系统刚刚中了病毒pwg.onlinegame,和viking.gz，虽然删除清楚了，但是打开有EXE文件的文件夹还是很慢，而且不知道查杀清楚没有，贴出log请高手给分析下吧。一共是3台电脑，我分别贴出，谢谢大家了。

1：CH

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:37:34, on 2007-6-18
Platform: Windows 2003  (WinNT 5.02.3790)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\360safe\safemon\360Tray.exe
E:\绿色软件\HiJackThis_v2.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - E:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (file missing)
O2 - BHO: ThunderBHO - {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll (file missing)
O2 - BHO: NavigatMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360safe\safemon\safemon.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [kis] "E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [360Safetray] C:\Program Files\360safe\safemon\360Tray.exe /start
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用迅雷下载 - E:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - E:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: Web反病毒保护 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - e:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - e:\Program Files\Tencent\QQ\QQ.EXE
O15 - ESC Trusted Zone: http://www.baidu.com
O15 - ESC Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - ESC Trusted Zone: http://oca.microsoft.com
O15 - ESC Trusted Zone: http://windowsupdate.microsoft.com
O15 - ESC Trusted Zone: http://pp4.pplive.com
O15 - ESC Trusted Zone: http://www.pplive.com
O15 - ESC Trusted Zone: http://www.sohu.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://*.windowsupdate.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://oca.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://windowsupdate.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{717A3B5F-3F95-4558-8367-3953E1BA8F2B}: NameServer = 202.106.0.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{717A3B5F-3F95-4558-8367-3953E1BA8F2B}: NameServer = 202.106.0.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{717A3B5F-3F95-4558-8367-3953E1BA8F2B}: NameServer = 202.106.0.20
O22 - SharedTaskScheduler: Browseui 预加载程序 - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: 组件类别缓存程序 - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: 卡巴斯基互联网安全套装 6.0 (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: WinQJServiceNow - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RAVQJ.EXE (file missing)
O23 - Service: WinZXServiceNow - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RAVZX.EXE (file missing)

--
End of file - 4954 bytes

2.me

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:09:48, on 2007-6-18
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\trcboot.exe
d:\Program Files\Microsoft\Asi\AsiServer\AsiServer.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
D:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
d:\PROGRA~1\MICROS~1\SQLSER~1\MSSQL\binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
d:\Program Files\Microsoft\SQL Server\MSSQL\binn\sqlagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\azmeo\green\Edit\EditPlus 2\editplus.exe
D:\azmeo\green\System\Sysinternals\Procexp.exe
D:\azmeo\green\System\A43\A43.exe
D:\azmeo\green\READTO~1\FOXITR~1\FOXITR~1.EXE
D:\azmeo\green\Net\Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\azmeo\green\System\信息查看\HiJackThis_v2.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: DsHelper - {0D42E1BD-09DD-4873-A826-9C7E793EB7B6} - C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DSIeHelper.dll
O2 - BHO: ThunderBHO - {2731A490-B72F-4B1B-9543-0EE74BAE2C22} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: QQMain Class - {2731A491-B72F-4B1B-9543-0EE74BAE2C22} - C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE7.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [kis] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [Google IME Autoupdater] C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 在Foxmail中添加该RSS频道/频道组 - res://C:\WINDOWS\system32\fmrsslink.dll/201
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre\bin\ssv.dll
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Web反病毒保护 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://www.icbc.com.cn
O15 - ESC Trusted Zone: http://m1.cn.2mdn.net
O15 - ESC Trusted Zone: http://msn.allyes.com
O15 - ESC Trusted Zone: http://rmd.atdmt.com
O15 - ESC Trusted Zone: http://view.atdmt.com
O15 - ESC Trusted Zone: http://www.baidu.com
O15 - ESC Trusted Zone: http://www.baofeng.com
O15 - ESC Trusted Zone: http://fox.foxmail.com.cn
O15 - ESC Trusted Zone: http://www.foxmail.com.cn
O15 - ESC Trusted Zone: http://ad.cn.doubleclick.net
O15 - ESC Trusted Zone: http://secure-cn.imrworldwide.com
O15 - ESC Trusted Zone: http://messenger.live.cn
O15 - ESC Trusted Zone: http://by125w.bay125.mail.live.com
O15 - ESC Trusted Zone: http://cc.services.spaces.live.com
O15 - ESC Trusted Zone: http://crowcao.spaces.live.com
O15 - ESC Trusted Zone: http://gfx6.mail.live.com
O15 - ESC Trusted Zone: http://gfx7.mail.live.com
O15 - ESC Trusted Zone: http://help.live.com
O15 - ESC Trusted Zone: http://js.shared.live.com
O15 - ESC Trusted Zone: http://rad.live.com
O15 - ESC Trusted Zone: http://shared.live.com
O15 - ESC Trusted Zone: http://api.mapbar.com
O15 - ESC Trusted Zone: http://mobile.msn.com.cn
O15 - ESC Trusted Zone: http://dl_dir.qq.com
O15 - ESC Trusted Zone: http://img1.mag.qq.com
O15 - ESC Trusted Zone: http://mag.qq.com
O15 - ESC Trusted Zone: http://pingjs.qq.com
O15 - ESC Trusted Zone: http://tiapview.qq.com
O15 - ESC Trusted Zone: http://sc2.sclive.net
O15 - ESC Trusted Zone: http://sc3.sclive.net
O15 - ESC Trusted Zone: http://sc4.sclive.net
O15 - ESC Trusted Zone: http://www.standardsoft.com.cn
O15 - ESC Trusted Zone: http://www.tq121.com.cn
O15 - ESC Trusted Zone: http://m.webtrends.com
O15 - ESC Trusted Zone: http://www.windowsmarketplace.com
O15 - ESC Trusted Zone: http://launcher.wowchina.com
O15 - ESC Trusted Zone: http://www.wunderman.com.cn
O15 - ESC Trusted Zone: http://ask.xiaoi.com
O15 - ESC Trusted Zone: http://g.xiaoi.com
O15 - ESC Trusted Zone: http://mapbar.xiaoi.com
O15 - ESC Trusted Zone: http://p4.xiaoi.com
O15 - ESC Trusted Zone: http://www.xiaoi.com
O15 - ESC Trusted IP range: http://58.23.130.5
O15 - ESC Trusted IP range: http://61.135.157.145
O15 - ESC Trusted IP range: http://61.135.157.150
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://supportapj.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174632815859
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2132DC0-FC7E-4F9F-AD6E-3482C54870FE}: NameServer = 202.106.0.20,202.96.0.133
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: Browseui 预加载程序 - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: 组件类别缓存程序 - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: 卡巴斯基互联网安全套装 6.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: ldlcserv - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: TrcBoot - IBM Corporation - C:\WINDOWS\system32\drivers\trcboot.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 9273 bytes

3.还有服务器也中了，郁闷。

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:03:46 上午, on 2007-6-18
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
Boot mode: Normal

Running processes:
C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\trcboot.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
e:\Program Files\Magic Winmail\server\MailServer7.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
d:\PROGRA~1\MICROS~2\MSSQL\binn\sqlservr.exe
D:\Software\动态域名\winpip\winpip.exe
e:\Program Files\Magic Winmail\server\http\Apache.exe
e:\Program Files\Magic Winmail\server\http\Apache.exe
D:\Program Files\Serv-U\ServUDaemon.exe
C:\WINDOWS\system32\tcpsvcs.exe
e:\Program Files\Magic Winmail\server\http\Apache.exe
C:\WINDOWS\system32\lserver.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
e:\Program Files\Magic Winmail\server\MailCtrl.exe
C:\Program Files\360safe\safemon\360tray.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Serv-U\ServUTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\Lotus\Domino\nserver.exe
D:\Lotus\Domino\nfileret.EXE
D:\Lotus\Domino\nsrvwrap.exe
e:\Program Files\Magic Winmail\server\http\Apache.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
e:\Program Files\Magic Winmail\server\MailCtrl.exe
C:\Program Files\360safe\safemon\360tray.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Serv-U\ServUTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\Lotus\Domino\nserver.exe
D:\Java\jdk1.5.0_04\bin\java.exe
D:\Lotus\Domino\nsrvwrap.exe
D:\Lotus\Domino\nevent.EXE
D:\Lotus\Domino\nUpdate.EXE
D:\Lotus\Domino\nReplica.EXE
D:\Lotus\Domino\nRouter.EXE
D:\Lotus\Domino\nAMgr.EXE
D:\Lotus\Domino\nAdminP.EXE
D:\Lotus\Domino\nCalConn.EXE
D:\Lotus\Domino\nSched.EXE
D:\Lotus\Domino\nHTTP.EXE
D:\Lotus\Domino\nIMAP.EXE
D:\Lotus\Domino\nLDAP.EXE
D:\Lotus\Domino\nPOP3.EXE
D:\Lotus\Domino\nSMTP.EXE
D:\Lotus\Domino\namgr.EXE
G:\服务器共享\杀毒防火墙\HiJackThis_v2.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NavigatMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360safe\safemon\safemon.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [Magic Winmail] e:\Program Files\Magic Winmail\server\MailCtrl.exe
O4 - HKLM\..\Run: [360Safetray] C:\Program Files\360safe\safemon\360tray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ServUTrayIcon] D:\Program Files\Serv-U\ServUTray.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: 快捷方式 到 nserver.exe.lnk = D:\Lotus\Domino\nserver.exe
O4 - Startup: 快捷方式 到 startup.bat.lnk = D:\tomcat5.5.17\apache-tomcat-5.5.17\bin\startup.bat
O4 - Global Startup: 服务管理器.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web反病毒保护 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator\windows\system32\mswsock.dll' missing
O15 - ESC Trusted Zone: http://down6.zol.com.cn
O15 - ESC Trusted Zone: http://download.pcstars.com.cn
O15 - ESC Trusted Zone: http://www.standardsoft.com.cn
O15 - ESC Trusted Zone: http://www.sures.com.cn
O15 - ESC Trusted Zone: http://www.dilongcn.com
O15 - ESC Trusted Zone: http://www.magicwinmail.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O15 - ESC Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - ESC Trusted Zone: http://connect.microsoft.com
O15 - ESC Trusted Zone: http://oca.microsoft.com
O15 - ESC Trusted Zone: http://update.microsoft.com
O15 - ESC Trusted Zone: http://windowsupdate.microsoft.com
O15 - ESC Trusted Zone: http://www.mylove520.com
O15 - ESC Trusted Zone: http://*.server
O15 - ESC Trusted Zone: http://map.sogou.com
O15 - ESC Trusted Zone: http://www.standardsoft.cn
O15 - ESC Trusted Zone: http://auction1.taobao.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://soft3.xn163.com
O15 - ESC Trusted Zone: http://www.yzykj.cn
O15 - ESC Trusted Zone: http://*.update.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://go.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://msdn.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://oca.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://support.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://technet.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://windowsupdate.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://www.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range: http://192.168.0.2
O15 - ESC Trusted IP range: http://218.241.133.18
O15 - ESC Trusted IP range: http://192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = standardsoft.com.cn
O17 - HKLM\Software\..\Telephony: DomainName = standardsoft.com.cn
O17 - HKLM\System\CCS\Services\Tcpip\..\{87229191-0E2D-40AF-9BC3-DB1DE326F47C}: NameServer = 202.106.0.20 202.106.46.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FF883C2-C603-4CA9-A9DE-CC2FC59854EA}: NameServer = 202.106.0.20
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = standardsoft.com.cn
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: Browseui 预加载程序 - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\Documents and Settings\Administrator\WINDOWS\system32\browseui.dll (file missing)
O22 - SharedTaskScheduler: 组件类别缓存程序 - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Documents and Settings\Administrator\WINDOWS\system32\browseui.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: 卡巴斯基互联网安全套装 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: ldlcserv - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: Lotus Domino Server (LotusDominoData) - IBM Corp - d:\Lotus\Domino\nservice.exe
O23 - Service: Winmail Mail Server (MagicWinmailServer) - AMAX Information Technologies Inc. - e:\Program Files\Magic Winmail\server\MailServer7.exe
O23 - Service: COMEXE PIPClient (PIPClient) - Unknown owner - D:\Software\动态域名\winpip\winpip.exe
O23 - Service: Serv-U FTP 服务器 (Serv-U) - Cat Soft - D:\Program Files\Serv-U\ServUDaemon.exe
O23 - Service: TrcBoot - IBM Corporation - C:\WINDOWS\system32\drivers\trcboot.exe

--
End of file - 9159 bytes