瑞星卡卡安全论坛

[CODE]

2007-10-18,15:22:02

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Server Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE>  [Eset ]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [N/A]
    <Userinit><C:\WINNT\system32\USERINIT.EXE,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MetaFrame]
    <WinlogonNotify: MetaFrame><ctxnotif.dll>  [Citrix Systems, Inc.]

==================================
启动文件夹
[金山词霸2000 OEM版]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\金山词霸2000 OEM版.lnk --> E:\KINGSOFT\XDICT\Xdict32.exe [Kingsoft Software Inc.]><N>

==================================
服务
[Client Network / CdmService][Running/Auto Start]
  <C:\WINNT\System32\cdmsvc.exe><Citrix Systems, Inc.>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[ICA Browser / ICABrowser][Running/Auto Start]
  <C:\WINNT\System32\ibrowser.exe><Citrix Systems, Inc.>
[NOD32 Kernel Service / NOD32krn][Running/Auto Start]
  <"C:\Program Files\Eset\nod32krn.exe"><Eset>
[Removable Storage / NtmsSvc][Stopped/Auto Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\NtmsSvc.dll><Microsoft Corporation>
[Program Neighborhood Service / ProgNeighborhood][Stopped/Auto Start]
  <C:\WINNT\system32\pnsvc.exe><Citrix Systems, Inc.>

==================================
驱动程序
[1ey3tqu / 1ey3tqum][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\1ey3tqum.sys><N/A>
[AFD 网络支持环境 / AFD][Running/Auto Start]
  <\SystemRoot\System32\drivers\afd.sys><N/A>
[Intel AGP Bus Filter / agp440][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\agp440.sys><N/A>
[aic78xx / aic78xx][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aic78xx.sys><N/A>
[AMON / AMON][Running/Auto Start]
  <\SystemRoot\system32\drivers\amon.sys><N/A>
[RAS Asynchronous Media Driver / AsyncMac][Stopped/Manual Start]
  <System32\DRIVERS\asyncmac.sys><N/A>
[Standard IDE/ESDI Hard Disk Controller / atapi][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\atapi.sys><N/A>
[atirage / atirage][Running/Manual Start]
  <System32\DRIVERS\atiragem.sys><N/A>
[ATM ARP Client Protocol / Atmarpc][Stopped/Manual Start]
  <System32\DRIVERS\atmarpc.sys><N/A>
[Audio Stub Driver / audstub][Running/Manual Start]
  <System32\DRIVERS\audstub.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  <System32\DRIVERS\AvgAsCln.sys><N/A>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><N/A>
[Cdm / Cdm][Running/Auto Start]
  <\SystemRoot\System32\drivers\cdm.sys><N/A>
[CD-ROM Driver / Cdrom][Running/System Start]
  <System32\DRIVERS\cdrom.sys><N/A>
[DfsDriver / DfsDriver][Running/Boot Start]
  <\SystemRoot\system32\drivers\Dfs.sys><N/A>
[Disk Driver / Disk][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\disk.sys><N/A>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><N/A>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><N/A>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><N/A>
[Floppy Disk Controller Driver / Fdc][Running/Manual Start]
  <System32\DRIVERS\fdc.sys><N/A>
[Floppy Disk Driver / Flpydisk][Running/Manual Start]
  <System32\DRIVERS\flpydisk.sys><N/A>
[FsVga / FsVga][Running/System Start]
  <System32\DRIVERS\fsvga.sys><N/A>
[Volume Manager Driver / Ftdisk][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ftdisk.sys><N/A>
[Generic Packet Classifier / Gpc][Running/Manual Start]
  <System32\DRIVERS\msgpc.sys><N/A>
[HOOKAPI / HOOKAPI][Stopped/Manual Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookApi.Sys><N/A>
[HP 10/100TX PCI LAN Adapter NT Driver / HPTX][Running/Manual Start]
  <System32\DRIVERS\hptxnt5.sys><N/A>
[i8042 Keyboard and PS/2 Mouse Port Driver / i8042prt][Running/System Start]
  <System32\DRIVERS\i8042prt.sys><N/A>
[IntelIde / IntelIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\intelide.sys><N/A>
[IP Traffic Filter Driver / IpFilterDriver][Stopped/Manual Start]
  <System32\DRIVERS\ipfltdrv.sys><N/A>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
  <System32\DRIVERS\ipinip.sys><N/A>
[IP Network Address Translator / IpNat][Stopped/Manual Start]
  <System32\DRIVERS\ipnat.sys><N/A>
[IPSEC driver / IPSEC][Stopped/Manual Start]
  <System32\DRIVERS\ipsec.sys><N/A>
[IR Enumerator Service / IRENUM][Stopped/Manual Start]
  <System32\DRIVERS\irenum.sys><N/A>
[PnP ISA/EISA Bus Driver / isapnp][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\isapnp.sys><N/A>
[Keyboard Class Driver / Kbdclass][Running/System Start]
  <System32\DRIVERS\kbdclass.sys><N/A>
[Mouse Class Driver / Mouclass][Running/System Start]
  <System32\DRIVERS\mouclass.sys><N/A>
[MRxSmb / MRxSmb][Running/System Start]
  <System32\DRIVERS\mrxsmb.sys><N/A>
[Microsoft Streaming Service Proxy / MSKSSRV][Stopped/Manual Start]
  <system32\drivers\MSKSSRV.sys><N/A>
[Microsoft Streaming Clock Proxy / MSPCLOCK][Stopped/Manual Start]
  <system32\drivers\MSPCLOCK.sys><N/A>
[Microsoft Streaming Quality Manager Proxy / MSPQM][Stopped/Manual Start]
  <system32\drivers\MSPQM.sys><N/A>
[Remote Access NDIS TAPI Driver / NdisTapi][Running/Manual Start]
  <System32\DRIVERS\ndistapi.sys><N/A>
[NDIS 用户模式 I/O 协议 / Ndisuio][Stopped/Manual Start]
  <System32\DRIVERS\ndisuio.sys><N/A>
[Remote Access NDIS WAN Driver / NdisWan][Running/Manual Start]
  <System32\DRIVERS\ndiswan.sys><N/A>
[NetBIOS Interface / NetBIOS][Running/System Start]
  <System32\DRIVERS\netbios.sys><N/A>
[NetBios over Tcpip / NetBT][Running/System Start]
  <System32\DRIVERS\netbt.sys><N/A>
[NetDetect / NetDetect][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\netdtect.sys><N/A>
[New0 / New0][Running/Auto Start]
  <\??\C:\WINNT\System32\new.sys><N/A>
[nod32drv / nod32drv][Running/System Start]
  <\SystemRoot\system32\drivers\nod32drv.sys><N/A>
[IPX Traffic Filter Driver / NwlnkFlt][Stopped/Manual Start]
  <System32\DRIVERS\nwlnkflt.sys><N/A>
[IPX Traffic Forwarder Driver / NwlnkFwd][Stopped/Manual Start]
  <System32\DRIVERS\nwlnkfwd.sys><N/A>
[Parallel class driver / Parallel][Running/Manual Start]
  <System32\DRIVERS\parallel.sys><N/A>
[Parallel port driver / Parport][Running/System Start]
  <System32\DRIVERS\parport.sys><N/A>
[PCI Bus Driver / PCI][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\pci.sys><N/A>
[WAN Miniport (PPTP) / PptpMiniport][Running/Manual Start]
  <System32\DRIVERS\raspptp.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><N/A>
[Remote Access Auto Connection Driver / RasAcd][Running/System Start]
  <System32\DRIVERS\rasacd.sys><N/A>
[WAN Miniport (L2TP) / Rasl2tp][Running/Manual Start]
  <System32\DRIVERS\rasl2tp.sys><N/A>
[Direct Parallel / Raspti][Running/Manual Start]
  <System32\DRIVERS\raspti.sys><N/A>
[Microsoft Streaming Network Raw Channel Access / RCA][Stopped/Manual Start]
  <system32\drivers\RCA.sys><N/A>
[Rdbss / Rdbss][Running/System Start]
  <System32\DRIVERS\rdbss.sys><N/A>
[Terminal Server Device Redirector Driver / rdpdr][Running/Manual Start]
  <System32\DRIVERS\rdpdr.sys><N/A>
[Digital CD Audio Playback Filter Driver / redbook][Stopped/System Start]
  <System32\DRIVERS\redbook.sys><N/A>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><N/A>
[Serenum Filter Driver / serenum][Running/Manual Start]
  <System32\DRIVERS\serenum.sys><N/A>
[Serial port driver / Serial][Running/System Start]
  <System32\DRIVERS\serial.sys><N/A>
[特殊目的工具驱动程序 / spud][Stopped/Manual Start]
  <\SystemRoot\System32\drivers\spud.sys><N/A>
[Srv / Srv][Running/Manual Start]
  <System32\DRIVERS\srv.sys><N/A>
[Software Bus Driver / swenum][Running/Manual Start]
  <System32\DRIVERS\swenum.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <System32\DRIVERS\tcpip.sys><N/A>
[Terminal Device Driver / TermDD][Running/Auto Start]
  <\SystemRoot\System32\drivers\termdd.sys><N/A>
[Microsoft USB Universal Host Controller Driver / uhcd][Running/Manual Start]
  <System32\DRIVERS\uhcd.sys><N/A>
[Microcode Update Driver / Update][Running/Manual Start]
  <System32\DRIVERS\update.sys><N/A>
[Microsoft USB Standard Hub Driver / usbhub][Running/Manual Start]
  <System32\DRIVERS\usbhub.sys><N/A>
[VgaSave / VgaSave][Running/System Start]
  <\SystemRoot\System32\drivers\vga.sys><N/A>
[Remote Access IP ARP Driver / Wanarp][Running/Manual Start]
  <System32\DRIVERS\wanarp.sys><N/A>
[Windows 套接字 2 .0 Non-IFS 服务提供程序支持环境 / WS2IFSL][Running/Auto Start]
  <\SystemRoot\System32\drivers\ws2ifsl.sys><N/A>

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

==================================
浏览器加载项
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[Update Class]
  {9F1C11AA-197B-4942-BA54-47A8489BB47F} <C:\WINNT\System32\iuctl.dll, Microsoft Corporation>

==================================
正在运行的进程
[PID: 172][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 204][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 228][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6898]
    [C:\WINNT\system32\ctxnotif.dll]  [Citrix Systems, Inc., 2.00.260]
    [C:\WINNT\system32\CUTILDLL.dll]  [Citrix Systems, Inc., 2.00.260]
    [C:\WINNT\system32\BRAPI.dll]  [Citrix Systems, Inc., 2.00.260]
[PID: 256][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.6700]
[PID: 268][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.6902]
[PID: 360][C:\WINNT\System32\termsrv.exe]  [Microsoft Corporation, 5.00.2195.6696]
    [C:\WINNT\System32\wsxica.dll]  [Citrix Systems, Inc., 2.00.260]
    [C:\WINNT\System32\REGAPPEX.dll]  [Citrix Systems, Inc., 2.00.260]
    [C:\WINNT\System32\REGCTX.dll]  [Citrix Systems, Inc., 2.00.260]
    [C:\WINNT\System32\ULMREG.dll]  [Citrix Systems, Inc., 2.00.260]
    [C:\WINNT\System32\CTXSKU.dll]  [Citrix Systems, Inc., 1.80.663]
    [C:\WINNT\System32\REGGEM.dll]  [Citrix Systems, Inc., 2.00.260]
    [C:\WINNT\System32\BRAPI.dll]  [Citrix Systems, Inc., 2.00.260]
    [C:\WINNT\System32\CUTILDLL.dll]  [Citrix Systems, Inc., 2.00.260]
[PID: 548][C:\WINNT\System32\cdmsvc.exe]  [Citrix Systems, Inc., 2.00.260]
[PID: 564][C:\WINNT\System32\ibrowser.exe]  [Citrix Systems, Inc., 2.00.260]
    [C:\WINNT\System32\REGCTX.dll]  [Citrix Systems, Inc., 2.00.260]
    [C:\WINNT\System32\ULMREG.dll]  [Citrix Systems, Inc., 2.00.260]
    [C:\WINNT\System32\CTXSKU.dll]  [Citrix Systems, Inc., 1.80.663]
    [C:\WINNT\System32\REGGEM.dll]  [Citrix Systems, Inc., 2.00.260]
    [C:\WINNT\System32\REGAPPEX.dll]  [Citrix Systems, Inc., 2.00.260]
    [C:\WINNT\System32\CUTILDLL.dll]  [Citrix Systems, Inc., 2.00.260]
    [C:\WINNT\System32\BRAPI.dll]  [Citrix Systems, Inc., 2.00.260]
[PID: 616][C:\WINNT\System32\llssrv.exe]  [Microsoft Corporation, 5.00.2195.6697]
[PID: 688][C:\Program Files\Eset\nod32krn.exe]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\nod32krr.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\ps_amon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_amon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\ps_dmon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_dmon.dll]  [N/A, N/A]
    [C:\Program Files\Eset\ps_emon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_emon.dll]  [N/A, N/A]
    [C:\WINNT\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, N/A]
    [C:\Program Files\Eset\ps_nod32.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_nod32.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\ps_upd.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_upd.dll]  [N/A, N/A]
[PID: 696][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 736][C:\WINNT\system32\Dfssvc.exe]  [Microsoft Corporation, 5.00.2195.6664]
[PID: 716][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 840][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6898]
[PID: 860][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 884][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6898]
[PID: 940][C:\WINNT\system32\conime.exe]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [E:\KINGSOFT\XDICT\CJKTL32.dll]  [N/A, N/A]
[PID: 932][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\qmerls.dll]  [N/A, N/A]
    [C:\WINNT\System32\cdmprov.dll]  [Citrix Systems, Inc., 2.00.260]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [E:\KINGSOFT\XDICT\CJKTL32.dll]  [N/A, N/A]
    [C:\KVW3000\KVShell2.DLL]  [北京江民新科技术有限公司., 4, 0, 0, 1]
    [C:\Program Files\Eset\nodshex.dll]  [N/A, N/A]
[PID: 972][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 4.0.0.18]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [E:\KINGSOFT\XDICT\CJKTL32.dll]  [N/A, N/A]
[PID: 988][C:\Program Files\Eset\nod32kui.exe]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\nod32rui.dll]  [N/A, N/A]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\Program Files\Eset\pu_amon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_amon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pu_dmon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_dmon.dll]  [N/A, N/A]
    [C:\Program Files\Eset\pu_emon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_emon.dll]  [N/A, N/A]
    [C:\Program Files\Eset\pu_imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, N/A]
    [C:\Program Files\Eset\pu_nod32.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_nod32.dll]  [Eset , 2, 70, 39 ]
    [E:\KINGSOFT\XDICT\CJKTL32.dll]  [N/A, N/A]
    [C:\Program Files\Eset\pu_upd.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_upd.dll]  [N/A, N/A]
[PID: 1004][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [E:\KINGSOFT\XDICT\CJKTL32.dll]  [N/A, N/A]
[PID: 1028][E:\KINGSOFT\XDICT\Xdict32.exe]  [Kingsoft Software Inc., 2, 0, 0, 1]
    [E:\KINGSOFT\XDICT\CJKTL32.dll]  [N/A, N/A]
    [E:\KINGSOFT\XDICT\XECDIC32.dll]  [N/A, N/A]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1040][\\ccl\杀毒软件\常用专杀工具\winlongon lsass杀软关闭专杀\SREng2\SREng.EXE]  [N/A, N/A]
    [E:\KINGSOFT\XDICT\CJKTL32.dll]  [N/A, N/A]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\Documents and Settings\Administrator.DOMAIN\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================


[/CODE]

请高手帮忙分析一下

高手指导一下啊~救救偶

发现内存中有这样个文件杀不掉~
qmerls.dll

下载 System Repair Engineer，
http://www.kztechs.com/sreng/download.html
重新扫个日志上来

很可能是ARP病毒，很是麻烦

用SRENG删除服务
[New0 / New0][Running/Auto Start]
<\??\C:\WINNT\System32\new.sys><N/A>
删除文件
C:\WINNT\System32\new.sys

SRENG的使用方法在：http://forum.ikaka.com/topic.asp?board=28&artid=8270267&page=1

重起进入安全模式(开机不停的按F8,选择安全模式启动) 清空临时文件夹：
C:\Documents and Settings\用户名\Local Settings\Temporary Internet Files
C:\Documents and Settings\用户名\Local Settings\Temp


另外:开始-运行-cmd-回车-输入arp -a  回车

查看里面有几个地址,是否有ARP欺骗~(有两个网关就是有啦)
根据提供的MAC地址找到病毒机器,隔离杀毒

换个2.5版本的SRENG工具，再扫日志来看看。

高手们顺带问下，我用SRENG误把terminal services 删除了，不是DISABLE，是删除，教教我如何才能恢复，尝试了光盘安装terminal services安装了后服务里还是没有terminal services 选择项~
没辙了~