临时解决方法:

用Autoruns修复
HKLM\System\CurrentControlSet\Services   
+ squell1            File not found: C:\DOCUME~1\LIGHTN~1\LOCALS~1\Temp\winrar.sys

运行REGEDIT,删除:
[HKLM\System\controlset00X\squell]      //其中X为1-5的数字
重启系统后清空临时文件夹.
删除so.dll




Autoruns是什么？

Autoruns,一个扫描启动项的小软件,请到我的空间:
http://littlecat.ys168.com
下载

闪电贼厉害啊``  贼厉害啊贼厉害`

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

+ C:\WINNT\system32\userinit.exeUserinit Logon ApplicationMicrosoft Corporationc:\winnt\system32\userinit.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

+ Explorer.exeWindows ExplorerMicrosoft Corporationc:\winnt\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ NvCplDaemonRun a DLL as an AppMicrosoft Corporationc:\winnt\system32\rundll32.exe

+ nwizNVIDIA nView Wizard, Version 45.32 NVIDIA Corporationc:\winnt\system32\nwiz.exe

+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtask.exe

+ RfwMainRising Personal FireWall Main ProgramBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwmain.exe

+ SKYNET Personal FireWallFile not found: C:\Program Files\SkyNet\FireWall\pfw.exe

+ SpeedTouch USB DiagnosticsSpeedTouch StatisticsTHOMSON multimediac:\program files\alcatel\speedtouch usb\dragdiag.exe

+ Synchronization ManagerMicrosoft Synchronization ManagerMicrosoft Corporationc:\winnt\system32\mobsync.exe

+ TkBellExeRealNetworks SchedulerRealNetworks, Inc.c:\program files\common files\real\update_ob\realsched.exe

C:\Documents and Settings\All Users\「开始」菜单\程序\启动

+ Adobe Gamma Loader.lnkAdobe Gamma LoaderAdobe Systems, Inc.c:\program files\common files\adobe\calibration\adobe gamma loader.exe

+ Microsoft Office.lnkMicrosoft Office 2000 componentMicrosoft Corporationc:\program files\microsoft office\office\osa9.exe

C:\Documents and Settings\czl\「开始」菜单\程序\启动

+ 腾讯QQ.lnkQQTENCENTi:\program files\tencent\qq\qq.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ ctfmon.exeCicero LoaderMicrosoft Corporationc:\winnt\system32\ctfmon.exe

+ MsnMsgrFile not found: ;

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ Address Book 5Outlook Express Setup LibraryMicrosoft Corporationc:\program files\outlook express\setup50.exe

+ CRLUpdateUPDCRLMicrosoft Corporationc:\winnt\system32\updcrl.exe

+ EnableRevocationMicrosoft(C) Register ServerMicrosoft Corporationc:\winnt\system32\regsvr32.exe

+ Internet Explorer 6IE 5.0 Per-User Install UtilityMicrosoft Corporationc:\winnt\system32\ie4uinit.exe

+ Internet Explorer 访问Windows NT User Data Migration ToolMicrosoft Corporationc:\winnt\system32\shmgrate.exe

+ Microsoft Outlook Express 6Outlook Express Setup LibraryMicrosoft Corporationc:\program files\outlook express\setup50.exe

+ Microsoft Windows Media PlayerADVPACKMicrosoft Corporationc:\winnt\system32\advpack.dll

+ NetMeeting 3.01ADVPACKMicrosoft Corporationc:\winnt\system32\advpack.dll

+ Outlook Express 访问Windows NT User Data Migration ToolMicrosoft Corporationc:\winnt\system32\shmgrate.exe

+ Windows Media PlayerMicrosoft Windows Media Player 安装实用程序Microsoft Corporationc:\winnt\inf\unregmp2.exe

+ Windows 桌面更新Microsoft(C) Register ServerMicrosoft Corporationc:\winnt\system32\regsvr32.exe

+ 自定义浏览器Microsoft Internet Explorer Customization DLLMicrosoft Corporationc:\winnt\system32\iedkcs32.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

+ Browseui 预加载程序Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 组件类别缓存程序Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ Network.ConnectionTrayNetwork Connections ShellMicrosoft Corporationc:\winnt\system32\netshell.dll

+ SysTraySystray shell service objectMicrosoft Corporationc:\winnt\system32\stobject.dll

+ WebCheckWeb Site MonitorMicrosoft Corporationc:\winnt\system32\webcheck.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ Rising Execute File Exts hookRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\winnt\system32\ravext.dll

+ shell32.dllWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ windowsx.dllc:\winnt\system32\windowsx.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\winnt\system32\ravext.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Web 文件夹Microsoft Web FoldersMicrosoft Corporationc:\program files\common files\microsoft shared\web folders\msonsext.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ Fax Tiff Data Column ProviderFax Tiff Data Column ProviderMicrosoft Corporationc:\winnt\system32\faxshell.dll

+ ShAVColumnProvider classDocProp2Microsoft Corporationc:\winnt\system32\docprop2.dll

+ Version Column ProviderDocProp2Microsoft Corporationc:\winnt\system32\docprop2.dll

+ {0D2E74C4-3C34-11d2-A27E-00C04FC30871}Windows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ {24F14F01-7B1C-11d1-838f-0000F80461CF}Windows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ {24F14F02-7B1C-11d1-838f-0000F80461CF}Windows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ 超级兔子上网精灵HaoKanBar Toolbar ModuleXiang Feng Technologyi:\program files\super rabbit\magicset\haokanbar.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ shdocvw.dllShell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet BarFlashGet IE BarAmaze Softi:\program files\flashget\fgiebar.dll

+ 超级兔子上网精灵HaoKanBar Toolbar ModuleXiang Feng Technologyi:\program files\super rabbit\magicset\haokanbar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGetFlashGetAmaze Softi:\program files\flashget\flashget.exe

+ @shdoclc.dll,-864c:\winnt\web\related.htm

+ Yahoo 3.5G电邮File not found: http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail

+ 清理上网记录File not found: http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean

+ 情景聊天File not found: http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/

+ 腾讯QQQQTENCENTi:\program files\tencent\qq\qq.exe

+ 修复浏览器File not found: http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair

+ 寻宝乐趣多File not found: http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao

+ 雅虎助手File not found: http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

+ autocheck autochk *Auto Check UtilityMicrosoft Corporationc:\winnt\system32\autochk.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

+ Your Image File Name Here without a pathSymbolic Debugger for Windows 2000Microsoft Corporationc:\winnt\system32\ntsd.exe

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls

+ advapi32Advanced Windows 32 Base APIMicrosoft Corporationc:\winnt\system32\advapi32.dll

+ comdlg32Common Dialogs DLLMicrosoft Corporationc:\winnt\system32\comdlg32.dll

+ gdi32GDI Client DLLMicrosoft Corporationc:\winnt\system32\gdi32.dll

+ imagehlpWindows NT Image HelperMicrosoft Corporationc:\winnt\system32\imagehlp.dll

+ kernel32Windows NT BASE API Client DLLMicrosoft Corporationc:\winnt\system32\kernel32.dll

+ lz32LZ Expand/Compress API DLLMicrosoft Corporationc:\winnt\system32\lz32.dll

+ ole32Microsoft OLE for WindowsMicrosoft Corporationc:\winnt\system32\ole32.dll

+ oleaut32Microsoft Corporationc:\winnt\system32\oleaut32.dll

+ olecli32Object Linking and Embedding Client LibraryMicrosoft Corporationc:\winnt\system32\olecli32.dll

+ olecnv32Microsoft OLE for WindowsMicrosoft Corporationc:\winnt\system32\olecnv32.dll

+ olesvr32Object Linking and Embedding Server LibraryMicrosoft Corporationc:\winnt\system32\olesvr32.dll

+ olethk32Microsoft OLE for WindowsMicrosoft Corporationc:\winnt\system32\olethk32.dll

+ rpcrt4Remote Procedure Call RuntimeMicrosoft Corporationc:\winnt\system32\rpcrt4.dll

+ shell32Windows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ urlInternet Shortcut Shell Extension DLLMicrosoft Corporationc:\winnt\system32\url.dll

+ urlmonOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ user32Windows 2000 USER API Client DLLMicrosoft Corporationc:\winnt\system32\user32.dll

+ versionVersion Checking and File Installation LibrariesMicrosoft Corporationc:\winnt\system32\version.dll

+ wininetInternet Extensions for Win32Microsoft Corporationc:\winnt\system32\wininet.dll

+ wldap32Win32 LDAP API DLLMicrosoft Corporationc:\winnt\system32\wldap32.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ crypt32chainCrypto API32Microsoft Corporationc:\winnt\system32\crypt32.dll

+ cryptnetCrypto Network Related APIMicrosoft Corporationc:\winnt\system32\cryptnet.dll

+ cscdllOffline Network AgentMicrosoft Corporationc:\winnt\system32\cscdll.dll

+ sclgntfySecondary Logon Service Notification DLLMicrosoft Corporationc:\winnt\system32\sclgntfy.dll

+ SensLognCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\winnt\system32\wlnotify.dll

+ wzcnotifWireless Zero Configuration Service UIMicrosoft Corporationc:\winnt\system32\wzcdlg.dll

HKCU\Control Panel\Desktop\Scrnsave.exe

+ C:\WINNT\system32\ssstars.scrStarfield Screen SaverMicrosoft Corporationc:\winnt\system32\ssstars.scr

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{1B4BE271-B7D7-43FE-AC26-0F3C153936BD}] DATAGRAM 2Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{1B4BE271-B7D7-43FE-AC26-0F3C153936BD}] SEQPACKET 2Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{374A7842-76AD-4D7D-9B80-3B17A27502A8}] DATAGRAM 4Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{374A7842-76AD-4D7D-9B80-3B17A27502A8}] SEQPACKET 4Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{3EBB0B9B-0AE3-4543-9DB4-34130E584A18}] DATAGRAM 1Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{3EBB0B9B-0AE3-4543-9DB4-34130E584A18}] SEQPACKET 1Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{430B7FA3-0B6C-4A99-A37F-F5B3BAF14B95}] DATAGRAM 3Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{430B7FA3-0B6C-4A99-A37F-F5B3BAF14B95}] SEQPACKET 3Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{46889EB9-E0A5-4522-AFD1-886B24942B22}] DATAGRAM 0Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{46889EB9-E0A5-4522-AFD1-886B24942B22}] SEQPACKET 0Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{A13312CC-110E-4F98-AED3-3BC361E64BAF}] DATAGRAM 5Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{A13312CC-110E-4F98-AED3-3BC361E64BAF}] SEQPACKET 5Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD Tcpip [RAW/IP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD Tcpip [TCP/IP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ MSAFD Tcpip [UDP/IP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\winnt\system32\msafd.dll

+ RSVP TCP Service ProviderMicrosoft Windows Rsvp 1.0 Service ProviderMicrosoft Corporationc:\winnt\system32\rsvpsp.dll

+ RSVP UDP Service ProviderMicrosoft Windows Rsvp 1.0 Service ProviderMicrosoft Corporationc:\winnt\system32\rsvpsp.dll

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ BJ Language MonitorLangage Monitor for Canon Bubble-Jet PrinterMicrosoft Corporationc:\winnt\system32\cnbjmon.dll

Autoruns扫日志是BlackStone大哥教的..
不过,请选中options-hide microsoft services后,再扫描日志上来.
否则微软的东西就占了不少,看不清楚

+ windowsx.dllc:\winnt\system32\windowsx.dll

有问题.

另外,貌似你的日志没有帖完呐..

大侠，暂时只能用这种方法吗？？？？？？
  好像不会太彻底。。。。呵
会让temp里不再生那些ime*.tmp的文件吗？

由于时间问题,测试不是很彻底,如果按我的方法清除后还有其它问题,请把LOG并出现的异常情况的描述等一切解决问题所需要的东西发到我的邮箱:kxzhmc500@sina.com