曾几何时，机器上匍匐了这样的病毒，图标是个快捷方式，而文件扩展名是txt jpg  ，只要浏览到它，整个系统资源都被占据，没法直接删除，用了各种杀毒软件，没有查出来，IT 也说没有办法。 眼看着它在机器上越来越多。请问 有谁知道那是什么病毒么？

【回复“violentstorm”的帖子】
http://forum.ikaka.com/topic.asp?board=28&artid=6979213
下载System Repair Engineer 2.0.12.350
导出全部日志

2006-03-28,15:16:20

System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows 2000 Professional Service Pack 4 - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <Internat.exe><internat.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Synchronization Manager><mobsync.exe /logon>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <SoundMan><SOUNDMAN.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <NvCplDaemon><RUNDLL32.EXE C:\WINNT\System32\\NVCpl.dll,NvStartup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <ShStatEXE><"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <McAfeeUpdaterUI><"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <SysExplr><C:\HEROSOFT\Hero3000\SYSEXPLR.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RemoteControl><"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <WinampAgent><C:\Program Files\Winamp\winampa.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Network Associates Error Reporting Service><"C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINNT\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

==================================
启动文件夹
[Acrobat Assistant]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Acrobat Assistant.lnk><N>
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk><N>
[EPSON Status Monitor 3 Environment Check]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\EPSON Status Monitor 3 Environment Check.lnk><N>
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk><N>
[腾讯QQ]
  <C:\Documents and Settings\weiyi.xi.SH\「开始」菜单\程序\启动\腾讯QQ.lnk><N>

==================================
服务
[Autodesk Licensing Service / Autodesk Licensing Service]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[C-DillaCdaC11BA / C-DillaCdaC11BA]
  <C:\WINNT\system32\drivers\CDAC11BA.EXE><Macrovision>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[McAfee Framework Service / McAfeeFramework]
  <C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart><Network Associates, Inc.>
[Network Associates McShield / McShield]
  <"C:\Program Files\Network Associates\VirusScan\Mcshield.exe"><Network Associates, Inc.>
[Network Associates Task Manager / McTaskManager]
  <"C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"><Network Associates, Inc.>
[RaySat_3dsmax8 Server / mi-raysat_3dsmax8]
  <"C:\Program Files\Autodesk\3dsMax8_pre-release\mentalray\satellite\raysat_3dsmax8server.exe"><N/A>
[NVIDIA Driver Helper Service / NVSvc]
  <C:\WINNT\System32\nvsvc32.exe><NVIDIA Corporation>
[Aelita DMW Migration Agent / Vmover.exe]
  <C:\WINNT\System32\Vmover.exe><Aelita Software Corporation>

==================================
浏览器加载项
[Target Class]
  {002AF282-E42D-4B51-9F70-F1570C02FAAD} <C:\Program Files\Microsoft\Office\Office.dll, N/A>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <d:\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx, >
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[IEBHOLiver Class]
  {54F8C0E2-34F9-474F-B47F-2CFCFE2300A2} <C:\WINNT\system32\IMULiver.dll, IMU>
[AtlObj Class]
  {7E093FD0-5372-4FD5-9C7B-875668B4CDB2} <C:\WINNT\system32\Ado32.dll, >
[ST]
  {9394EDE7-C8B5-483E-8773-474BF36AF6E4} <C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll, Microsoft Corporation>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FlashGet\jccatch.dll, Amaze Soft>
[]
  {A632CA9A-68E3-5255-9A72-A8E6EB3243E1} <C:\DOCUME~1\WEIYIX~1.SH\APPLIC~1\PINGFI~1\GRIMMAPI.exe, N/A>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[T2BHO Class]
  {B1D147E7-873E-4909-8127-695D9BB78728} <C:\WINNT\Downloaded Program Files\barsmall24.dll, HDT, Inc.>
[MSNToolBandBHO]
  {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll, Microsoft Corporation>
[AlxTB BHO Class]
  {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} <C:\WINNT\system32\AlxTB1.dll, Alexa Internet>
[解霸]
  {367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\HEROSOFT\Hero3000\MPLAYER.EXE, N/A>
[CibaCtrl Class]
  {8DE0FCD4-5EB5-11D3-AD25-00002100131B} <d:\Kingsoft\XDict\IEPlugin.dll, >
[JoyoCtrl Class]
  {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <d:\Kingsoft\XDict\IEPlugin.dll, >
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ.EXE, TENCENT>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\flashget.exe, Amaze Soft>
[91游]
  {D741F092-E567-46ca-9FCE-1C244BA755F0} <C:\Program Files\智买游\91u.exe, >
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[MSN]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[]
  {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} <C:\\WINNT\\system32\\SHDOCVW.DLL, Microsoft Corporation>
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINNT\system32\WEBACT~1.OCX, QQ>
[IEBHOLiver Class]
  {54F8C0E2-34F9-474F-B47F-2CFCFE2300A2} <C:\WINNT\system32\IMULiver.dll, IMU>
[天下搜索]
  {56A7DC70-E102-4408-A34A-AE06FEF01586} <, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[VqqSpeedDlProxy Class]
  {F138084D-84D7-48CD-BEA8-04772457516E} <C:\WINNT\vqqsdl.dll, Tencent>
[&Google Search]
  <res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html, N/A>
[&Translate English Word]
  <res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html, N/A>
[Backward Links]
  <res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html, N/A>
[Cached Snapshot of Page]
  <res://c:\program files\google\GoogleToolbar1.dll/cmcache.html, N/A>
[Similar Pages]
  <res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html, N/A>
[Translate Page into English]
  <res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\SendMMS.htm, N/A>
[访问通用网址]
  <C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>

==================================
正在运行的进程
[PID: 140][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 168][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 188][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6970>
[PID: 216][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.6700>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
    [C:\WINNT\system32\EntApi.dll]  <Network Associates, Inc><8.0.0.240>
[PID: 228][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.6902>
    [C:\WINNT\system32\EntApi.dll]  <Network Associates, Inc><8.0.0.240>
[PID: 408][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
    [C:\WINNT\system32\EntApi.dll]  <Network Associates, Inc><8.0.0.240>
[PID: 436][C:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.7059>
    [C:\WINNT\system32\pdfports.dll]  <Adobe Systems Incorporated.><5.0.000>
    [d:\Adobe\Acrobat 5.0\Distillr\ADistRes.CHS]  <Adobe Systems Incorporated.><5.0.0.0>
[PID: 500][C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe]  <Autodesk><2.66.000>
[PID: 524][C:\WINNT\system32\drivers\CDAC11BA.EXE]  <Macrovision><4.20.030>
[PID: 548][C:\WINNT\System32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
    [C:\WINNT\system32\EntApi.dll]  <Network Associates, Inc><8.0.0.240>
[PID: 568][C:\Program Files\Network Associates\Common Framework\FrameworkService.exe]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\nailog.dll]  <Network Associates, Inc.><3.5.0.474>
    [C:\Program Files\Network Associates\Common Framework\naXML.dll]  <Network Associates, Inc.><3.5.0.474>
    [C:\Program Files\Network Associates\Common Framework\naCmnLib.dll]  <Network Associates, Inc.><3.5.0.474>
    [C:\Program Files\Network Associates\Common Framework\applib.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\0409\AgentRes.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\Logging.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\InternetManager.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\naInet.dll]