电脑中了病毒，连瑞星实时监控的伞都被关了，晕啊！在安全模式下尝试杀毒和修复瑞星，杀了168个，大部分是特洛伊，还有少量后门！现在瑞星好像能用了，但开机有个错误提示，桌面有三个IE图标，删除不了！请高手给看看日志，谢谢啦！
操作系统：  Unknown Windows (WinNT 6.00.1906 SP2)
浏览器：    Internet Explorer v7.00 (7.00.6002.18005)

当前运行的进程：         
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Windows\PLFSetI.exe
C:\Windows\PLFSetL.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Rising\Rfw\RsTray.exe
C:\Program Files\Rising\Rav\RsTray.exe
C:\Users\Jane\AppData\Local\Temp\RtkBtMnt.exe
D:\软件\itunes\iTunesHelper.exe
C:\Windows\WindowsMobile\wmdc.exe
D:\软件\rising\RSTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Acer\Acer VCM\VC.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
D:\软件\rising\knownsvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Jane\AppData\Local\Temp\Rar$EX00.855\HijackThis1991.exe

用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2)

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\软件\迅雷5\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PIPI Link Helper - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - D:\软件\pipi\JfCheck.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - D:\软件\FlashGet\ComDlls\bhoCATCH.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\软件\迅雷5\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live 登录帮助程序 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: 卡卡上网安全助手 - {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} - C:\Windows\system32\UrlFilter.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: 中国工商银行BHO - {BB4491A2-D11A-4c6b-91C0-B53246A3122B} - C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\Icbc_AntiPhishing.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - IE工具栏增项: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - 启动项HKLM\\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - 启动项HKLM\\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - 启动项HKLM\\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - 启动项HKLM\\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - 启动项HKLM\\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - 启动项HKLM\\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - 启动项HKLM\\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - 启动项HKLM\\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - 启动项HKLM\\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - 启动项HKLM\\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - 启动项HKLM\\Run: [Skytel] Skytel.exe
O4 - 启动项HKLM\\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - 启动项HKLM\\Run: [SpeedNet] ; D:\软件\四海互动\四海互动游戏加速器\SpeedNet.exe -s
O4 - 启动项HKLM\\Run: [DataLayer] ; C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - 启动项HKLM\\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - 启动项HKLM\\Run: [RFWTray] "C:\Program Files\Rising\Rfw\RsTray.exe" -system
O4 - 启动项HKLM\\Run: [RavTray] "C:\Program Files\Rising\Rav\RsTray.exe" -system
O4 - 启动项HKLM\\Run: [QuickTime Task] "D:\软件\暴风影音3.6\Codec\QTTask.exe" -atboottime
O4 - 启动项HKLM\\Run: [iTunesHelper] "D:\软件\itunes\iTunesHelper.exe"
O4 - 启动项HKLM\\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - 启动项HKLM\\Run: [jfproc] D:\软件\pipi\jfCacheMgr.exe
O4 - 启动项HKLM\\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - 启动项HKLM\\Run: [runeip] "D:\软件\rising\rstray.exe" /startup
O4 - 启动项HKLM\\RunOnce: [KKDelay] D:\软件\rising\RunOnce.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] ; C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [rulestarter2] %systemroot%\system32\rulestarter.exe
O4 - HKCU\..\Run: [rulestarter] %systemroot%\system32\RTRsca.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MobileAssist] "D:\软件\掌智科技\MobileAssis.exe" -AutoStart
O4 - Startup: QQ游戏启动加速程序.lnk = ?
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?SystemDrive%\Acer\Empowering Technology\eAPLauncher.exe
O8 - IE右键菜单中的新增项目: 使用光影编辑和美化 - D:\软件\光影魔术手\nEO iMAGING\NeoOpenNeo.htm
O8 - IE右键菜单中的新增项目: 使用快车(Flas&hGet)下载 - D:\软件\FlashGet\ComDlls\Bholink.htm
O8 - IE右键菜单中的新增项目: 使用快车(Flash&Get)下载全部链接 - D:\软件\FlashGet\ComDlls\Bhoall.htm
O8 - IE右键菜单中的新增项目: 使用掌智手机助手下载到手机 - D:\软件\掌智科技\GetLink.htm
O8 - IE右键菜单中的新增项目: 使用迅雷下载 - D:\软件\迅雷5\Program\geturl.htm
O8 - IE右键菜单中的新增项目: 使用迅雷下载全部链接 - D:\软件\迅雷5\Program\getallurl.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\软件\QQ2008\AddEmotion.htm
O9 - 浏览器额外的按钮: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\软件\迅雷5\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\软件\迅雷5\Thunder.exe
O9 - 浏览器额外的按钮: 写入日志 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - 浏览器额外的“工具”菜单项: 在 Windows Live Writer 中写入日志(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - 浏览器额外的按钮: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - 浏览器额外的按钮: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - 浏览器额外的“工具”菜单项: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - 浏览器额外的按钮: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\napinsp.dll
O10 - 未知的文件在 Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:

O15 - “受信任的站点”中添加项: easyabc.95599.cn
O15 - “受信任的站点”中添加项:
O15 - “受信任的站点”中添加项: http://*.alipay.com
O15 - “受信任的站点”中添加项: http://*.alisoft.com
O15 - “受信任的站点”中添加项:
O15 - “受信任的站点”中添加项: http://*.taobao.com
O16 - DPF: {04A39EFC-FDF5-4819-98C9-BBC864DB2F90} (ClientBindingCtrl Class) -
O16 - DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} (iTrusPTA Class) -
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) -
O16 - DPF: {62B938C4-4190-4F37-8CF0-A92B0A91CC77} (InfoSecNetSign Class) -
O16 - DPF: {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} (Submit Class) -
O16 - DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} (InfoSecICBCNetSign Class) -
O16 - DPF: {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} (Tencent Safety Online Base Module) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F3428B1-7F64-4483-B9F2-1BD126395ED5}: NameServer = 222
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB185314-7F41-41D3-9450-3BFCF9D28555}: NameServer = 211.
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3C02CCA-C76D-44A8-983E-FE3220DC8DCB}: NameServer = 211.
O17 - HKLM\System\CS2\Services\Tcpip\..\{3F3428B1-7F64-4483-B9F2-1BD126395ED5}: NameServer = 222.
O18 - 列举现有的协议: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - 列举现有的协议: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - 列举现有的协议: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - NT 服务: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - NT 服务: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - NT 服务: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - NT 服务: Bonjour 服务 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - NT 服务: Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - D:\软件\暴风影音3.6\stormliv.exe
O23 - NT 服务: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - NT 服务: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - NT 服务: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - NT 服务: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - NT 服务: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - NT 服务: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - NT 服务: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - NT 服务: Intel? PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - NT 服务: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - NT 服务: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - NT 服务: ICBC Daemon Service - Unknown owner - C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\IcbcDaemon.exe
O23 - NT 服务: iPod 服务 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - NT 服务: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - NT 服务: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - NT 服务: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - NT 服务: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - NT 服务: Intel? PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - NT 服务: Rav Service (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\RavMonD.exe
O23 - NT 服务: RFW Service (RsRFWMon) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rfw\RavMonD.exe
O23 - NT 服务: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - NT 服务: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - NT 服务: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - NT 服务: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

下载Sreng(http://www.kztechs.com/sreng/download.html)

打开Sreng.exe==>智能扫描==>勾选 检查进程模块的数字签名==>点 扫描==>扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把SREng.LOG以附件的形式发上来

要是Sreng.exe不能运行，直接重命名为123.bat运行

好的，谢谢！

附件: SREngLOG.log (2010-1-21 0:45:57, 576.06 K)
该附件被下载次数 422

请您看看，谢谢！

HZVA那边回你了
http://bbs.hzva.org/viewthread.php?tid=98786&extra=page%3D1

恩好的，谢谢您了！