有些程序打不开了，可能是中毒了，防火墙无法打开
HijackThis_815汉化版扫描日志 V1.99.1
保存于      16:54:12, 日期 2006-01-15
操作系统：  Windows XP  (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 (6.00.2600.0000)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\program files\3721\Rundll32.exe
C:\WINDOWS\explorer.exe
C:\program files\3721\IEXPLORER.EXE
C:\WINDOWS\System32\sistray.EXE
D:\Program Files\瑞星\Rising\Rav\RavTask.exe
C:\WINDOWS\vcdplayx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\WINDOWS\smss.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\svchost.exe
D:\反劫持\HijackThis1991zww.exe

F2 - REG:system.ini: Shell=C:\program files\3721\Rundll32.exe
O1 - Hosts: 61.152.104.70 www.a3tb.net
O1 - Hosts: 61.152.104.70 a3tb.net
O1 - Hosts: 61.152.104.70 www.99uu.com
O1 - Hosts: 61.152.104.70 99uu.com
O1 - Hosts: 61.152.104.70 www.99987.net
O1 - Hosts: 61.152.104.70 99987.net
O1 - Hosts: 61.152.104.70 www.998778.net
O1 - Hosts: 61.152.104.70 998778.net
O1 - Hosts: 61.152.104.70 www.998778.com
O1 - Hosts: 61.152.104.70 998778.com
O1 - Hosts: 61.152.104.70 www.99718.com
O1 - Hosts: 61.152.104.70 99718.com
O1 - Hosts: 61.152.104.70 www.99181.net
O1 - Hosts: 61.152.104.70 99181.net
O1 - Hosts: 61.152.104.70 www.98tk.net
O1 - Hosts: 61.152.104.70 98tk.net
O1 - Hosts: 61.152.104.70 www.98tk.com
O1 - Hosts: 61.152.104.70 98tk.com
O1 - Hosts: 61.152.104.70 www.95tk.com
O1 - Hosts: 61.152.104.70 95tk.com
O1 - Hosts: 61.152.104.70 www.95599cn.com
O1 - Hosts: 61.152.104.70 95599cn.com
O1 - Hosts: 61.152.104.70 www.8six.com
O1 - Hosts: 61.152.104.70 8six.com
O1 - Hosts: 61.152.104.70 www.8cw.com
O1 - Hosts: 61.152.104.70 8cw.com
O1 - Hosts: 61.152.104.70 www.8bbs.net
O1 - Hosts: 61.152.104.70 8bbs.net
O1 - Hosts: 61.152.104.70 www.8888b.net
O1 - Hosts: 61.152.104.70 8888b.net
O1 - Hosts: 61.152.104.70 www.8888b.com
O1 - Hosts: 61.152.104.70 8888b.com
O1 - Hosts: 61.152.104.70 www.886677.com
O1 - Hosts: 61.152.104.70 886677.com
O1 - Hosts: 61.152.104.70 www.884455.net
O1 - Hosts: 61.152.104.70 884455.net
O1 - Hosts: 61.152.104.70 www.884455.com
O1 - Hosts: 61.152.104.70 884455.com
O1 - Hosts: 61.152.104.70 www.87898.com
O1 - Hosts: 61.152.104.70 87898.com
O1 - Hosts: 61.152.104.70 www.8789.cn
O1 - Hosts: 61.152.104.70 8789.cn
O1 - Hosts: 61.152.104.70 www.87789.com
O1 - Hosts: 61.152.104.70 87789.com
O1 - Hosts: 61.152.104.70 www.858tk.com
O1 - Hosts: 61.152.104.70 858tk.com
O1 - Hosts: 61.152.104.70 www.85789.com
O1 - Hosts: 61.152.104.70 85789.com
O1 - Hosts: 61.152.104.70 www.8567.net
O1 - Hosts: 61.152.104.70 8567.net
O1 - Hosts: 61.152.104.70 www.8565.net
O1 - Hosts: 61.152.104.70 8565.net
O1 - Hosts: 61.152.104.70 www.8565.com
O1 - Hosts: 61.152.104.70 8565.com
O1 - Hosts: 61.152.104.70 www.851212.net
O1 - Hosts: 61.152.104.70 851212.net
O1 - Hosts: 61.152.104.70 www.83263.net
O1 - Hosts: 61.152.104.70 83263.net
O1 - Hosts: 61.152.104.70 www.83263.com
O1 - Hosts: 61.152.104.70 83263.com
O1 - Hosts: 61.152.104.70 www.83188.com
O1 - Hosts: 61.152.104.70 83188.com
O1 - Hosts: 61.152.104.70 www.800008.com
O1 - Hosts: 61.152.104.70 800008.com
O1 - Hosts: 61.152.104.70 www.785678.com
O1 - Hosts: 61.152.104.70 785678.com
O1 - Hosts: 61.152.104.70 www.78123.com
O1 - Hosts: 61.152.104.70 78123.com
O1 - Hosts: 61.152.104.70 www.77689.zj.com
O1 - Hosts: 61.152.104.70 77689.zj.com
O1 - Hosts: 61.152.104.70 www.77689.com
O1 - Hosts: 61.152.104.70 77689.com
O1 - Hosts: 61.152.104.70 www.774567.com
O1 - Hosts: 61.152.104.70 774567.com
O1 - Hosts: 61.152.104.70 www.774455.net
O1 - Hosts: 61.152.104.70 774455.net
O1 - Hosts: 61.152.104.70 www.774455.com
O1 - Hosts: 61.152.104.70 774455.com
O1 - Hosts: 61.152.104.70 www.77234.com
O1 - Hosts: 61.152.104.70 77234.com
O1 - Hosts: 61.152.104.70 www.77234.cn
O1 - Hosts: 61.152.104.70 77234.cn
O1 - Hosts: 61.152.104.70 www.77123.com
O1 - Hosts: 61.152.104.70 77123.com
O1 - Hosts: 61.152.104.70 www.6wo.net
O1 - Hosts: 61.152.104.70 6wo.net
O1 - Hosts: 61.152.104.70 www.6k8k.net
O1 - Hosts: 61.152.104.70 6k8k.net
O1 - Hosts: 61.152.104.70 www.6k8k.com
O1 - Hosts: 61.152.104.70 6k8k.com
O1 - Hosts: 61.152.104.70 www.69tk.com
O1 - Hosts: 61.152.104.70 69tk.com
O1 - Hosts: 61.152.104.70 www.696899.com
O1 - Hosts: 61.152.104.70 696899.com
O1 - Hosts: 61.152.104.70 www.68tu.net
O1 - Hosts: 61.152.104.70 68tu.net
O1 - Hosts: 61.152.104.70 www.68tk.org
O1 - Hosts: 61.152.104.70 68tk.org
O1 - Hosts: 61.152.104.70 www.68tk.net
O1 - Hosts: 61.152.104.70 68tk.net
O1 - Hosts: 61.152.104.70 www.68899.cn
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v8.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll (file missing)
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINDOWS\NaviHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing)
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MacroMediapd - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - C:\WINDOWS\System32\microapmddt.dll
O2 - BHO: IEHlprObj Class - {C5E5DB7E-46B1-47E6-8447-2E517F269925} - (no file)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\YiSou\yisoub.dll (file missing)
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\KakaTool.dll
O4 - 启动项HKLM\\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - 启动项HKLM\\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [internat.exe] internat.exe
O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [RavTask] "D:\Program Files\瑞星\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [rundll32] C:\program files\3721\Rundll32.exe
O4 - 启动项HKLM\\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - 启动项HKLM\\Run: [TProgram] C:\WINDOWS\smss.exe
O4 - 启动项HKLM\\Run: [RfwMain] "G:\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\迅雷\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\迅雷\getallurl.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://D:\123456\新建文~1\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - 浏览器额外的按钮: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - 浏览器额外的“工具”菜单项: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - 浏览器额外的按钮: (no name) - {676AB8E0-F5A6-11D3-86A5-0088CC224026} - D:\Application\TransIE.dll
O9 - 浏览器额外的“工具”菜单项: TranStar Help - {676AB8E0-F5A6-11D3-86A5-0088CC224026} - D:\Application\TransIE.dll
O9 - 浏览器额外的按钮: ATS专业网络心理测评系统(v4.642) - {BD1A45CF-6897-4671-9F6B-F17EC7A21D82} - H:\Program Files\ats - www.psy-test.net\ats.exe (file missing)
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: 搜索引擎 - {c95fe080-8f5d-11d2-a20b-00aa003c157c}? - http://a.zhaol.com (file missing)
O9 - 浏览器额外的“工具”菜单项: 搜索引擎 - {c95fe080-8f5d-11d2-a20b-00aa003c157c}? - http://a.zhaol.com (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: 铃声图片下载 - {6713E8D2-850A-101B-AFC0-4210102A8DA7} - http://sms.ufo2008.com (file missing) (HKCU)
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\cdnns.dll

C:\WINDOWS\smss.exe
O4 - 启动项HKLM\\Run: [TProgram] C:\WINDOWS\smss.exe
O4 - 启动项HKLM\\Run: [internat.exe] internat.exe

【回复“qiuzhizhe”的帖子】



日志似乎不完整……
恢复被禁用的注册表编辑器：
打开记事本并复制下面的信息，记得最后一行留几行空余。保存为顾名思义的editreg.reg：
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"disableRegistrytools"=dword:00000000
保存后运行它，当提示是否导入时按“确定”即可。



清空IE临时文件，暂时关闭系统还原。重新启动至安全模式，关闭所有不必要的窗口，使用HijackThis扫描后修复（在需要修复的项目前面打对勾，然后按“Fix checked”或“修复”，修复前会询问您是否需要备份，请选择“Yes”或“是”）：
F2 - REG:system.ini: Shell=C:\program files\3721\Rundll32.exe
所有的O1项（如果是楼主设置的就不必修复）
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll (file missing)
O2 - BHO: MacroMediapd - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - C:\WINDOWS\System32\microapmddt.dll
O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINDOWS\NaviHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing)
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll (file missing)
O2 - BHO: IEHlprObj Class - {C5E5DB7E-46B1-47E6-8447-2E517F269925} - (no file)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\YiSou\yisoub.dll (file missing)
O4 - 启动项HKLM\\Run: [TProgram] C:\WINDOWS\smss.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
重新启动计算机，显示隐藏文件和系统文件，删除（如果存在的话）：
C:\WINDOWS\smss.exe
C:\WINDOWS\NaviHelper.dll
C:\program files\3721文件夹
C:\WINDOWS\System32\microapmddt.dll
待修复完成，如果问题依旧，请继续跟帖说明情况。
以上建议仅供参考，如果您认识其中的一些设置抑或是您的手动设置，就不必执行。
另外，楼主的系统没打上几个关键的补丁。