主题：估计是中木马了! -- 海纳百川

Please download FixWareout from one of these sites:

http://downloads.subratam.org/Fixwareout.exe

http://swandog46.geekstogo.com/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...l?noreloadredir

Click Fix Checked. Close HijackThis, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log.

不是你死，就是我亡，久了，你就百毒不侵了，另外，看看你有没有一下文件：

C:\WINDOWS\SYSTEM32\CSKVQ.EXE

C:\WINDOWS\SYSTEM32\DMOLJ.EXE

C:\WINDOWS\SYSTEM32\IPSEC6.EXE

如有：

go to http://virusscan.jotti.org

upload them one at a time ( just copy/paste the file paths into the box, then hit submit)

post results here thatnk you

log looks clean otherwise, but to check if other nasties are present:

open ewido ( i see you have it installed )

update it to the newest definitions, but dont scan yet

instead reboot into

Safe Mode

once in safe mode fire up ewido, do a full system scan

when finished save its report to a place wher you can easily find it

then reboot back to normal mode

post the ewido scan report, the jotti scan results for the 3 files above

and a fresh hijackthis log

NOTE: you seem to have disabled some startups with msconfig. launch it again, enable everything in the startups, then scan with hjt to post the log

this will allow us to fix the useless startup entries too

一进入就蓝屏重新启动.

还有就是你介绍的这些软件

只有IPSEC6.EXE, 其他没有,是干什么的?为什么装这么多乱七八糟的东西.

现在机器越来越慢了,按照以往折腾的经验,最后还是重装了事.

Logfile of HijackThis v1.99.1

Scan saved at 20:45:57, on 2006-12-2

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\S24EvMon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\System32\QCONSVC.EXE

C:\WINDOWS\System32\RegSrvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\TpKmpSVC.exe

C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe

C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\WINDOWS\AGRSMMSG.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\WINDOWS\System32\TpShocks.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\WINDOWS\VM_STI.EXE

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe

C:\Program Files\Kingsoft\Powerword 2003\XDICT.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\conime.exe

C:\ha_hijackthis_1991\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [GhostStartTrayApp] ; C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload

O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 2052

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe

O4 - Global Startup: 金山词霸 2003.lnk = C:\Program Files\Kingsoft\Powerword 2003\XDICT.EXE

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?SystemRoot%\Installer\{AC76BA86-2052-0000-7760-100000000002}\SC_Acrobat.exe

O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\qq\AddToNetDisk.htm

O8 - Extra context menu item: 使用Web迅雷下载 - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm

O8 - Extra context menu item: 使用Web迅雷下载全部链接 - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm

O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm

O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm

O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)

O9 - Extra 'Tools' menuitem: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)

O14 - IERESET.INF: START_PAGE_URL=about:blank

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (趋势科技在线扫毒程序) - http://www.trendmicro.com.cn/housecall/xscan53.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A74CF59B-CBF5-42ED-859E-100B7F5AC2B8}: NameServer = 64.71.255.198

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

system. The programs I suggest are the fix.