我杀了两遍毒都杀不掉，进程里还是出现1638 1631。exe的进程。
---------------------------------------------

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      20:44:31, 日期 2007-04-01
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
D:\AVG Anti-Spyware 7.5\guard.exe
D:\卡巴斯基\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\卡巴斯基\avp.exe
D:\AVG Anti-Spyware 7.5\avgas.exe
C:\DOCUME~1\ADMINI~1.188\LOCALS~1\Temp\1631.exe
C:\DOCUME~1\ADMINI~1.188\LOCALS~1\Temp\1638.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\jj4\jiajiasr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\小软件\IE修复工具\HijackThis1991汉化版\HijackThis1991zww.exe

O1 - Hosts: 125.91.97.132 www.waigua8.com
O1 - Hosts: 125.91.97.132 www.6657.com
O1 - Hosts: 125.91.97.132 www.game172.com
O1 - Hosts: 125.91.97.132 waigua8.com
O1 - Hosts: 125.91.97.132 6657.com
O1 - Hosts: 125.91.97.132 game172.com
O1 - Hosts: 125.91.97.132 dx6.waigua8.com
O1 - Hosts: 125.91.97.132 dx5.waigua8.com
O1 - Hosts: 125.91.97.132 dx4.waigua8.com
O1 - Hosts: 125.91.97.132 dx3.waigua8.com
O1 - Hosts: 125.91.97.132 dx2.waigua8.com
O1 - Hosts: 125.91.97.132 dx1.waigua8.com
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\Thunder\ComDlls\XunLeiBHO_002.dll
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [kis] "D:\卡巴斯基\avp.exe"
O4 - 启动项HKLM\\Run: [!AVG Anti-Spyware] "D:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [jiajiasr] C:\Program Files\jj4\jiajiasr.exe
O8 - IE右键菜单中的新增项目: 使用迅雷下载 - E:\Thunder\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: 使用迅雷下载全部链接 - E:\Thunder\Program\GetAllUrl.htm
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\浩方\GameClient.exe
O9 - 浏览器额外的按钮: Web反病毒保护 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\卡巴斯基\scieplugin.dll
O9 - 浏览器额外的按钮: 游一游 - {29269350-EC07-4274-821F-F2E0E2697149} - http://act.youyy.com/YoyyLink.html (file missing)
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\QQ2\QQ.EXE (file missing)
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\QQ2\QQ.EXE (file missing)

O10 - 未知的文件在 Winsock LSP: c:\windows\system32\gamelink.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\gamelink.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\gamelink.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\gamelink.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\gamelink.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\gamelink.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\gamelink.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\gamelink.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\gamelink.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\gamelink.dll
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1009/aliedit.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://www.tenpay.com/download/qqedit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71A9FF17-9435-4C7E-AED5-53E1D37EFC34}: NameServer = 220.189.127.108 220.189.127.107
O18 - 列举现有的协议: qyl - {C79BF22F-25C4-4D3D-8183-14149EAB9C0C} - (no file)
O20 - AppInit_DLLs: 455373M.BMP
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\AVG Anti-Spyware 7.5\guard.exe
O23 - NT 服务: 卡巴斯基互联网安全套装 6.0 (AVP) - Kaspersky Lab - D:\卡巴斯基\avp.exe

C:\DOCUME~1\ADMINI~1.188\LOCALS~1\Temp\1631.exe
C:\DOCUME~1\ADMINI~1.188\LOCALS~1\Temp\1638.exe
O20 - AppInit_DLLs: 455373M.BMP
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\gamelink.dll
O1 - Hosts: 125.91.97.132 www.waigua8.com
O1 - Hosts: 125.91.97.132 www.6657.com
O1 - Hosts: 125.91.97.132 www.game172.com
O1 - Hosts: 125.91.97.132 waigua8.com
O1 - Hosts: 125.91.97.132 6657.com
O1 - Hosts: 125.91.97.132 game172.com
O1 - Hosts: 125.91.97.132 dx6.waigua8.com
O1 - Hosts: 125.91.97.132 dx5.waigua8.com
O1 - Hosts: 125.91.97.132 dx4.waigua8.com
O1 - Hosts: 125.91.97.132 dx3.waigua8.com
O1 - Hosts: 125.91.97.132 dx2.waigua8.com

借助IceWord 

结束:C:\DOCUME~1\ADMINI~1.188\LOCALS~1\Temp\1631.exe
    C:\DOCUME~1\ADMINI~1.188\LOCALS~1\Temp\1638.exe

进程

用SReng
修复
127.0.0.1 localhost以下的

Hosts:

O1 - Hosts: 125.91.97.132 www.waigua8.com
O1 - Hosts: 125.91.97.132 www.6657.com
O1 - Hosts: 125.91.97.132 www.game172.com
O1 - Hosts: 125.91.97.132 waigua8.com
O1 - Hosts: 125.91.97.132 6657.com
O1 - Hosts: 125.91.97.132 game172.com
O1 - Hosts: 125.91.97.132 dx6.waigua8.com
O1 - Hosts: 125.91.97.132 dx5.waigua8.com
O1 - Hosts: 125.91.97.132 dx4.waigua8.com
O1 - Hosts: 125.91.97.132 dx3.waigua8.com
O1 - Hosts: 125.91.97.132 dx2.waigua8.com
O1 - Hosts: 125.91.97.132 dx1.waigua8.com

你应该用SReng在扫个日志上来.

清楚临时文件

删
1631.exe
1683.exe

借助卡卡上网助手  修复 Winsock LSP