蓝天~~无邪~~来帮我看看日志~~~我电脑又完蛋了,还老死机~~~急~~~ bbs.ikaka.com

nini5110 - 2006-10-9 12:29:00

Logfile of HijackThis v1.99.1
Scan saved at 12:15:16, on 2006-10-9
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Herosoft\Hero 9\SysExplr.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\wuauclt.exe
E:\魔力宝贝\“易玩通”娱乐平台\POLCN_Launcher.exe
F:\hijackthis1991\HijackThis.exe

O2 - BHO: SYM - {36BF6929-DCBC-4CCD-A620-C5E3BBA77B95} - C:\WINDOWS\system32\usercrd.dll
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll
O2 - BHO: bingo - {B626AE7E-4F5D-4CD4-B457-D8693015DEFC} - C:\WINDOWS\system32\amvda.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll
O4 - HKLM\..\Run: [ATICCC] ; ; "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ccApp] ; ; "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] ; ; HDAShCut.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] ; ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002A] ; ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] ; ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [RavTask] ; ; "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [SoundMAX] ; ; "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] ; ; C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Super Rabbit SRRestore] C:\Program Files\Super Rabbit\MagicSet\srrest.exe /autosave
O4 - HKLM\..\Run: [Thunder] ; ; "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
O4 - HKLM\..\Run: [SysExplr] C:\Program Files\Herosoft\Hero 9\SysExplr.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用超级解霸播放 - C:\Program Files\Herosoft\Hero 9\MPURLGET.HTM
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 豪杰超级解霸9 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Program Files\Herosoft\Hero 9\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸9 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Program Files\Herosoft\Hero 9\STHSDVD.EXE
O9 - Extra button: 访问瑞星网站 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} - http://www.rising.com.cn/?u=RSTB (file missing)
O9 - Extra button: 访问卡卡社区 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://www.ikaka.com/?u=RSTB (file missing)
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159235370737
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

早上打开电脑好象又变成之前的情况了,只是这次不跳网页出来了,会修改IE,另外还常出现死机的情况!

我无邪 - 2006-10-9 12:35:00

请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

nini5110 - 2006-10-9 12:43:00

2006-10-09,12:31:20

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ATICCC><; ; "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay> []
<ccApp><; ; "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> []
<High Definition Audio Property Page Shortcut><; ; HDAShCut.exe> []
<IMJPMIG8.1><; ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002A><; ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<PHIME2002ASync><; ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<RavTask><; ; "C:\Program Files\Rising\Rav\RavTask.exe" -system> []
<SoundMAX><; ; "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray> []
<SoundMAXPnP><; ; C:\Program Files\Analog Devices\Core\smax4pnp.exe> []
<Super Rabbit SRRestore><C:\Program Files\Super Rabbit\MagicSet\srrest.exe /autosave> [Super Rabbit Soft]
<Thunder><; ; "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s> []
<SysExplr><C:\Program Files\Herosoft\Hero 9\SysExplr.EXE> []
<CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []

nini5110 - 2006-10-9 12:44:00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\Program Files\Herosoft\Hero 9\解霸屏保.SCR> []

==================================
启动文件夹
服务
[ATI Smart / ATI Smart]
<C:\WINDOWS\system32\ati2sgag.exe><N/A>
[Automatic LiveUpdate Scheduler / Automatic LiveUpdate Scheduler]
<"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"><Symantec Corporation>
[LiveUpdate / LiveUpdate]
<"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"><Symantec Corporation>
[System Event Logger / Mercha2]
<C:\WINDOWS\SYSTEM32\RUNDLL.EXE C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL,Export 1087><N/A>
[SPBBCSvc / SPBBCSvc]
<"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><N/A>
[Symantec Core LC / Symantec Core LC]
<"C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"><N/A>

==================================
浏览器加载项
[SYM]
{36BF6929-DCBC-4CCD-A620-C5E3BBA77B95} <C:\WINDOWS\system32\usercrd.dll, >
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[bingo]
{B626AE7E-4F5D-4CD4-B457-D8693015DEFC} <C:\WINDOWS\system32\amvda.dll, >
[]
{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\coolsign\coolsign.dll, Fengcent>
[豪杰超级解霸9]
{367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\Program Files\Herosoft\Hero 9\STHSDVD.EXE, Herosoft>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[访问瑞星网站]
{FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} <http://www.rising.com.cn/?u=RSTB, N/A>
[访问卡卡社区]
{FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} <http://www.ikaka.com/?u=RSTB, N/A>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash.ocx, Macromedia, Inc.>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[SYM]
{36BF6929-DCBC-4CCD-A620-C5E3BBA77B95} <C:\WINDOWS\system32\usercrd.dll, >
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[bingo]
{B626AE7E-4F5D-4CD4-B457-D8693015DEFC} <C:\WINDOWS\system32\amvda.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash.ocx, Macromedia, Inc.>
[卡卡上网安全助手]

nini5110 - 2006-10-9 12:44:00

{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用超级解霸播放]
<C:\Program Files\Herosoft\Hero 9\MPURLGET.HTM, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 552][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 616][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 644][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 688][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 700][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 848][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 916][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1012][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1108][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1240][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1388][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1608][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 6>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\usercrd.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\amvda.dll] <><1, 0, 0, 1>
[PID: 1644][C:\Program Files\CNNIC\Cdn\cdnup.exe] <><2, 4, 0, 10>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 6>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdntdns.dll] <CNNIC><2, 2, 0, 3>
[PID: 1708][C:\Program Files\Herosoft\Hero 9\SysExplr.EXE] <N/A><N/A>
[C:\Program Files\Herosoft\Hero 9\HttpReq.dll] <N/A><N/A>
[C:\Program Files\Herosoft\Hero 9\CoolMenu.dll] <N/A><N/A>
[C:\Program Files\Herosoft\Hero 9\httphlp.dll] <N/A><N/A>
[C:\Program Files\Herosoft\Hero 9\AVCDROM.dll] <N/A><N/A>
[C:\Program Files\Herosoft\Hero 9\Sys936.DLL] <N/A><N/A>
[PID: 1724][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1472][C:\WINDOWS\SYSTEM32\RUNDLL.EXE] <Microsoft Corporation><5.00.2134.1>
[PID: 456][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 420][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 6>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll] <Xiang Feng Technology><2, 2, 0, 1612>
[C:\WINDOWS\system32\usercrd.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\amvda.dll] <><1, 0, 0, 1>
[PID: 1144][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 6>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\WINDOWS\system32\usercrd.dll] <><1, 0, 0, 1>
[C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll] <Xiang Feng Technology><2, 2, 0, 1612>
[C:\WINDOWS\system32\amvda.dll] <><1, 0, 0, 1>
[PID: 1184][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 1840][C:\WINDOWS\system32\wbem\wmiprvse.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 704][F:\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 6>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

nini5110 - 2006-10-9 13:14:00

无邪~~~~~~~~~~帮我看看啊~~~~

我无邪 - 2006-10-9 13:19:00

下载超级兔子。
http://www.pctutu.com/srmsdown.asp
安装好后，打开“超级兔子优化王”“专业卸载,卸载所有提示的垃圾软件，卸载是不要打开任何浏览窗口。卸载不了可以重启后再去卸载。
卸载完后
打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），点“启动项目，服务，点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务System Event Logger，选择“删除服务”点“设置”选择“否”

重启后删除
C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL
删除你现有的扫描软件
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

nini5110 - 2006-10-9 15:02:00

【回复“我无邪”的帖子】
2006-10-09,14:51:01

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ATICCC><; ; "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay> [N/A]
<ccApp><; ; "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [N/A]
<High Definition Audio Property Page Shortcut><; ; HDAShCut.exe> [N/A]
<IMJPMIG8.1><; ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002A><; ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<PHIME2002ASync><; ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<RavTask><; ; "C:\Program Files\Rising\Rav\RavTask.exe" -system> [N/A]
<SoundMAX><; ; "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray> [N/A]
<SoundMAXPnP><; ; C:\Program Files\Analog Devices\Core\smax4pnp.exe> [N/A]
<Super Rabbit SRRestore><C:\Program Files\Super Rabbit\MagicSet\srrest.exe /autosave> [Super Rabbit Soft]
<Thunder><; ; "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s> [N/A]
<SysExplr><C:\Program Files\Herosoft\Hero 9\SysExplr.EXE> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\Program Files\Herosoft\Hero 9\解霸屏保.SCR> [N/A]

nini5110 - 2006-10-9 15:03:00

==================================
启动文件夹
N/A

==================================
服务
[ASP.NET State Service / aspnet_state]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[ATI Smart / ATI Smart]
<C:\WINDOWS\system32\ati2sgag.exe><N/A>
[Automatic LiveUpdate Scheduler / Automatic LiveUpdate Scheduler]
<"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"><Symantec Corporation>
[LiveUpdate / LiveUpdate]
<"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"><Symantec Corporation>
[MessageService / MessageService]
<C:\WINDOWS\system32\Svchost.exe -k MessageService-->C:\WINDOWS\system32\MsServices\svchost.dll><N/A>
[SPBBCSvc / SPBBCSvc]
<"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><N/A>
[Symantec Core LC / Symantec Core LC]
<"C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"><N/A>
[Distributed Console Manager / Tech]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\mssapi.dll><N/A>

==================================
驱动程序
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService]
<system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[AEAudio Service / AEAudioService]
<system32\drivers\AEAudio.sys><Andrea Electronics Corporation>
[ati2mtag / ati2mtag]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[cdnprot / cdnprot]
<2 - 系统找不到指定的文件。
><N/A>
[VIA Rhine-Family Fast Ethernet Adapter Driver Service / FETND5BV]
<system32\DRIVERS\fetnd5bv.sys><VIA Technologies, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService]
<system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[hfaefjgf / hfaefjgf]
<C:\WINDOWS\SYSTEM32\DRIVERS\hfaefjgf.SYS><中国互联网络信息中心(CNNIC)>
[kmsinput / kmsinput]
<\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[ATK0110 ACPI UTILITY / MTsensor]
<system32\DRIVERS\ASACPI.sys><>
[npkcrypt / npkcrypt]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkcusb / npkcusb]
<\??\C:\Program Files\Tencent\QQ\npkcusb.sys><INCA Internet Co., Ltd.>
[nwlnksipx / nwlnksipx]
<\??\C:\WINDOWS\system32\drivers\nwlnksipx.sys><Microsoft Corporation>
[pcmmup / pcmmup]
<\??\C:\WINDOWS\system32\drivers\pcmmup.sys><N/A>
[ProcServ / ProcServ]
<\??\C:\WINDOWS\system32\drivers\ProcServ.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[SenFilt Service / SenFiltService]
<system32\drivers\Senfilt.sys><Sensaura>
[SPBBCDrv / SPBBCDrv]
<\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><N/A>
[SYMDNS / SYMDNS]
<\SystemRoot\System32\Drivers\SYMDNS.SYS><Symantec Corporation>
[SymEvent / SymEvent]
<\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMFW / SYMFW]
<\SystemRoot\System32\Drivers\SYMFW.SYS><Symantec Corporation>
[SYMIDS / SYMIDS]
<\SystemRoot\System32\Drivers\SYMIDS.SYS><Symantec Corporation>
[symlcbrd / symlcbrd]
<\??\C:\WINDOWS\system32\drivers\symlcbrd.sys><Symantec Corporation>
[SYMNDIS / SYMNDIS]
<\SystemRoot\System32\Drivers\SYMNDIS.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV]
<\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI]
<\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[ViaIde / ViaIde]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>

nini5110 - 2006-10-9 15:04:00

==================================
浏览器加载项
[SYM]
{36BF6929-DCBC-4CCD-A620-C5E3BBA77B95} <C:\WINDOWS\system32\usercrd.dll, >
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[bingo]
{B626AE7E-4F5D-4CD4-B457-D8693015DEFC} <C:\WINDOWS\system32\amvda.dll, >
[豪杰超级解霸9]
{367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\Program Files\Herosoft\Hero 9\STHSDVD.EXE, Herosoft>
[访问瑞星网站]
{FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} <http://www.rising.com.cn/?u=RSTB, N/A>
[访问卡卡社区]
{FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} <http://www.ikaka.com/?u=RSTB, N/A>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash.ocx, Macromedia, Inc.>
[SYM]
{36BF6929-DCBC-4CCD-A620-C5E3BBA77B95} <C:\WINDOWS\system32\usercrd.dll, >
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[bingo]
{B626AE7E-4F5D-4CD4-B457-D8693015DEFC} <C:\WINDOWS\system32\amvda.dll, >
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用超级解霸播放]
<C:\Program Files\Herosoft\Hero 9\MPURLGET.HTM, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 544][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 616][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 644][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 688][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 700][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 848][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 916][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1012][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1100][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1232][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1372][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1644][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\usercrd.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\amvda.dll] [, 1, 0, 0, 1]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll] [, 1, 0, 0, 1]
[PID: 1764][C:\Program Files\Herosoft\Hero 9\SysExplr.EXE] [N/A, N/A]
[C:\Program Files\Herosoft\Hero 9\HttpReq.dll] [N/A, N/A]
[C:\Program Files\Herosoft\Hero 9\CoolMenu.dll] [N/A, N/A]
[C:\Program Files\Herosoft\Hero 9\httphlp.dll] [N/A, N/A]
[C:\Program Files\Herosoft\Hero 9\AVCDROM.dll] [N/A, N/A]
[C:\Program Files\Herosoft\Hero 9\Sys936.DLL] [N/A, N/A]
[PID: 1772][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 392][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1588][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 588][C:\WINDOWS\system32\NOTEPAD.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1040][F:\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================

瑞星卡卡安全论坛