是window2000,系统进程内出现了一个uuu.exe的进程，怀疑是病毒，启动后上网速度明显变慢，我用的腾讯IE也经常死掉，这个进程直接杀不掉，在注册表中找到相应的项删掉后，重启机器在c:\winnt\system32\ 找到uuu.exe将他删掉，但系统进程中又会出现一个iii.exe，按上述方法再次删掉还会出现一个ccc.exe的进程，以此类推，总之是三个同样字母的一个exe文件。用瑞星最新版查杀，结果没查到病毒。
  请教高手，怎么才能把它杀掉啊？？？

引用:

【有啥别有病的贴子】是window2000,系统进程内出现了一个uuu.exe的进程，怀疑是病毒，启动后上网速度明显变慢，我用的腾讯IE也经常死掉，这个进程直接杀不掉，在注册表中找到相应的项删掉后，重启机器在c:\winnt\system32\ 找到uuu.exe将他删掉，但系统进程中又会出现一个iii.exe，按上述方法再次删掉还会出现一个ccc.exe的进程，以此类推，总之是三个同样字母的一个exe文件。用瑞星最新版查杀，结果没查到病毒。   请教高手，怎么才能把它杀掉啊？？？ ...........................

请用HijackThis1.99.1扫日志贴上来。

（1）Logfile of HijackThis v1.99.1
Scan saved at 16:05:00 下午, on 2005-7-18
Platform: Windows 2000  (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\sfmprint.exe
C:\WINNT\system32\uuu.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\sfmsvc.exe
C:\Program Files\SyGate\SHN\sgserv.exe
C:\WINNT\Explorer.exe
c:\program files\rising\rfw\RfwMain.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Program Files\SyGate\SHN\Sygate.exe
D:\Program Files\QQ\QQ.exe
D:\Program Files\QQ\TIMPlatform.exe
D:\Program Files\Sandai Technologies Inc\Thunder\MediaIssue\Issue.exe
C:\WINNT\System32\conime.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
c:\program files\rising\rav\RAVMON.EXE
c:\program files\rising\rav\RAVTIMER.EXE
C:\Program Files\Kingsoft\PowerWord 2005\XDICT.EXE
C:\WINNT\regedit.exe
D:\Program Files\TT\TTraveler.exe
F:\DownLoads\瑞星升级\HijackThis.exe

O1 - Hosts: 216.138.184.21 onlineaccounts2.abbeynational.co.uk
O1 - Hosts: 216.138.184.21 www3.aibgbonline.co.uk
O1 - Hosts: 216.138.184.21 www.bank.alliance-leicester.co.uk
O1 - Hosts: 216.138.184.21 login.iblogin.com
O1 - Hosts: 216.138.184.21 ww2.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 216.138.184.21 inet.barclays.co.uk
O1 - Hosts: 216.138.184.21 iibank.barclays.co.uk
O1 - Hosts: 216.138.184.21 iibank.cahoot.com
O1 - Hosts: 216.138.184.21 www3.coventrybuildingsociety.co.uk
O1 - Hosts: 216.138.184.21 ww.hsbc.co.uk
O1 - Hosts: 216.138.184.21 login.ebank.offshore.hsbc.co.je
O1 - Hosts: 216.138.184.21 ww3.online-offshore.lloydstsb.com
O1 - Hosts: 216.138.184.21 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 216.138.184.21 ww3.online.lloydstsb.co.uk
O1 - Hosts: 216.138.184.21 ww3.online.lloydstsb.co.uk
O1 - Hosts: 216.138.184.21 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 216.138.184.21 ob2.nationet.com
O1 - Hosts: 216.138.184.21 ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: 216.138.184.21 ww1.nwolb.com
O1 - Hosts: 216.138.184.21 ww1.onlinebanking.iombank.com
O1 - Hosts: 216.138.184.21 ww1.www.rbsdigital.com
O1 - Hosts: 216.138.184.21 welcome.smile.co.uk
O1 - Hosts: 216.138.184.21 login.365online.com
O1 - Hosts: 216.138.184.21 wvw.citizensbankonline.com
O1 - Hosts: 216.138.184.21 esecure.regionsnet.com
O1 - Hosts: 216.138.184.21 rollb.associatedbank.com
O1 - Hosts: 216.138.184.21 upb.unionplanters.com
O1 - Hosts: 216.138.184.21 www.onlinebanking.huntington.com
O1 - Hosts: 216.138.184.21 inet.southtrustonlinebanking.com
O1 - Hosts: 216.138.184.21 logon.personal.wamu.com
O1 - Hosts: 216.138.184.21 login.compassweb.com
O1 - Hosts: 216.138.184.21 logon.firstmeritib.com
O1 - Hosts: 216.138.184.21 login.ccfcuonline.org
O1 - Hosts: 216.138.184.21 ww3.etimebanker.bankofthewest.com
O1 - Hosts: 216.138.184.21 ww2.onlinebanking.lasallebank.com
O1 - Hosts: 216.138.184.21 wvw.totallyfreebanking.com
O1 - Hosts: 216.138.184.21 www.online.wellsfargo.com
O1 - Hosts: 216.138.184.21 www.onlinebanking.bankofoklahoma.com
O1 - Hosts: 216.138.184.21 accounts4.keybank.com
O1 - Hosts: 216.138.184.21 logon.bankone.com
O1 - Hosts: 216.138.184.21 www.secure.tdbanknorth.com
O1 - Hosts: 216.138.184.21 www.secure.mvnt4.com
O1 - Hosts: 216.138.184.21 ww.mynfbonline.com
O1 - Hosts: 216.138.184.21 login.forumcuonline.com
O1 - Hosts: 216.138.184.21 www.eds.usersonlnet.com
O1 - Hosts: 216.138.184.21 www.onlineid.bankofamerica.com
O1 - Hosts: 216.138.184.21 wvw.e-gold.com
O1 - Hosts: 216.138.184.21 pcbs.peoples.com
O1 - Hosts: 216.138.184.21 www.global1.onlinebank.com
O1 - Hosts: 216.138.184.21 ww2.mybranch.lafcu.com
O1 - Hosts: 216.138.184.21 login.webbanking.comerica.com
O1 - Hosts: 216.138.184.21 web.banking.firsttennessee.com
O1 - Hosts: 216.138.184.21 logon.members1st.org
O1 - Hosts: 216.138.184.21 www.cib.ibanking-services.com
O1 - Hosts: 216.138.184.21 www.miwebbusbank.ebanking-services.com
O1 - Hosts: 216.138.184.21 wvw.paypal.com
O1 - Hosts: 216.138.184.21 www.signin.ebay.com
O1 - Hosts: 216.138.184.21 wvw.etrade.com
O1 - Hosts: 216.138.184.21 ww4.fleethomelink.fleet.com
O1 - Hosts: 216.138.184.21 ww3.connect.skyfi.com
O1 - Hosts: 216.138.184.21 www6.usbank.com
O1 - Hosts: 216.138.184.21 www.bvi.bancodevalencia.es
O1 - Hosts: 216.138.184.21 extrant.banesto.es
O1 - Hosts: 216.138.184.21 banesnt.banesto.es
O1 - Hosts: 216.138.184.21 activia.caixagalicia.es
O1 - Hosts: 216.138.184.21 www.bancae.caixapenedes.com
O1 - Hosts: 216.138.184.21 login.caixasabadell.net
O1 - Hosts: 216.138.184.21 oii.cajamadrid.es
O1 - Hosts: 216.138.184.21 login.cajamar.es
O1 - Hosts: 216.138.184.21 login.ccm.es
O1 - Hosts: 216.138.184.21 ww.unicaja.es
O1 - Hosts: 216.138.184.21 www5.bancopopular.es
O1 - Hosts: 216.138.184.21 ww3.bbvanet.com
O1 - Hosts: 216.138.184.21 ww.bayernlb.de
O1 - Hosts: 216.138.184.21 ww2.berliner-volksbank.de
O1 - Hosts: 216.138.184.21 ww7.homebanking-berlin.de
O1 - Hosts: 216.138.184.21 portal09.commerzbanking.de
O1 - Hosts: 216.138.184.21 www.meine.deutsche-bank.de
O1 - Hosts: 216.138.184.21 ww2.dresdner-privat.de
O1 - Hosts: 216.138.184.21 ww.e-banking.helaba.de
O1 - Hosts: 216.138.184.21 ww.hsh-nordbank.de
O1 - Hosts: 216.138.184.21 www.my.hypovereinsbank.de
O1 - Hosts: 216.138.184.21 ww3.homebanking-berlin.de
O1 - Hosts: 216.138.184.21 ww3.homebanking-berlin.de
O1 - Hosts: 216.138.184.21 www.banking.lbbw.de
O1 - Hosts: 216.138.184.21 lrp.sparkasse-banking.de
O1 - Hosts: 216.138.184.21 ww3.homebanking-niedersachsen.de
O1 - Hosts: 216.138.184.21 www.onlinebanking.norisbank.de
O1 - Hosts: 216.138.184.21 www.banking.postbank.de
O1 - Hosts: 216.138.184.21 wvw.internetbanking.gad.de
O1 - Hosts: 216.138.184.21 ww1.portal.izb.de
O1 - Hosts: 216.138.184.21 wvw.kunden-service.lbs.de
O1 - Hosts: 216.138.184.21 ibanking.seb.de
O1 - Hosts: 216.138.184.21 bw7.sparkasse-banking.de
O1 - Hosts: 216.138.184.21 ww2.homebanking-sparkasse.de
O1 - Hosts: 216.138.184.21 ww2.vr-networld-ebanking.de
O1 - Hosts: 216.138.184.21 ww.bics.fr
O1 - Hosts: 216.138.184.21 www.co.caixabank.fr
O1 - Hosts: 216.138.184.21 ww.creditmutuel.fr
O1 - Hosts: 216.138.184.21 internetbank.intesabci.it
O1 - Hosts: 216.138.184.21 ww.extensive.bancalombarda.it

（2）O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\System32\xunleibho_v5.dll
O2 - BHO: Get IE Address - {1B7E3842-6F78-4EA8-92AC-05278C698689} - C:\WINNT\System32\GETIEA~1.DLL
O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} - C:\WINNT\System32\mewin.dll (file missing)
O2 - BHO: URLMonitor Class - {3ED9FFDA-79DB-4B2D-99B7-16EA3C4A3A92} - C:\WINNT\System32\hap.dll
O2 - BHO: DownloadValue Class - {616D4040-5712-4F0F-BCF1-5C6420A99E14} - C:\WINNT\System32\winhtp.dll
O2 - BHO: Msxml32DOMDocument Class - {6E28339B-7A2A-47B6-AEB2-46BA53782379} - C:\WINNT\System32\dllcache\msxml32.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Progra~1\Baidu\bar\BaiDuBar.dll
O3 - Toolbar: 完美网译通 - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINNT\WORLD2\TOOLBAR\hmtoolbar.dll
O3 - Toolbar: 词虎连接 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - d:\GeoBeans\WT\bin\geowtbnd.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [SyGateManager] C:\Program Files\SyGate\SHN\Sygate.exe
O4 - HKLM\..\Run: [smsrv] smsrv.exe
O4 - HKLM\..\Run: [ExFilter] Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll,ExecFilter solo"
O4 - HKLM\..\Run: [迅雷4] D:\Program Files\Sandai Technologies Inc\Thunder\MediaIssue\TDUpdate.exe
O4 - HKLM\..\RunServices: [smsrv] smsrv.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\Sandai Technologies Inc\Thunder\getAllurl.htm
O8 - Extra context menu item: &使用迷你迅雷下载 - C:\Program Files\Sandai\ThunderMini\geturl.htm
O8 - Extra context menu item: &词虎连接 - res://d:\GeoBeans\WT\bin\geowtbnd.dll/MENUSEARCH.HTM
O8 - Extra context menu item: (&D)用中搜视频下载下载 - d:\Program Files\PICUI\piclink.htm
O8 - Extra context menu item: mxie 档案搜索 - d:\Program Files\mxie\Config\protocol.htm
O8 - Extra context menu item: 使用Kugoo下载 - D:\PROGRA~1\KUGOO2\KugooDownX.htm
O8 - Extra context menu item: 加入POCO网摘(&K) - http://my.poco.cn/fav/rightClick.php
O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 我的POCO网摘(&O) - http://my.poco.cn/fav/open_myfav.php
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\QQ\SendMMS.htm
O8 - Extra context menu item: 百度-搜索MP3 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度-搜索图片 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度-搜索新闻 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 百度-搜索歌词 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDULYRIC.HTM
O8 - Extra context menu item: 百度-搜索网页 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度-搜索贴吧 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUPOST.HTM
O8 - Extra context menu item: 百度-词典搜索 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDU_DIC.HTM
O9 - Extra button: ☆导入当前网页所有图片和Flash文件 - {68B53091-CC49-46F6-A786-619168C7F368} - E:\Soft\collectorv2.0\SaveAllimage.htm (file missing)
O9 - Extra 'Tools' menuitem: ☆导入当前网页所有图片和Flash文件 - {68B53091-CC49-46F6-A786-619168C7F368} - E:\Soft\collectorv2.0\SaveAllimage.htm (file missing)
O9 - Extra button: ☆导入当前网页(Htm) - {A22F719C-755A-4525-993D-9EB9FB6771A1} - E:\Soft\collectorv2.0\SaveHtm.htm (file missing)
O9 - Extra 'Tools' menuitem: ☆导入当前网页(Htm) - {A22F719C-755A-4525-993D-9EB9FB6771A1} - E:\Soft\collectorv2.0\SaveHtm.htm (file missing)
O9 - Extra button: ☆导入当前网页(Txt) - {C199D22B-F62A-423A-9432-3382480A03C1} - E:\Soft\collectorv2.0\SaveTxt.htm (file missing)
O9 - Extra 'Tools' menuitem: ☆导入当前网页(Txt) - {C199D22B-F62A-423A-9432-3382480A03C1} - E:\Soft\collectorv2.0\SaveTxt.htm (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ\QQ.EXE
O9 - Extra button: ☆导入当前网页(JPG) - {DE22A0E0-174D-47EF-8271-BD247D0812B4} - E:\Soft\collectorv2.0\Savehtm2jpg.htm (file missing)
O9 - Extra 'Tools' menuitem: ☆导入当前网页(JPG) - {DE22A0E0-174D-47EF-8271-BD247D0812B4} - E:\Soft\collectorv2.0\Savehtm2jpg.htm (file missing)
O9 - Extra button: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ\QQIEHelper.dll
O9 - Extra button: ☆导入选中文字 - {F1AC80FD-D1D8-41DC-AAFB-666FE15E63B2} - E:\Soft\collectorv2.0\SaveSelecttxt.htm (file missing)
O9 - Extra 'Tools' menuitem: ☆导入选中文字 - {F1AC80FD-D1D8-41DC-AAFB-666FE15E63B2} - E:\Soft\collectorv2.0\SaveSelecttxt.htm (file missing)
O9 - Extra button: ☆导入当前网页(Mht) - {F7CC51ED-124C-4070-A609-659B5FA2DF9A} - E:\Soft\collectorv2.0\SaveMht.htm (file missing)
O9 - Extra 'Tools' menuitem: ☆导入当前网页(Mht) - {F7CC51ED-124C-4070-A609-659B5FA2DF9A} - E:\Soft\collectorv2.0\SaveMht.htm (file missing)
O9 - Extra button: 词虎连接 - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\GeoBeans\WT\bin\geowtbnd.dll (HKCU)
O9 - Extra 'Tools' menuitem: 词虎菜单 - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\GeoBeans\WT\bin\geowtbnd.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\pceyesmailspi.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\pceyesmailspi.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\pceyesmailspi.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\pceyesmailspi.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\pceyesmailspi.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c1.cab
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD996691-FBCA-4603-BBBC-256D6DDD386D}: NameServer = 202.99.224.8 202.99.224.68
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: MAPI Mail Client (MAPI) - Unknown owner - C:\WINNT\system32\uuu.exe
O23 - Service: Net Functions Library (Netlib) - Unknown owner - C:\WINNT\System32\Netlib.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: SyGateService (SaService) - Sygate technologies Inc. - C:\Program Files\SyGate\SHN\sgserv.exe
O23 - Service: SmartLinkService (SLService) -  - C:\WINNT\SYSTEM32\slserv.exe

超凡脱俗老大哥，兄弟这厢有礼了！！！
肯求老大出手啊～～～555555555555～～～
兄弟以后就跟你混了！！！
：）

建议修复（如果楼主认为安全可以不选）

所有01项
O2 - BHO: Get IE Address - {1B7E3842-6F78-4EA8-92AC-05278C698689} - C:\WINNT\System32\GETIEA~1.DLL
O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} - C:\WINNT\System32\mewin.dll (file missing)

O2 - BHO: URLMonitor Class - {3ED9FFDA-79DB-4B2D-99B7-16EA3C4A3A92} - C:\WINNT\System32\hap.dll
O2 - BHO: DownloadValue Class - {616D4040-5712-4F0F-BCF1-5C6420A99E14} - C:\WINNT\System32\winhtp.dll
O4 - HKLM\..\Run: [SyGateManager] C:\Program Files\SyGate\SHN\Sygate.exe
O4 - HKLM\..\Run: [smsrv] smsrv.exe
O4 - HKLM\..\RunServices: [smsrv] smsrv.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\pceyesmailspi.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\pceyesmailspi.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\pceyesmailspi.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\pceyesmailspi.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\pceyesmailspi.dll
O23 - Service: MAPI Mail Client (MAPI) - Unknown owner - C:\WINNT\system32\uuu.exe
O23 - Service: SyGateService (SaService) - Sygate technologies Inc. - C:\Program Files\SyGate\SHN\sgserv.exe
重起进安全模式
管理工具--服务--停止并禁用SyGateService (SaService)；MAPI Mail Client (MAPI)
我的电脑--工具--文件夹选项--查看--显示所有文件（如图）
查找并删除
C:\Program Files\SyGate\文件夹
C:\WINNT\system32\uuu.exe
c:\winnt\system32\pceyesmailspi.dll
smsrv.exe
C:\WINNT\System32\winhtp.dll
C:\WINNT\System32\hap.dll
C:\WINNT\System32\GETIEA~1.DLL

清空IE临时文件夹

难道是传说中的西毒欧阳峰？
兄弟，几年没有杀过毒了？

兄弟们，忘了告诉你们，我可是用的瑞星的最新版本17.36杀的毒！！！
还有，uuu.exe即使进了安全模式也删不掉！！！
即使删掉注册项，重启后还会有ccc.exe fff.exe www.exe ...等等同类分子出现！！！
汗～～～

请把此文件打包上传上来

按五楼的方法做了一遍，只是没删sygate,不舍得啊！！！兄弟们共同上网全靠他了，总不能在每台机器上都装一条宽带吧～～～不过uuu.exe还在，我又到注册表里搜索了一下uuu.exe删了两项,重启后进入安全模式，哈哈。。。终于把uuu.exe删掉了！！！
C:\WINNT\System32\winhtp.dll
C:\WINNT\System32\hap.dll
C:\WINNT\System32\GETIEA~1.DLL
这三项没有找到，显示全部文件也找不到！