前面发的帖子沉掉了，再来发一个，【求助】 bbs.ikaka.com

Lukejc - 2006-7-12 19:56:00

系统XP

前两天卡巴突然很奇怪的出问题
然后就在右下角的托盘区消失了
可进程还在而且还不能关闭 “拒绝访问”
这之后系统速度越来越慢
今天晚上还不能浏览网页和上QQ了
前者提示找不到服务器后者提示QQ.EXE出了什么问题
我上RISING.COM查了一下
有7 8种五花八门的病毒木马的说
然后我把系统切到WIN2000 用那边的江民和灰鸽子专杀查杀
切回XP后还是不能浏览
我调出进程看到一个叫VIPTRAY.EXE的奇怪东东
马上把它OFF掉
然后就可以浏览了
可是速度减慢了N倍
我又到安全模式下把这个文件DELETE掉
结果速度提升了
网页却不能浏览了
而且会提示SVCHOST和EXPLORER错误的
更可怕的是提示完错误系统就不行了
很少看到XP这样惨的
无数次重启后我知道这样没意义了
又回到安全模式用超级兔子做了完整的修复
结果一点没变就是系统在提示完错误后不会死了
然后我有用WinsockxpFix 不管用
我又试验了一下QQ 结果发现每次开始登录这个进程就OFF了

我无邪 - 2006-7-12 21:19:00

请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

Lukejc - 2006-7-12 22:23:00

2006-07-12,22:06:49

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><D:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SoundMAXPnP><D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe> [Analog Devices, Inc.]
<SoundMAX><"D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray> [Analog Devices, Inc.]
<BigDogPath><D:\WINDOWS\VM_STI.EXE USB PC Camera 301P> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><D:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><D:\Documents and Settings\Luke\桌面\Pooh with friends.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
<WinlogonNotify: AtiExtEvent><Ati2evxx.dll> [ATI Technologies Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<AddrPlus2><; RUNDLL32.EXE D:\PROGRA~1\TENCENT\AddrPlus\QAHook1.dll,Rundll32> []
<AddrPlus3><; D:\PROGRA~1\TENCENT\AddrPlus\Runner.exe D:\PROGRA~1\TENCENT\AddrPlus\QAHook1.dll Rundll32> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; D:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<IMSCMig><; D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<KAVPersonal50><; "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<LDM><; D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe> []
<LetsCool><; D:\Program Files\LetsCool\LetsCool.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<LogitechVideoRepair><; D:\Program Files\Logitech\Video\ISStart.exe> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MSMSGS><; "D:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
<msq><; D:\WINDOWS\system32\msq.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MSService_v1.0><; D:\WINDOWS\system\servicess.exe> []
<mynewpad><; D:\Program Files\Handpad\mynewpad.exe> [Ping-IT Computer System Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MyShares><; d:\program Files\易虎\MyShares.exe /tray> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002A><; D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<PHIME2002ASync><; D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<RegBar><; regsvr32.exe /u D:\progra~1\blogmark\bocaitoolbar.dll /s /i /n> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<RoxioAudioCentral><; "D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"> [Roxio, Inc.]
<RoxioDragToDisc><; "D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"> [Roxio]
<RoxioEngineUtility><; "D:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"> [Roxio]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<SDO2005><; D:\Program Files\盛大圈圈\SDOClient.exe> [上海盛大网络发展有限公司]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<spoolsv><; D:\WINDOWS\system32\spoolsv\spoolsv.exe -printer> []
<StatusClient><; D:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto> [Hewlett-Packard]
<StormCodec_Helper><; "c:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []
<SunJavaUpdateSched><; D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe> [Sun Microsystems, Inc.]
<supdate2.dll><; RUNDLL32.EXE D:\WINDOWS\system32\supdate2.dll,Run> []
<Symantec NetDriver Monitor><; D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer> [Symantec Corporation]
<Thunder><; "D:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s> []
<ThunderMini><; D:\Program Files\Thunder Network\ThunderMini\ThunderMiniShell.exe> []
<TkBellExe><; "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<TomcatStartup><; D:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe> [Hewlett-Packard]
<Ulead Video@Home Scheduling Wizard><; D:\Program Files\Ulead Systems\Ulead Video@Home 2.0\monitor.exe> [Ulead Systems, Inc.]
<WangWang><; "D:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE"> [淘宝（中国）软件有限公司]
<Windows木马防火墙><; D:\Program Files\ftc\Trojanwall.exe> []
<yassistse><; "D:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"> []
<YLive.exe><; D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> []
<YOKAssiant><; Rundll32.exe D:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll,YOKAssiant> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<词霸Online自启动><; D:\Program Files\Kingsoft\iciba\Iciba.exe> []

==================================
启动文件夹
服务
[Adobe LM Service / Adobe LM Service]
<"D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Ati HotKey Poller / Ati HotKey Poller]
<D:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
<D:\WINDOWS\system32\ati2sgag.exe><>
[Macromedia Licensing Service / Macromedia Licensing Service]
<"D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[Pml Driver HPZ12 / Pml Driver HPZ12]
<D:\WINDOWS\system32\HPZipm12.exe><HP>
[Symantec Network Drivers Service / SNDSrvc]
<"D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
<D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[windows / windows]
<D:\Program Files\Windows NT\htrn_jis_nhv.exe><N/A>

Lukejc - 2006-7-12 22:23:00

==================================
浏览器加载项
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <e:\Program Files\Tencent\qq\QQ.EXE, TENCENT>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <D:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[Java Plug-in 1.5.0_04]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll, Sun Microsystems, Inc.>
[]
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <D:\WINDOWS\system32\macromed\download\Download.dll, Macromedia, Inc.>
[Java Plug-in 1.5.0_04]
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <D:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <D:\WINDOWS\system32\xunleibho_v13.dll, N/A>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, N/A>
[实用搜索]
{15ADF205-4C54-4CFE-AC88-1EA0BA6D06A0} <, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <D:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <D:\WINDOWS\system32\dllcache\dhtmled.ocx, Microsoft Corporation>
[RealPlayer RAM Download Handler]
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <D:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <D:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[NaviHelperObj Class]
{3E422F49-1566-40D3-B43D-077EF739AC32} <D:\WINDOWS\system32\NaviHelper.dll, TODO: <公司名>>
[KmediaHelper Class]
{42D25F15-CF07-4A72-B191-DB0792BF310C} <D:\WINDOWS\system32\Kmedia.dll, Kmedia>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <D:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[AdsHlpObj Class]
{49A94665-B1F5-4F05-B9C7-FB6E336E49BD} <D:\WINDOWS\system32\AdsObj.dll, N/A>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <D:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[SAVCtrl Control]
{54515250-473C-413E-8194-A18D367E8936} <D:\WINDOWS\system32\SAVCtrl.ocx, 上海盛大网络发展有限公司>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Windows Media Services DRM Storage object]
{760C4B83-E211-11D2-BF3E-00805FBE84A6} <D:\WINDOWS\system32\drmstor.dll, Microsoft Corporation>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <D:\Program Files\Thunder Network\ThunderMini\Components\InMedia\MediaAddin04.dll, N/A>
[搜虎]
{7A38130D-BEB7-4D60-BE7A-4C4AB6A85CD1} <, N/A>
[AdsObj2 Class]
{7DDEA238-3E32-43FD-8223-A5E15D9666FF} <D:\WINDOWS\system32\AdsHlp2.dll, N/A>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <D:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[Java Plug-in 1.5.0_04]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll, Sun Microsystems, Inc.>
[ThunderMini Browser Helper]
{8E6C1C49-F9CE-4311-9FB4-D70E8B0AEAEB} <D:\Program Files\Thunder Network\ThunderMini\ComDlls\XunLeiMiniBHO_002.dll, N/A>
[Qzone Media Tools]
{AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} <e:\PROGRA~1\Tencent\qq\VQQPLA~1.OCX, Tencent Technology (Shenzhen) Company Limited>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <D:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Messenger Object]
{B69003B3-C55E-4B48-836C-BC5946FC3B28} <D:\Program Files\Messenger\msgsc.dll, Microsoft Corporation>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <D:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <D:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[Letscool System Helper]
{F0C15012-7DBD-4068-95A2-0A82DB03AC35} <D:\WINDOWS\system32\CoolBho.dll, LETSCOOL Network Technology>
[google bar]
{F651FCAA-F826-4922-8990-C6F99CC67AFC} <D:\WINDOWS\Win32ef.dll, N/A>
[上传到QQ网络硬盘]
<E:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<E:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<E:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<E:\Program Files\Tencent\qq\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 452][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 500][\??\D:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 524][\??\D:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[D:\WINDOWS\system32\Ati2evxx.dll] <ATI Technologies Inc.><6.14.10.4109>
[PID: 568][D:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 580][D:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 728][D:\WINDOWS\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4109>
[D:\WINDOWS\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2495>
[PID: 744][D:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 812][D:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 872][D:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 968][D:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1016][D:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1216][D:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[D:\WINDOWS\system32\HPBMMON.DLL] <Hewlett-Packard><10.00.16>
[D:\WINDOWS\system32\hppamon0.dll] <HP><5, 0, 5, 0>
[D:\WINDOWS\system32\hpdomon.dll] <Hewlett-Packard><03.42.00>
[D:\WINDOWS\system32\HPBHealr.dll] <N/A><N/A>
[D:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL] <Zenographics, Inc.><5, 54, 330, 0>
[D:\WINDOWS\system32\Imf32.dll] <Zenographics, Inc.><5, 60, 1204, 0>
[D:\WINDOWS\system32\ZTAG32.dll] <Zenographics, Inc.><5, 60, 1210, 0>
[D:\WINDOWS\system32\ZSPOOL.dll] <Zenographics, Inc.><5, 51, 709, 0>
[D:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll] <Windows (R) 2000 DDK provider><5.00.2195.1620>
[PID: 1592][D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] <Microsoft Corporation><7.00.9466>
[PID: 1720][D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] <Analog Devices, Inc.><3, 2, 6, 0>
[PID: 1748][D:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 228][D:\WINDOWS\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4109>
[D:\WINDOWS\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2495>
[PID: 1080][D:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 416][D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe] <Analog Devices, Inc.><4, 0, 4, 11>
[D:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll] <Analog Device, Inc.><1, 0, 22, 26>
[PID: 472][D:\Program Files\Analog Devices\SoundMAX\Smax4.exe] <Analog Devices, Inc.><4, 0, 4, 25>
[PID: 480][D:\WINDOWS\VM_STI.EXE] <VM.><4.2.610.4>
[D:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[PID: 492][D:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1316][D:\Program Files\WinRAR\WinRAR.exe] <Eugene Roshal><3.30>
[PID: 1344][D:\DOCUME~1\Luke\LOCALS~1\Temp\Rar$EX00.781\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["D:\WINDOWS\hh.exe" %1]
.HLP Error. [D:\WINDOWS\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS Error. []
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

我无邪 - 2006-7-13 0:40:00

运行(双击)System Repair Engineer，使用“系统修复，文件关联，勾选“全选”点“修复”使所有扩展名都恢复正常。
运行(双击)System Repair Engineer，点“启动项目，服务，点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务windows，选择“删除服务”点“设置”选择“否”
先到添加删除程序里卸载雅虎助手
下载超级兔子。
http://www.pctutu.com/srmsdown.asp
安装好后，打开“超级兔子清理王”“专业卸载,卸载所有提示的垃圾软件，卸载是不要打开任何浏览窗口。卸载不了可以重启后再去卸载。
卸载完后重启。
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
运行(双击)System Repair Engineer，使用“启动项目，注册表”来删除以下选项
D:\WINDOWS\system\servicess.exe
D:\WINDOWS\system32\msq.exe
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
删除
D:\WINDOWS\system\servicess.exe
D:\WINDOWS\system32\msq.exe
D:\Program Files\Windows NT
回到正常模式，请再扫份日志粘上来。

Lukejc - 2006-7-13 8:47:00

重装系统了而且把卡巴想办法卸载重装了
现在除了迅雷都没问题了
还是按您老说的做了一下 servicess没找到
2006-07-13,08:34:45

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><D:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<LDM><; D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe> []
<LetsCool><; D:\Program Files\LetsCool\LetsCool.exe> []
<MSMSGS><; "D:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
<MyShares><; d:\program Files\易虎\MyShares.exe /tray> []
<RegBar><; regsvr32.exe /u D:\progra~1\blogmark\bocaitoolbar.dll /s /i /n> []
<SDO2005><; D:\Program Files\盛大圈圈\SDOClient.exe> [上海盛大网络发展有限公司]
<词霸Online自启动><; D:\Program Files\Kingsoft\iciba\Iciba.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SoundMAXPnP><D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe> [Analog Devices, Inc.]
<SoundMAX><"D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray> [Analog Devices, Inc.]
<BigDogPath><D:\WINDOWS\VM_STI.EXE USB PC Camera 301P> []
<AddrPlus2><; RUNDLL32.EXE D:\PROGRA~1\TENCENT\AddrPlus\QAHook1.dll,Rundll32> []
<AddrPlus3><; D:\PROGRA~1\TENCENT\AddrPlus\Runner.exe D:\PROGRA~1\TENCENT\AddrPlus\QAHook1.dll Rundll32> []
<IMJPMIG8.1><"D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<IMSCMig><; D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<KAVPersonal50><"G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize> [Kaspersky Lab]
<LogitechVideoRepair><; D:\Program Files\Logitech\Video\ISStart.exe> []
<MSService_v1.0><; D:\WINDOWS\system\servicess.exe> []
<mynewpad><; D:\Program Files\Handpad\mynewpad.exe> [Ping-IT Computer System Inc.]
<PHIME2002A><D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<PHIME2002ASync><D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<RoxioAudioCentral><; "D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"> [Roxio, Inc.]
<RoxioDragToDisc><; "D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"> [Roxio]
<RoxioEngineUtility><; "D:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"> [Roxio]
<StatusClient><; D:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto> [Hewlett-Packard]
<StormCodec_Helper><; "c:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []
<SunJavaUpdateSched><; D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe> [Sun Microsystems, Inc.]
<supdate2.dll><; RUNDLL32.EXE D:\WINDOWS\system32\supdate2.dll,Run> []
<Symantec NetDriver Monitor><; D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer> [Symantec Corporation]
<Thunder><; "D:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s> []
<ThunderMini><; D:\Program Files\Thunder Network\ThunderMini\ThunderMiniShell.exe> []
<TkBellExe><; "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<TomcatStartup><; D:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe> [Hewlett-Packard]
<Ulead Video@Home Scheduling Wizard><; D:\Program Files\Ulead Systems\Ulead Video@Home 2.0\monitor.exe> [Ulead Systems, Inc.]
<WangWang><; "D:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE"> [淘宝（中国）软件有限公司]
<Windows木马防火墙><; D:\Program Files\ftc\Trojanwall.exe> []
<yassistse><; "D:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"> []
<YLive.exe><; D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> []
<YOKAssiant><; Rundll32.exe D:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll,YOKAssiant> []
<IMEKRMIG6.1><D:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE> [Microsoft Corporation]
<MSPY2002><D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC> []
<DAYEESPEEDCD><G:\Program Files\大易极速??光?\dyspeedcd.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><D:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><E:\wjc'sd\studa_国外最新发布XP登陆画面(16个)\new\宇智波佐助Sasuke\LogonUI.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
<WinlogonNotify: AtiExtEvent><Ati2evxx.dll> [ATI Technologies Inc.]

==================================
启动文件夹
服务
[Adobe LM Service / Adobe LM Service]
<"D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Ati HotKey Poller / Ati HotKey Poller]
<D:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
<D:\WINDOWS\system32\ati2sgag.exe><>
[kavsvc / kavsvc]
<"G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>
[Macromedia Licensing Service / Macromedia Licensing Service]
<"D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[Pml Driver HPZ12 / Pml Driver HPZ12]
<D:\WINDOWS\system32\HPZipm12.exe><HP>
[Symantec Network Drivers Service / SNDSrvc]
<"D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
<D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>

Lukejc - 2006-7-13 8:48:00

重装系统了而且把卡巴想办法卸载重装了
现在除了迅雷都没问题了
还是按您老说的做了一下 servicess没找到
2006-07-13,08:34:45

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><D:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<LDM><; D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe> []
<LetsCool><; D:\Program Files\LetsCool\LetsCool.exe> []
<MSMSGS><; "D:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
<MyShares><; d:\program Files\易虎\MyShares.exe /tray> []
<RegBar><; regsvr32.exe /u D:\progra~1\blogmark\bocaitoolbar.dll /s /i /n> []
<SDO2005><; D:\Program Files\盛大圈圈\SDOClient.exe> [上海盛大网络发展有限公司]
<词霸Online自启动><; D:\Program Files\Kingsoft\iciba\Iciba.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SoundMAXPnP><D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe> [Analog Devices, Inc.]
<SoundMAX><"D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray> [Analog Devices, Inc.]
<BigDogPath><D:\WINDOWS\VM_STI.EXE USB PC Camera 301P> []
<AddrPlus2><; RUNDLL32.EXE D:\PROGRA~1\TENCENT\AddrPlus\QAHook1.dll,Rundll32> []
<AddrPlus3><; D:\PROGRA~1\TENCENT\AddrPlus\Runner.exe D:\PROGRA~1\TENCENT\AddrPlus\QAHook1.dll Rundll32> []
<IMJPMIG8.1><"D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<IMSCMig><; D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<KAVPersonal50><"G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize> [Kaspersky Lab]
<LogitechVideoRepair><; D:\Program Files\Logitech\Video\ISStart.exe> []
<MSService_v1.0><; D:\WINDOWS\system\servicess.exe> []
<mynewpad><; D:\Program Files\Handpad\mynewpad.exe> [Ping-IT Computer System Inc.]
<PHIME2002A><D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<PHIME2002ASync><D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<RoxioAudioCentral><; "D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"> [Roxio, Inc.]
<RoxioDragToDisc><; "D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"> [Roxio]
<RoxioEngineUtility><; "D:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"> [Roxio]
<StatusClient><; D:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto> [Hewlett-Packard]
<StormCodec_Helper><; "c:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []
<SunJavaUpdateSched><; D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe> [Sun Microsystems, Inc.]
<supdate2.dll><; RUNDLL32.EXE D:\WINDOWS\system32\supdate2.dll,Run> []
<Symantec NetDriver Monitor><; D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer> [Symantec Corporation]
<Thunder><; "D:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s> []
<ThunderMini><; D:\Program Files\Thunder Network\ThunderMini\ThunderMiniShell.exe> []
<TkBellExe><; "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<TomcatStartup><; D:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe> [Hewlett-Packard]
<Ulead Video@Home Scheduling Wizard><; D:\Program Files\Ulead Systems\Ulead Video@Home 2.0\monitor.exe> [Ulead Systems, Inc.]
<WangWang><; "D:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE"> [淘宝（中国）软件有限公司]
<Windows木马防火墙><; D:\Program Files\ftc\Trojanwall.exe> []
<yassistse><; "D:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"> []
<YLive.exe><; D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> []
<YOKAssiant><; Rundll32.exe D:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll,YOKAssiant> []
<IMEKRMIG6.1><D:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE> [Microsoft Corporation]
<MSPY2002><D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC> []
<DAYEESPEEDCD><G:\Program Files\大易极速??光?\dyspeedcd.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><D:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><E:\wjc'sd\studa_国外最新发布XP登陆画面(16个)\new\宇智波佐助Sasuke\LogonUI.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
<WinlogonNotify: AtiExtEvent><Ati2evxx.dll> [ATI Technologies Inc.]

==================================
启动文件夹
服务
[Adobe LM Service / Adobe LM Service]
<"D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Ati HotKey Poller / Ati HotKey Poller]
<D:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
<D:\WINDOWS\system32\ati2sgag.exe><>
[kavsvc / kavsvc]
<"G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>
[Macromedia Licensing Service / Macromedia Licensing Service]
<"D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[Pml Driver HPZ12 / Pml Driver HPZ12]
<D:\WINDOWS\system32\HPZipm12.exe><HP>
[Symantec Network Drivers Service / SNDSrvc]
<"D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
<D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>

Lukejc - 2006-7-13 8:48:00

==================================
浏览器加载项
[免费精彩视频超流畅在线观看]
{022C4009-5283-4365-97BF-144054B40E2E} <http://itv.mop.com, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <e:\Program Files\Tencent\qq\QQ.EXE, TENCENT>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <D:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <D:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[Java Plug-in 1.5.0_04]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll, Sun Microsystems, Inc.>
[]
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <D:\WINDOWS\system32\macromed\download\Download.dll, Macromedia, Inc.>
[Java Plug-in 1.5.0_04]
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <D:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[pCastPanel Class]
{FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} <D:\WINDOWS\Downloaded Program Files\pCastCtl.dll, >
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <D:\WINDOWS\system32\xunleibho_v13.dll, N/A>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, N/A>
[实用搜索]
{15ADF205-4C54-4CFE-AC88-1EA0BA6D06A0} <, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <D:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <D:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[RealPlayer RAM Download Handler]
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <D:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <D:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[NaviHelperObj Class]
{3E422F49-1566-40D3-B43D-077EF739AC32} <D:\WINDOWS\system32\NaviHelper.dll, TODO: <公司名>>
[KmediaHelper Class]
{42D25F15-CF07-4A72-B191-DB0792BF310C} <D:\WINDOWS\system32\Kmedia.dll, Kmedia>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <D:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[AdsHlpObj Class]
{49A94665-B1F5-4F05-B9C7-FB6E336E49BD} <D:\WINDOWS\system32\AdsObj.dll, N/A>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <D:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[SAVCtrl Control]
{54515250-473C-413E-8194-A18D367E8936} <D:\WINDOWS\system32\SAVCtrl.ocx, 上海盛大网络发展有限公司>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Windows Media Services DRM Storage object]
{760C4B83-E211-11D2-BF3E-00805FBE84A6} <D:\WINDOWS\system32\drmstor.dll, Microsoft Corporation>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <D:\Program Files\Thunder Network\ThunderMini\Components\InMedia\MediaAddin04.dll, N/A>
[搜虎]
{7A38130D-BEB7-4D60-BE7A-4C4AB6A85CD1} <, N/A>
[AdsObj2 Class]
{7DDEA238-3E32-43FD-8223-A5E15D9666FF} <D:\WINDOWS\system32\AdsHlp2.dll, N/A>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <D:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[Java Plug-in 1.5.0_04]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll, Sun Microsystems, Inc.>
[ThunderMini Browser Helper]
{8E6C1C49-F9CE-4311-9FB4-D70E8B0AEAEB} <D:\Program Files\Thunder Network\ThunderMini\ComDlls\XunLeiMiniBHO_002.dll, N/A>
[Qzone Media Tools]
{AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} <e:\PROGRA~1\Tencent\qq\VQQPLA~1.OCX, Tencent Technology (Shenzhen) Company Limited>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <D:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Messenger Object]
{B69003B3-C55E-4B48-836C-BC5946FC3B28} <D:\Program Files\Messenger\msgsc.dll, Microsoft Corporation>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <D:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <D:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[Letscool System Helper]
{F0C15012-7DBD-4068-95A2-0A82DB03AC35} <D:\WINDOWS\system32\CoolBho.dll, LETSCOOL Network Technology>
[google bar]
{F651FCAA-F826-4922-8990-C6F99CC67AFC} <D:\WINDOWS\Win32ef.dll, N/A>
[pCastPanel Class]
{FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} <D:\WINDOWS\Downloaded Program Files\pCastCtl.dll, >
[上传到QQ网络硬盘]
<E:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<E:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<E:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<E:\Program Files\Tencent\qq\SendMMS.htm, N/A>

Lukejc - 2006-7-13 8:48:00

==================================
正在运行的进程
[PID: 728][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 776][\??\D:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 800][\??\D:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[D:\WINDOWS\system32\Ati2evxx.dll] <ATI Technologies Inc.><6.14.10.4109>
[PID: 844][D:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 856][D:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1016][D:\WINDOWS\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4109>
[D:\WINDOWS\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2495>
[PID: 1032][D:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1108][D:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1204][D:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1272][D:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1400][D:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1604][D:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[D:\WINDOWS\system32\HPBMMON.DLL] <Hewlett-Packard><10.00.16>
[D:\WINDOWS\system32\hppamon0.dll] <HP><5, 0, 5, 0>
[D:\WINDOWS\system32\hpdomon.dll] <Hewlett-Packard><03.42.00>
[D:\WINDOWS\system32\HPBHealr.dll] <N/A><N/A>
[D:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL] <Zenographics, Inc.><5, 54, 330, 0>
[D:\WINDOWS\system32\Imf32.dll] <Zenographics, Inc.><5, 60, 1204, 0>
[D:\WINDOWS\system32\ZTAG32.dll] <Zenographics, Inc.><5, 60, 1210, 0>
[D:\WINDOWS\system32\ZSPOOL.dll] <Zenographics, Inc.><5, 51, 709, 0>
[D:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll] <Windows (R) 2000 DDK provider><5.00.2195.1620>
[PID: 456][D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] <Microsoft Corporation><7.00.9466>
[PID: 716][D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] <Analog Devices, Inc.><3, 2, 6, 0>
[PID: 768][D:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1312][D:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1964][D:\WINDOWS\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4109>
[D:\WINDOWS\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2495>
[PID: 496][D:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[D:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[c:\Program Files\Ringz Studio\Storm Codec\Codecs\OGGSplt.ax] <Gabest><1, 0, 0, 0>
[D:\WINDOWS\system32\ffdshow.ax] <N/A><1.0.2.24>
[c:\Program Files\Ringz Studio\Storm Codec\Codecs\TTL2Dec.dll] <N/A><N/A>
[c:\Program Files\Ringz Studio\Storm Codec\Codecs\Vid1Dec.dll] <N/A><N/A>
[c:\Program Files\Ringz Studio\Storm Codec\Codecs\mpeg2dmx.ax] <Moonlight Cordless Ltd.><3, 1, 200, 50117>
[G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] <Kaspersky Lab><5.0.388.1>
[E:\Program Files\Tencent\qq\qdshm.dll] <><1, 0, 1, 2>
[D:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[PID: 1280][D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe] <Analog Devices, Inc.><4, 0, 4, 11>
[D:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll] <Analog Device, Inc.><1, 0, 22, 26>
[PID: 772][D:\Program Files\Analog Devices\SoundMAX\Smax4.exe] <Analog Devices, Inc.><4, 0, 4, 25>
[PID: 708][D:\WINDOWS\VM_STI.EXE] <VM.><4.2.610.4>
[D:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[PID: 1696][D:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3488][D:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] <Kaspersky Lab><5.0.388.0>
[G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll] <Kaspersky Lab><5.0.388.2>
[G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll] <Kaspersky Lab><5.0.388.0>
[G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[g:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[g:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[g:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[g:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[D:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 2824][G:\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["D:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

Lukejc - 2006-7-13 15:06:00

顶顶不要沉了

Lukejc - 2006-7-14 18:50:00

还是沉了
接着顶

我无邪 - 2006-7-14 21:19:00

D:\WINDOWS\system\servicess.exe
这个东东还在，你告诉我， D:\WINDOWS\system\servicess.exe
是怎么一回事。
你的系统流氓软件多多，请下载兔子卸载。
方法看上。

无线人 - 2006-7-14 22:31:00

重装吧，否则很难弄好

Lukejc - 2006-7-15 12:32:00

那个文件找不到啊
兔兔不管用在安全模式下也不行
重装只能保证72个小时正常

我无邪 - 2006-7-15 13:17:00

有那么怪？
如果你的硬盘里没有什么重要的东东
你不用重新分区格式化重装系统。

Lukejc - 2006-7-16 10:04:00

饿我没明白你的意思
如果是建议我把硬盘格式化的话... 那肯定不行

我无邪 - 2006-7-16 11:02:00

你可以找你的经销商，到它那导出你硬盘里的东东，然后再格盘。
我说的是，如果按你说，重装了系统只能保持72小时正常的情况下（说真的，我还不信呢）

Lukejc - 2006-7-16 11:38:00

你大概没明白我的意思我是说如果重装的话系统大概在2 3天时可以正常稳定的运行然后就会出问题但不一定是原来的问题

Lukejc - 2006-7-17 23:26:00

顶顶

Lukejc - 2006-7-20 8:32:00

人呢接着顶

瑞星卡卡安全论坛