一上网就不停地中木马，把瑞星也关了，文件夹中的显示所有文件选项怎么也改不过来，总是隐藏属性。我把注册表扫描日志弄上来，大虾门有空帮个忙 吧
[CODE]

2007-07-09,10:58:05

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><Internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
    <SoundMan><soundman.exe>  [Avance Logic, Inc.]
    <Microsoft IntelliType Pro><"C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe">  [Microsoft Corporation]
    <wosa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\woso.exe>  [N/A]
    <mhsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mhso.exe>  [N/A]
    <jtsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jtso.exe>  [N/A]
    <wgsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wgso.exe>  [N/A]
    <qjsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qjso.exe>  [N/A]
    <wdsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wdso.exe>  [N/A]
    <tlsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tlso.exe>  [N/A]
    <Microsoft Autorun7><C:\WINNT\system32\nwizqjsj.exe>  []
    <AVPSrv><C:\WINNT\AVPSrv.exe>  []
    <WinForm><C:\WINNT\WinForm.exe>  []
    <Microsoft Autorun1><C:\WINNT\system32\nwizdh.exe>  [N/A]
    <MsIMMs32><C:\WINNT\MsIMMs32.exe>  []
    <Microsoft Autorun11><C:\WINNT\system32\nwizwlwzs.exe>  []
    <cmdbcs><C:\WINNT\cmdbcs.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer 访问><"%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express 访问><"%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B202102-FE38-11cf-64CD-21FF5FE1CF20}]
    <N/A><C:\WINNT\system32\ztinetzt.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A202101-A04D-21cf-65CD-31FF5FE1CF20}]
    <N/A><C:\WINNT\system32\mydata.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A202101-F04D-11cf-64CD-31FF5FE1CF20}]
    <N/A><C:\WINNT\system32\nwiztlbu.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{77709117-A10D-41cf-64CD-51FF5FE1CF41}]
    <N/A><C:\WINNT\system32\nwizwmgjs.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{81716107-A10D-11cf-64CD-11115FE1CF41}]
    <N/A><C:\WINNT\system32\nwizzhuxians.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\mscories.dll,Install>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{95192103-834D-71CF-64CD-51E15112AF20}]
    <N/A><C:\WINNT\system32\nwizhx2.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{99371217-A10D-11cf-64CD-316F9FE1CF41}]
    <N/A><C:\WINNT\system32\nwizwlwzs.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
    <CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BA312103-F04D-31cf-64CD-21EF5011CF20}]
    <N/A><C:\WINNT\system32\nwizqjsj.exe>  []

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~3\Office\OSA9.EXE [Microsoft Corporation]><N>
[System]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\System.exe -->  [N/A]><H>

==================================
服务
[70744D42 / 70744D42][Stopped/Auto Start]
  <C:\WINNT\system32\5528E4D7.EXE -k><Microsoft Corporation>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Help and Support / helpsvc][Stopped/Auto Start]
  <C:\WINNT\system32\inetres.exe><1>
[Win32 Debug Service / MSDebugsvc][Stopped/Auto Start]
  <C:\WINNT\system32\rundll32.exe msdebug.dll,input><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\瑞星\rising\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\瑞星\rising\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  <C:\WINNT\system32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>
[WMI Performance API / WMIApiSrv][Stopped/Auto Start]
  <C:\WINNT\system32\rundll32.exe WMIApiSrv.dll,input><Microsoft Corporation>
[Wireless Service / WZCSRVC][Stopped/Auto Start]
  <C:\WINNT\system32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>

==================================
驱动程序
[Service for Avance AC'97 Driver (WDM) / ALCICH][Stopped/Manual Start]
  <system32\drivers\ALCICH.SYS><Avance Logic, Inc.>
[BaseTDI / BaseTDI][Running/Auto Start]
  <\??\C:\WINNT\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[EDSP Port Driver / Edspport][Running/Manual Start]
  <system32\DRIVERS\es56hpi.sys><ESS Technology, Inc.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\D:\瑞星\rising\Rising\Rav\ExpScan.sys><>
[D-Link DFE-530TX PCI Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
  <system32\DRIVERS\dlkfet5b.sys><D-Link>
[WAN Miniport Driver For PPPoE Protocol / GNetPPPoE][Running/Manual Start]
  <system32\DRIVERS\PPPoE.SYS><Guangdong Data Communications Network Co.Ltd.>
[HookCont / HookCont][Running/Auto Start]
  <\??\D:\瑞星\rising\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\D:\瑞星\rising\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\D:\瑞星\rising\Rising\Rav\HookSys.sys><Rising>
[idebd / idebd][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\idebd.sys><Intel Corporation>
[IntelATA / IntelATA][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\intelata.sys><Intel Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\D:\瑞星\rising\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[Netgroup Packet Filter / NPF][Running/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\E:\腾讯\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv4 / nv4][Running/Manual Start]
  <system32\DRIVERS\nv4.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\D:\瑞星\rising\Rising\Rav\RSPPSYS.sys><Rising>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <d:\wangluo\chinanet\VNETTR~1.DLL, >
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\腾讯\qq\QQ.EXE, TENCENT>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[上传到QQ网络硬盘]
  <E:\腾讯\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <E:\腾讯\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\腾讯\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\腾讯\qq\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 144][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 168][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\13DEB962.DLL]  [Microsoft Corporation, ]
[PID: 188][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6970]
    [C:\WINNT\system32\13DEB962.DLL]  [Microsoft Corporation, ]
[PID: 216][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.6700]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
    [C:\WINNT\system32\13DEB962.DLL]  [Microsoft Corporation, ]
[PID: 228][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.6902]
    [C:\WINNT\system32\13DEB962.DLL]  [Microsoft Corporation, ]
[PID: 392][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\13DEB962.DLL]  [Microsoft Corporation, ]
[PID: 420][D:\瑞星\rising\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\WINNT\system32\13DEB962.DLL]  [Microsoft Corporation, ]
[PID: 476][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.6659]
    [C:\WINNT\system32\13DEB962.DLL]  [Microsoft Corporation, ]
[PID: 528][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\13DEB962.DLL]  [Microsoft Corporation, ]
[PID: 772][D:\瑞星\rising\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [D:\瑞星\rising\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\瑞星\rising\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 512][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 864][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6920]
[PID: 968][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\13DEB962.DLL]  [Microsoft Corporation, ]
    [C:\WINNT\system32\nwizqjsj.dll]  [N/A, ]
    [C:\WINNT\system32\c_g18030.dll]  [Microsoft Corporation, 5.2.3663.0 (main.020715-1506)]
    [D:\瑞星\rising\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINNT\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINNT\system32\k11839475774.DAT]  [N/A, ]
    [C:\WINNT\system32\nwizzhuxians.dll]  [N/A, ]
    [C:\WINNT\system32\dh2104.dll]  [N/A, ]
    [C:\WINNT\system32\WinForm.dll]  [N/A, ]
    [C:\WINNT\system32\TIMHost.dll]  [N/A, ]
    [C:\WINNT\system32\nwizwlwzs.dll]  [N/A, ]
    [C:\WINNT\system32\MsIMMs32.dll]  [N/A, ]
    [C:\WINNT\system32\cmdbcs.dll]  [N/A, ]
    [E:\winrar\rarext.dll]  [N/A, ]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [D:\瑞星\rising\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1040][C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe]  [Microsoft Corporation, 1.01.430]
    [C:\Program Files\Microsoft Hardware\Keyboard\SKFilter.dll]  [Microsoft Corporation, 1.01.430]
    [C:\Program Files\Microsoft Hardware\Keyboard\SKRes.DLL]  [N/A, ]
    [C:\Program Files\Microsoft Hardware\Keyboard\skbrowsr.dll]  [Microsoft Corporation, 1.01.430]
    [C:\Program Files\Microsoft Hardware\Keyboard\skmedia.dll]  [Microsoft Corporation, 1.01.430]
[PID: 1100][C:\WINNT\system32\Internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\WINNT\system32\k11839475774.DAT]  [N/A, ]
    [C:\WINNT\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINNT\system32\MsIMMs32.dll]  [N/A, ]
    [C:\WINNT\system32\WinForm.dll]  [N/A, ]
    [C:\WINNT\system32\AVPSrv.dll]  [N/A, ]
[PID: 1132][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 1088][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 440][D:\wangluo\ChinaNet\VnetClient.exe]  [, 2006, 3, 17, 1]
    [D:\wangluo\ChinaNet\Communicate.dll]  [GDCN, 2006, 2, 15, 1]
    [D:\wangluo\ChinaNet\DialModule.dll]  [GDCN, 2006, 3, 8, 18]
    [D:\wangluo\ChinaNet\CLIENT~1.DLL]  [, 2004, 2, 28, 1]
    [D:\wangluo\ChinaNet\PLUGIN~1.OCX]  [, 2006, 2, 8, 1]
    [D:\wangluo\ChinaNet\sign.dll]  [0, 2004, 12, 1, 1]
    [D:\wangluo\ChinaNet\PostPlug.dll]  [, 2004, 12, 16, 2]
    [D:\wangluo\ChinaNet\ADVERT~1.OCX]  [, 2006, 2, 20, 1]
    [D:\wangluo\ChinaNet\Gif89a.dll]  [, 2005, 6, 21, 1]
    [D:\wangluo\ChinaNet\VnetBs.ocx]  [, 2004, 11, 18, 1]
    [D:\wangluo\ChinaNet\ACCOUN~2.DLL]  [, 2006, 5, 29, 14]
    [D:\wangluo\ChinaNet\AccountMgr.dll]  [, 2006, 5, 26, 9]
    [D:\wangluo\ChinaNet\VnetSkin.ocx]  [GDDC, 2005, 11, 14, 1]
    [D:\wangluo\ChinaNet\DialogStyle.dll]  [, 1, 0, 0, 1]
    [D:\wangluo\ChinaNet\Timer.ocx]  [, 2006, 3, 24, 9]
    [D:\wangluo\ChinaNet\PLUGIN~2.OCX]  [, 2006, 4, 4, 1]
    [D:\wangluo\ChinaNet\NEWMES~1.DLL]  [, 2006, 5, 24, 16]
    [D:\wangluo\ChinaNet\PassCtrl.dll]  [GDCN, 2006, 3, 1, 16]
    [C:\WINNT\system32\wpcap.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [C:\WINNT\system32\pthreadVC.dll]  [N/A, ]
    [C:\WINNT\system32\packet.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [D:\wangluo\ChinaNet\PlugPush.dll]  [, 2004, 12, 21, 1]
    [D:\wangluo\ChinaNet\ALLINT~1.DLL]  [, 2006, 5, 29, 11]
    [D:\wangluo\ChinaNet\VNETLO~1.OCX]  [, 2005, 10, 9, 1]
    [D:\wangluo\ChinaNet\StatNum.dll]  [, 2006, 3, 1, 1]
    [D:\wangluo\ChinaNet\VNETON~1.OCX]  [, 2005, 3, 2, 1]
    [D:\wangluo\ChinaNet\ALLFUN~1.DLL]  [GDCN, 2006, 5, 24, 14]
    [D:\wangluo\ChinaNet\VnetOptLog.dll]  [, 2006, 3, 14, 10]
    [D:\wangluo\ChinaNet\MAGICD~1.OCX]  [, 1, 0, 0, 1]
    [C:\WINNT\system32\c_g18030.dll]  [Microsoft Corporation, 5.2.3663.0 (main.020715-1506)]
    [D:\瑞星\rising\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\wangluo\ChinaNet\DlgSkin.ocx]  [, 2005, 11, 14, 1]
    [C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL]  [, ]
    [C:\Program Files\Common Files\Microsoft Shared\Web Folders\msows804.dll]  [Microsoft Corporation, 9.0.2717]
    [C:\WINNT\system32\k11839475774.DAT]  [N/A, ]
    [C:\WINNT\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINNT\system32\MsIMMs32.dll]  [N/A, ]
    [C:\WINNT\system32\WinForm.dll]  [N/A, ]
    [C:\WINNT\system32\AVPSrv.dll]  [N/A, ]
[PID: 1476][C:\WINNT\system32\conime.exe]  [Microsoft Corporation, 5.00.2195.6655]
[PID: 1144][E:\repair engineer\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINNT\system32\k11839475774.DAT]  [N/A, ]
    [C:\WINNT\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINNT\system32\MsIMMs32.dll]  [N/A, ]
    [C:\WINNT\system32\WinForm.dll]  [N/A, ]
    [C:\WINNT\system32\AVPSrv.dll]  [N/A, ]
    [E:\repair engineer\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[D:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[E:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1040, C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 440, D:\WANGLUO\CHINANET\VNETCLIENT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 440, D:\WANGLUO\CHINANET\VNETCLIENT.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

删除以下启动项
<wosa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\woso.exe> [N/A]
<mhsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mhso.exe> [N/A]
<jtsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jtso.exe> [N/A]
<wgsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wgso.exe> [N/A]
<qjsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qjso.exe> [N/A]
<wdsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wdso.exe> [N/A]
<tlsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tlso.exe> [N/A]
<Microsoft Autorun7><C:\WINNT\system32\nwizqjsj.exe> []
<AVPSrv><C:\WINNT\AVPSrv.exe> []
<WinForm><C:\WINNT\WinForm.exe> []
<Microsoft Autorun1><C:\WINNT\system32\nwizdh.exe> [N/A]
<MsIMMs32><C:\WINNT\MsIMMs32.exe> []
<Microsoft Autorun11><C:\WINNT\system32\nwizwlwzs.exe> []
<cmdbcs><C:\WINNT\cmdbcs.exe> []
<N/A><C:\WINNT\system32\ztinetzt.exe> [N/A]
<N/A><C:\WINNT\system32\mydata.exe> [N/A]
<N/A><C:\WINNT\system32\nwiztlbu.exe> [N/A]
<N/A><C:\WINNT\system32\nwizzhuxians.exe> []
<N/A><C:\WINNT\system32\nwizhx2.exe> [N/A]
<N/A><C:\WINNT\system32\nwizwlwzs.exe> []
<CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl> [N/A]
<N/A><C:\WINNT\system32\nwizqjsj.exe> []
删除以下服务
[70744D42 / 70744D42][Stopped/Auto Start]
<C:\WINNT\system32\5528E4D7.EXE -k><Microsoft Corporation>
[WMI Performance API / WMIApiSrv][Stopped/Auto Start]
<C:\WINNT\system32\rundll32.exe WMIApiSrv.dll,input><Microsoft Corporation>
[Wireless Service / WZCSRVC][Stopped/Auto Start]
<C:\WINNT\system32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>
删除以下驱动
[Netgroup Packet Filter / NPF][Running/Manual Start]
<system32\drivers\npf.sys><CACE Technologies>
并删除上述相应文件，以及下面这些
[C:\WINNT\system32\13DEB962.DLL] [Microsoft Corporation, ]
[C:\WINNT\system32\nwizqjsj.dll] [N/A, ]
[C:\WINNT\system32\AVPSrv.dll] [N/A, ]
[C:\WINNT\system32\k11839475774.DAT] [N/A, ]
[C:\WINNT\system32\nwizzhuxians.dll] [N/A, ]
[C:\WINNT\system32\dh2104.dll] [N/A, ]
[C:\WINNT\system32\WinForm.dll] [N/A, ]
[C:\WINNT\system32\TIMHost.dll] [N/A, ]
[C:\WINNT\system32\nwizwlwzs.dll] [N/A, ]
[C:\WINNT\system32\MsIMMs32.dll] [N/A, ]
[C:\WINNT\system32\cmdbcs.dll] [N/A, ]
[E:\winrar\rarext.dll] [N/A, ]
用winrar删除C D E盘下的Autorun.inf　auto.exe
修复host

有问题的再扫日志上来

满眼的病毒！

正常模式或安全模式下可能搞不定！

有QQ吗？

信任的话我帮你远程弄下！

这里下载冰刃（1.2版本）工具：http://forum.ikaka.com/topic.asp?board=67&artid=8283060
去这里“http://www.i170.com/Attach/51FD704F-C0BD-41E7-B0E9-60673A888FD6”下载xdelbox到Windows文件夹里，改名备用。
SRENG工具也建议重新下载，所有工具都下载到Windows文件夹里改名。
然后断网，关闭一切能关闭的东西，包括防火墙，杀软，网页，QQ，已断网了，所有加入内存的软件，都尽量退出。
尽量进安全模式下：
在扫日志的SRENG工具中的：启动项目》注册表》删除下面：
<wosa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\woso.exe> [N/A]
<mhsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mhso.exe> [N/A]
<jtsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jtso.exe> [N/A]
<wgsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wgso.exe> [N/A]
<qjsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qjso.exe> [N/A]
<wdsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wdso.exe> [N/A]
<tlsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tlso.exe> [N/A]
<Microsoft Autorun7><C:\WINNT\system32\nwizqjsj.exe> []
<AVPSrv><C:\WINNT\AVPSrv.exe> []
<WinForm><C:\WINNT\WinForm.exe> []
<Microsoft Autorun1><C:\WINNT\system32\nwizdh.exe> [N/A]
<MsIMMs32><C:\WINNT\MsIMMs32.exe> []
<Microsoft Autorun11><C:\WINNT\system32\nwizwlwzs.exe> []
<cmdbcs><C:\WINNT\cmdbcs.exe> []
<N/A><C:\WINNT\system32\ztinetzt.exe> [N/A]
<N/A><C:\WINNT\system32\mydata.exe> [N/A]
<N/A><C:\WINNT\system32\nwiztlbu.exe> [N/A]
<N/A><C:\WINNT\system32\nwizwmgjs.exe> [N/A]
<N/A><C:\WINNT\system32\nwizzhuxians.exe> []
<N/A><C:\WINNT\system32\nwizhx2.exe> [N/A]
<N/A><C:\WINNT\system32\nwizwlwzs.exe> []
<N/A><C:\WINNT\system32\nwizqjsj.exe> []
————————————————————————————————————————
在扫日志的SRENG工具中的：启动项目》启动文件夹》删除下面：
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\System.exe --> [N/A]><H>
————————————————————————————————————————
在扫日志的SRENG工具中的：启动项目》服务》Win32服务应用程序》修改下面启动类型为“Disabled”
[70744D42 / 70744D42]
[Help and Support / helpsvc]
[Win32 Debug Service / MSDebugsvc]
[Windows DHCP Service / WinDHCPsvc]
[WMI Performance API / WMIApiSrv]
[Wireless Service / WZCSRVC]
————————————————————————————————————————
在冰刃的：“文件”中找下面文件，强行删除，或者用xdelbox在文件路径中，添加文件后，选择抑制再生，右键菜单选择重启删除。
如有文件删除后重启再出，就改名重启删除。
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\woso.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mhso.exe
<C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jtso.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wgso.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qjso.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wdso.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tlso.exe
C:\WINNT\system32\nwizqjsj.exe
C:\WINNT\AVPSrv.exe
C:\WINNT\WinForm.exe
C:\WINNT\system32\nwizdh.exe
:\WINNT\MsIMMs32.exe
C:\WINNT\system32\nwizwlwzs.exe
C:\WINNT\cmdbcs.exe
C:\WINNT\system32\ztinetzt.exe
C:\WINNT\system32\mydata.exe
C:\WINNT\system32\nwiztlbu.exe
C:\WINNT\system32\nwizwmgjs.exe
C:\WINNT\system32\nwizzhuxians.exe
C:\WINNT\system32\nwizhx2.exe
C:\WINNT\system32\nwizwlwzs.exe
C:\WINNT\system32\nwizqjsj.exe
C:\WINNT\system32\5528E4D7.EXE
C:\WINNT\system32\inetres.exe
C:\WINNT\system32\msdebug.dll
C:\WINNT\system32\windhcp.ocx
C:\WINNT\system32\WMIApiSrv.dll
C:\WINNT\system32\netsrvcs.dll
C:\WINNT\system32\13DEB962.DLL
C:\WINNT\system32\nwizqjsj.dll
C:\WINNT\system32\AVPSrv.dll
C:\WINNT\system32\k11839475774.DAT
C:\WINNT\system32\nwizzhuxians.dll
C:\WINNT\system32\dh2104.dll
C:\WINNT\system32\WinForm.dll
C:\WINNT\system32\TIMHost.dll
C:\WINNT\system32\nwizwlwzs.dll
C:\WINNT\system32\MsIMMs32.dll
C:\WINNT\system32\cmdbcs.dll
包括各个磁盘根目录下的文件：
Autorun.inf
auto.exe
————————————————————————————————————————————
重启电脑，不行，就再扫日志。
没异常，就安装并升级杀软至最新版本，全盘杀毒。

各位都是好人啊，太感谢了，真的，那些生产木马的网络小偷的人品根本不能和以上各位相比。衷心地感谢，我发贴才半小时不到，已经有大虾回我贴了，感动。。。。。。