瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 在的高手请进
feng1885 - 2006-7-8 22:58:00
我这台3000系统的机子问题很多 请指教

附件: 706427200678225106.bmp
feng1885 - 2006-7-8 22:59:00
2006-07-08,21:50:59

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Enterprise Edition  (Build 3790)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
    <MsnMsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <星空极速客户端2.5><C:\Program Files\ChinaNetSn\bin\DialTerminal.exe>  [陕西电信有限公司]
    <ShutdownEventCheck><%systemroot%\system32\dumprep 0 -s>  []
    <Super Rabbit Desktop Set><C:\Program Files\Super Rabbit\MagicSet\DS.EXE /Load>  [Super Rabbit Software]
    <CnsMin><; Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32>  []
    <helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  []
    <NetRGSvr><; C:\program files\GoldenSoft\NetRG\WinNT\Server\NetRGSvr.exe /mix /autocheckpw>  []
    <NTdhcp><; C:\WINDOWS\system32\NTdhcp.exe>  []
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <RichMedia><; C:\WINDOWS\system32\Rundll32.exe  "C:\PROGRA~1\HBClient\tbhelper.dll",WaitWindows>  []
    <Thunder><; "C:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s>  [Thunder Networking Technologies,LTD]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <Update><; C:\Program Files\Common Files\UPDATE\Update.exe>  []
    <vptray><; C:\PROGRA~1\SYMANT~1\VPTray.exe>  [Symantec Corporation]
    <WinsSystem><; C:\Program Files\Internet Explorer\syssmss.exe>  [asdfasdf]
    <yassistse><; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  []
    <YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  []
    <YOKAssiant><; Rundll32.exe C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll,YOKAssiant>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><KB2357802.LOG>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><%SystemRoot%\system32\logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{B9870EA0-492E-46E5-811C-AB0577448921}><C:\WINDOWS\system32\Anskya3.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll>  [Symantec Corporation]
feng1885 - 2006-7-8 22:59:00
启动文件夹
服务
[Symantec Event Manager / ccEvtMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[EPSON Printer Status Agent2 / EPSONStatusAgent2]
  <C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe><SEIKO EPSON CORPORATION>
[NVIDIA Driver Helper Service / NVSvc]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[SavRoam / SavRoam]
  <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Serv-U FTP 服务器 / Serv-U]
  <C:\Program Files\Serv-U\ServUDaemon.exe><N/A>
[Symantec Network Drivers Service / SNDSrvc]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
feng1885 - 2006-7-8 22:59:00
浏览器加载项
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <C:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[Yahoo 1G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[寻宝乐趣多]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao, N/A>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[易趣购物]
  {BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} <http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-209?cn=song;icon;hp&mpro=http://www.ebay.com.cn, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用KuGoo3下载(&K)]
  <, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 356][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 696][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 720][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
    [C:\WINDOWS\system32\NavLogon.dll]  <Symantec Corporation><9.0.0.338>
[PID: 768][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
[PID: 780][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
[PID: 1012][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
[PID: 1088][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
[PID: 1104][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
[PID: 1132][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
[PID: 1300][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
    [C:\WINDOWS\system32\EBPMON2.DLL]  <SEIKO EPSON CORPORATION><2, 39, 0, 0>
[PID: 1356][C:\WINDOWS\system32\msdtc.exe]  <Microsoft Corporation><2001.12.4720.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
[PID: 1448][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
[PID: 1472][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
[PID: 1520][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
[PID: 1808][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
    [C:\WINDOWS\system32\Anskya3.dll]  <N/A><N/A>
[PID: 496][C:\WINDOWS\system32\Dfssvc.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
[PID: 568][C:\Program Files\Super Rabbit\MagicSet\DS.EXE]  <Super Rabbit Software><1.50>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
    [C:\WINDOWS\system32\Anskya3.dll]  <N/A><N/A>
[PID: 684][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
    [C:\WINDOWS\system32\Anskya3.dll]  <N/A><N/A>
[PID: 1252][C:\WINDOWS\system32\wbem\wmiprvse.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
[PID: 1704][C:\Documents and Settings\Administrator\桌面\hhhh\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
    [C:\WINDOWS\system32\Anskya3.dll]  <N/A><N/A>
[PID: 1844][C:\Documents and Settings\Administrator\桌面\hhhh\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
    [C:\WINDOWS\system32\Anskya3.dll]  <N/A><N/A>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================
我无邪 - 2006-7-8 23:16:00
运行(双击)System Repair Engineer,使用“启动项目,注册表”选中要修复的项
KB2357802.LOG
点“编辑”在“值”里删除KB2357802.LOG
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
运行(双击)System Repair Engineer,使用“启动项目,注册表”来删除以下选项。
C:\WINDOWS\system32\NTdhcp.exe

C:\WINDOWS\system32\Anskya3.dll


双击我的电脑,工具,文件夹选项,查看,单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件(推荐)"复选框。在提示确定更改时,单击“是”,清除“隐藏已知文件类型的扩展名
删除
C:\WINDOWS\system32\NTdhcp.exe

C:\WINDOWS\system32\Anskya3.dll

C:\WINDOWS\KB2357802.LOG
如果还有异常,请再扫份日志粘来。
feng1885 - 2006-7-8 23:59:00
【回复“我无邪”的帖子
你好  这两个都没找到
C:\WINDOWS\system32\NTdhcp.exe

C:\WINDOWS\system32\Anskya3.dll
这个找到了还和你所说的不一样 C:\WINDOWS\KB2357802.LOG如图

附件: 706427200678235133.bmp
feng1885 - 2006-7-8 23:59:00
2006-07-08,23:42:54

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Enterprise Edition  (Build 3790)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
    <MsnMsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <星空极速客户端2.5><; C:\Program Files\ChinaNetSn\bin\DialTerminal.exe>  [陕西电信有限公司]
    <CnsMin><; Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32>  []
    <NetRGSvr><; C:\program files\GoldenSoft\NetRG\WinNT\Server\NetRGSvr.exe /mix /autocheckpw>  []
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <Thunder><; "C:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s>  [Thunder Networking Technologies,LTD]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <vptray><; C:\PROGRA~1\SYMANT~1\VPTray.exe>  [Symantec Corporation]
    <yassistse><; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  []
    <YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  []
    <YOKAssiant><; Rundll32.exe C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll,YOKAssiant>  []
    <Microsoft Internet Explorer><; C:\WINDOWS\system32\iexplore.exe>  []
    <Microsoft (R) Windows Update Manager><; C:\WINDOWS\update\updmgr.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><%SystemRoot%\system32\logonui.exe>  [Microsoft Corporation]
feng1885 - 2006-7-9 0:00:00
启动文件夹
服务
[Symantec Event Manager / ccEvtMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[EPSON Printer Status Agent2 / EPSONStatusAgent2]
  <C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe><SEIKO EPSON CORPORATION>
[NVIDIA Driver Helper Service / NVSvc]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[SavRoam / SavRoam]
  <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Serv-U FTP 服务器 / Serv-U]
  <C:\Program Files\Serv-U\ServUDaemon.exe><N/A>
[Symantec Network Drivers Service / SNDSrvc]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[Windows Update Manager / UpdateManager]
  <C:\WINDOWS\update\updmgr.exe /updatemgr><N/A>
feng1885 - 2006-7-9 0:00:00
浏览器加载项
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 184][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 232][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 256][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\system32\NavLogon.dll]  <Symantec Corporation><9.0.0.338>
[PID: 300][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 312][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 528][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 552][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 736][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.3790.0 (srv03_rtm.030324-2048)>
    [C:\Program Files\Tencent\QQ\qdshm.dll]  <><1, 0, 1, 2>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  <Symantec Corporation><9.0.0.338>
    [C:\Documents and Settings\Administrator\Documents and Settings\Administrator\桌面\的\VCvtShell.dll]  <N/A><N/A>
    [C:\Documents and Settings\Administrator\Documents and Settings\Administrator\桌面\的\VCvtS936.dll]  <N/A><N/A>
[PID: 816][C:\WINDOWS\system32\wbem\wmiprvse.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 964][C:\WINDOWS\system32\NOTEPAD.EXE]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 980][C:\Documents and Settings\Administrator\桌面\hhhh\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
[PID: 1144][C:\Program Files\SuperSoft\RdfSnap\RdfSnap.exe]  <非常软件(北京)工作室><1.02.0003>
    [C:\Program Files\SuperSoft\RdfSnap\PicFormat32.ocx]  <Taproot><1.00.0001>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
我无邪 - 2006-7-9 0:25:00
不一样的不要删除
注意区分才好
你的这个日志和上面的日志有出处啊
也罢,现在以这个日志为修复
运行(双击)System Repair Engineer,点“启动项目,服务,点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务Windows Update Manager,选择“删除服务”点“设置”选择“否”最后重启
ALT+CTRL+DELETE调出任务管理器,终止所有iexplore.exe,updmgr.exe的进程
运行(双击)System Repair Engineer,使用“启动项目,注册表”来删除以下选项。
C:\WINDOWS\system32\iexplore.exe
C:\WINDOWS\update\updmgr.exe

重启
删除
C:\WINDOWS\system32\iexplore.exe
C:\WINDOWS\update\updmgr.exe
ms.芠 - 2006-7-9 0:59:00
C:\WINDOWS\system32\iexplore.exe
是不好得程序么?
feng1885 - 2006-7-9 1:10:00
【回复“我无邪”的帖子】
这个文件删不掉

附件: 70642720067910226.bmp
feng1885 - 2006-7-9 1:13:00
开机显示这个提示

附件: 70642720067910519.bmp
feng1885 - 2006-7-9 1:14:00
2006-07-09,00:53:14

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Enterprise Edition  (Build 3790)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
    <MsnMsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <星空极速客户端2.5><; C:\Program Files\ChinaNetSn\bin\DialTerminal.exe>  [陕西电信有限公司]
    <CnsMin><; Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32>  []
    <NetRGSvr><; C:\program files\GoldenSoft\NetRG\WinNT\Server\NetRGSvr.exe /mix /autocheckpw>  []
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <Thunder><; "C:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s>  [Thunder Networking Technologies,LTD]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <vptray><; C:\PROGRA~1\SYMANT~1\VPTray.exe>  [Symantec Corporation]
    <yassistse><; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  []
    <YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  []
    <YOKAssiant><; Rundll32.exe C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll,YOKAssiant>  []
    <Microsoft Internet Explorer><C:\WINDOWS\system32\iexplore.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><%SystemRoot%\system32\logonui.exe>  [Microsoft Corporation]

==================================
启动文件夹
服务
[Symantec Event Manager / ccEvtMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[EPSON Printer Status Agent2 / EPSONStatusAgent2]
  <C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe><SEIKO EPSON CORPORATION>
[NVIDIA Driver Helper Service / NVSvc]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[SavRoam / SavRoam]
  <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Serv-U FTP 服务器 / Serv-U]
  <C:\Program Files\Serv-U\ServUDaemon.exe><N/A>
[Symantec Network Drivers Service / SNDSrvc]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>

==================================
浏览器加载项
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
feng1885 - 2006-7-9 1:14:00
正在运行的进程
[PID: 452][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 500][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 780][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 824][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 836][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1056][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1128][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1144][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1176][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1296][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\system32\EBPMON2.DLL]  <SEIKO EPSON CORPORATION><2, 39, 0, 0>
[PID: 1348][C:\WINDOWS\system32\msdtc.exe]  <Microsoft Corporation><2001.12.4720.0 (srv03_rtm.030324-2048)>
[PID: 1432][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1452][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1516][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1868][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.3790.0 (srv03_rtm.030324-2048)>
    [C:\Program Files\Tencent\QQ\qdshm.dll]  <><1, 0, 1, 2>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  <Symantec Corporation><9.0.0.338>
    [C:\Documents and Settings\Administrator\Documents and Settings\Administrator\桌面\的\VCvtShell.dll]  <N/A><N/A>
    [C:\Documents and Settings\Administrator\Documents and Settings\Administrator\桌面\的\VCvtS936.dll]  <N/A><N/A>
[PID: 212][C:\WINDOWS\system32\Dfssvc.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 384][C:\WINDOWS\system32\iexplore.exe]  <N/A><N/A>
[PID: 560][C:\WINDOWS\system32\wbem\wmiprvse.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1104][C:\Program Files\SuperSoft\RdfSnap\RdfSnap.exe]  <非常软件(北京)工作室><1.02.0003>
    [C:\Program Files\SuperSoft\RdfSnap\PicFormat32.ocx]  <Taproot><1.00.0001>
[PID: 1700][C:\Documents and Settings\Administrator\桌面\hhhh\SREng.exe]  <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
我无邪 - 2006-7-9 1:26:00
那个提示的对话框,是每次重启后都有吗?
这个一定要删除
要终止它后,才能删除的
请到www.27814939.ys168.com,点“我的软件”下载诺顿进程管理器,终止所有iexplore.exe的进程
运行(双击)System Repair Engineer,使用“启动项目,注册表”来删除以下选项
C:\WINDOWS\system32\iexplore.exe
最后,再在硬盘上删除它。
feng1885 - 2006-7-9 1:29:00
s是的  每次重起都有  我先去找找你说的软件 你一直在吗
feng1885 - 2006-7-9 1:36:00
【回复“我无邪”的帖子】
点“我的软件”以后  没有找到要下栽的诺顿软件  请给说详细点好吗 谢谢了
我无邪 - 2006-7-9 1:44:00
我的网络U盘很正常啊
是你不够仔细的缘故
不过,刚刚我又看了你的日记,你可以用兔子的进程管理器来终止这个进程。记住有几个终止几个,终止后就删除它。
feng1885 - 2006-7-9 2:14:00
我用兔子扫的进程只找到了一个 删掉了  下图是进程 看看还有吗

附件: 70642720067920624.bmp
feng1885 - 2006-7-9 2:15:00
硬盘上只找到了这几个 没敢删

附件: 70642720067920733.bmp
轩辕小聪 - 2006-7-9 2:26:00
20楼中间那个,删!
feng1885 - 2006-7-9 2:47:00
引用:
【轩辕小聪的贴子】20楼中间那个,删!
...........................


附件: 70642720067923941.bmp
我无邪 - 2006-7-9 11:01:00
请再扫份日志粘上来。
feng1885 - 2006-7-9 13:35:00
【回复“我无邪”的帖子】

1楼 12楼的问题依然存在 后面是刚扫描的日志
feng1885 - 2006-7-9 13:35:00
2006-07-09,13:20:48

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Enterprise Edition  (Build 3790)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
    <MsnMsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [Microsoft Corporation]
    <ServUTrayIcon><>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <星空极速客户端2.5><; C:\Program Files\ChinaNetSn\bin\DialTerminal.exe>  [陕西电信有限公司]
    <CnsMin><; Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32>  []
    <NetRGSvr><; C:\program files\GoldenSoft\NetRG\WinNT\Server\NetRGSvr.exe /mix /autocheckpw>  []
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <Thunder><; "C:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s>  [Thunder Networking Technologies,LTD]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <vptray><; C:\PROGRA~1\SYMANT~1\VPTray.exe>  [Symantec Corporation]
    <yassistse><; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  []
    <YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  []
    <YOKAssiant><; Rundll32.exe C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll,YOKAssiant>  []
    <Microsoft Internet Explorer><C:\WINDOWS\system32\iexplore.exe>  []
    <Windows Explorer><C:\WINDOWS\system32\explorer.exe>  []
    <Microsoft (R) Windows Update Manager><C:\WINDOWS\update\updmgr.exe>  []
    <Client Server Runtime Process><C:\WINDOWS\system32\csrs.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><%SystemRoot%\system32\logonui.exe>  [Microsoft Corporation]

==================================
启动文件夹
服务
[Symantec Event Manager / ccEvtMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[EPSON Printer Status Agent2 / EPSONStatusAgent2]
  <C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe><SEIKO EPSON CORPORATION>
[NVIDIA Driver Helper Service / NVSvc]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[SavRoam / SavRoam]
  <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Serv-U FTP 服务器 / Serv-U]
  <C:\Program Files\Serv-U\ServUDaemon.exe><N/A>
[Symantec Network Drivers Service / SNDSrvc]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[Windows Update Manager / UpdateManager]
  <C:\WINDOWS\update\updmgr.exe /updatemgr><N/A>

==================================
浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v4.dll, >
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
feng1885 - 2006-7-9 13:35:00
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 328][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 476][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 756][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 800][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 820][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1116][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1132][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1148][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1312][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\system32\EBPMON2.DLL]  <SEIKO EPSON CORPORATION><2, 39, 0, 0>
[PID: 1336][C:\WINDOWS\system32\msdtc.exe]  <Microsoft Corporation><2001.12.4720.0 (srv03_rtm.030324-2048)>
[PID: 1420][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1440][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1484][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1692][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\system32\xunleibho_v4.dll]  <><4, 3, 2, 29>
    [C:\Program Files\Tencent\QQ\qdshm.dll]  <><1, 0, 1, 2>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  <Symantec Corporation><9.0.0.338>
    [C:\Documents and Settings\Administrator\Documents and Settings\Administrator\桌面\的\VCvtShell.dll]  <N/A><N/A>
    [C:\Documents and Settings\Administrator\Documents and Settings\Administrator\桌面\的\VCvtS936.dll]  <N/A><N/A>
[PID: 1700][C:\WINDOWS\update\updmgr.exe]  <N/A><N/A>
[PID: 1868][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3292>
[PID: 1980][C:\WINDOWS\system32\csrs.exe]  <N/A><N/A>
[PID: 276][C:\WINDOWS\system32\Dfssvc.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 548][C:\WINDOWS\system32\wbem\wmiprvse.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 2016][C:\Program Files\ChinaNetSn\bin\Dialterminal.exe]  <陕西电信有限公司><0, 0, 1, 6>
[PID: 208][C:\Documents and Settings\Administrator\桌面\hhhh\SREng.exe]  <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
feng1885 - 2006-7-9 14:28:00
顶起来  无邪给看看啊
叶·幽思 - 2006-7-9 16:08:00
安全模式下用Killbox

http://forum.ikaka.com/topic.asp?board=28&artid=6979213  3楼,删除C:\WINDOWS\system32\iexplore.exe

C:\WINDOWS\system32\csrs.exe



看你的启动项:C:\WINDOWS\system32\iexplore.exe

运行regedit,按F3查找"iexplore.exe",注意路径.
feng1885 - 2006-7-9 17:21:00
【回复“叶·幽思”的帖子】
现在正常启动到了最后滚动条扫描那就重起了 可以进入安全模式界面 但是选择安全模式进入后几秒中也是重起 应该怎么办啊
12
查看完整版本: 在的高手请进
© 2000 - 2026 Rising Corp. Ltd.