O23 - Service: Network Logon (NetWorkLogon) - Unknown owner - rundll32.exe (file missing)


注：
04项请确认一下，如果楼主不熟悉修复

O10 - Unknown file in Winsock LSP: c:\windows\system32\msplus1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msplus1.dll
请下载LSPFix和WinsockXPFix这两个软件，
　　重新启动电脑, 进入安全模式。运行LSPFix.exe，删除：
msplus1.dll
说明：
LSPFix这个软件主要用来辅助修复HijackThis扫描发现的O10项。使用时，请关闭所有IE界面和文件夹界面后运行LSPFix。运行后，把要修复的那一个O10项从左边转到右边，点“Finish”即可。修复后重启计算机，如果无法上网，请运行WinsockXPFix，让它修复一下。

卸载掉网络实名，中文上网，

修复后，请重新扫描