计算机主要症状：1、定时弹出一个窗口，什么博客窗口。
2、防火墙不能启动，想卸载重装提示没有权限，不能删除添加程序。
上传扫描结果，请大侠帮助，另外，想改掉危险命令del.format,可是找不到，谢谢！
HijackThis_815汉化版扫描日志 V1.99.1
保存于      9:00:12, 日期 2005-10-15
操作系统：  Windows XP SP1 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
F:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
F:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopQQPlugin.exe
C:\PROGRA~1\RISING\RAV\Rav.exe
C:\PROGRA~1\RISING\RAV\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\deng\LOCALS~1\Temp\Rar$EX00.268\HijackThis1991zww.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ACA Capture - {93C69D87-A11D-4FFC-BC56-BE7EE0D235BA} - C:\Program Files\SuperCapturePro431\scap003p.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: DownloadBHO T2BHO - {B1D147E7-873E-4909-8127-695D9BB78728} - C:\WINDOWS\Downloaded Program Files\barhelp22.0.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no file)
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - IE工具栏增项: 完美网译通 - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINDOWS\WORLD2\TOOLBAR\hmtoolbar.dll
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [S3TRAY2] S3Tray2.exe
O4 - 启动项HKLM\\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - 启动项HKLM\\Run: [TpShocks] TpShocks.exe
O4 - 启动项HKLM\\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - 启动项HKLM\\Run: [TP4EX] tp4ex.exe
O4 - 启动项HKLM\\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - 启动项HKLM\\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - 启动项HKLM\\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - 启动项HKLM\\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 启动项HKLM\\Run: [ATIModeChange] Ati2mdxx.exe
O4 - 启动项HKLM\\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - 启动项HKLM\\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - 启动项HKLM\\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - 启动项HKLM\\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [QCWLIcon] C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
O4 - 启动项HKLM\\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - 启动项HKLM\\Run: [ADShow] C:\WINDOWS\System32\bcsysnote.ex
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [RegBar] regsvr32.exe /u C:\progra~1\blogmark\bocaitoolbar.dll /s /i /n
O8 - IE右键菜单中的新增项目: Google 搜索(&G) - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - c:\Program Files\qq\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 反向链接 - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 收藏此页到新浪ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - IE右键菜单中的新增项目: 新浪搜索 - http://cha.sina.com.cn/ddt.html
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - c:\Program Files\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - c:\Program Files\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - c:\Program Files\qq\SendMMS.htm
O8 - IE右键菜单中的新增项目: 类似网页 - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - IE右键菜单中的新增项目: 缓存的网页快照 - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - IE右键菜单中的新增项目: 翻译英文字词(&T) - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - IE右键菜单中的新增项目: 解霸实时播放 - f:\HEROSOFT\Hero3000\MPURLGET.HTM
O9 - 浏览器额外的按钮: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - 浏览器额外的按钮: 新浪UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8} - C:\Program Files\sina\UC\UC.exe
O9 - 浏览器额外的按钮: 解霸 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - f:\HEROSOFT\Hero3000\MPLAYER.EXE
O9 - 浏览器额外的“工具”菜单项: 超级解霸 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - f:\HEROSOFT\Hero3000\MPLAYER.EXE
O9 - 浏览器额外的按钮: 启动超级屏捕专业版 - {905A31AA-BDD1-44bd-9920-53D34E5953A4} - C:\Program Files\SuperCapturePro431\SCapPro.exe
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: (no name) - {9543741D-4E79-4f0d-8E60-A702CDF8B2D2} - C:\Program Files\SuperCapturePro431\SCapPro.exe
O9 - 浏览器额外的“工具”菜单项: 超级屏捕专业版 - {9543741D-4E79-4f0d-8E60-A702CDF8B2D2} - C:\Program Files\SuperCapturePro431\SCapPro.exe
O9 - 浏览器额外的按钮: 词霸 - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - c:\Program Files\qq\QQ.EXE (file missing)
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - c:\Program Files\qq\QQ.EXE (file missing)
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - 浏览器额外的按钮: 网上购物 - {EE60714F-AC27-427e-861A-FD60CBDF119A} - http://www.imhero.com/popup/url.aspx****1 (file missing)
O9 - 浏览器额外的“工具”菜单项: 网上购物 - {EE60714F-AC27-427e-861A-FD60CBDF119A} - http://www.imhero.com/popup/url.aspx****1 (file missing)
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - 浏览器额外的“工具”菜单项: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O16 - DPF: {0A8F723A-6075-11D5-914D-0050BAE45AF2} (ExFileToRs.FileToRs) - http://oaserver/exoa2000/cabs/exFileToRs.cab
O16 - DPF: {0B172CE4-CD86-11D3-B5C8-006008C44280} (ExRegClient.Registry) - http://oaserver/exoa/Cabs/ExRegClient.CAB
O16 - DPF: {0C3F0325-4B6A-47CC-9B3E-1A7A38C238FC} (exBody.UCOffice) - http://oaserver/exoa/cabs/Exbody.CAB
O16 - DPF: {227215F6-BE50-473A-8387-8517410C80CC} (ExWshell.Exwscript) - http://oaserver/exoa/Schema/xmlobject/Exwscript.CAB
O16 - DPF: {2BFAA61B-5C83-4865-8281-D8BDBF863061} (PGEdit Class) - https://www.gnetpg.com/PG_ATL.cab
O16 - DPF: {31A1CB88-08EE-47A5-B585-06B3299775A4} (DataTitle Control) - http://oaserver/exoa/cabs/ExDataTitle.CAB
O16 - DPF: {345676E7-6139-11D5-914F-0050BAE45AF2} (exADO.ado) - http://oaserver/exoa2000/cabs/exADO.CAB
O16 - DPF: {3DE7BCC0-533C-4042-9801-21AC47BF45BB} (DataForm Control) - http://oaserver/exoa2000/cabs/ExDataForm.CAB
O16 - DPF: {4D30B94E-6B68-11D5-B55A-00104B987AF8} (ExGetObject.GetObject) - http://oaserver/exoa2000/cabs/ExGetObject.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {54BA80C4-1B0A-11D4-A5A1-00105A776069} (exFileToMessage.FileToMessage) - http://oaserver/exoa2000/cabs/exFileToMessage.CAB
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (天下搜索) - http://iebar.t2t2.com/iebar.cab
O16 - DPF: {5837011D-9655-4556-860C-3C9DC96C62FE} (ExComCtl2.ExDTPicker) - http://oaserver/exoa2000/cabs/ExComctl2.CAB
O16 - DPF: {5B8E46A7-9044-429C-8455-02643AC25810} (ExSelActReci Control) - http://oaserver/exoa2000/cabs/ExSelActReci2.CAB
O16 - DPF: {71D2A2DE-6C35-11D5-916E-0050BAE45AF2} (ExMapCtrl.exMap) - http://oaserver/exoa2000/cabs/exMapOCX2.CAB
O16 - DPF: {9627708A-2313-42B2-A97D-255ABFEF774E} (Exwprint.wprint) - http://oaserver/exoa2000/cabs/Exwprint.CAB
O16 - DPF: {991481A7-4669-4E15-8C24-100404E1F5CB} (Blueskyvoice Control) - http://www.bliao.com/download/blueskyvoice_60.cab
O16 - DPF: {9C08B36C-1339-11D4-A595-00105A776069} (exSoftVersion.SoftVersion) - http://oaserver/exoa/Cabs/exSoftVersion.CAB
O16 - DPF: {9CBAD569-826C-11D2-9073-0020AF05A5B1} (proList.exList) - http://oaserver/exoa2000/cabs/proSelectObject.CAB
O16 - DPF: {9CBAD573-826C-11D2-9073-0020AF05A5B1} (proDocument.exDocument) - http://oaserver/exoa/cabs/prodocument.cab
O16 - DPF: {C37FBD87-3AA7-4640-9A8D-19AFC10B15B2} (Netease Chat Control) - http://room.chat.163.com/xchat/chat.cab
O16 - DPF: {D2E3290B-9D6E-11D2-8D50-0020AF05A5B2} (ExDoc.ExEditor) - http://oaserver/exoa2000/cabs/exDoc.cab
O16 - DPF: {D508D69F-1A9E-4D01-8CDB-CFFC7AFAE7BF} (Help Control) - http://oaserver/exoa2000/cabs/exdatahelp.cab
O16 - DPF: {D88F3328-0321-11D6-9C64-00105A776064} (exSystem.clsSystem) - http://oaserver/exoa2000/cabs/ExSystem.CAB
O16 - DPF: {D9AD3E92-B4F1-4174-BFCD-CB5699499004} (ExVinAct Control) - http://oaserver/exoa2000/cabs/ExVinAct.CAB
O16 - DPF: {E78B329B-B2E9-48BF-A15F-8775666EB563} (AtlHttp Class) - http://www.gdltax.gov.cn:8090/download/sandown.cab
O16 - DPF: {FDC65D71-83A0-11D2-9075-0020AF05A5B1} (exFileAccess.ExFileSys) - http:/

O17 - HKLM\System\CCS\Services\Tcpip\..\{25A36C86-7717-42A6-9FD4-C4AF5E73E47D}: NameServer = 202.96.128.143,10.227.14.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B805E07-057A-45CB-A27A-228FF3C9233E}: NameServer = 202.96.128.68,10.227.14.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{25A36C86-7717-42A6-9FD4-C4AF5E73E47D}: NameServer = 202.96.128.143,10.227.14.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{25A36C86-7717-42A6-9FD4-C4AF5E73E47D}: NameServer = 202.96.128.143,10.227.14.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{25A36C86-7717-42A6-9FD4-C4AF5E73E47D}: NameServer = 202.96.128.143,10.227.14.1
O18 - 列举现有的协议: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll
O23 - NT 服务: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - NT 服务: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - NT 服务: Symantec Client Firewall Service (NISSERV) - Symantec Corporation - F:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
O23 - NT 服务: Symantec Client Firewall Accounts Manager (NISUM) - Symantec Corporation - F:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
O23 - NT 服务: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - NT 服务: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - NT 服务: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - NT 服务: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe
O23 - NT 服务: Sybase HISServer_A8_HS (SYBHIS_A8_HS) - Unknown owner - C:\Sybase\bin\histsrvr.exe
O23 - NT 服务: Symantec Client Firewall Proxy Service (SymPxSvc) - Symantec Corporation - F:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
O23 - NT 服务: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - NT 服务: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows

运行Hijackthis，扫描结束后在下列选项前打上勾，然后选修复“Fix Checked”：

O2 - BHO: DownloadBHO T2BHO - {B1D147E7-873E-4909-8127-695D9BB78728} - C:\WINDOWS\Downloaded Program Files\barhelp22.0.dll
O3 - IE工具栏增项: 完美网译通 - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINDOWS\WORLD2\TOOLBAR\hmtoolbar.dll
O4 - 启动项HKLM\\Run: [ADShow] C:\WINDOWS\System32\bcsysnote.ex
O4 - HKCU\..\Run: [RegBar] regsvr32.exe /u C:\progra~1\blogmark\bocaitoolbar.dll /s /i /n
所有016项

显示隐藏文件

双击我的电脑--工具---文件夹选项--查看选项卡--单击选取"显示隐藏文件或文件夹"--清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示您确定更改时，单击“是”--单击“确定”。

然后找到如下文件并删除（如果有的话）。
C:\WINDOWS\Downloaded Program Files\barhelp22.0.dll
C:\WINDOWS\System32\bcsysnote.ex
C:\progra~1\blogmark\整个目录

我的电脑的毛病是：瑞星杀毒软件不能打开，监控中心不能打开，防火墙也不行，还有很多乱七八糟的网站，怎么办！

请帮我看一下！


我的扫描结果：HijackThis(zww3008汉化版)V1.99.1
保存于      13:31:09, 日期 2005-11-15
操作系统：  Windows XP SP1 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
C:\WINDOWS\System32\iexplore.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
E:\DreamEdit\DreamEdit.exe
C:\WINDOWS\System32\IEXPLORE.EXE
C:\WINDOWS\System32\IEXPLORE.EXE
C:\WINDOWS\System32\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\WNILOGON.exe
C:\Documents and Settings\Administrator\My Documents\HijackThis1991汉化版\HijackThis1991zww.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: 卡卡上网安全助手 - {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} - (no file)
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - 启动项HKLM\\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 启动项HKLM\\Run: [ExFilter] Rundll32.exe C:\WINDOWS\System32\hookdll.dll,ExecFilter solo
O4 - 启动项HKLM\\Run: [rfw] C:\Program Files\rising\Rfw\Rfw.exe
O4 - 启动项HKLM\\Run: [EPSON Stylus Photo R210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB001" /M "Stylus Photo R210"
O4 - 启动项HKLM\\Run: [poco] E:\poco\Poco2004.exe
O4 - 启动项HKLM\\Run: [Microsoft] C:\WINDOWS\System32\iexplore.exe
O4 - 启动项HKLM\\Run: [internet.exe] C:/WINDOWS/system.hta
O4 - 启动项HKLM\\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKCU\\Run: [SonudMan] C:\WINDOWS\WNILOGON.exe
O4 - “启动”文件夹: 腾讯QQ.lnk = ?
O4 - “启动”文件夹: run.bat
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - 浏览器额外的按钮： Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项： Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮： (no name) - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C8D5B77-9894-42D4-904A-213F69857AB3}: NameServer = 69.50.184.84 195.225.176.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C8D5B77-9894-42D4-904A-213F69857AB3}: NameServer = 69.50.184.84 195.225.176.37

【回复“liuxu”的帖子】
您的问题请回到您主题帖里讨论罢：
http://forum.ikaka.com/topic.asp?board=67&artid=7413237

谢谢魔法学徒，已按所说的操作，删除了C:\WINDOWS\System32\bcsysnote.ex
C:\progra~1\blogmark\整个目录
及修复了上面各项，16中有部份是公司OA自动办公系统没删除，但仍然存在问题：
　我用的是诺顿防火墙，提示没有权限删除，也不能重新安装，也启动不了。郁闷，求大侠们帮助