【求助】电脑总是莫名其妙重启~ bbs.ikaka.com

骑着乌龟玩飘移 - 2006-7-3 12:03:00

电脑总是说在处理c:\WINNT\system32\services.exe时出现问题！并倒记时重启！你们说让我删除spooIsv.exe!但是我删除后它又跑出来了！这该怎么办啊？Logfile of HijackThis v1.99.1
Scan saved at 12:08:14, on 2006-7-3
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\KV2004\KVSrvXP.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\KV2004\KVMonXP.kxp
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINNT\Mixer.exe
C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\racer-henan-cnc\racer.exe
C:\Program Files\racer-henan-cnc\RacerKp.exe
F:\软件\Norton Process Viewer\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\HijackThis.exe

O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - F:\软件\MAGICSET\haokanbar.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: BrowseHelper Class - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - C:\KV2004\KvShell.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} - C:\KV2004\KvShell.dll
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - F:\软件\MAGICSET\haokanbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SysExplr] C:\HEROSOFT\Hero3000\SYSEXPLR.EXE
O4 - HKLM\..\Run: [KvMonXP] C:\KV2004\KVMonXP.kxp /auto
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [popo2004] C:\Program Files\NetEase\popo2004\Start.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: 河南网通宽带用户客户端.lnk = C:\Program Files\racer-henan-cnc\racer.exe
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 解霸 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero3000\MPLAYER.EXE
O9 - Extra 'Tools' menuitem: 超级解霸 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero3000\MPLAYER.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\kvwspxp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\kvwspxp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\kvwspxp.dll
O11 - Options group: [TBH] QQ地址栏搜索
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\lsy1\LOCALS~1\Temp\hpdj.exe
O23 - Service: KVSrvXP - JiangMin Ltd. - C:\KV2004\KVSrvXP.exe

我无邪 - 2006-7-3 14:02:00

这个进程的确要猪之，它是病毒。
只是在日志里没有发现
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

骑着乌龟玩飘移 - 2006-7-3 14:11:00

2006-07-03,14:14:30

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><internat.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation]
<SysExplr><C:\HEROSOFT\Hero3000\SYSEXPLR.EXE> []
<KvMonXP><C:\KV2004\KVMonXP.kxp /auto> [JiangMin Ltd.]
<HP Software Update><C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe> []
<HPDJ Taskbar Utility><C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe> [HP]
<DeviceDiscovery><C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe> [Hewlett-Packard]
<C-Media Mixer><Mixer.exe /startup> [C-Media Electronic Inc. (www.cmedia.com.tw)]
<CreativeMixer><C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t> [Creative Technology Ltd.]
<popo2004><C:\Program Files\NetEase\popo2004\Start.exe> [网易(163.com)]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<Client Server Runtime Process><C:\WINNT\system32\csrs.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINNT\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\KV2004\KVSCRK~1.SCR> []

骑着乌龟玩飘移 - 2006-7-3 14:13:00

启动文件夹
[河南网通宽带用户客户端]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\河南网通宽带用户客户端.lnk><N>
[腾讯QQ]
<C:\Documents and Settings\lsy1\「开始」菜单\程序\启动\腾讯QQ.lnk><N>

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[hpdj / hpdj]
<C:\DOCUME~1\lsy1\LOCALS~1\Temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 3500 series -product=><HP>
[KVSrvXP / KVSrvXP]
<C:\KV2004\KVSrvXP.exe -Service><JiangMin Ltd.>
[Microsoft Windows Spooler Service / Windows Spooler Service]
<"C:\WINNT\winlogon.exe"><N/A>

==================================
浏览器加载项
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <F:\软件\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[BrowseHelper Class]
{80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <C:\KV2004\KvShell.dll, JiangMin Lmt>
[解霸]
{367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\HEROSOFT\Hero3000\MPLAYER.EXE, N/A>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[江民杀毒工具栏]
{B5A34A93-D538-43A7-8371-864CB6148D12} <C:\KV2004\KvShell.dll, JiangMin Lmt>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <F:\软件\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

骑着乌龟玩飘移 - 2006-7-3 14:13:00

正在运行的进程
[PID: 136][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 160][\??\C:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 180][\??\C:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6970>
[PID: 208][C:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.6700>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[C:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3>
[PID: 220][C:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.6902>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[PID: 400][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[PID: 456][C:\WINNT\System32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 472][C:\KV2004\KVSrvXP.exe] <JiangMin Ltd.><8.0.0.311>
[C:\KV2004\UpdateX.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\KVEnhD.dll] <JiangMin Ltd.><8.0.0.311>
[C:\KV2004\KvSPI.dll] <JiangMin Ltd.><8.0.0.312>
[C:\KV2004\KVEnhP.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\KVEnhM.dll] <JiangMin Ltd.><8.0.0.311>
[C:\KV2004\KVEnhC.DLL] <JiangMin Ltd.><8.0.0.311>
[C:\KV2004\KVEnhO_1.dll] <JiangMin Ltd.><8.0.0.314>
[C:\KV2004\KVEnhS_1.dll] <JiangMin Ltd.><8.0.0.313>
[C:\KV2004\KVEnhJ.dll] <JiangMin Ltd.><8.0.0.311>
[C:\KV2004\KVExtCab.dll] <Jiangmin New Tech. Co. Ltd.><8.0.0.309>
[C:\KV2004\KVExtEml.dll] <JiangMin Ltd.><8.0.0.312>
[C:\KV2004\KvExtRar.dll] <Jiangmin New Tech. Co. Ltd.><8.0.0.309>
[C:\KV2004\KvExtZip.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\KVExtLZH_1.dll] <N/A><N/A>
[C:\KV2004\KVEnhK_1.dll] <JiangMin Ltd.><7, 1, 0, 307>
[C:\KV2004\KvSpiPS.dll] <JiangMin Ltd.><8.0.0.309>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[C:\KV2004\lang\PrivateCfg0804.lng] <TODO: <Company name>><1.0.0.1>
[PID: 540][C:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6920>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[PID: 592][C:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100>
[PID: 644][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[PID: 752][C:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690>
[C:\KV2004\KvShell.dll] <JiangMin Lmt><8.0.0.309>
[C:\KV2004\UpdateX.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\lang\Kvxp0804.lng] <N/A><N/A>
[C:\KV2004\KVComm_1.dll] <JiangMin Ltd.><8.0.0.312>
[C:\KV2004\APIImpl.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\GUIExt.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200>
[C:\PROGRA~1\baidu\bar\baidubar.dll] <Baidu.com, Inc.><2, 0, 2, 78>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\KV2004\KVMonXP.kxp] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\UpdateX.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\lang\Kvxp0804.lng] <N/A><N/A>
[C:\KV2004\GUIExt.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200>
[C:\KV2004\KVEnhP.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\KvSpiPS.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\lang\PrivateCfg0804.lng] <TODO: <Company name>><1.0.0.1>
[PID: 872][C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe] <N/A><N/A>
[PID: 948][C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe] <Hewlett-Packard><1, 0, 0, 1>
[C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvd08.dll] <Hewlett-Packard><2, 0, 2, 2>
[C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxm08.dll] <Hewlett-Packard Co.><4.2.0.127>
[PID: 960][C:\WINNT\Mixer.exe] <C-Media Electronic Inc. (www.cmedia.com.tw)><1.60>
[C:\WINNT\System32\cmnprop.dll] <C-Media Corporation><5.00.2195.12>
[PID: 976][C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE] <Creative Technology Ltd.><6.01.1>
[C:\Program Files\Creative\Audio2K\PROGRAM\CTMRES32.DLL] <Creative Technology Ltd.><1.02.0>
[PID: 808][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.1622>
[PID: 996][C:\WINNT\system32\csrs.exe] <N/A><N/A>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[PID: 1004][C:\WINNT\system32\internat.exe] <Microsoft Corporation><5.00.2920.0000>
[PID: 1036][C:\Program Files\racer-henan-cnc\racer.exe] <Putian Runway><2, 0, 51, 92>
[C:\Program Files\racer-henan-cnc\rwxre.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\nspr4.dll] <Netscape Communications Corporation><4.5 Beta>
[C:\Program Files\racer-henan-cnc\xpcom.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\nss3.dll] <Netscape Communications Corporation><3.9.1>
[C:\Program Files\racer-henan-cnc\softokn3.dll] <Netscape Communications Corporation><3.9.1>
[C:\Program Files\racer-henan-cnc\gkgfx.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\js3250.dll] <Netscape Communications Corporation><4.0>
[C:\Program Files\racer-henan-cnc\components\racer_base_comp.dll] <Putian Runway><2,0,47,87>
[C:\Program Files\racer-henan-cnc\xpcom_compat.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\racer_base.dll] <Putian Runway><2,0,47,87>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[C:\Program Files\racer-henan-cnc\components\pipnss.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\components\gklayout.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\components\jar50.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\components\xpcom_compat_c.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\components\racer_ad_comp.dll] <Putian Runway><2,0,47,87>
[C:\Program Files\racer-henan-cnc\components\racer_access_dhcpplus.dll] <Putian Runway><2,0,47,87>
[C:\Program Files\racer-henan-cnc\dhcpplus.dll] <北京润汇科技有限公司><0, 13, 21, 45>
[C:\Program Files\racer-henan-cnc\components\racer_nss4_comp.dll] <Putian Runway><2,0,47,87>
[C:\Program Files\racer-henan-cnc\nss4.dll] <北京普天润汇科技有限公司><1, 0, 0, 3>
[C:\Program Files\racer-henan-cnc\wpcap.dll] <NetGroup - Politecnico di Torino><3, 1, 0, 24>
[C:\Program Files\racer-henan-cnc\packet.dll] <NetGroup - Politecnico di Torino><3, 1, 0, 24>
[C:\Program Files\racer-henan-cnc\WanPacket.dll] <NetGroup - Politecnico di Torino><3, 1, 0, 24>
[PID: 656][C:\Program Files\racer-henan-cnc\RacerKp.exe] <北京润汇科技有限公司><1, 0, 0, 1>
[PID: 424][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><5.00.2920.0000>
[F:\软件\MAGICSET\haokanbar.dll] <Xiang Feng Technology><2, 1, 0, 1463>
[C:\PROGRA~1\baidu\bar\baidubar.dll] <Baidu.com, Inc.><2, 0, 2, 78>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[C:\KV2004\KvShell.dll] <JiangMin Lmt><8.0.0.309>
[C:\KV2004\UpdateX.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\lang\Kvxp0804.lng] <N/A><N/A>
[C:\KV2004\KVComm_1.dll] <JiangMin Ltd.><8.0.0.312>
[C:\KV2004\APIImpl.dll] <JiangMin Ltd.><8.0.0.309>
[C:\WINNT\system32\macromed\flash\Flash.ocx] <Macromedia, Inc.><7,0,19,0>
[PID: 652][F:\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>

骑着乌龟玩飘移 - 2006-7-3 14:13:00

文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS Error. [超级解霸3000]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

独孤豪侠 - 2006-7-3 14:19:00

[hpdj / hpdj]
<C:\DOCUME~1\lsy1\LOCALS~1\Temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 3500 series -product=><HP> 这项是什么楼主知道吗/

[Microsoft Windows Spooler Service / Windows Spooler Service]
<"C:\WINNT\winlogon.exe"><N/A>
唉,还有这个,郁闷喽~~~这个可不好杀.

我无邪 - 2006-7-3 14:21:00

运行(双击)System Repair Engineer，点“启动项目，服务，点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务Microsoft Windows Spooler Service，选择“删除服务”点“设置”选择“否”最后重启
重启
ALT+CTRL+DELETE调出任务管理器,终止csrs.exe的进程
运行(双击)System Repair Engineer，使用“启动项目，注册表”来删除以下选项
C:\WINNT\system32\csrs.exe
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
删除
C:\WINNT\system32\csrs.exe
C:\WINNT\winlogon.exe

骑着乌龟玩飘移 - 2006-7-3 15:40:00

6楼说的那个我不知道啊！是什么病毒啊？杀不掉么？我该怎么办啊？

骑着乌龟玩飘移 - 2006-7-3 15:55:00

谢谢无邪大哥！

骑着乌龟玩飘移 - 2006-7-3 16:05:00

C:\WINNT\winlogon.exe
这个删了之后又跑出来了！怎么办啊？

叶·幽思 - 2006-7-3 16:09:00

打开注册表:运行:regedit

http://forum.ikaka.com/topic.asp?board=28&artid=7495863

这个木马很变态！！
查杀方法如下：

一、结束WINLOGON.EXE进程。注意，装在C盘的NT系统：木马路径：C:\WINDOWS\WINLOGON.EXE；正常系统进程路经：C:\WINDOWS\SYSTEM32\WINLOGON.EXE。为避免误将系统进程WINLOGON.EXE结束而导致系统崩溃，动手前务必用IceSword等可以显示进程路径的工具鉴别一下。不要用微软自带的任务管理器（它根本就不显示进程路径！）。
二、下载RegFix（一个注册表修复工具）。将Regfix.exe的后缀改为scr，按确定。双击Regfix.scr，自动修复注册表主要文件关联项。
三、找到并删除下列文件（见附图）。
四、修改被木马篡改的注册表项：

1、HKEY_CLASSES_ROOT\.lnk\ShellNew
"Command"="rundll32.com appwiz.cpl,NewLinkHere %1"
删除"Command"="rundll32.com
2、HKEY_CLASSES_ROOT\.bfc\ShellNew
"Command"="%SystemRoot%\\system32\\rundll32.com %SystemRoot%\\system32\\syncui.dll,Briefcase_Create %2!d! %1"
将"Command"="%SystemRoot%\\system32\\rundll32.com改为"Command"="%SystemRoot%\\system32\\rundll32.exe
3、HKEY_CLASSES_ROOT\Applications\iexplore.exe\shell\open\command
将@="\"C:\\Program Files\\Internet Explorer\\iexplore.com\" %1"改为@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1"

4、HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command

将@="\"C:\\Program Files\\Internet Explorer\\iexplore.com\""改为@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\""

5、HKEY_CLASSES_ROOT\cplfile\shell\cplopen\command
@="rundll32.com shell32.dll,Control_RunDLL \"%1\",%*"
删除@="rundll32.com
6、HKEY_CLASSES_ROOT\Drive\shell\find\command

将@="%SystemRoot%\\explorer.com"改为@="%SystemRoot%\\explorer.exe"

7、HKEY_CLASSES_ROOT\dunfile\shell\open\command

将@="%SystemRoot%\\system32\\rundll32.com NETSHELL.DLL,InvokeDunFile %1"改为@="%SystemRoot%\\system32\\rundll32.exe NETSHELL.DLL,InvokeDunFile %1"

8、HKEY_CLASSES_ROOT\ftp\shell\open\command
将@="\"C:\\Program Files\\Internet Explorer\\iexplore.com\" %1"改为@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1"

9、HKEY_CLASSES_ROOT\htmlfile\shell\open\command
将@="\"C:\\Program Files\\Internet Explorer\\iexplore.com\" -nohome"改为@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"

10、HKEY_CLASSES_ROOT\htmlfile\shell\opennew\command

删除@="\"C:\\Program Files\\common~1\\iexplore.pif\" %1"

11、HKEY_CLASSES_ROOT\htmlfile\shell\print\command
删除@=rundll32.com

12、HKEY_CLASSES_ROOT\inffile\shell\Install\command
删除@="%SystemRoot%\\System32\\rundll32.com

13、HKEY_CLASSES_ROOT\InternetShortcut\shell\open\command
删除@="finder.com

14、HKEY_CLASSES_ROOT\scrfile\shell\install\command
删除@="finder.com
15、HKEY_CLASSES_ROOT\scriptletfile\Shell\Generate Typelib\command
删除@="\"C:\\WINDOWS\\system32\\finder.com\"

16、HKEY_CLASSES_ROOT\telnet\shell\open\command
删除@="finder.com

17、HKEY_CLASSES_ROOT\Unknown\shell\openas\command
删除@="%SystemRoot%\\system32\\finder.com
18、HKEY_CLASSES_ROOT\winfiles\Shell\Open\Command
删除@="C:\\WINDOWS\\ExERoute.exe \"%1\" %*"

19、HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
删除"Torjan Program"="C:\\WINDOWS\\WINLOGON.EXE"

20、HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
将"Shell"="Explorer.exe 1"改为"Shell"="Explorer.exe"

我无邪 - 2006-7-3 21:36:00

这个C:\WINNT\winlogon.exe和那个C:\WINNT\winlogon.exe不一样。应该是鸽子这类的杀法就可以了。
楼主你说删除了又有，你是否这样删除了它的服务了呢？？
请再这样做一次，完后，重启，烦再扫份日志粘上来。
运行(双击)System Repair Engineer，点“启动项目，服务，点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务Microsoft Windows Spooler Service，选择“删除服务”点“设置”选择“否”最后重启
重启
ALT+CTRL+DELETE调出任务管理器,终止csrs.exe的进程
运行(双击)System Repair Engineer，使用“启动项目，注册表”来删除以下选项
C:\WINNT\system32\csrs.exe
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
删除
C:\WINNT\system32\csrs.exe
C:\WINNT\winlogon.exe

骑着乌龟玩飘移 - 2006-7-4 11:13:00

无邪大哥！我用扫描时没有发现这一项Microsoft Windows Spooler Service是不是就没问题了？

骑着乌龟玩飘移 - 2006-7-4 11:19:00

怎样截图？11楼说的那个我找到了很多结果！你告诉我怎么截图！帮我看看删除哪一个！

魔法学徒 - 2006-7-4 12:13:00

11楼图中的文件全部可以删除

我无邪 - 2006-7-4 13:12:00

请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

骑着乌龟玩飘移 - 2006-7-4 16:15:00

006-07-04,16:19:33

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><internat.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation]
<SysExplr><C:\HEROSOFT\Hero3000\SYSEXPLR.EXE> []
<KvMonXP><C:\KV2004\KVMonXP.kxp /auto> [JiangMin Ltd.]
<HP Software Update><C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe> []
<HPDJ Taskbar Utility><C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe> [HP]
<DeviceDiscovery><C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe> [Hewlett-Packard]
<C-Media Mixer><Mixer.exe /startup> [C-Media Electronic Inc. (www.cmedia.com.tw)]
<CreativeMixer><C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t> [Creative Technology Ltd.]
<popo2004><C:\Program Files\NetEase\popo2004\Start.exe> [网易(163.com)]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<Windows Logon Application><C:\WINNT\system32\logon.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINNT\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\KV2004\KVSCRK~1.SCR> []

==================================
启动文件夹
[河南网通宽带用户客户端]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\河南网通宽带用户客户端.lnk><N>
[腾讯QQ]
<C:\Documents and Settings\lsy1\「开始」菜单\程序\启动\腾讯QQ.lnk><N>

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[hpdj / hpdj]
<C:\DOCUME~1\lsy1\LOCALS~1\Temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 3500 series -product=><HP>
[KVSrvXP / KVSrvXP]
<C:\KV2004\KVSrvXP.exe -Service><JiangMin Ltd.>

==================================
浏览器加载项
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <F:\软件\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[BrowseHelper Class]
{80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <C:\KV2004\KvShell.dll, JiangMin Lmt>
[解霸]
{367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\HEROSOFT\Hero3000\MPLAYER.EXE, N/A>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[江民杀毒工具栏]
{B5A34A93-D538-43A7-8371-864CB6148D12} <C:\KV2004\KvShell.dll, JiangMin Lmt>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <F:\软件\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

骑着乌龟玩飘移 - 2006-7-4 16:15:00

正在运行的进程
[PID: 136][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 160][\??\C:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 180][\??\C:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6970>
[PID: 208][C:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.6700>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[C:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3>
[PID: 220][C:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.6902>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[PID: 400][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[PID: 424][C:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.6659>
[C:\WINNT\system32\hpzsnt08.dll] <HP><2,223,0,0>
[C:\WINNT\system32\spool\PRTPROCS\W32X86\vprproc.dll] <Windows (R) 2000 DDK provider><5.00.2195.1620>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[PID: 456][C:\WINNT\System32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 472][C:\KV2004\KVSrvXP.exe] <JiangMin Ltd.><8.0.0.311>
[C:\KV2004\UpdateX.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\KVEnhD.dll] <JiangMin Ltd.><8.0.0.311>
[C:\KV2004\KvSPI.dll] <JiangMin Ltd.><8.0.0.312>
[C:\KV2004\KVEnhP.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\KVEnhM.dll] <JiangMin Ltd.><8.0.0.311>
[C:\KV2004\KVEnhC.DLL] <JiangMin Ltd.><8.0.0.311>
[C:\KV2004\KVEnhO_1.dll] <JiangMin Ltd.><8.0.0.314>
[C:\KV2004\KVEnhS_1.dll] <JiangMin Ltd.><8.0.0.313>
[C:\KV2004\KVEnhJ.dll] <JiangMin Ltd.><8.0.0.311>
[C:\KV2004\KVExtCab.dll] <Jiangmin New Tech. Co. Ltd.><8.0.0.309>
[C:\KV2004\KVExtEml.dll] <JiangMin Ltd.><8.0.0.312>
[C:\KV2004\KvExtRar.dll] <Jiangmin New Tech. Co. Ltd.><8.0.0.309>
[C:\KV2004\KvExtZip.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\KVExtLZH_1.dll] <N/A><N/A>
[C:\KV2004\KVEnhK_1.dll] <JiangMin Ltd.><7, 1, 0, 307>
[C:\KV2004\KvSpiPS.dll] <JiangMin Ltd.><8.0.0.309>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[C:\KV2004\lang\PrivateCfg0804.lng] <TODO: <Company name>><1.0.0.1>
[PID: 540][C:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6920>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[PID: 596][C:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100>
[PID: 644][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[PID: 752][C:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690>
[C:\KV2004\UpdateX.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\KVComm_1.dll] <JiangMin Ltd.><8.0.0.312>
[C:\KV2004\GUIExt.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200>
[C:\PROGRA~1\baidu\bar\baidubar.dll] <Baidu.com, Inc.><2, 0, 2, 78>
[C:\KV2004\KvShell.dll] <JiangMin Lmt><8.0.0.309>
[C:\KV2004\lang\Kvxp0804.lng] <N/A><N/A>
[C:\KV2004\APIImpl.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\KVMonXP.kxp] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\UpdateX.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\lang\Kvxp0804.lng] <N/A><N/A>
[C:\KV2004\GUIExt.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200>
[C:\KV2004\KVEnhP.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\KvSpiPS.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\lang\PrivateCfg0804.lng] <TODO: <Company name>><1.0.0.1>
[PID: 932][C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe] <N/A><N/A>
[PID: 924][C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe] <Hewlett-Packard><1, 0, 0, 1>
[C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvd08.dll] <Hewlett-Packard><2, 0, 2, 2>
[C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxm08.dll] <Hewlett-Packard Co.><4.2.0.127>
[PID: 952][C:\WINNT\Mixer.exe] <C-Media Electronic Inc. (www.cmedia.com.tw)><1.60>
[C:\WINNT\System32\cmnprop.dll] <C-Media Corporation><5.00.2195.12>
[PID: 968][C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE] <Creative Technology Ltd.><6.01.1>
[C:\Program Files\Creative\Audio2K\PROGRAM\CTMRES32.DLL] <Creative Technology Ltd.><1.02.0>
[PID: 940][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.1622>
[PID: 980][C:\WINNT\system32\logon.exe] <N/A><N/A>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[PID: 992][C:\WINNT\system32\internat.exe] <Microsoft Corporation><5.00.2920.0000>
[PID: 1012][C:\Program Files\racer-henan-cnc\racer.exe] <Putian Runway><2, 0, 51, 92>
[C:\Program Files\racer-henan-cnc\rwxre.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\nspr4.dll] <Netscape Communications Corporation><4.5 Beta>
[C:\Program Files\racer-henan-cnc\xpcom.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\nss3.dll] <Netscape Communications Corporation><3.9.1>
[C:\Program Files\racer-henan-cnc\softokn3.dll] <Netscape Communications Corporation><3.9.1>
[C:\Program Files\racer-henan-cnc\gkgfx.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\js3250.dll] <Netscape Communications Corporation><4.0>
[C:\Program Files\racer-henan-cnc\components\racer_base_comp.dll] <Putian Runway><2,0,47,87>
[C:\Program Files\racer-henan-cnc\xpcom_compat.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\racer_base.dll] <Putian Runway><2,0,47,87>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[C:\Program Files\racer-henan-cnc\components\pipnss.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\components\gklayout.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\components\jar50.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\components\xpcom_compat_c.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\components\racer_ad_comp.dll] <Putian Runway><2,0,47,87>
[C:\Program Files\racer-henan-cnc\components\racer_access_dhcpplus.dll] <Putian Runway><2,0,47,87>
[C:\Program Files\racer-henan-cnc\dhcpplus.dll] <北京润汇科技有限公司><0, 13, 21, 45>
[C:\Program Files\racer-henan-cnc\components\racer_nss4_comp.dll] <Putian Runway><2,0,47,87>
[C:\Program Files\racer-henan-cnc\nss4.dll] <北京普天润汇科技有限公司><1, 0, 0, 3>
[C:\Program Files\racer-henan-cnc\wpcap.dll] <NetGroup - Politecnico di Torino><3, 1, 0, 24>
[C:\Program Files\racer-henan-cnc\packet.dll] <NetGroup - Politecnico di Torino><3, 1, 0, 24>
[C:\Program Files\racer-henan-cnc\WanPacket.dll] <NetGroup - Politecnico di Torino><3, 1, 0, 24>
[PID: 656][C:\Program Files\racer-henan-cnc\RacerKp.exe] <北京润汇科技有限公司><1, 0, 0, 1>
[PID: 1164][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><5.00.2920.0000>
[F:\软件\MAGICSET\haokanbar.dll] <Xiang Feng Technology><2, 1, 0, 1463>
[C:\PROGRA~1\baidu\bar\baidubar.dll] <Baidu.com, Inc.><2, 0, 2, 78>
[C:\KV2004\KvShell.dll] <JiangMin Lmt><8.0.0.309>
[C:\KV2004\UpdateX.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\lang\Kvxp0804.lng] <N/A><N/A>
[C:\KV2004\KVComm_1.dll] <JiangMin Ltd.><8.0.0.312>
[C:\KV2004\APIImpl.dll] <JiangMin Ltd.><8.0.0.309>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[C:\WINNT\system32\macromed\flash\Flash.ocx] <Macromedia, Inc.><7,0,19,0>
[PID: 1080][F:\智能扫描\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>

骑着乌龟玩飘移 - 2006-7-4 16:16:00

文件关联
.TXT Error. [NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR Error. [%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS Error. [超级解霸3000]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

我无邪 - 2006-7-4 21:55:00

日志以经看不出问题了
你的系统还有异常吗
运行(双击)System Repair Engineer，使用“系统修复，文件关联，勾选“全选”点“修复”使所有扩展名都恢复正常。

骑着乌龟玩飘移 - 2006-7-4 22:39:00

有！还是那个！处理c:\WINNT\system32\services.exe时有问题！需要重启！并且以前删的csrs.exe之类的还会跑出来！重启是因为我在玩网络游戏时发生的！

我无邪 - 2006-7-4 23:07:00

ALT+CTRL+DELETE调出任务管理器,终止logon.exe的进程
运行(双击)System Repair Engineer，使用“启动项目，注册表”来删除以下选项。
C:\WINNT\system32\logon.exe
删除
C:\WINNT\system32\logon.exe
修复后，重启，烦再扫份日志粘上来。

骑着乌龟玩飘移 - 2006-7-5 21:25:00

这个C:\WINNT\system32\logon.exe已经没有了！是不是不用管了？

骑着乌龟玩飘移 - 2006-7-5 21:26:00

2006-07-05,21:29:25

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><internat.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation]
<SysExplr><C:\HEROSOFT\Hero3000\SYSEXPLR.EXE> []
<KvMonXP><C:\KV2004\KVMonXP.kxp /auto> [JiangMin Ltd.]
<HP Software Update><C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe> []
<HPDJ Taskbar Utility><C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe> [HP]
<DeviceDiscovery><C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe> [Hewlett-Packard]
<C-Media Mixer><Mixer.exe /startup> [C-Media Electronic Inc. (www.cmedia.com.tw)]
<CreativeMixer><C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t> [Creative Technology Ltd.]
<popo2004><C:\Program Files\NetEase\popo2004\Start.exe> [网易(163.com)]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINNT\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\KV2004\KVSCRK~1.SCR> []

==================================
启动文件夹
[河南网通宽带用户客户端]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\河南网通宽带用户客户端.lnk><N>
[腾讯QQ]
<C:\Documents and Settings\lsy1\「开始」菜单\程序\启动\腾讯QQ.lnk><N>

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[hpdj / hpdj]
<C:\DOCUME~1\lsy1\LOCALS~1\Temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 3500 series -product=><HP>
[KVSrvXP / KVSrvXP]
<C:\KV2004\KVSrvXP.exe -Service><JiangMin Ltd.>

==================================
浏览器加载项
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <F:\软件\MAGICSET\haokanbar.dll, N/A>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[BrowseHelper Class]
{80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <C:\KV2004\KvShell.dll, JiangMin Lmt>
[解霸]
{367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\HEROSOFT\Hero3000\MPLAYER.EXE, N/A>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[江民杀毒工具栏]
{B5A34A93-D538-43A7-8371-864CB6148D12} <C:\KV2004\KvShell.dll, JiangMin Lmt>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <F:\软件\MAGICSET\haokanbar.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

骑着乌龟玩飘移 - 2006-7-5 21:27:00

正在运行的进程
[PID: 136][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 160][\??\C:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 180][\??\C:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6970>
[PID: 208][C:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.6700>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[C:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3>
[PID: 220][C:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.6902>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[PID: 404][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[PID: 428][C:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.6659>
[C:\WINNT\system32\hpzsnt08.dll] <HP><2,223,0,0>
[C:\WINNT\system32\spool\PRTPROCS\W32X86\vprproc.dll] <Windows (R) 2000 DDK provider><5.00.2195.1620>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[PID: 460][C:\WINNT\System32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 476][C:\KV2004\KVSrvXP.exe] <JiangMin Ltd.><8.0.0.311>
[C:\KV2004\UpdateX.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\KVEnhD.dll] <JiangMin Ltd.><8.0.0.311>
[C:\KV2004\KvSPI.dll] <JiangMin Ltd.><8.0.0.312>
[C:\KV2004\KVEnhP.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\KVEnhM.dll] <JiangMin Ltd.><8.0.0.311>
[C:\KV2004\KVEnhC.DLL] <JiangMin Ltd.><8.0.0.311>
[C:\KV2004\KVEnhO_1.dll] <JiangMin Ltd.><8.0.0.314>
[C:\KV2004\KVEnhS_1.dll] <JiangMin Ltd.><8.0.0.313>
[C:\KV2004\KVEnhJ.dll] <JiangMin Ltd.><8.0.0.311>
[C:\KV2004\KVExtCab.dll] <Jiangmin New Tech. Co. Ltd.><8.0.0.309>
[C:\KV2004\KVExtEml.dll] <JiangMin Ltd.><8.0.0.312>
[C:\KV2004\KvExtRar.dll] <Jiangmin New Tech. Co. Ltd.><8.0.0.309>
[C:\KV2004\KvExtZip.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\KVExtLZH_1.dll] <N/A><N/A>
[C:\KV2004\KVEnhK_1.dll] <JiangMin Ltd.><7, 1, 0, 307>
[C:\KV2004\KvSpiPS.dll] <JiangMin Ltd.><8.0.0.309>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[C:\KV2004\lang\PrivateCfg0804.lng] <TODO: <Company name>><1.0.0.1>
[PID: 532][C:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6920>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[PID: 580][C:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100>
[PID: 608][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[PID: 764][C:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690>
[C:\KV2004\UpdateX.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\KVComm_1.dll] <JiangMin Ltd.><8.0.0.312>
[C:\KV2004\GUIExt.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200>
[C:\PROGRA~1\baidu\bar\baidubar.dll] <Baidu.com, Inc.><2, 0, 2, 78>
[C:\KV2004\KvShell.dll] <JiangMin Lmt><8.0.0.309>
[C:\KV2004\lang\Kvxp0804.lng] <N/A><N/A>
[C:\KV2004\APIImpl.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\KVMonXP.kxp] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\UpdateX.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\lang\Kvxp0804.lng] <N/A><N/A>
[C:\KV2004\GUIExt.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200>
[C:\KV2004\KVEnhP.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\KvSpiPS.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\lang\PrivateCfg0804.lng] <TODO: <Company name>><1.0.0.1>
[PID: 920][C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe] <N/A><N/A>
[PID: 936][C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe] <Hewlett-Packard><1, 0, 0, 1>
[C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvd08.dll] <Hewlett-Packard><2, 0, 2, 2>
[C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxm08.dll] <Hewlett-Packard Co.><4.2.0.127>
[PID: 944][C:\WINNT\Mixer.exe] <C-Media Electronic Inc. (www.cmedia.com.tw)><1.60>
[C:\WINNT\System32\cmnprop.dll] <C-Media Corporation><5.00.2195.12>
[PID: 952][C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE] <Creative Technology Ltd.><6.01.1>
[C:\Program Files\Creative\Audio2K\PROGRAM\CTMRES32.DLL] <Creative Technology Ltd.><1.02.0>
[PID: 968][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.1622>
[PID: 976][C:\WINNT\system32\internat.exe] <Microsoft Corporation><5.00.2920.0000>
[PID: 880][C:\Program Files\racer-henan-cnc\racer.exe] <Putian Runway><2, 0, 51, 92>
[C:\Program Files\racer-henan-cnc\rwxre.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\nspr4.dll] <Netscape Communications Corporation><4.5 Beta>
[C:\Program Files\racer-henan-cnc\xpcom.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\nss3.dll] <Netscape Communications Corporation><3.9.1>
[C:\Program Files\racer-henan-cnc\softokn3.dll] <Netscape Communications Corporation><3.9.1>
[C:\Program Files\racer-henan-cnc\gkgfx.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\js3250.dll] <Netscape Communications Corporation><4.0>
[C:\Program Files\racer-henan-cnc\components\racer_base_comp.dll] <Putian Runway><2,0,47,87>
[C:\Program Files\racer-henan-cnc\xpcom_compat.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\racer_base.dll] <Putian Runway><2,0,47,87>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[C:\Program Files\racer-henan-cnc\components\pipnss.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\components\gklayout.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\components\jar50.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\components\xpcom_compat_c.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\components\racer_ad_comp.dll] <Putian Runway><2,0,47,87>
[C:\Program Files\racer-henan-cnc\components\racer_access_dhcpplus.dll] <Putian Runway><2,0,47,87>
[C:\Program Files\racer-henan-cnc\dhcpplus.dll] <北京润汇科技有限公司><0, 13, 21, 45>
[C:\Program Files\racer-henan-cnc\components\racer_nss4_comp.dll] <Putian Runway><2,0,47,87>
[C:\Program Files\racer-henan-cnc\nss4.dll] <北京普天润汇科技有限公司><1, 0, 0, 3>
[C:\Program Files\racer-henan-cnc\wpcap.dll] <NetGroup - Politecnico di Torino><3, 1, 0, 24>
[C:\Program Files\racer-henan-cnc\packet.dll] <NetGroup - Politecnico di Torino><3, 1, 0, 24>
[C:\Program Files\racer-henan-cnc\WanPacket.dll] <NetGroup - Politecnico di Torino><3, 1, 0, 24>
[PID: 440][C:\WINNT\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 1020][C:\Program Files\racer-henan-cnc\RacerKp.exe] <北京润汇科技有限公司><1, 0, 0, 1>
[PID: 1132][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><5.00.2920.0000>
[C:\PROGRA~1\baidu\bar\baidubar.dll] <Baidu.com, Inc.><2, 0, 2, 78>
[C:\KV2004\KvShell.dll] <JiangMin Lmt><8.0.0.309>
[C:\KV2004\UpdateX.dll] <JiangMin Ltd.><8.0.0.309>
[C:\KV2004\lang\Kvxp0804.lng] <N/A><N/A>
[C:\KV2004\KVComm_1.dll] <JiangMin Ltd.><8.0.0.312>
[C:\KV2004\APIImpl.dll] <JiangMin Ltd.><8.0.0.309>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>
[C:\WINNT\system32\macromed\flash\Flash.ocx] <Macromedia, Inc.><7,0,19,0>
[PID: 616][F:\智能扫描\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINNT\system32\KvWspXp.dll] <JiangMin Ltd.><8.0.0.312>

骑着乌龟玩飘移 - 2006-7-5 21:27:00

文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR Error. [%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS Error. [超级解霸3000]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

骑着乌龟玩飘移 - 2006-7-5 21:31:00

C:\WINNT\system32\logon.exe在System Repair Engineer里的注册表里面没有啊？怎么办？

我无邪 - 2006-7-5 21:51:00

现在系统的情况还是老样样吗
请再扫份日志粘上来。

骑着乌龟玩飘移 - 2006-7-6 10:32:00

2006-07-06,10:36:15

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><internat.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation]
<SysExplr><C:\HEROSOFT\Hero3000\SYSEXPLR.EXE> []
<KvMonXP><C:\KV2004\KVMonXP.kxp /auto> [JiangMin Ltd.]
<HP Software Update><C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe> []
<HPDJ Taskbar Utility><C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe> [HP]
<DeviceDiscovery><C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe> [Hewlett-Packard]
<C-Media Mixer><Mixer.exe /startup> [C-Media Electronic Inc. (www.cmedia.com.tw)]
<CreativeMixer><C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t> [Creative Technology Ltd.]
<popo2004><C:\Program Files\NetEase\popo2004\Start.exe> [网易(163.com)]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<Spooler SubSystem App><C:\WINNT\system32\spooIsv.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINNT\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\KV2004\KVSCRK~1.SCR> []

==================================
启动文件夹
[河南网通宽带用户客户端]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\河南网通宽带用户客户端.lnk><N>
[腾讯QQ]
<C:\Documents and Settings\lsy1\「开始」菜单\程序\启动\腾讯QQ.lnk><N>

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[hpdj / hpdj]
<C:\DOCUME~1\lsy1\LOCALS~1\Temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 3500 series -product=><HP>
[KVSrvXP / KVSrvXP]
<C:\KV2004\KVSrvXP.exe -Service><JiangMin Ltd.>

==================================
浏览器加载项
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <F:\软件\MAGICSET\haokanbar.dll, N/A>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[BrowseHelper Class]
{80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <C:\KV2004\KvShell.dll, JiangMin Lmt>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\音乐\KuGoo3\KuGoo3DownXControl.ocx, N/A>
[解霸]
{367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\HEROSOFT\Hero3000\MPLAYER.EXE, N/A>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[江民杀毒工具栏]
{B5A34A93-D538-43A7-8371-864CB6148D12} <C:\KV2004\KvShell.dll, JiangMin Lmt>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <F:\软件\MAGICSET\haokanbar.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[使用KuGoo3下载(&K)]
<F:\音乐\KUGOO3\KuGoo3DownX.htm, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

瑞星卡卡安全论坛