Logfile of HijackThis v1.99.1
Scan saved at 8:30:13, on 2006-8-30
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Microsoft\svhost32.exe
C:\WINNT\Config\svhost32.exe
C:\WINNT\system32\conime.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\mssave.exe
C:\WINNT\system32\svchosl.exe
C:\WINNT\system32\drwtsn32.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\Program Files\ChinaNet\VnetClient.exe
C:\WINNT\system32\mstsk.exe
C:\WINNT\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\Logo1_.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX06.906\HijackThis.exe

F3 - REG:win.ini: load=C:\WINNT\rundl132.exe
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: DownloadBHO T2BHO - {B1D147E7-873E-4909-8127-695D9BB78728} - C:\WINNT\Downloaded Program Files\barhelp24.0.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 天下搜索 - {56A7DC70-E102-4408-A34A-AE06FEF01586} - C:\WINNT\Downloaded Program Files\iebar23.0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Microsoft System Saver] mssave.exe
O4 - HKLM\..\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - HKLM\..\Run: [mx] C:\Program Files\Internet Explorer\svhost32.exe
O4 - HKLM\..\Run: [fzg] C:\WINNT\Config\svhost32.exe
O4 - HKLM\..\Run: [Microsoft Task Manager] mstsk.exe
O4 - HKLM\..\Run: [Microsoft Corp. Host Services] svchosl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ryy] C:\WINNT\rundl132.exe
O4 - HKLM\..\RunServices: [Microsoft System Saver] mssave.exe
O4 - HKLM\..\RunServices: [Microsoft Task Manager] mstsk.exe
O4 - HKLM\..\RunServices: [Microsoft Corp. Host Services] svchosl.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [Microsoft System Saver] mssave.exe
O4 - HKCU\..\Run: [Microsoft Task Manager] mstsk.exe
O4 - HKCU\..\Run: [Microsoft Corp. Host Services] svchosl.exe
O4 - HKCU\..\RunServices: [Microsoft System Saver] mssave.exe
O4 - HKCU\..\RunServices: [Microsoft Task Manager] mstsk.exe
O4 - HKCU\..\RunServices: [Microsoft Corp. Host Services] svchosl.exe
O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (天下搜索) - http://iebar.t2t2.com/iebar.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA9E262D-9C5A-4683-9C94-5F1B06D3FF0C}: NameServer = 202.102.192.68 202.102.199.68
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: SQLServerAgent - Unknown owner - C:\MSSQL7\binn\sqlagent.exe

在安全模式下

删除
C:\WINNT\Config\svhost32.exe
C:\WINNT\system32\mssave.exe
C:\WINNT\system32\svchosl.exe
C:\WINNT\system32\mstsk.exe
C:\WINNT\Logo1_.exe
C:\WINNT\rundl132.exe
C:\WINNT\Config\svhost32.exe
C:\Program Files\Internet Explorer\svhost32.exe
C:\Program Files\Microsoft\svhost32.exe
搜索 mssave.exe 删除


更改
F3 - REG:win.ini: load=C:\WINNT\rundl132.exe
改为REG:win.ini: load=

取消启动
O4 - HKLM\..\Run: [ryy] C:\WINNT\rundl132.exe
O4 - HKLM\..\RunServices: [Microsoft System Saver] mssave.exe
O4 - HKLM\..\RunServices: [Microsoft Task Manager] mstsk.exe
O4 - HKLM\..\RunServices: [Microsoft Corp. Host Services] svchosl.exe
O4 - HKCU\..\Run: [Microsoft System Saver] mssave.exe
O4 - HKCU\..\Run: [Microsoft Task Manager] mstsk.exe
O4 - HKCU\..\Run: [Microsoft Corp. Host Services] svchosl.exe
O4 - HKCU\..\RunServices: [Microsoft System Saver] mssave.exe
O4 - HKCU\..\RunServices: [Microsoft Task Manager] mstsk.exe
O4 - HKCU\..\RunServices: [Microsoft Corp. Host Services] svchosl.exe
O4 - HKLM\..\Run: [Microsoft System Saver] mssave.exe
O4 - HKLM\..\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - HKLM\..\Run: [mx] C:\Program Files\Internet Explorer\svhost32.exe
O4 - HKLM\..\Run: [fzg] C:\WINNT\Config\svhost32.exe
O4 - HKLM\..\Run: [Microsoft Task Manager] mstsk.exe
O4 - HKLM\..\Run: [Microsoft Corp. Host Services] svchosl.exe

先做好相应的备份
O4 - HKCU\..\Run: [Internat.exe]
若internat.exe在SYSTEM32里面就没事,在其他地方的杀吧

中威金了,楼主重装吧.....