这是SREngLOG，帮忙分析一下，谢谢各位了

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><D:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
    <MSMSGS><"D:\Program Files\Messenger\msmsgs.exe" /background>  [Microsoft Corporation]
    <Xplus_spy><"D:\Program Files\Xplus\xvcclip.exe" /min>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <PHIME2002ASync><D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <IMSCMig><D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [Microsoft Corporation]
    <TkBellExe><"D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <QuickTime Task><"D:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Computer, Inc.]
    <SKYNET Personal FireWall><D:\Program Files\SkyNet\FireWall\PFW.exe>  []
    <NvCplDaemon><RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <NvMediaCenter><RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
    <KAVPersonal50><D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <CheckFaultKernel><D:\WINDOWS\system32\mswdm.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><D:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{54D9498B-CF93-414F-8984-8CE7FDE0D391}><D:\Program Files\ewido\security suite\shellhook.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
    <WinlogonNotify: WB><D:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll>  [Stardock]

==================================

==================================
启动文件夹
[Adobe Gamma Loader]
  <D:\Documents and Settings\All Users.WINDOWS\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk><N>

==================================
服务
[ewido security suite control / ewido security suite control]
  <D:\Program Files\ewido\security suite\ewidoctrl.exe><ewido networks>
[ewido security suite guard / ewido security suite guard]
  <D:\Program Files\ewido\security suite\ewidoguard.exe><ewido networks>
[kavsvc / kavsvc]
  <D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe><Kaspersky Lab>
[NVIDIA Display Driver Service / NVSvc]
  <D:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[PDEngine / PDEngine]
  <"D:\Program Files\Raxco\PerfectDisk\PDEngine.exe"><>
[PDScheduler / PDSched]
  <"D:\Program Files\Raxco\PerfectDisk\PDSched.exe"><>

==================================
正在运行的进程
[PID: 752][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 832][\??\D:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 872][\??\D:\WINDOWS\SYSTEM32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [D:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll]  <Stardock><1, 0, 0, 1>
[PID: 916][D:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 928][D:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1084][D:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1164][D:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1304][D:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1352][D:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1476][D:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1740][D:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
    [D:\WINDOWS\system32\AdobePDF.dll]  <Adobe Systems Incorporated.><6.0.000>
    [D:\Program Files\Adobe\Acrobat 6.0\Distillr\AdistRes.CHS]  <N/A><N/A>
    [D:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  <Windows (R) 2000 DDK provider><5.00.2195.1620>
[PID: 2028][D:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [D:\WINDOWS\system32\nvcpl.dll]  <NVIDIA Corporation><6.14.10.6693>
    [D:\WINDOWS\system32\NVRSZHC.DLL]  <NVIDIA Corporation><6.14.10.6693>
    [D:\WINDOWS\system32\nvshell.dll]  <NVIDIA Corporation><6.14.10.6693>
    [D:\PROGRA~1\FLASHGET\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [D:\Program Files\ewido\security suite\shellhook.dll]  <N/A><N/A>
    [D:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.chs]  <Adobe Systems Inc.><1.0.0.2003051500>
[PID: 268][D:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3208>
[PID: 324][D:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 332][D:\Program Files\Messenger\msmsgs.exe]  <Microsoft Corporation><4.7.3001>
[PID: 684][D:\Program Files\ewido\security suite\ewidoctrl.exe]  <ewido networks><3, 0, 0, 1>
    [D:\Program Files\ewido\security suite\lang.dll]  <privat><1, 0, 0, 1>
[PID: 732][D:\WINDOWS\system32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.6693>
    [D:\WINDOWS\system32\NVRSZHC.DLL]  <NVIDIA Corporation><6.14.10.6693>
[PID: 1212][D:\WINDOWS\system32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>
[PID: 1368][D:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1872][D:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3264][D:\WINDOWS\system32\conime.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3532][D:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [D:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll]  <TechSmith Corporation><1.0.1>
    [D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><6.0.0.2003051500>
    [D:\Program Files\Tencent\QQ\QQIEHelper.dll]  <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
    [D:\PROGRA~1\FLASHGET\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX]  <N/A><N/A>
    [D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll]  <N/A><N/A>
    [D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.CHS]  <N/A><N/A>
    [D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll]  <Xi><1.91.12>
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll]  <Kaspersky Lab><1.0.142.342>
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll]  <Kaspersky Lab><1.0.142.3>
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll]  <Kaspersky Lab><5.0.0.0>
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll]  <Kaspersky Lab><5.0.142.0>
    [D:\WINDOWS\system32\UNISPIM.IME]  <北京清华紫光软件股份有限公司><3.0.0.3045>
    [D:\WINDOWS\system32\upengine.dll]  <北京清华紫光软件股份有限公司><3.0.0.3045>
    [D:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx]  <Macromedia, Inc.><8,0,24,0>
[PID: 2124][D:\Program Files\WinRAR\WinRAR.exe]  <N/A><N/A>

大虾快现身啊……

杀软怎么报的?
可不可以截个图上来.

另:日志不全.

【回复“solostone”的帖子】
病毒文件名称与路径？

Log 还有这一部分
[PID: 2140][D:\DOCUME~1\aaa~1.DAI\LOCALS~1\Temp\Rar$EX00.406\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [D:\DOCUME~1\aaa~1.DAI\LOCALS~1\Temp\Rar$EX00.406\SREng2\Plugins\SREngPluginDemo.SRE]  <Smallfrogs Studio><1, 1, 1, 0>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["D:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]


病毒路径在的d:\Documents and Settings\aaa~\local settings\temp
每次杀了开机会重新生成，文件名都叫7gcs.dll，杀毒软件报rootkit.win32.vanti.dd
有时候会提示感染windows\services,然后自动关机

引用:

【solostone的贴子】Log 还有这一部分 [PID: 2140][D:\DOCUME~1\aaa~1.DAI\LOCALS~1\Temp\Rar$EX00.406\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>     [D:\DOCUME~1\aaa~1.DAI\LOCALS~1\Temp\Rar$EX00.406\SREng2\Plugins\SREngPluginDemo.SRE]  <Smallfrogs Studio><1, 1, 1, 0> ================================== 文件关联 .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE  OK. ["%1" %*] .COM  OK. ["%1" %*] .PIF  OK. ["%1" %*] .REG  OK. [regedit.exe "%1"] .BAT  OK. ["%1" %*] .SCR  OK. ["%1" /S] .CHM  OK. ["D:\WINDOWS\hh.exe" %1] .HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK  OK. [{00021401-0000-0000-C000-000000000046}] 病毒路径在的d:\Documents and Settings\aaa~\local settings\temp 每次杀了开机会重新生成，文件名都叫7gcs.dll，杀毒软件报rootkit.win32.vanti.dd 有时候会提示感染windows\services,然后自动关机 ...........................

从楼主的日志中并没有发现ROOTKIT啊

【回复“不言放弃”的帖子】

我都找了一天了，要不要开机把杀毒软件关了再弄一次日志……

引用:

【solostone的贴子】【回复“不言放弃”的帖子】 我都找了一天了，要不要开机把杀毒软件关了再弄一次日志…… ...........................

7gcs.dll?
能否找到这个文件？
楼主玩网游吗？