按着你的方法操作完毕,等待吧,有问题我在来

还有你怀疑的文件
C:\WINDOWS\ScNotify.dll
好象是我的诺顿DLL吧

不知道，我不使用诺顿

都出来了,问题没有解决.甚至升级了,今天更厉害了,一下自己开了8个网站..

又中毒拉？
扫描日志先

Logfile of HijackThis v1.99.1
Scan saved at 15:56:32, on 2007-2-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\6EFCF3FF.exe
C:\WINDOWS\system32\ffudf.exe
G:\下载\新建文件夹\HijackThis.exe

O2 - BHO: 实用搜索 - {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} - C:\Program Files\superutilbar\superutilbar.dll (file missing)
O2 - BHO: (no name) - {c0b2f11d-f077-4ce8-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\4ce8cfsb.dll
O2 - BHO: 6ff1 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4a92ntos.dll
O3 - Toolbar: 6ff1 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4a92ntos.dll
O3 - Toolbar: 实用搜索工具条2.0 - {03465FF5-00AE-411a-9C34-960ED566EC03} - C:\Program Files\superutilbar\superutilbar.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [sdafdsafds] C:\WINDOWS\temp\162.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\drivers\ttp.exe] C:\WINDOWS\system32\drivers\ttp.exe
O4 - HKLM\..\Run: [System] C:\Program Files\Common Files\System\Updaterun.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &V使用Vagaa哇嘎下载 - D:\Program Files\VAGAA\Vagaa\Data\vg.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QICQ\qq\AddToNetDisk.htm
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - G:\Program Files\浩方对站平台\浩方对战平台\GameClient.exe
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://password.qq.com/download/qqedit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF49D4A4-69B7-47D8-B12C-7A88639804F3}: NameServer = 61.236.93.33 202.97.224.68
O20 - Winlogon Notify: cryptimg - C:\WINDOWS\SYSTEM32\cryptimg.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ScCardLogn - C:\WINDOWS\ScNotify.dll
O23 - Service: 1AE1F8F9 - Unknown owner - C:\WINDOWS\system32\1AE1F8F9.EXE (file missing)
O23 - Service: 4432D9E6 - Unknown owner - C:\WINDOWS\system32\4432D9E6.EXE (file missing)
O23 - Service: Windows User Mode Driver (UMWdfmgr) - Unknown owner - rundll32.exe (file missing)



ps:我从来不加载IE搜索拦,那些都是流氓软件干的,(现在估计叫流氓软件已经过了,应该是病毒了,严整影响我的计算机运行)

怎么越杀中的越多？修复以下各项
O2 - BHO: 实用搜索 - {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} - C:\Program Files\superutilbar\superutilbar.dll (file missing)
O2 - BHO: (no name) - {c0b2f11d-f077-4ce8-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\4ce8cfsb.dll
O2 - BHO: 6ff1 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4a92ntos.dll
O3 - Toolbar: 6ff1 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4a92ntos.dll
O3 - Toolbar: 实用搜索工具条2.0 - {03465FF5-00AE-411a-9C34-960ED566EC03} - C:\Program Files\superutilbar\superutilbar.dll (file missing)
O4 - HKLM\..\Run: [sdafdsafds] C:\WINDOWS\temp\162.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\drivers\ttp.exe] C:\WINDOWS\system32\drivers\ttp.exe
O4 - HKLM\..\Run: [System] C:\Program Files\Common Files\System\Updaterun.exe

安全模式下删除
C:\WINDOWS\system32\4a92ntos.dll
C:\WINDOWS\system32\4ce8cfsb.dll
C:\WINDOWS\system32\drivers\ttp.exe
C:\Program Files\Common Files\System\Updaterun.exe
C:\WINDOWS\temp\162.exe
C:\WINDOWS\system32\6EFCF3FF.exe
然后重扫System Repair Engineer 日志

停止着两个服务
Service: 1AE1F8F9 - Unknown owner - C:\WINDOWS\system32\1AE1F8F9.EXE (file missing)
O23 - Service: 4432D9E6 - Unknown owner - C:\WINDOWS\system32\4432D9E6.EXE (file missing)
删除
C:\WINDOWS\system32\6EFCF3FF.exe
C:\WINDOWS\system32\1AE1F8F9.EXE
C:\WINDOWS\system32\ffudf.exe
最好用 SER扫
HijackThis 的我看不太懂，呵呵

我在更新系统.我现在不感随便关闭哪个进程啦,我关啦  他就自动加载并且改名,重新启动    而且有增不减

引用:

【misaboa的贴子】停止着两个服务 Service: 1AE1F8F9 - Unknown owner - C:\WINDOWS\system32\1AE1F8F9.EXE (file missing) O23 - Service: 4432D9E6 - Unknown owner - C:\WINDOWS\system32\4432D9E6.EXE (file missing) 删除 C:\WINDOWS\system32\6EFCF3FF.exe C:\WINDOWS\system32\1AE1F8F9.EXE C:\WINDOWS\system32\ffudf.exe 最好用 SER扫 HijackThis 的我看不太懂，呵呵 ………………

这俩服务已经没了，净让人家用冰刃，留下一堆鸽子毛

[CODE]

2007-02-20,16:16:35

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <IgfxTray><C:\WINDOWS\System32\igfxtray.exe>  [(Verified)Intel Corporation]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <sdafdsafds><C:\WINDOWS\temp\162.exe>  [N/A]
    <C:\WINDOWS\system32\drivers\ttp.exe><C:\WINDOWS\system32\drivers\ttp.exe>  [N/A]
    <System><C:\Program Files\Common Files\System\Updaterun.exe>  [N/A]
    <mnjk3mg><rundll32.exe C:\WINDOWS\xjg5xy8o93ona.dll _start@16>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\SYSTEM32\Userinit.exe,>  [(Verified)Microsoft Corporation]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{4ED6E0B5-F47A-4609-A940-11CF60FDC3C3}><C:\WINDOWS\system32\mctet.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptimg]
    <WinlogonNotify: cryptimg><cryptimg.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCardLogn]
    <WinlogonNotify: ScCardLogn><C:\WINDOWS\ScNotify.dll>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[1AE1F8F9 / 1AE1F8F9][Stopped/Auto Start]
  <C:\WINDOWS\system32\1AE1F8F9.EXE -service><N/A>
[4432D9E6 / 4432D9E6][Stopped/Auto Start]
  <C:\WINDOWS\system32\4432D9E6.EXE -service><Microsoft Corporation>
[Windows Install Helper / 8NASCAR][Stopped/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\BVTDE.DLL,Export 1087><Microsoft Corporation>
[Vsn amnm Service / amnm][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\gsas\nwaw.dll,Service><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[jsefusf / jsefusf][Stopped/Auto Start]
  <C:\WINDOWS\system32\jsefusf.exe -service><Microsoft Corporation>
[Kingsoft AntiVirus Service / KAVSvc][Stopped/Disabled]
  <><N/A>
[System Administrator / Live][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\ykzmo.dll><Microsoft Corporation>
[Std uded Service / uded][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\mvsv\wiji.dll,Service -s><Microsoft Corporation>
[Windows User Mode Driver / UMWdfmgr][Stopped/Auto Start]
  <rundll32.exe C:\WINDOWS\winamps.dll _start@16><N/A>

==================================
驱动程序
[akgtyn6 / akgtyn61][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\akgtyn61.sys><N/A>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[apuetj7 / apuetj78][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\apuetj78.sys><N/A>
[ast / ast][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\ast.sys><N/A>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
  <System32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[cdawdm / cdawdm][Stopped/Disabled]
  <System32\DRIVERS\CDAWDM.sys><N/A>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\drivers\EagleNT.sys><N/A>
[Symantec Eraser Control driver / eeCtrl][Running/System Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[EraserUtilRebootDrv / EraserUtilRebootDrv][Stopped/Manual Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys><Symantec Corporation>
[ffpbek / ffpbek][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\ffpbek.sys><Microsoft Corporation>
[hidproc / hidproc][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\hidproc.sys><Microsoft Corporation>
[ialm / ialm][Running/Manual Start]
  <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[KWatch2 / KWatch2][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\drivers\KWatch2.sys><Kingsoft Antivirus>
[msusbbux / msusbbux][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\msusbbux.sys><Microsoft Corporation>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <System32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Program Files\Tencent\QQ\ViYaQQ\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\D:\Program Files\Tencent\QICQ\qq\npkycryp.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[QuakeDRV / QuakeDRV][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\quakedrv.sys><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[wlox / wloxn][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\wloxn.sys><N/A>
[xinstall / xinstall][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\xinstall.sys><N/A>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>