日志文件 Trend Micro HijackThis v 2.0.2
日志保存时间: 10:29:39,2009-8-10
操作系统: Windows XP SP2 (WinNT 5.01.2600)
IE版本: Internet Explorer v6.00 SP2 (6.00.2900.2180)
启动模式: 正常
正在运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\rsnetsvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Huawei\Secospace DSM\DSM Client\DSMClientSvr.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
D:\播放器\stormliv.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Huawei\NumenAgentWin\bin\NumenDaemon.exe
C:\Program Files\ZENworks\Patch Management Agent\GravitixService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tencent\QQSoftMgr\TencentUpdateSvc.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\ZENworks\Patch Management Agent\pddm.exe
C:\Program Files\Huawei\NumenAgentWin\bin\WinGUI.exe
C:\Program Files\Novell\ZENworks\NalAgent.exe
C:\Program Files\Rising\AntiSpyware\rstray.exe
C:\Program Files\VIEWGOOD\WebPlayer 2007\WebPlayerDeamon.exe
C:\Program Files\Rising\Rav\RsTray.exe
C:\Program Files\360Safebox\safeboxTray.exe
C:\Program Files\360safe\safemon\360tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\中国移动手机桌面助理\MDA.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Maxthon2\Maxthon.exe
C:\Program Files\Rising\Rav\ScanFrm.exe
C:\Program Files\Rising\Rav\RavMonD.exe
C:\Program Files\360safe\360hotfix.exe
C:\Program Files\360safe\LiveUpdate360.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\c\桌面\hijackthis_v2.02h\HijackThis.exe
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: 卡卡上网安全助手 - {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} - C:\WINDOWS\system32\UrlFilter.dll
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360safe\safemon\safemon.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [PDDM] C:\Program Files\ZENworks\Patch Management Agent\pddm.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [NALVIEW] nalview.exe /ns
O4 - HKLM\..\Run: [NALEnable] fsshare.exe 10.161.32.227 10.161.32.225
O4 - HKLM\..\Run: [NumenGUI] "C:\Program Files\Huawei\NumenAgentWin\bin\WinGUI.exe"
O4 - HKLM\..\Run: [runeip] "C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup
O4 - HKLM\..\Run: [WebPlayerUpdater] "C:\Program Files\VIEWGOOD\WebPlayer 2007\WebPlayerDeamon.exe" /Hide
O4 - HKLM\..\Run: [RavTray] "C:\Program Files\Rising\Rav\RsTray.exe" -system
O4 - HKLM\..\Run: [360Safebox] "C:\Program Files\360Safebox\safeboxTray.exe" /r
O4 - HKLM\..\Run: [360Safetray] C:\Program Files\360safe\safemon\360tray.exe /start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NALVIEW] nalview.exe /ns
O4 - HKCU\..\Run: [NALEnable] fsshare.exe 10.161.32.227 10.161.32.225
O4 - HKCU\..\Run: [中国移动手机桌面助理] C:\Program Files\中国移动手机桌面助理\MDA.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 　　　.lnk = C:\WINDOWS\system32\XP-3B261D70.EXE
O4 - Global Startup: 边锋游戏3.0多开大厅.Lnk = ?
O8 - 扩展右键菜单项: 使用MDA发送彩信 - C:\Program Files\中国移动手机桌面助理\Html\SendMMS.htm
O8 - 扩展右键菜单项: 使用MDA发送短信 - C:\Program Files\中国移动手机桌面助理\Html\SendSMS.htm
O8 - 扩展右键菜单项: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - 扩展右键菜单项: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - 扩展右键菜单项: 导出到 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - 扩展右键菜单项: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - 扩展右键菜单项: 添加到QQ表情 - C:\Program Files\Tencent\QQ\Bin\AddEmotion.htm
O9 - 额外的按钮: (未命名) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - 额外的“工具”菜单项目: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - 额外的按钮: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 额外的“工具”菜单项目: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 额外的按钮: 联想 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.lenovo.com(文件不存在)
O9 - 额外的按钮: 中国移动手机桌面助理 - {8806E443-0E06-4ed9-86D3-0C2D959F83DD} - C:\Program Files\中国移动手机桌面助理\MDA.exe
O9 - 额外的“工具”菜单项目: 中国移动手机桌面助理 - {8806E443-0E06-4ed9-86D3-0C2D959F83DD} - C:\Program Files\中国移动手机桌面助理\MDA.exe
O9 - 额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - 额外的按钮: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - 额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 额外的“工具”菜单项目: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.icbc.com.cn
O15 - Trusted Zone: http://emis.jl.cmcc
O16 - DPF: {14017CE6-C6D8-41C6-8F9C-28CAFF569A1C} (WO2Word Object) - http://bpm.jlmc.com:9081/HQ/activex/BPM_WO2WordLib.dll
O16 - DPF: {19FD2DFB-BB3E-4EA3-906F-64CFD12A0D0E} (oatree Control) - http://oa03.jlmc.com/oatree.ocx
O16 - DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} (iTrusPTA Class) - https://img.alipay.com/download/1101/aliedit.cab
O16 - DPF: {35333D8E-3E03-4776-9F07-2739DA83C499} (EdtDoc Object) - http://bpm.jlmc.com:9081/HQ/activex/PEdtDoc.dll
O16 - DPF: {5908A47C-F569-4B46-8B35-5FE2C63CC276} (PEAgent) - http://oa01.jl.cmcc/GGBTRENDMICRO/cabinet/PEAgent.cab
O16 - DPF: {70EFE874-31BF-41E4-9D87-FE9BE408B0F5} (WO2Word Object) - http://oa03.jlmc.com/WO2WordLib.dll
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
O16 - DPF: {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} (Rising Online Antivirus scanner control) - http://download.rising.com.cn/rs2009/online/ravolctl.cab
O16 - DPF: {CAFECAFE-0013-0001-0026-ABCDEFABCDEF} (JInitiator 1.3.1.26) - http://misapp1.jl.cmcc:11500/jinitiator/oajinit.exe
O16 - DPF: {D90CA504-617B-4C43-AA3E-5882EB8EEF1A} (OlEdt1Doc Object) - http://oa02.jlmc.com/OlEdt1DocLib.dll
O16 - DPF: {E9707834-5BF7-4CFF-A639-398427DE1991} (IcbcSslCacheCleanerCtrl Class) - http://www.icbc.com.cn/icbc/html/left/IcbcSslCacheCleaner.cab
O16 - DPF: {EACEED55-6F68-4AEE-9EC2-AF0BBFDF4FE9} (OATreeMail Control) - http://mail02.jlmc.com/OATreeMail.ocx
O16 - DPF: {EAF5041C-A17F-456B-B098-930A9DD2F886} (nc5 Class) - http://10.161.32.187/Client/NC_Client_1.5.0_07.exe
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} (PPLive Lite Class) - http://dl.pplive.com/PluginSetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0775ABB8-34AA-4ECC-8DE4-8EC7B3C09FAF}: NameServer = 222.34.29.158 202.106.0.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{12E1AAF7-9602-4103-8FE5-B8A6F9C1F72A}: NameServer = 10.161.32.72,10.161.32.86
O17 - HKLM\System\CS1\Services\Tcpip\..\{0775ABB8-34AA-4ECC-8DE4-8EC7B3C09FAF}: NameServer = 222.34.29.158 202.106.0.20
O20 - AppInit_DLLs: kmon.dll
O23 - NT 服务:  C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - NT 服务:  Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - D:\播放器\stormliv.exe
O23 - NT 服务:  Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - NT 服务:  DSMClientSvr - 华为技术有限公司 - C:\Program Files\Huawei\Secospace DSM\DSM Client\DSMClientSvr.exe
O23 - NT 服务:  Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - NT 服务:  i3SAFE Numen Agent Daemon Services (NumenDaemon) - Unknown owner - C:\Program Files\Huawei\NumenAgentWin\bin\NumenDaemon.exe
O23 - NT 服务:  ZENworks Patch Management Update (PatchLink Update) - Novell, Inc. - C:\Program Files\ZENworks\Patch Management Agent\GravitixService.exe
O23 - NT 服务:  Rav Process Communication Center (RavCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCENTER.EXE
O23 - NT 服务:  Rising RavTask Manager (RavTask) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\RavTask.exe
O23 - NT 服务:  Novell ZENworks 远程管理代理 (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - NT 服务:  Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\RavMonD.exe
O23 - NT 服务:  Rising Scan Service (RsScanSrv) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\ScanFrm.exe
O23 - NT 服务:  Tencent Software Update Service (TSUSVC) - Tencent - C:\Program Files\Tencent\QQSoftMgr\TencentUpdateSvc.exe
O23 - NT 服务:  Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - NT 服务:  工作站管理器 (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; MAXTHON 2.0)

请以txt文本文件的格式上传

TXT文本

日志不完整，操作方法：
1、下载后解压缩，运行SREngPS.EXE；
2、如果无法打开尝试把SREngPS.EXE改名为123.com，并复制到c:\windows目录下运行；
3、依次点击【智能扫描】-【扫描】，耐心等待，扫描结束后点击【保存报告】；
4、选择保存路径，文件名保持默认，直接点击【保存】；
5、打开保存的日志文件SREngLOG.log

用什么软件啊

SREngPS.EXE是什么

Sreng官方下载
SREng/智能扫描(记得勾选“检查进程的数字签名)
等扫描完成,保存日志(LOG格式)
PS：如主程序SREng**.exe无法运行,导致无法扫描日志
将主程序改名为我爱小狮子.bat
或我爱小狮子.scr
日志放入附件
（点击我这贴右下角的“引用”或最右下角的那个较大的“回复”然后就应该知道怎么发了。）

TXT

使用SREng修复下面各项：

    启动项目 －－ 注册表之如下项删除：
[wsctf.exe]    <; wsctf.exe>
[NALEnable]    <fsshare.exe 10.161.32.227 10.161.32.225>
[NALVIEW]    <nalview.exe /ns>
[NALEnable]    <fsshare.exe 10.161.32.227 10.161.32.225>
[NALVIEW]    <nalview.exe /ns>

    启动项目 －－　启动文件夹之如下项删除：
[边锋游戏3.0多开大厅]    <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\边锋游戏3.0多开大厅.Lnk>
[　　　]    <C:\Documents and Settings\c\「开始」菜单\程序\启动\　　　.lnk>

把对号点掉就可以吗