杀毒软件、防火墙、卡卡都被关了。
不过只有卡卡还能开。
然后WINDOWS被新建了一个用户叫“NEW1"。

请大侠帮忙解决，谢谢！！！！！

还有，我是上了“我是应届生”这个网站而中的，大家小心啊！！！！

附上扫面报告：

附件: SREngLOG.log (2008-10-26 23:51:29, 49.54 K)
该附件被下载次数 168

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon; Maxthon; MEGAUPLOAD 1.0; .NET CLR 2.0.50727)

用sreng
删除启动项目=>注册表
    <P2kAutostart><>  [N/A]
    <dmcd><C:\WINDOWS\system32\dmcd.exe>  [dudu]
    <HBService32><SYSTEM.EXE>  [HB Software]
    <WinSysM><C:\WINDOWS\32531M.exe>  []
    <{F0C9FBC2-6FA2-479d-B65D-F9D65C613ECC}><C:\WINDOWS\system32\gmrtkwkm.dll>  []
    <{D1CC9DC6-F0BC-40fc-9552-E497B05E05B8}><C:\WINDOWS\system32\aojvwysp.dll>  []
    <{76D44356-B494-443a-BEDC-AA68DE4255E6}><C:\WINDOWS\system32\dgphjxvp.dll>  []
    <{432BDC7C-DE5B-43f4-AA81-E7F8AFB0182D}><C:\WINDOWS\system32\qnhkxsqg.dll>  []
    <{9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5}><C:\WINDOWS\system32\nsqmiphl.dll>  []
    <{2CB77746-8ECC-40ca-8217-10CA8BE5EFC8}><C:\WINDOWS\system32\htearjbg.dll>  []
    <{AF976DCD-754F-4ac2-BE49-951DC7AA57D2}><C:\WINDOWS\system32\hurocryn.dll>  []
    <{DE02F764-C51A-4788-9597-D78ECC2AC08F}><DE02F764.dll>  []
    <{9F684DE8-3E87-4174-9033-E02A3DFD8B61}><9F684DE8.dll>  []
    <{71A78CD4-E470-4a18-8457-E0E0283DD507}><C:\WINDOWS\system32\ncbrcjbo.dll>  []
    <{EA4D8F95-8F2E-4658-A234-E8F4C9AC21C5}><C:\WINDOWS\system32\nupkzljy.dll>  []
    <{589E405E-6C09-4341-862A-FFFEBD5C3C8C}><C:\Program Files\Internet Explorer\VneNt64.987>  []
    <{22D75360-199D-4F79-880D-82E766675F06}><22D75360.dll>  []
    <{3474A8C2-BEF9-46C8-983A-A26A0030EC30}><3474A8C2.dll>  []
    <{3FDEB171-8F86-0004-0001-69B8DB553683}><C:\WINDOWS\system32\sysmxd.dll>  []
    <{58FF3024-8A83-4B1A-88E9-302F47646EEE}><58FF3024.dll>  []
    <gmrtkwkm.dll><C:\WINDOWS\system32\gmrtkwkm.dll>  []
    <aojvwysp.dll><C:\WINDOWS\system32\aojvwysp.dll>  []
    <dgphjxvp.dll><C:\WINDOWS\system32\dgphjxvp.dll>  []
    <qnhkxsqg.dll><C:\WINDOWS\system32\qnhkxsqg.dll>  []
    <nsqmiphl.dll><C:\WINDOWS\system32\nsqmiphl.dll>  []
    <nzcscnzb.dll><C:\WINDOWS\system32\htearjbg.dll>  []
    <hurocryn.dll><C:\WINDOWS\system32\hurocryn.dll>  []
    <nupkzljy.dll><C:\WINDOWS\system32\nupkzljy.dll>  []
    <ncbrcjbo.dll><C:\WINDOWS\system32\ncbrcjbo.dll>  []
    <htearjbg.dll><C:\WINDOWS\system32\htearjbg.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe]
    <IFEO[360safe.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
    <IFEO[360tray.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\acasp.exe]
    <IFEO[acasp.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ahnsd.exe]
    <IFEO[ahnsd.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
    <IFEO[avp.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe]
    <IFEO[CCenter.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe]
    <IFEO[egui.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FrogAgent.exe]
    <IFEO[FrogAgent.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icesword.exe]
    <IFEO[icesword.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\katmain.exe]
    <IFEO[katmain.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav.exe]
    <IFEO[kav.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav32.exe]
    <IFEO[kav32.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe]
    <IFEO[kavstart.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavsvc.exe]
    <IFEO[kavsvc.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe]
    <IFEO[kpfw32.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfwsvc.exe]
    <IFEO[kpfwsvc.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe]
    <IFEO[KRegEx.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.exe]
    <IFEO[KVCenter.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvMonXP.exe]
    <IFEO[KvMonXP.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvMonXP.kxp]
    <IFEO[KvMonXP.kxp]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvprescan.exe]
    <IFEO[kvprescan.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe]
    <IFEO[KVSrvXP.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVXP.exe]
    <IFEO[KVXP.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe]
    <IFEO[KWatch.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe]
    <IFEO[mmc.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Msconfig.exe]
    <IFEO[Msconfig.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naPrdMgr.exe]
    <IFEO[naPrdMgr.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe]
    <IFEO[Rav.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ravmon.exe]
    <IFEO[Ravmon.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavmonD.exe]
    <IFEO[RavmonD.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe]
    <IFEO[RavStub.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe]
    <IFEO[RavTask.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Regedit.exe]
    <IFEO[Regedit.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe]
    <IFEO[rfwmain.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwproxy.exe]
    <IFEO[rfwproxy.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe]
    <IFEO[rfwsrv.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstray.exe]
    <IFEO[rstray.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxtray.exe]
    <IFEO[safeboxtray.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe]
    <IFEO[scan32.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shstat.exe]
    <IFEO[shstat.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SnipeSword.exe]
    <IFEO[SnipeSword.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TBMon.exe]
    <IFEO[TBMon.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.exe]
    <IFEO[TrojDie.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe]
    <IFEO[UIHost.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpdaterUI.exe]
    <IFEO[UpdaterUI.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcrmon.exe]
    <IFEO[vcrmon.exe]><C:\WINDOWS\system32\wscntfy.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VsTskMgr.exe]


删除启动项目=>服务=>驱动
[4901228 / 4901228][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\4901228.sys><N/A>
[5102a80 / 5102a80][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\5102a80.sys><N/A>
[9fd8db / 9fd8db][Running/Manual Start]
  <\??\C:\WINDOWS\system32\9fd8db.sys><N/A>
[HBKernel32 Driver / HBKernel32][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\HBKernel32.sys><N/A>

删除系统修复=>浏览器加载项
[]
  {589E405E-6C09-4341-862A-FFFEBD5C3C8C} <C:\Program Files\Internet Explorer\VneNt64.987, N/A>

用sreng
启动项目=>注册表
编辑 <AppInit_DLLs> 为空值

重启,删除
C:\WINDOWS\system32\dmcd.exe
C:\WINDOWS\system32\SYSTEM.EXE
C:\WINDOWS\32531M.exe
C:\WINDOWS\system32\gmrtkwkm.dll
C:\WINDOWS\system32\aojvwysp.dll
C:\WINDOWS\system32\dgphjxvp.dll
C:\WINDOWS\system32\qnhkxsqg.dll
C:\WINDOWS\system32\nsqmiphl.dll
C:\WINDOWS\system32\htearjbg.dll
C:\WINDOWS\system32\hurocryn.dll
C:\WINDOWS\system32\ncbrcjbo.dll
C:\WINDOWS\system32\nupkzljy.dll
C:\WINDOWS\system32\DE02F764.dll
C:\WINDOWS\system32\9F684DE8.dll
C:\Program Files\Internet Explorer\VneNt64.987
C:\WINDOWS\system32\sysmxd.dll
C:\WINDOWS\system32\22D75360.dll
C:\WINDOWS\system32\3474A8C2.dll
C:\WINDOWS\system32\58FF3024.dll
C:\WINDOWS\system32\4901228.sys
C:\WINDOWS\system32\5102a80.sys
C:\WINDOWS\system32\9fd8db.sys
C:\windows\system32\DRIVERS\HBKernel32.sys
C:\WINDOWS\32531MM.DLL


另可以尝试专杀
http://dl.rising.com.cn/DownLoadInfo/2008-06-18/1213783336d47779.shtml

还是不行啊。。。我扫了日志。。。。请大侠们帮帮忙啊！！！！！！

附件: SREngLOG.log (2008-10-27 14:20:49, 258.64 K)
该附件被下载次数 162

拜托。。谁能帮帮我。。。。。

用瑞星杀了几个毒出来。。。可是还是有问题啊。。。该怎么办？？

可能是AV

下几个专杀，别光下一个公司的，别的专杀也下一些如熊猫的，威金的，越多越好，开机后。一个一个杀，杀完后，在用av终结者的专杀，如还打不开，下个别的任务管理器，看看有没有异常进程，都关闭，在任务管理器中点新建，点浏览，打开金山的av终结者专杀杀毒，然后打开安全模式装个瑞星丁香鱼版，全盘杀毒。你再在卡饭，深度论坛上问问，那里高手多！
我还是建议你找专家,一般人弄不了
要不就全盘格式,重装

1.建议使用费尔木马删除以下文件：(费尔下载)
扩展：(冰刃下载)(XDelBox1.8剑盟版)


c:\windows\system32\drivers\secdrv.sys
c:\windows\system32\gdipro.dll
c:\windows\system32\sys05026.dll
c:\windows\system32\rpcss.dll

2.删除重启后使用SREng修复下面各项：

    启动项目 －－ 注册表之如下项删除：
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
[aojvwysp.dll]    <>
[nsqmiphl.dll]    <>
[ncbrcjbo.dll]    <>
[htearjbg.dll]    <>
[nupkzljy.dll]    <>
[hurocryn.dll]    <>
[qnhkxsqg.dll]    <>
[dgphjxvp.dll]    <>
[gmrtkwkm.dll]    <>
[ThunderAdvise]    <>
[Webcam]    <>

    启动项目 －－ 服务－－ 驱动程序之如下项禁用：
[Secdrv / Secdrv]    <system32\DRIVERS\secdrv.sys>

**************以上分析报告由SREngLog分析助手提供******************
分析：lichun005
c:\windows\system32\rpcss.dll应该是被替换了的，在线检查下

因为被我弄得越来越严重。。。
所以我恢复备份了。。。。
暂时没什么问题。。。
谢谢大侠们的帮助！！！！