瑞星卡卡安全论坛

卡卡助手,兔子,安全下杀毒都试过了,没用,请帮下忙,在线等,随时提供日志等资料

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\crypserv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\msime.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Super Rabbit\MagicSet\DS.EXE
C:\WINNT\system32\Internat.exe
C:\Program Files\VnetClient1.6\VnetClient.exe
E:\Program Files\QQ\QQ.exe
E:\Program Files\QQ\TIMPlatform.exe
D:\TT\TTraveler.exe
C:\Program Files\LetsCool\LetsCool.exe
C:\WINNT\system32\conime.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\explorer.exe
D:\系统工具\HijackThis1991zww.exe

R3 - URLSearchHook: Kuaiso Toolsbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\WINNT\Downloaded Program Files\kuaiso_06040.dll (file missing)
F3 - REG:win.ini: load=C:\PROGRA~1\svhost32.exe
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - G:\Kugoo\KuGoo3\KuGoo3DownXControl.ocx
O2 - BHO: Letscool System Helper - {F0C15012-7DBD-4068-95A2-0A82DB03AC35} - C:\WINNT\system32\CoolBho.dll
O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINNT\system\1a3oc1f0.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - IE工具栏增项: Kuaiso Toolsbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\WINNT\Downloaded Program Files\kuaiso_06040.dll (file missing)
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [WinampAgent] ; "D:\Winamp\Winampa.exe"
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [Super Rabbit Desktop Set] C:\Program Files\Super Rabbit\MagicSet\DS.EXE /Load
O4 - 启动项HKLM\\Run: [StormCodec_Helper] "H:\播放器\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [Syetwlyeh] C:\WINNT\system32\algesteiye.exe
O4 - 启动项HKLM\\Run: [LetsCool] C:\Program Files\LetsCool\LetsCool.exe
O4 - 启动项HKLM\\Run: [intenet] C:\WINNT\system32\intenet.exe
O4 - HKCU\..\Run: [Internat.exe] Internat.exe
O4 - HKCU\..\Run: [DrvMon.exe] ; C:\WINNT\system32\DrvMon.exe
O4 - HKCU\..\Run: [msnmsgr] ; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: 腾讯QQ.lnk = E:\Program Files\QQ\QQ.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: IE-Bar.lnk = C:\Program Files\Common Files\IE-Bar\iebar.exe
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - E:\Program Files\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - G:\Kugoo\KuGoo3\KuGoo3DownX.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - E:\Program Files\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - E:\Program Files\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - E:\Program Files\QQ\SendMMS.htm
O10 - Broken Internet access because of LSP provider 'c:\winnt\system32\cdnns.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {18F57D30-EF36-4C0E-9343-7BFA6DF79B4A} - http://active.micr0media.com/swflash.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1925a25fd0920f356005/netzip/RdxIE601_cn.cab
O16 - DPF: {5932517A-3326-4439-A708-1C98EDB5C549} (Downloader Class) - file://C:\Documents and Settings\All Users\Application Data\Share Helper\Cast\GGS\d28d09e18b\js\iMopDl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136200953866
O16 - DPF: {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} (Kuaiso Toolsbar) - http://bar.29183.com/9598.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cab
O16 - DPF: {74447F9C-5691-4A9A-8BE4-564092E40B03} (VnetAnprIns Class) - http://plugin.chinavnet.com/VnetPluginIns.CAB
O16 - DPF: {8AB6C00E-A068-44E9-953F-1BCFEEA2BB6A} - http://www.henbang.com/unseal/hbyehoo.CAB
O16 - DPF: {ACFE8232-03C5-4AEC-AF5E-42B806724096} (KSHScan Control) - http://safe.qq.com/scan/KAllScan.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {FB812CBB-A87E-4BA6-BD49-7C984D192EBB} (Cdrawer Object) - http://www.cpd.com.cn/code/bk_htmlview.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9962ABB-1710-4801-A545-EDCDA0C561DB}: NameServer = 202.96.128.166 202.96.128.86
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINNT\system32\1a3dc1f0.dll
O23 - NT 服务: Accounts Manager - Unknown owner - C:\WINNT\QQ.com
O23 - NT 服务: Compatibility - Unknown owner - C:\Program.exe (file missing)
O23 - NT 服务: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - NT 服务: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - NT 服务: Rising Firewell Service - Unknown owner - C:\WINNT\svchost.exe (file missing)

修复所有16项
开始→运行→输入services.msc ，打开“服务”→查找分别Accounts Manager ， Compatibility， Rising Firewell Service→双击→启动类型→禁止→停止→应用→确定。禁止Accounts Manager ， Compatibility， Rising Firewell Service这个服务
打开注册表依次展开到HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
删除Accounts Manager ， Compatibility， Rising Firewell Service
双击我的电脑--工具---文件夹选项--查看--单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的

操作系统文件（推荐）"复选框。在提示您确定更改时，单击“是”
删除 C:\WINNT\QQ.com
C:\WINNT\svchost.exe

补充楼上的兄弟:
安全模式下修复:
F3 - REG:win.ini: load=C:\PROGRA~1\svhost32.exe
O2 - BHO: Letscool System Helper - {F0C15012-7DBD-4068-95A2-0A82DB03AC35} - C:\WINNT\system32\CoolBho.dll
O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINNT\system\1a3oc1f0.dll
O4 - 启动项HKLM\\Run: [Syetwlyeh] C:\WINNT\system32\algesteiye.exe
O4 - 启动项HKLM\\Run: [LetsCool] C:\Program Files\LetsCool\LetsCool.exe
O4 - 启动项HKLM\\Run: [intenet] C:\WINNT\system32\intenet.exe
O4 - HKCU\..\Run: [DrvMon.exe] ; C:\WINNT\system32\DrvMon.exe
O4 - Global Startup: IE-Bar.lnk = C:\Program Files\Common Files\IE-Bar\iebar.exe

删除:
C:\Program Files\svhost32.exe
C:\WINNT\system32\DrvMon.exe
C:\WINNT\system32\intenet.exe
C:\WINNT\system32\algesteiye.exe

另外卸载酷桌面,IE-BAR(它的卸载方法请参照论坛的其他帖子)

下载LSPFix修复010项.

谢楼上2位大哥,不过:
C:\WINNT\QQ.com-->删不到
C:\WINNT\svchost.exe-->找不到
C:\Program Files\svhost32.exe-->找不到
C:\WINNT\system32\intenet.exe-->找不到
C:\WINNT\system32\algesteiye.exe-->找不到

楼主修复后，重启。
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><Internat.exe>  [Microsoft Corporation]
    <msnmsgr><; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [Microsoft Corporation]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <WinampAgent><; "D:\Winamp\Winampa.exe">  []
    <NvCplDaemon><RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <Super Rabbit Desktop Set><C:\Program Files\Super Rabbit\MagicSet\DS.EXE /Load>  [Super Rabbit Software]
    <IESAddr><>  []
    <StormCodec_Helper><"H:\播放器\Storm Codec\StormSet.exe" /S /opti>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <CheckFaultKernel><C:\WINNT\system32\mswdm.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll>  [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <DelayRun><C:\WINNT\system32\1a3dc1f1.dll>  []

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk><H>
[腾讯QQ]
  <C:\Documents and Settings\123\「开始」菜单\程序\启动\腾讯QQ.lnk><H>

==================================
服务
[Accounts Manager / Accounts Manager]
  <C:\WINNT\QQ.com><N/A>
[Compatibility / Compatibility]
  <C:\Program Files\HgzServer\Hacker.dll><N/A>
[Crypkey License / Crypkey License]
  <crypserv.exe><Kenonic Controls Ltd.>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard]
  <C:\Program Files\ewido anti-spyware 4.0\guard.exe><Anti-Malware Development a.s.>
[NVIDIA Driver Helper Service / NVSvc]
  <C:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Firewell Service / Rising Firewell Service]
  <C:\WINNT\svchost.exe><N/A>

==================================
浏览器加载项
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <G:\Kugoo\KuGoo3\KuGoo3DownXControl.ocx, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINNT\system32\LegitCheckControl.DLL, Microsoft? Corporation>
[RdxIE Class]
  {56336BCB-3D8A-11D6-A00B-0050DA18DE71} <C:\WINNT\Downloaded Program Files\RdxIE.dll, RealNetworks, Inc.>
[Downloader Class]
  {5932517A-3326-4439-A708-1C98EDB5C549} <C:\WINNT\system32\iMopDl.dll, >
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINNT\system32\wuweb.dll, Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINNT\DOWNLO~1\INPUTC~1.DLL, >
[VnetAnprIns Class]
  {74447F9C-5691-4A9A-8BE4-564092E40B03} <C:\WINNT\Downloaded Program Files\anprins.dll, 中国电信股份有限公司>
[KSHScan Control]
  {ACFE8232-03C5-4AEC-AF5E-42B806724096} <C:\WINNT\system32\kingsoft\ONLINE~1\KSHScan.ocx, kingsoft>
[MsnMessengerSetupDownloadControl Class]
  {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} <C:\WINNT\Downloaded Program Files\MsnMessengerSetupDownloader.ocx, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[Cdrawer Object]
  {FB812CBB-A87E-4BA6-BD49-7C984D192EBB} <C:\WINNT\Downloaded Program Files\bk_htmlview.dll, beijing bteck co,.ltd>
[上传到QQ网络硬盘]
  <E:\Program Files\QQ\AddToNetDisk.htm, N/A>
[使用KuGoo3下载(&K)]
  <G:\Kugoo\KuGoo3\KuGoo3DownX.htm, N/A>
[添加到QQ自定义面板]
  <E:\Program Files\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\Program Files\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\Program Files\QQ\SendMMS.htm, N/A>

正在运行的进程
[PID: 152][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 180][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 200][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6970>
[PID: 228][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.6700>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 240][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.6902>
[PID: 420][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 444][C:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.6659>
[PID: 472][C:\WINNT\system32\crypserv.exe]  <Kenonic Controls Ltd.><5.4.0>
[PID: 488][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 508][C:\Program Files\ewido anti-spyware 4.0\guard.exe]  <Anti-Malware Development a.s.><4, 0, 0, 172>
    [C:\Program Files\ewido anti-spyware 4.0\engine.dll]  <Anti-Malware Development a.s.><4, 0, 0, 172>
[PID: 556][C:\WINNT\system32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.5303>
[PID: 596][C:\WINNT\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6920>
[PID: 632][C:\WINNT\system32\stisvc.exe]  <Microsoft Corporation><5.00.2195.6656>
[PID: 668][C:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
[PID: 684][C:\WINNT\system32\mspmspsv.exe]  <Microsoft Corporation><7.10.00.3059>
[PID: 696][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 868][C:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [C:\WINNT\system32\1a3dc1f1.dll]  <N/A><N/A>
    [C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll]  <Anti-Malware Development a.s.><4, 0, 0, 172>
    [D:\多媒体\HappyPlayer\Codecs\mmfinfo.dll]  <N/A><N/A>
    [D:\多媒体\HappyPlayer\Codecs\mkunicode.dll]  <N/A><N/A>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
[PID: 944][C:\WINNT\system32\rundll32.exe]  <Microsoft Corporation><5.00.2134.1>
    [C:\DOCUME~1\123\LOCALS~1\APPLIC~1\ae31945\1.dll]  <千橡互联><2, 2, 1, 0>
    [C:\DOCUME~1\123\LOCALS~1\APPLIC~1\ae31945\3.dll]  <千橡互联><3, 0, 0, 0>
    [C:\DOCUME~1\123\LOCALS~1\APPLIC~1\ae31945\4.dll]  <千橡互联><3, 0, 0, 0>
[PID: 980][C:\WINNT\system32\msime.exe]  <Microsoft Corporation><5.1.2600.2180>
[PID: 996][C:\WINNT\SOUNDMAN.EXE]  <Realtek Semiconductor Corp.><5.1.0.27>
[PID: 1020][C:\Program Files\Super Rabbit\MagicSet\DS.EXE]  <Super Rabbit Software><1.50>
[PID: 1064][C:\WINNT\system32\Internat.exe]  <Microsoft Corporation><5.00.2920.0000>
[PID: 1200][C:\Program Files\TTPlayer\TTPlayer.exe]  <Alen Soft><4, 5, 0, 0>
    [C:\Program Files\TTPlayer\ttpcomm.dll]  <N/A><N/A>
    [C:\Program Files\TTPlayer\ttpres.dll]  <Alen Soft><4, 5, 0, 0>
    [C:\Program Files\TTPlayer\AddIn\ttp_asf.dll]  <N/A><N/A>
    [C:\Program Files\TTPlayer\AddIn\ttp_lrcsh.dll]  <N/A><N/A>
[PID: 1076][C:\Program Files\VnetClient1.6\VnetClient.exe]  <><2005, 11, 18, 1>
    [C:\Program Files\VnetClient1.6\Communicate.dll]  <GDCN><2005, 3, 3, 1>
    [C:\Program Files\VnetClient1.6\DialModule.dll]  <GDCN><2005, 9, 1, 1>
    [C:\PROGRA~1\VNETCL~1.6\CLIENT~1.DLL]  <><2004, 2, 28, 1>
    [C:\PROGRA~1\VNETCL~1.6\PLUGIN~1.OCX]  <><2005, 12, 20, 1>
    [C:\PROGRA~1\VNETCL~1.6\sign.dll]  <0><2004, 12, 1, 1>
    [C:\PROGRA~1\VNETCL~1.6\ADVERT~1.OCX]  <><2005, 10, 13, 1>
    [C:\PROGRA~1\VNETCL~1.6\Gif89a.dll]  <><2005, 6, 21, 1>
    [C:\PROGRA~1\VNETCL~1.6\VnetBs.ocx]  <><2004, 11, 18, 1>
    [C:\PROGRA~1\VNETCL~1.6\ACCOUN~2.DLL]  <><2005, 8, 11, 1>
    [C:\PROGRA~1\VNETCL~1.6\AccountMgr.dll]  <><2005, 8, 16, 1>
    [C:\PROGRA~1\VNETCL~1.6\VnetSkin.ocx]  <GDDC><2005, 12, 21, 1>
    [C:\PROGRA~1\VNETCL~1.6\DialogStyle.dll]  <><1, 0, 0, 1>
    [C:\PROGRA~1\VNETCL~1.6\BDSearch.ocx]  <gdcn><2005, 12, 22, 1>
    [C:\PROGRA~1\VNETCL~1.6\Timer.ocx]  <><2005, 10, 9, 14>
    [C:\PROGRA~1\VNETCL~1.6\PLUGIN~2.OCX]  <><2005, 2, 24, 1>
    [C:\PROGRA~1\VNETCL~1.6\NEWMES~1.DLL]  <><2005, 8, 26, 1>
    [C:\PROGRA~1\VNETCL~1.6\PassCtrl.dll]  <GDCN><2006, 1, 9, 10>
    [C:\WINNT\system32\wpcap.dll]  <Politecnico di Torino><3, 0, 0, 18>
    [C:\WINNT\system32\pthreadVC.dll]  <N/A><N/A>
    [C:\WINNT\system32\packet.dll]  <Politecnico di Torino><3, 0, 0, 18>
    [C:\PROGRA~1\VNETCL~1.6\PlugPush.dll]  <><2004, 12, 21, 1>
    [C:\PROGRA~1\VNETCL~1.6\ALLINT~1.DLL]  <><2004, 11, 23, 1>
    [C:\PROGRA~1\VNETCL~1.6\VNETLO~1.OCX]  <><2005, 4, 19, 1>
    [C:\PROGRA~1\VNETCL~1.6\StatNum.dll]  <><2004, 11, 18, 1>
    [C:\PROGRA~1\VNETCL~1.6\VNETON~1.OCX]  <><2005, 3, 2, 1>
    [C:\PROGRA~1\VNETCL~1.6\ALLFUN~1.DLL]  <GDCN><2006, 1, 13, 11>
    [C:\PROGRA~1\VNETCL~1.6\VnetOptLog.dll]  <><2005, 9, 13, 9>
    [C:\PROGRA~1\VNETCL~1.6\DlgSkin.ocx]  <><1, 0, 0, 1>
    [C:\WINNT\system32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
[PID: 1276][E:\Program Files\QQ\QQ.exe]  <TENCENT><0, 0, 0, 0>
    [E:\Program Files\QQ\QQBaseClassInDll.dll]  <><1, 0, 0, 1>
    [E:\Program Files\QQ\QQHelperDll.dll]  <><1, 0, 0, 1>
    [E:\Program Files\QQ\BasicCtrlDll.dll]  <Tencent><5, 0, 200, 160>
    [E:\Program Files\QQ\QQAPI.dll]  <><1, 0, 0, 1>
    [E:\Program Files\QQ\TIMProxy.dll]  <tencent><0, 3, 2, 4>
    [E:\Program Files\QQ\LoginCtrl.dll]  <><1, 0, 0, 1>
    [E:\Program Files\QQ\npkcntc.dll]  <INCA Internet Co., Ltd.><2006, 3, 2, 1>
    [E:\Program Files\QQ\npkpdb.dll]  <INCA Internet Co., Ltd.><2003, 10, 1, 1>
    [E:\Program Files\QQ\QQRes.dll]  <tencent><1, 0, 0, 1>
    [E:\Program Files\QQ\QQMainFrame.dll]  <N/A><N/A>
    [E:\Program Files\QQ\CQQApplication.dll]  <N/A><N/A>
    [E:\Program Files\QQ\NewSkin.dll]  <><1, 0, 0, 1>
    [E:\Program Files\QQ\HostingMgr.dll]  <><1, 0, 0, 1>
    [E:\Program Files\QQ\CameraDll.dll]  <><1, 0, 0, 1>
    [E:\Program Files\QQ\MailSummary.dll]  <><1, 0, 0, 1>
    [E:\Program Files\QQ\QQSpace.dll]  <><1, 0, 0, 1>
    [C:\WINNT\system32\msdmo.dll]  <N/A><N/A>
    [E:\Program Files\QQ\QQGroupMng.dll]  <><1, 0, 0, 1>
    [E:\Program Files\QQ\GroupLive.dll]  <N/A><N/A>
    [E:\Program Files\QQ\LongConnection.dll]  <tencent><5, 0, 200, 160>
    [E:\Program Files\QQ\QQPlugin.dll]  <N/A><N/A>
    [E:\Program Files\QQ\QQSysMsgMng.dll]  <N/A><N/A>
    [E:\Program Files\QQ\UserDefinedHead.dll]  <><1, 0, 0, 1>
    [E:\Program Files\QQ\QQConfigPlugin.dll]  <><1, 0, 0, 1>
    [E:\Program Files\QQ\QRingMng.dll]  <N/A><N/A>
    [E:\Program Files\QQ\PhoneAPI.dll]  <><1, 0, 0, 1>
    [E:\Program Files\QQ\DialerAllinOne.dll]  <tencent><1, 4, 0, 0>
    [E:\Program Files\QQ\QQAllInOne.dll]  <N/A><N/A>
    [E:\Program Files\QQ\SCCore.dll]  <N/A><N/A>
    [E:\Program Files\QQ\QQFileTransfer.dll]  <Tencent><5, 0, 202, 180>
    [E:\Program Files\QQ\QQAvatar.dll]  <N/A><N/A>
    [E:\Program Files\QQ\FlashAvatarDll.dll]  <><1, 4, 0, 1>
    [E:\Program Files\QQ\QQPet.dll]  <><1, 0, 0, 1>
    [E:\Program Files\QQ\QQCustomFace.dll]  <N/A><N/A>
    [C:\WINNT\system32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
    [E:\Program Files\QQ\QQSceneMng.dll]  <N/A><N/A>
    [E:\Program Files\QQ\ImageOle.dll]  <TODO: <Company name>><1.0.0.1>
    [E:\Program Files\QQ\BQQApplication.dll]  <N/A><N/A>
    [E:\Program Files\QQ\GroupConnection.dll]  <Tencent><5, 0, 202, 170>
    [C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll]  <Anti-Malware Development a.s.><4, 0, 0, 172>
    [E:\Program Files\QQ\CommercesMng.dll]  <><1, 0, 0, 1>
    [E:\Program Files\QQ\PersonalDesktop.dll]  <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
    [E:\Program Files\QQ\QQAddr.dll]  <深圳市腾讯计算机系统有限公司><5, 0, 101, 200>
    [E:\Program Files\QQ\QQPhoneHelper.dll]  <腾讯科技（深圳）有限公司><2, 0, 5, 50>
[PID: 1288][E:\Program Files\QQ\TIMPlatform.exe]  <tencent><0, 3, 1, 8>
    [E:\Program Files\QQ\TIMProxy.dll]  <tencent><0, 3, 2, 4>
[PID: 1128][D:\TT\TTraveler.exe]  <腾讯公司><3.0.0.241>
    [D:\TT\Plugins\TWeather\TWeather.dll]  <><1, 0, 0, 1>
    [D:\TT\PersonalDesktop.dll]  <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 4>
    [C:\WINNT\system32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
[PID: 1500][C:\Program Files\WinRAR\WinRAR.exe]  <N/A><N/A>
[PID: 884][E:\TEMP\Rar$EX08.289\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>

ALT+CTRL+DELETE调出任务管理器,终止mswdm.exe 的进程
运行(双击)System Repair Engineer，使用“启动项目，注册表”来删除以下选项
C:\WINNT\system32\mswdm.exe
C:\WINNT\system32\1a3dc1f1.dll
删除
C:\WINNT\system32\mswdm.exe
运行(双击)System Repair Engineer，点“启动项目，服务，点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务Accounts Manager，Rising Firewell Service选择“删除服务”点“设置”选择“否”最后重启。（每一个逗号隔开的就是一个病毒的服务，请逐一删除）


请到www.27814939.ys168.com,点“我的软件”下载KillBox.exe
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
双击打开KillBox.exe，删除
C:\WINNT\system32\1a3dc1f1.dll
（删除时勾选“删除前先结束Explorer.EXE进程”
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
删除
C:\WINNT\svchost.exe不要搜索，手工查找。
C:\WINNT\QQ.com
完成回到正常模式，请再扫份日志粘上来。

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><Internat.exe>  [Microsoft Corporation]
    <msnmsgr><; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [Microsoft Corporation]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <WinampAgent><; "D:\Winamp\Winampa.exe">  []
    <NvCplDaemon><RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <Super Rabbit Desktop Set><C:\Program Files\Super Rabbit\MagicSet\DS.EXE /Load>  [Super Rabbit Software]
    <IESAddr><>  []
    <StormCodec_Helper><"H:\播放器\Storm Codec\StormSet.exe" /S /opti>  []
    <LetsCool><C:\Program Files\LetsCool\LetsCool.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <CheckFaultKernel><C:\WINNT\system32\mswdm.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll>  [Anti-Malware Development a.s.]

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk><H>
[IE-Bar]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\IE-Bar.lnk><N>
[腾讯QQ]
  <C:\Documents and Settings\123\「开始」菜单\程序\启动\腾讯QQ.lnk><H>

==================================
服务
[Compatibility / Compatibility]
  <C:\Program Files\HgzServer\Hacker.dll><N/A>
[Crypkey License / Crypkey License]
  <crypserv.exe><Kenonic Controls Ltd.>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard]
  <C:\Program Files\ewido anti-spyware 4.0\guard.exe><Anti-Malware Development a.s.>
[NVIDIA Driver Helper Service / NVSvc]
  <C:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>

==================================
浏览器加载项
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <G:\Kugoo\KuGoo3\KuGoo3DownXControl.ocx, N/A>
[Letscool System Helper]
  {F0C15012-7DBD-4068-95A2-0A82DB03AC35} <C:\WINNT\system32\CoolBho.dll, LETSCOOL Network Technology>
[BHelper Class]
  {F2E37336-BFDB-409B-8D0E-6F013C438B20} <C:\WINNT\system\1a3oc1f0.dll, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINNT\system32\LegitCheckControl.DLL, Microsoft? Corporation>
[RdxIE Class]
  {56336BCB-3D8A-11D6-A00B-0050DA18DE71} <C:\WINNT\Downloaded Program Files\RdxIE.dll, RealNetworks, Inc.>
[Downloader Class]
  {5932517A-3326-4439-A708-1C98EDB5C549} <C:\WINNT\system32\iMopDl.dll, >
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINNT\system32\wuweb.dll, Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINNT\DOWNLO~1\INPUTC~1.DLL, >
[VnetAnprIns Class]
  {74447F9C-5691-4A9A-8BE4-564092E40B03} <C:\WINNT\Downloaded Program Files\anprins.dll, 中国电信股份有限公司>
[KSHScan Control]
  {ACFE8232-03C5-4AEC-AF5E-42B806724096} <C:\WINNT\system32\kingsoft\ONLINE~1\KSHScan.ocx, kingsoft>
[MsnMessengerSetupDownloadControl Class]
  {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} <C:\WINNT\Downloaded Program Files\MsnMessengerSetupDownloader.ocx, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[Cdrawer Object]
  {FB812CBB-A87E-4BA6-BD49-7C984D192EBB} <C:\WINNT\Downloaded Program Files\bk_htmlview.dll, beijing bteck co,.ltd>
[上传到QQ网络硬盘]
  <E:\Program Files\QQ\AddToNetDisk.htm, N/A>
[使用KuGoo3下载(&K)]
  <G:\Kugoo\KuGoo3\KuGoo3DownX.htm, N/A>
[添加到QQ自定义面板]
  <E:\Program Files\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\Program Files\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\Program Files\QQ\SendMMS.htm, N/A>

正在运行的进程
[PID: 152][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 180][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 200][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6970>
[PID: 228][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.6700>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 240][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.6902>
[PID: 420][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 444][C:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.6659>
[PID: 472][C:\WINNT\system32\crypserv.exe]  <Kenonic Controls Ltd.><5.4.0>
[PID: 488][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 508][C:\Program Files\ewido anti-spyware 4.0\guard.exe]  <Anti-Malware Development a.s.><4, 0, 0, 172>
    [C:\Program Files\ewido anti-spyware 4.0\engine.dll]  <Anti-Malware Development a.s.><4, 0, 0, 172>
[PID: 552][C:\WINNT\system32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.5303>
[PID: 596][C:\WINNT\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6920>
[PID: 620][C:\WINNT\system32\stisvc.exe]  <Microsoft Corporation><5.00.2195.6656>
[PID: 664][C:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
[PID: 696][C:\WINNT\system32\mspmspsv.exe]  <Microsoft Corporation><7.10.00.3059>
[PID: 704][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 828][C:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [D:\多媒体\HappyPlayer\Codecs\mmfinfo.dll]  <N/A><N/A>
    [D:\多媒体\HappyPlayer\Codecs\mkunicode.dll]  <N/A><N/A>
    [C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll]  <Anti-Malware Development a.s.><4, 0, 0, 172>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
[PID: 952][C:\WINNT\system32\msime.exe]  <Microsoft Corporation><5.1.2600.2180>
[PID: 968][C:\WINNT\SOUNDMAN.EXE]  <Realtek Semiconductor Corp.><5.1.0.27>
[PID: 992][C:\Program Files\Super Rabbit\MagicSet\DS.EXE]  <Super Rabbit Software><1.50>
[PID: 1016][C:\WINNT\system32\Internat.exe]  <Microsoft Corporation><5.00.2920.0000>
[PID: 960][C:\WINNT\system32\rundll32.exe]  <Microsoft Corporation><5.00.2134.1>
    [C:\DOCUME~1\123\LOCALS~1\APPLIC~1\ae31945\1.dll]  <千橡互联><2, 2, 1, 0>
    [C:\DOCUME~1\123\LOCALS~1\APPLIC~1\ae31945\3.dll]  <千橡互联><3, 0, 0, 0>
    [C:\DOCUME~1\123\LOCALS~1\APPLIC~1\ae31945\4.dll]  <千橡互联><3, 0, 0, 0>
[PID: 788][C:\WINNT\NOTEPAD.EXE]  <Microsoft Corporation><5.00.2140.1>
[PID: 876][C:\Program Files\VnetClient1.6\VnetClient.exe]  <><2005, 11, 18, 1>
    [C:\Program Files\VnetClient1.6\Communicate.dll]  <GDCN><2005, 3, 3, 1>
    [C:\Program Files\VnetClient1.6\DialModule.dll]  <GDCN><2005, 9, 1, 1>
    [C:\PROGRA~1\VNETCL~1.6\CLIENT~1.DLL]  <><2004, 2, 28, 1>
    [C:\PROGRA~1\VNETCL~1.6\PLUGIN~1.OCX]  <><2005, 12, 20, 1>
    [C:\PROGRA~1\VNETCL~1.6\sign.dll]  <0><2004, 12, 1, 1>
    [C:\PROGRA~1\VNETCL~1.6\ADVERT~1.OCX]  <><2005, 10, 13, 1>
    [C:\PROGRA~1\VNETCL~1.6\Gif89a.dll]  <><2005, 6, 21, 1>
    [C:\PROGRA~1\VNETCL~1.6\VnetBs.ocx]  <><2004, 11, 18, 1>
    [C:\PROGRA~1\VNETCL~1.6\ACCOUN~2.DLL]  <><2005, 8, 11, 1>
    [C:\PROGRA~1\VNETCL~1.6\AccountMgr.dll]  <><2005, 8, 16, 1>
    [C:\PROGRA~1\VNETCL~1.6\VnetSkin.ocx]  <GDDC><2005, 12, 21, 1>
    [C:\PROGRA~1\VNETCL~1.6\DialogStyle.dll]  <><1, 0, 0, 1>
    [C:\PROGRA~1\VNETCL~1.6\BDSearch.ocx]  <gdcn><2005, 12, 22, 1>
    [C:\PROGRA~1\VNETCL~1.6\Timer.ocx]  <><2005, 10, 9, 14>
    [C:\PROGRA~1\VNETCL~1.6\PLUGIN~2.OCX]  <><2005, 2, 24, 1>
    [C:\PROGRA~1\VNETCL~1.6\NEWMES~1.DLL]  <><2005, 8, 26, 1>
    [C:\PROGRA~1\VNETCL~1.6\PassCtrl.dll]  <GDCN><2006, 1, 9, 10>
    [C:\WINNT\system32\wpcap.dll]  <Politecnico di Torino><3, 0, 0, 18>
    [C:\WINNT\system32\pthreadVC.dll]  <N/A><N/A>
    [C:\WINNT\system32\packet.dll]  <Politecnico di Torino><3, 0, 0, 18>
    [C:\PROGRA~1\VNETCL~1.6\PlugPush.dll]  <><2004, 12, 21, 1>
    [C:\PROGRA~1\VNETCL~1.6\ALLINT~1.DLL]  <><2004, 11, 23, 1>
    [C:\PROGRA~1\VNETCL~1.6\VNETLO~1.OCX]  <><2005, 4, 19, 1>
    [C:\PROGRA~1\VNETCL~1.6\StatNum.dll]  <><2004, 11, 18, 1>
    [C:\PROGRA~1\VNETCL~1.6\VNETON~1.OCX]  <><2005, 3, 2, 1>
    [C:\PROGRA~1\VNETCL~1.6\ALLFUN~1.DLL]  <GDCN><2006, 1, 13, 11>
    [C:\PROGRA~1\VNETCL~1.6\VnetOptLog.dll]  <><2005, 9, 13, 9>
    [C:\PROGRA~1\VNETCL~1.6\DlgSkin.ocx]  <><1, 0, 0, 1>
    [C:\WINNT\system32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
[PID: 1256][D:\TT\TTraveler.exe]  <腾讯公司><3.0.0.241>
    [D:\TT\Plugins\TWeather\TWeather.dll]  <><1, 0, 0, 1>
    [D:\TT\PersonalDesktop.dll]  <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 4>
    [C:\WINNT\system32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
[PID: 1284][C:\Program Files\WinRAR\WinRAR.exe]  <N/A><N/A>
[PID: 1076][E:\TEMP\Rar$EX00.936\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>

日志不粘全，只能猜猜了。
关闭所有浏览窗口以及一些不必要的程序
运行(双击)System Repair Engineer，使用“系统修复，浏览器加载项”来删除以下选项。
C:\WINNT\system\1a3oc1f0.dll
<C:\WINNT\system32\CoolBho.dll

ALT+CTRL+DELETE调出任务管理器,终止msime.exe，LetsCool.exe的进程
运行(双击)System Repair Engineer，使用“启动项目，注册表”来删除以下选项。
C:\Program Files\LetsCool\LetsCool.exe
C:\WINNT\system32\mswdm.exe
删除
C:\WINNT\system32\msime.exe（一定要找到删除）
C:\Program Files\LetsCool
C:\WINNT\system32\mswdm.exe
重启后删除
C:\WINNT\system\1a3oc1f0.dll
<C:\WINNT\system32\CoolBho.dll
请再扫份日志粘上来。