用瑞星杀了，提示清除成功，重启还是一样有

还有一个

http://forum.ikaka.com/topic.asp?board=28&artid=6979213第4楼下载System Repair Engineer导出全部日志

提示这个

不管他 先扫日志..

2006-07-17,11:27:02

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Server Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <internat.exe><internat.exe>  [Microsoft Corporation]
    <Super Rabbit Desktop Search><; C:\Program Files\Super Rabbit\MagicSet\srsearch.exe>  []
    <Super Rabbit IEPro><; C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD>  [Super Rabbit Soft]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <ThunderMini><d:\Program Files\Thunder Network\ThunderMini\ThunderMiniShell.exe>  []
    <CnsMin><; Rundll32.exe C:\WINNT\DOWNLO~1\CONFLICT.1\CnsMin.dll,Rundll32>  [北京三七二一科技有限公司]
    <helper.dll><; C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  []
    <SoundMan><; SOUNDMAN.EXE>  [Avance Logic, Inc.]
    <Thunder><; "D:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s>  []
    <bgoomain.exe><; ; >  []
    <KUCO><; ; >  []
    <NTdhcp><; ; >  []
    <pbmini><; ; "C:\Program Files\pcast\PodcastbarMini\PodcastBarMini.exe" -hide>  []
    <RichMedia><; ; C:\WINNT\system32\Rundll32.exe  "C:\PROGRA~1\hbclient\HBHelper.dll",WaitWindows>  []
    <spoolsv><; ; >  []
    <Super Rabbit Desktop Set><; ; C:\Program Files\Super Rabbit\MagicSet\DS.EXE /Load>  []
    <yassistse><; ; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  []
    <YLive.exe><; ; >  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []

==================================
启动文件夹
[Pubwin EP服务控制器]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\Pubwin EP服务控制器.lnk><N>

==================================
服务
[Pubwin Application Server / AppServer]
  <E:\Hintsoft\PubwinServer\appServ\bin\wrapper.exe -s E:\Hintsoft\PubwinServer\appServ\conf\wrapper.conf><N/A>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Pubwin Database / MySQL]
  <E:\Hintsoft\PubwinServer\database\bin\mysqld-nt.exe><N/A>
[Process Launcher / Process Launchere]
  <C:\WINNT\Server.exe><N/A>
[Pubwin Update / PubwinUpdate]
  <E:\Hintsoft\PubwinServer\version\bin\wrapper.exe -s E:\Hintsoft\PubwinServer\version\conf\wrapper.conf><N/A>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

正在运行的进程
[PID: 168][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 192][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 212][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6714>
    [C:\WINNT\ServerKey.DLL]  <N/A><N/A>
[PID: 240][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.6700>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 252][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.6695>
[PID: 432][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 484][C:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.6659>
[PID: 516][C:\WINNT\system32\msdtc.exe]  <Microsoft Corporation><1999.9.3421.3>
[PID: 636][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 664][C:\WINNT\System32\llssrv.exe]  <Microsoft Corporation><5.00.2195.6697>
[PID: 812][C:\WINNT\system32\regsvc.exe]  <Microsoft Corporation><5.00.2195.6701>
[PID: 824][C:\WINNT\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6704>
    [C:\WINNT\ServerKey.DLL]  <N/A><N/A>
[PID: 884][C:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
[PID: 908][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 912][C:\WINNT\system32\Dfssvc.exe]  <Microsoft Corporation><5.00.2195.6664>
[PID: 1016][C:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [C:\WINNT\ServerKey.DLL]  <N/A><N/A>
    [C:\WINNT\system32\xunleibho_v9.dll]  <Thunder Networking Technologies,LTD><4, 5, 1, 33>
    [d:\Program Files\Thunder Network\ThunderMini\ComDlls\XunLeiMiniBHO_001.dll]  <Thunder Networking Technologies,LTD><2, 0, 0, 1>
[PID: 1208][C:\Program Files\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\WINNT\ServerKey.DLL]  <N/A><N/A>
[PID: 1240][C:\WINNT\system32\internat.exe]  <Microsoft Corporation><5.00.2920.0000>
    [C:\WINNT\ServerKey.DLL]  <N/A><N/A>
[PID: 1264][E:\Hintsoft\PubwinServer\version\bin\ServiceManager.exe]  <N/A><N/A>
    [C:\WINNT\ServerKey.DLL]  <N/A><N/A>
[PID: 1268][D:\Program Files\Thunder Network\ThunderMini\program\ThunderMini.exe]  <Thunder Networking Technologies,LTD><2, 0, 0, 29>
    [C:\WINNT\ServerKey.DLL]  <N/A><N/A>
    [D:\Program Files\Thunder Network\ThunderMini\program\download_interface.dll]  <N/A><N/A>
    [D:\Program Files\Thunder Network\ThunderMini\program\UpdateDownload.dll]  <Thunder Networking Technologies,LTD><1, 0, 1, 6>
    [d:\Program Files\Thunder Network\ThunderMini\Components\InMedia\iEmbedShell.dll]  <　><1, 0, 0, 6>
    [d:\Program Files\Thunder Network\ThunderMini\Components\InMedia\iEmbed.dll]  <　><2, 1, 0, 30>
[PID: 728][C:\Program Files\Rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 30>
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
    [C:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\WINNT\ServerKey.DLL]  <N/A><N/A>
[PID: 1212][E:\Hintsoft\PubwinServer\database\bin\mysqld-nt.exe]  <N/A><N/A>
[PID: 1308][C:\WINNT\system32\conime.exe]  <Microsoft Corporation><5.00.2195.6655>
    [C:\WINNT\ServerKey.DLL]  <N/A><N/A>
[PID: 1488][C:\WINNT\System32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
    [C:\WINNT\ServerKey.DLL]  <N/A><N/A>
[PID: 1452][E:\Hintsoft\PubwinServer\appServ\bin\wrapper.exe]  <N/A><N/A>
[PID: 1436][E:\Hintsoft\PubwinServer\appServ\java\bin\java.exe]  <N/A><N/A>
    [E:\Hintsoft\PubwinServer\appServ\java\jre\bin\client\jvm.dll]  <N/A><N/A>
    [E:\Hintsoft\PubwinServer\appServ\java\jre\bin\hpi.dll]  <N/A><N/A>
    [E:\Hintsoft\PubwinServer\appServ\java\jre\bin\verify.dll]  <N/A><N/A>
    [E:\Hintsoft\PubwinServer\appServ\java\jre\bin\java.dll]  <N/A><N/A>
    [E:\Hintsoft\PubwinServer\appServ\java\jre\bin\zip.dll]  <N/A><N/A>
    [E:\Hintsoft\PubwinServer\appServ\java\bin\wrapper.dll]  <N/A><N/A>
    [E:\Hintsoft\PubwinServer\appServ\java\jre\bin\net.dll]  <N/A><N/A>
    [E:\Hintsoft\PubwinServer\appServ\java\bin\a.dll]  <N/A><N/A>
    [E:\Hintsoft\PubwinServer\appServ\java\bin\Crypto.dll]  <N/A><N/A>
    [E:\Hintsoft\PubwinServer\appServ\java\bin\LIBEAY32.dll]  <N/A><N/A>
    [E:\Hintsoft\PubwinServer\appServ\java\bin\c.dll]  <N/A><N/A>
[PID: 1792][E:\Hintsoft\PubwinConsole\PubwinConsole.exe]  <N/A><N/A>
    [E:\Hintsoft\PubwinConsole\log4cpp.dll]  <Bastiaan Bakker, LifeLine Networks bv ><0.3.2rc2>
    [E:\Hintsoft\PubwinConsole\LIBEAY32.dll]  <N/A><N/A>
    [E:\Hintsoft\PubwinConsole\Crypto.dll]  <N/A><N/A>
    [C:\WINNT\ServerKey.DLL]  <N/A><N/A>
    [E:\Hintsoft\PubwinConsole\RealName.dll]  <TODO: <公司名>><1.0.0.1>
    [E:\Hintsoft\PubwinConsole\Drv\MifareReader\MifareReader.dll]  <TODO: <公司名>><1.0.0.1>
    [E:\Hintsoft\PubwinConsole\Drv\MifareReader\MF1\Advic32.dll]  <N/A><N/A>
[PID: 1224][C:\Documents and Settings\Administrator\桌面\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\WINNT\ServerKey.DLL]  <N/A><N/A>
    [C:\Documents and Settings\Administrator\桌面\SREng2\Plugins\SREngPluginDemo.SRE]  <Smallfrogs Studio><1, 1, 1, 0>
[PID: 980][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2800.1106>
    [C:\WINNT\ServerKey.DLL]  <N/A><N/A>
    [C:\WINNT\system32\xunleibho_v9.dll]  <Thunder Networking Technologies,LTD><4, 5, 1, 33>
    [d:\Program Files\Thunder Network\ThunderMini\ComDlls\XunLeiMiniBHO_001.dll]  <Thunder Networking Technologies,LTD><2, 0, 0, 1>
    [C:\WINNT\system32\Macromed\Flash\Flash8b.ocx]  <Macromedia, Inc.><8,0,24,0>
[PID: 1852][E:\聊天\qq\QQ.exe]  <TENCENT><0, 0, 0, 0>
    [E:\聊天\qq\CoralAssist.DLL]  <N/A><4.0.0 Build 20051112>
    [E:\聊天\qq\CoralQQ.DLL]  <Coral Team><4.2.0 Build 20060125>
    [E:\聊天\qq\IPSearcher.dll]  <N/A><1.0.0.4>
    [E:\聊天\qq\QQBaseClassInDll.dll]  <><1, 0, 0, 1>
    [E:\聊天\qq\QQHelperDll.dll]  <><1, 0, 0, 1>
    [E:\聊天\qq\BasicCtrlDll.dll]  <Tencent><5, 0, 200, 14>
    [C:\WINNT\ServerKey.DLL]  <N/A><N/A>
    [E:\聊天\qq\QQAPI.dll]  <><1, 0, 0, 1>
    [E:\聊天\qq\TIMProxy.dll]  <tencent><0, 3, 2, 4>
    [E:\聊天\qq\LoginCtrl.dll]  <><1, 0, 0, 1>
    [E:\聊天\qq\npkcntc.dll]  <INCA Internet Co., Ltd.><2005, 9, 1, 1>
    [E:\聊天\qq\npkpdb.dll]  <INCA Internet Co., Ltd.><2003, 10, 1, 1>
    [E:\聊天\qq\QQRes.dll]  <tencent><1, 0, 0, 1>
    [E:\聊天\qq\QQMainFrame.dll]  <N/A><N/A>
    [E:\聊天\qq\CQQApplication.dll]  <N/A><N/A>
    [E:\聊天\qq\NewSkin.dll]  <><1, 0, 0, 1>
    [E:\聊天\qq\HostingMgr.dll]  <><1, 0, 0, 1>
    [E:\聊天\qq\CameraDll.dll]  <><1, 0, 0, 1>
    [E:\聊天\qq\MailSummary.dll]  <><1, 0, 0, 1>
    [E:\聊天\qq\QQSpace.dll]  <><1, 0, 0, 1>
    [C:\WINNT\system32\msdmo.dll]  <N/A><N/A>
    [E:\聊天\qq\QQGroupMng.dll]  <><1, 0, 0, 1>
    [E:\聊天\qq\QQSysMsgMng.dll]  <N/A><N/A>
    [E:\聊天\qq\QQConfigPlugin.dll]  <><1, 0, 0, 1>
    [E:\聊天\qq\UserDefinedHead.dll]  <><1, 0, 0, 1>
    [E:\聊天\qq\QQAvatar.dll]  <N/A><N/A>
    [E:\聊天\qq\FlashAvatarDll.dll]  <><1, 4, 0, 1>
    [E:\聊天\qq\QQAllInOne.dll]  <N/A><N/A>
    [E:\聊天\qq\SCCore.dll]  <N/A><N/A>
    [E:\聊天\qq\QQCustomFace.dll]  <N/A><N/A>
    [C:\WINNT\system32\Macromed\Flash\Flash8b.ocx]  <Macromedia, Inc.><8,0,24,0>
    [E:\聊天\qq\QQSceneMng.dll]  <N/A><N/A>
    [E:\聊天\qq\QRingMng.dll]  <N/A><N/A>
    [E:\聊天\qq\PhoneAPI.dll]  <><1, 0, 0, 1>
    [E:\聊天\qq\DialerAllinOne.dll]  <tencent><1, 4, 0, 0>
    [E:\聊天\qq\LongConnection.dll]  <tencent><0, 3, 3, 8>
    [E:\聊天\qq\QQPet.dll]  <><1, 0, 0, 1>
    [E:\聊天\qq\BQQApplication.dll]  <N/A><N/A>
    [E:\聊天\qq\QQPlugin.dll]  <N/A><N/A>
    [E:\聊天\qq\ImageOle.dll]  <TODO: <Company name>><1.0.0.1>
    [E:\聊天\qq\CommercesMng.dll]  <><1, 0, 0, 1>
    [E:\聊天\qq\PersonalDesktop.dll]  <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
    [E:\聊天\qq\QQUdpGetFileLib.dll]  <tencent><0, 2, 2, 3>
    [E:\聊天\qq\QQAddr.dll]  <深圳市腾讯计算机系统有限公司><5, 0, 101, 141>
    [E:\聊天\qq\QQPhoneHelper.dll]  <腾讯科技（深圳）有限公司><2, 0, 4, 40>
    [E:\聊天\qq\GroupConnection.dll]  <Tencent><5, 0, 202, 30>
[PID: 1908][E:\聊天\qq\TIMPlatform.exe]  <tencent><0, 3, 1, 8>
    [C:\WINNT\ServerKey.DLL]  <N/A><N/A>
    [E:\聊天\qq\TIMProxy.dll]  <tencent><0, 3, 2, 4>
[PID: 1844][C:\Program Files\Rising\Rav\RsAgent.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [C:\WINNT\ServerKey.DLL]  <N/A><N/A>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 1984][C:\WINNT\msagent\AgentSvr.exe]  <Microsoft Corporation><2.00.0.3422>
    [C:\WINNT\ServerKey.DLL]  <N/A><N/A>

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

[Process Launcher / Process Launchere]
<C:\WINNT\Server.exe><N/A>
鸽子..安全模式...打开注册表编辑器，展开：HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
搜索Process Launchere删除...
删除
C:\WINNT\Server.exe
C:\WINNT\Serverkey.dll