今天分析了一台机器
Logfile of HijackThis v1.99.1
Scan saved at 14:53:51, on 2005-7-26
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\System32\S24EvMon.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\kav\KAVSvc.EXE
E:\WINNT\System32\RegSrvc.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\System32\RoamMgr.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\system32\stisvc.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\Program Files\Intel\Switching\User\RoamSvc.exe
E:\WINNT\system32\ZCfgSvc.exe
E:\WINNT\Explorer.EXE
E:\WINNT\System32\igfxtray.exe
E:\WINNT\System32\hkcmd.exe
E:\WINNT\LTSMMSG.exe
E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
E:\WINNT\system32\PRPCUI.exe
E:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
D:\kav\KWatchUI.EXE
E:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\kav\KPopMon.EXE
E:\Program Files\ASUS\ASUS Hotkey\Hotkey.exe
D:\kav\MailMon.EXE
D:\kav\KAVPlus.EXE
E:\Documents and Settings\tangxo\桌面\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CInetSvrHelper Class - {68A7F9FA-A202-4D45-AABA-A10DCAC0D899} - E:\WINNT\System32\InetSvrHelper.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - E:\Program Files\Kingsoft\FastAIT 2003\IEBand.dll
O3 - Toolbar: 金山毒霸 - {A9BE2902-C447-420A-BB7F-A5DE921E6138} - D:\kav\KAIEPlus.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] E:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] E:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] E:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [Power_Gear] E:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [KAVRun] D:\kav\KAVRun.EXE
O4 - HKLM\..\Run: [Kulansyn] D:\kav\Kulansyn.EXE
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [KpopMon] D:\kav\KPopMon.EXE
O4 - Global Startup: Hotkey.lnk = E:\Program Files\ASUS\ASUS Hotkey\Hotkey.exe
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINNT\web\related.htm
O9 - Extra button: 在线查毒 - {f58d36c3-40be-4418-a786-d8fbe3eb3554} - D:\kav\kavie.htm
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GJYQYJZJZX-FS.COM
O17 - HKLM\System\CCS\Services\Tcpip\..\{46CB3D22-222A-4DD2-87BA-9E61D73BE313}: NameServer = 221.4.66.66
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = GJYQYJZJZX-FS.COM
O17 - HKLM\System\CS1\Services\Tcpip\..\{46CB3D22-222A-4DD2-87BA-9E61D73BE313}: NameServer = 221.4.66.66
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = GJYQYJZJZX-FS.COM
O17 - HKLM\System\CS2\Services\Tcpip\..\{46CB3D22-222A-4DD2-87BA-9E61D73BE313}: NameServer = 221.4.66.66
O20 - Winlogon Notify: igfxcui - E:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - E:\WINNT\System32\LgNotify.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: 适配器切换 (IntelRoam) - Intel Corporation - E:\Program Files\Intel\Switching\User\RoamSvc.exe
O23 - Service: Kingsoft AntiVirus Service (KAVSvc) - kingsoft Antivirus - D:\kav\KAVSvc.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - E:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - E:\WINNT\System32\RegSrvc.exe
O23 - Service: RoamMgr - Intel Corporation - E:\WINNT\System32\RoamMgr.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - E:\WINNT\System32\S24EvMon.exe

我觉得
O2 - BHO: CInetSvrHelper Class - {68A7F9FA-A202-4D45-AABA-A10DCAC0D899} - E:\WINNT\System32\InetSvrHelper.dll
项有问题，就重启到安全模式，在安全模式下，删除了这项，同时也删除了InetSvrHelper.dll文件
但是不知道为什么，重启进入系统以后，它又出来了

是不是我少删了什么东西啊

请那位大虾帮我看看

谢谢~~~~~~~~~~~~~~

【回复“耳边风”的帖子】
重新启动到安全模式（进入安全模式的方法:重新启动电脑, 开机自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。）

如果楼主的win xp系统开启了系统还原功能, 建议楼主在修复前, 先关闭系统还原功能

请关闭所有IE界面，重新使用HijackThis扫描一次，选中下面建议修复的项目，让HijackThis修复，修复前请允许HijackThis保留备份。（如果楼主知道是安全的可以不必勾选）
O2 - BHO: CInetSvrHelper Class - {68A7F9FA-A202-4D45-AABA-A10DCAC0D899} - E:\WINNT\System32\InetSvrHelper.dll

然后打开我的电脑。。再点工具。。打开文件夹选项。。。查看。。。把隐藏受保护的系统文件（推荐）和隐藏已知文件类型的扩展名的勾去掉。再显示所有文件。 用WINDOWS的查找功能进行查找并删除：
E:\WINNT\System32\InetSvrHelper.dll

我就是这么做的阿，

在安全模式里先修复，再删除

但是重启以后又出来了

用ICESWARD删

ICESWARD是什么东东

【回复“耳边风”的帖子】
你好,请照1楼版主的方法做,如删除不了请参考以下方法:

开始--运行--＂regedit＂(不含引号)

编辑--查找--输入＂InetSvrHelper.dll＂(不含引号)

找到关于InetSvrHelper.dll的键值,删除.重启

或是您安装了某些软件自带的,请您确认.