关不了IE了，一关自动帮你打开http://www_getwindowinfo/（日志） bbs.ikaka.com

我爱吃冰棍 - 2006-11-4 21:31:00

Logfile of HijackThis v1.99.1
Scan saved at 20:46:01, on 2006-11-4
Platform: Windows 2003 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\MSINFO\smss.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\System\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\netcharge\Bar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\MSINFO\Sysreme.exe
C:\Program Files\Common Files\Microsoft Shared\MSINFO\Sysremd.exe
C:\Program Files\Common Files\Microsoft Shared\MSINFO\Sysrema.exe
C:\WINDOWS\~tmp9841.exe
C:\Program Files\107up.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\csrss.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Administrator\桌面\426101200522225654\HijackThis.exe

O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System] C:\Program Files\Common Files\System\Update.exe
O4 - HKLM\..\Run: [rzt] C:\WINDOWS\Intel\rundll32.exe
O4 - HKLM\..\Run: [Tray] C:\WINDOWS\command\rundll32.exe
O4 - HKLM\..\Run: [xy] C:\WINDOWS\Download\svhost32.exe
O4 - HKLM\..\Run: [rundll32] C:\Program Files\Common Files\rundll32.exe
O4 - HKLM\..\RunOnce: [uninsrest] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uninrest.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: 快捷方式到御防logo_1病毒和ARP病毒程序.EXE.lnk = ?
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {7A97B026-F3BB-49F6-BEAC-75021AD45B4E} (SLAProbe Control) - http://202.101.224.24:9090/speedtest/SLAProbe/SLAProbe.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{F29C44A9-7657-4ABB-B3A1-46FBAF9879D0}: NameServer = 202.101.224.69,202.101.226.68
O23 - Service: McAfee Framework 服务 (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

秋日里的蓝天 - 2006-11-4 22:14:00

重新启动电脑，自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。）

运行Hijackthis，把下面的选中打上钩，修复
O4 - HKLM\..\Run: [System] C:\Program Files\Common Files\System\Update.exe
O4 - HKLM\..\Run: [rzt] C:\WINDOWS\Intel\rundll32.exe
O4 - HKLM\..\Run: [Tray] C:\WINDOWS\command\rundll32.exe
O4 - HKLM\..\Run: [xy] C:\WINDOWS\Download\svhost32.exe
O4 - HKLM\..\Run: [rundll32] C:\Program Files\Common Files\rundll32.exe
O4 - HKLM\..\RunOnce: [uninsrest] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uninrest.exe

删除
C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE
C:\Program Files\Common Files\Microsoft Shared\MSINFO\smss.exe
C:\Program Files\Common Files\System\Update.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\MSINFO\Sysreme.exe
C:\WINDOWS\~tmp9841.exe
C:\Program Files\107up.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\csrss.exe
C:\WINDOWS\Intel\rundll32.exe
C:\WINDOWS\command\rundll32.exe
C:\WINDOWS\Download\svhost32.exe
C:\Program Files\Common Files\rundll32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uninrest.exe

秋日里的蓝天 - 2006-11-4 22:14:00

修复后，重启，还有异常，请下载SREng2（最新版），使用“智能扫描”，按下“扫描”按钮进行扫描，
扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完，分次粘完，请不要修改。

下载地址
http://free5.ys168.com/?ufwihgu168
http://www.kztechs.com/sreng/sreng2.zip

我爱吃冰棍 - 2006-11-5 22:56:00

2006-11-05,22:43:56

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Enterprise Edition (Build 3790)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<NiceMs><C:\Program Files\Common Files\Microsoft Shared\MSINFO\Mymsok.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<AudioDeck><C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1> [N/A]
<StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [N/A]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<xy><C:\WINDOWS\Download\svhost32.exe> [N/A]
<Tray><C:\WINDOWS\command\rundll32.exe> [N/A]
<rzt><C:\WINDOWS\Intel\rundll32.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<Nice><C:\Program Files\Common Files\Microsoft Shared\MSINFO\services.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><%SystemRoot%\system32\logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{6E44887F-5214-41F2-AB46-4728735C4CC6}><C:\Program Files\Internet Explorer\PLUGINS\system16.sys> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<BarExe><; > [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<McAfeeUpdaterUI><; "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey> [Network Associates, Inc.]
<Network Associates Error Reporting Service><; "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"> [Network Associates, Inc.]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<ShStatEXE><; "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE> [Network Associates, Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<UMMyApp><; "C:\WINDOWS\system32\update.exe"> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<WangWang><; "d:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE"> [淘宝（中国）软件有限公司]

==================================
启动文件夹
[快捷方式到御防logo_1病毒和ARP病毒程序.EXE]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\快捷方式到御防logo_1病毒和ARP病毒程序.EXE.lnk --> D:\bak\御防LO~1.EXE [燕城网络技术联盟 FJ51758.COM 默燃 ]><N>

我爱吃冰棍 - 2006-11-5 22:57:00

==================================
服务
[Microsoft Update Service / 8NASCAR]
<C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\EOAUOL52.DLL,Export 1087><N/A>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Application Accelerator / Live]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\mssfwb54.dll><N/A>
[McAfee Framework 服务 / McAfeeFramework]
<C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart><Network Associates, Inc.>
[Network Associates McShield / McShield]
<"C:\Program Files\Network Associates\VirusScan\Mcshield.exe"><Network Associates, Inc.>
[Network Associates Task Manager / McTaskManager]
<"C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"><Network Associates, Inc.>

==================================
驱动程序
[ialm / ialm]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IP in IP Tunnel Driver / IpInIp]
<system32\DRIVERS\ipinip.sys><N/A>
[kmsinput / kmsinput]
<\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[NaiAvFilter1 / NaiAvFilter1]
<system32\drivers\naiavf5x.sys><Network Associates, Inc.>
[NaiAvTdi1 / NaiAvTdi1]
<system32\drivers\mvstdi5x.sys><Network Associates, Inc.>
[npkcrypt / npkcrypt]
<\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[nv / nv]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[paraudio / paraudio]
<\??\C:\WINDOWS\system32\drivers\paraudio.sys><Microsoft Corporation>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[Vinyl AC'97 Audio Controller (WDM) / VIAudio]
<system32\drivers\vinyl97.sys><VIA Technologies, Inc.>

==================================
浏览器加载项
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[启动迅雷]
{0062C9BD-B349-40DE-91A0-755F37ACD559} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[SLAProbe Control]
{7A97B026-F3BB-49F6-BEAC-75021AD45B4E} <C:\WINDOWS\DOWNLO~1\SLAProbe.ocx, AKAZAM Communications>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

我爱吃冰棍 - 2006-11-5 22:59:00

正在运行的进程
[PID: 348][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 404][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 428][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 472][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 484][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 652][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 720][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 844][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 856][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 868][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 1020][C:\WINDOWS\system32\msdtc.exe] [Microsoft Corporation, 2001.12.4720.0 (srv03_rtm.030324-2048)]
[PID: 1140][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 1184][C:\Program Files\Network Associates\Common Framework\FrameworkService.exe] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\nailog.dll] [Network Associates, Inc., 3.5.0.474]
[C:\Program Files\Network Associates\Common Framework\naXML.dll] [Network Associates, Inc., 3.5.0.474]
[C:\Program Files\Network Associates\Common Framework\naCmnLib.dll] [Network Associates, Inc., 3.5.0.474]
[C:\Program Files\Network Associates\Common Framework\applib.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\Logging.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\InternetManager.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\naInet.dll] [Network Associates, Inc., 3.5.0.474]
[C:\Program Files\Network Associates\Common Framework\UserSpace.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\Management.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\cmalib.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\naPolicyManager.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\ScriptSubSys.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\UpdateSubSys.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\Scheduler.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\TCSubSys.dll] [Network Associates, Inc., 3.5.0.412]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 1364][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[C:\hardware\WinRAR350\rarext.dll] [N/A, N/A]
[C:\Program Files\Network Associates\VirusScan\shext.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\RES04\ShExtRes.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
[C:\Program Files\UltraEdit\ue32ctmn.dll] [, 1, 0, 0, 1]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\mymsok.dll] [N/A, N/A]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[C:\Program Files\Network Associates\VirusScan\scriptproxy.dll] [Network Associates, Inc., 8.0.0.955]
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Common Files\Network Associates\Engine\mcscan32.dll] [McAfee, Inc., 5.1.00]

我爱吃冰棍 - 2006-11-5 23:00:00

[PID: 1444][C:\Program Files\Common Files\Microsoft Shared\MSINFO\services.exe] [N/A, N/A]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 1452][C:\Program Files\VIAudioi\SBADeck\ADeck.exe] [VIA Technologies, Inc., 6, 2, 2, 0]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[PID: 1468][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3292]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]
[PID: 1476][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[PID: 1536][C:\Program Files\Network Associates\VirusScan\Mcshield.exe] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\Res04\McShield.DLL] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\FTL.Dll] [Network Associates, Inc., 8.0.0.135]
[C:\Program Files\Network Associates\VirusScan\naiann.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\Common Framework\GenEvtInf.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\VirusScan\NaEventU.DLL] [Network Associates, Inc., 8.0.0.342]
[C:\Program Files\Network Associates\VirusScan\Res04\naEvtRes.dll] [Network Associates, Inc., 8.0.0.342]
[C:\Program Files\Network Associates\VirusScan\VSIDSvr.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Common Files\Network Associates\Engine\MCSCAN32.DLL] [McAfee, Inc., 5.1.00]
[C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\VirusScan\EntSrv.Dll] [Network Associates, Inc, 8.0.0.277]
[PID: 1572][C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\SHUTIL.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\naiwmain.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\naicondl.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\RES04\VsTskMgr.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\MIDUtil.Dll] [McAfee, Inc., 8.0.0.152]
[C:\Program Files\Network Associates\VirusScan\BBCpl.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\coptcpl.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\EmCfgCpl.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\RES04\SEmalRes.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\RES04\Product.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\nvpcpl.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\ftcfg.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\OASCpl.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\vsodscpl.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\ftl.dll] [Network Associates, Inc., 8.0.0.135]
[C:\Program Files\Network Associates\VirusScan\vsupdcpl.dll] [Network Associates, Inc., 8.0.0.912]
[PID: 1580][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]
[PID: 1820][C:\WINDOWS\system32\Dfssvc.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1612][C:\Program Files\netcharge\Bar.exe] [N/A, N/A]
[C:\WINDOWS\system32\qtintf70.dll] [Borland Software Corporation, 7.0.4.258]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[C:\WINDOWS\system32\midas.dll] [Borland Software Corporation, 7.0.4.453]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[PID: 2064][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 2308][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 3144][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]
[C:\WINDOWS\system32\tdll.dll] [N/A, N/A]
[PID: 3232][C:\Program Files\Common Files\Microsoft Shared\MSINFO\Sysrema.exe] [N/A, N/A]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[PID: 3340][C:\Program Files\Common Files\Microsoft Shared\MSINFO\Sysremd.exe] [N/A, N/A]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]

我爱吃冰棍 - 2006-11-5 23:00:00

[PID: 2256][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[D:\Program Files\Tencent\QQ\QQIEHelper.dll] [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]
[C:\Program Files\Network Associates\VirusScan\scriptproxy.dll] [Network Associates, Inc., 8.0.0.955]
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Common Files\Network Associates\Engine\mcscan32.dll] [McAfee, Inc., 5.1.00]
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[PID: 3104][C:\Documents and Settings\Administrator\桌面\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================

我爱吃冰棍 - 2006-11-5 23:02:00

C:\Program Files\Common Files\Microsoft Shared\MSINFO\Sysreme.exe
这个东西删不了，在安全下删了，重启后又出现了，这个日志是我把这个文件的进程关了后的，帮看看啊

我爱吃冰棍 - 2006-11-7 12:44:00

蓝天麻烦你再帮我看下哈，谢谢了

红夜鬼1 - 2006-11-7 19:22:00

运行(双击)SRENG2，点“启动项目，服务，点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务
Microsoft Update Service
Application Accelerator
，选择“删除服务”
点“设置”选择“否”
运行SREng2,使用“启动项目”－－注册表－－删除
C:\WINDOWS\Download\svhost32.exe
C:\WINDOWS\command\rundll32.exe
<C:\WINDOWS\Intel\rundll32.exe
C:\WINDOWS\system32\update.exe
:\Program Files\Internet Explorer\PLUGINS\system16.sys
C:\Program Files\Common Files\Microsoft Shared\MSINFO\services.exe
C:\Program Files\Common Files\Microsoft Shared\MSINFO\Mymsok.exe
重启按F８进入安全模式下修复
显示隐藏文件
删除：
C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE
C:\WINDOWS\SYSTEM32\WBEM\EOAUOL52.DLL
C:\WINDOWS\system32\mssfwb54.dll
C:\WINDOWS\Download\svhost32.exe
C:\WINDOWS\command\rundll32.exe
<C:\WINDOWS\Intel\rundll32.exe
C:\WINDOWS\system32\update.exe
C:\WINDOWS\system32\ztdll.dll
[C:\WINDOWS\system32\xydll.dll
:\Program Files\Internet Explorer\PLUGINS\system16.sys
C:\Program Files\Common Files\Microsoft Shared\MSINFO\services.exe
C:\Program Files\Common Files\Microsoft Shared\MSINFO\Mymsok.exe

瑞星卡卡安全论坛