我的台式机装有最新升级的正版瑞星，今天偶然发现监控中心关闭了，防火墙也关闭了，手动打开，不行，主页也被修改了，重启也没有了进入系统时的杀毒界面，卸掉重装瑞星，卸掉了，但进入我的系统安装包目录，自动关闭窗口回到我的电脑，打开有关杀毒的网页，立即自动关闭所有有用浏览器，自动弹出的网页不关，

========Content========
http://www.kztechs.com/sreng/download.html 下载System Repair Engineer
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改（一次发不完请分次发上来）
5 扫日志的时候尽量把不必要的软件关闭 如QQ TM等

可能是中了 帕虫  金山叫“AV 终结者”  你去金山下个 AV终结者专杀试试  杀的时候不要打开分区  也不要打开网页  不要使用U盘等  最好断开网络杀  防止木马下载器下载东西  如果打不开金山网站 可以叫朋友载下发给你

扫个日志上来

哈哈。。我知道。我的前几天也是这样。你的是不是连有关（杀毒）的网都打不开。。要不你加我的QQ 544500101 我给你个杀了这木马。我是强制才可以下载把它杀的了。

你的 瑞星杀毒软件 应该也打不开吧。

你的 瑞星杀毒软件 应该也打不开吧。重装瑞星杀毒也没用.

你的 瑞星杀毒软件 应该也打不开吧。重装瑞星杀毒也没用.

重命名下 就可以打开了

[CODE]

2007-07-07,14:05:55

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Publisher]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <FinePrint 分配器 v5><"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM>  [FinePrint Software, LLC]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{28D713D2-13D2-8D71-D28D-3D2D73D28D71}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\13D28D71.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
    <IFEO[360rpt.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe]
    <IFEO[360Safe.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
    <IFEO[360tray.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe]
    <IFEO[adam.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe]
    <IFEO[AgentSvr.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe]
    <IFEO[AppSvc32.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe]
    <IFEO[autoruns.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe]
    <IFEO[avgrssvc.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe]
    <IFEO[AvMonitor.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com]
    <IFEO[avp.com]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
    <IFEO[avp.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe]
    <IFEO[CCenter.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe]
    <IFEO[ccSvcHst.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe]
    <IFEO[FileDsty.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe]
    <IFEO[FTCleanerShell.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe]
    <IFEO[HijackThis.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe]
    <IFEO[IceSword.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe]
    <IFEO[iparmo.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe]
    <IFEO[Iparmor.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe]
    <IFEO[isPwdSvc.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe]
    <IFEO[kabaload.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR]
    <IFEO[KaScrScn.SCR]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe]
    <IFEO[KASMain.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe]
    <IFEO[KASTask.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []