HijackThis_815汉化版扫描日志 V1.99.1
保存于      13:15:11, 日期 2006-9-2
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\shadow\ShadowService.exe
C:\windows\winupdate.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\Realplayer.exe
C:\windows\zytqxj.exe
C:\Program Files\Windows 流氓软件清理大师\clean.exe
C:\windows\system32\conime.exe
C:\Program Files\Super Rabbit\MagicSet\iehelp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\HijackThis1991汉化版\HijackThis1991zww.exe

F2 - REG:system.ini: UserInit=C:\windows\system32\Userinit.exe
O2 - BHO: (no name) - {E730189A-9973-4121-B046-AD1C161EC3AF} - C:\WINDOWS\system32\37211.dll
O4 - 启动项HKLM\\Run: [PHIME2002ASync] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - 启动项HKLM\\Run: [RunShadowTip] C:\WINDOWS\system32\shadow\ShadowTip.exe
O4 - 启动项HKLM\\Run: [zt] C:\Program Files\Intel\rundll32.exe
O4 - 启动项HKLM\\Run: [TkBellExe] ; ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [Windows木马防火墙] ; C:\Program Files\ftc\Trojanwall.exe
O4 - 启动项HKLM\\Run: [Realplayer.exe] C:\windows\system32\Realplayer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] ; C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD
O4 - HKCU\..\Run: [Realplayer.exe] C:\windows\system32\Realplayer.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\wsd_sock32.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\wsd_sock32.dll
O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - C:\WINDOWS\webwork\webwork.dll
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - (no file)
O23 - NT 服务: Shadow System Service (ShadowSystemService) - Unknown owner - C:\WINDOWS\system32\shadow\ShadowService.exe

你知道c:\windows\system32\wsd_sock32.dll是什么吗？我怀疑它呢

C:\windows\system32\Realplayer.exe这一项看以下的帖子
http://forum.ikaka.com/topic.asp?board=67&artid=8155668

关闭所有浏览窗口以及一些不必要的程序
运行Hijackthis，扫描结束后在下列选项前打上勾，然后选"修复"
O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - C:\WINDOWS\webwork\webwork.dll
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - (no file)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O4 - 启动项HKLM\\Run: [zt] C:\Program Files\Intel\rundll32.exe
O2 - BHO: (no name) - {E730189A-9973-4121-B046-AD1C161EC3AF} - C:\WINDOWS\system32\37211.dll
重启后删除
C:\WINDOWS\system32\37211.dll
C:\Program Files\Intel\rundll32.exe
C:\WINDOWS\webwork
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

2006-09-02,21:48:36

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\windows\system32\ctfmon.exe>  [Microsoft Corporation]
    <Super Rabbit IEPro><C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD>  [Super Rabbit Soft]
    <Realplayer.exe><C:\windows\system32\Realplayer.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>  []
    <RunShadowTip><C:\WINDOWS\system32\shadow\ShadowTip.exe>  [PowerShadow]
    <TkBellExe><; ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  []
    <Windows木马防火墙><; C:\Program Files\ftc\Trojanwall.exe>  [风云谷]
    <Realplayer.exe><C:\windows\system32\Realplayer.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <9><C:\windows\system32\Ravdm.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\windows\system32\Userinit.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]

==================================
启动文件夹
服务
[Database information combine / DbooInfo]
  <><N/A>
[Shadow System Service / ShadowSystemService]
  <C:\WINDOWS\system32\shadow\ShadowService.exe><N/A>

==================================
浏览器加载项
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Schedule Class]
  {8B316DA1-9950-4926-B9EA-1AEC124AFA45} <C:\windows\system32\sscli.dll, >
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[TjqFshnr Class]
  {85693BE7-E6DD-78CB-1074-CF7BD8C04376} <C:\WINDOWS\DOWNLO~1\lkaovc.dll, fiwjksoft>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[WAB Importer/Exporter]
  {AA158CA5-93B4-4CD4-8D8C-BB6F9F515213} <, N/A>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[]
  {E730189A-9973-4121-B046-AD1C161EC3AF} <C:\WINDOWS\system32\37211.dll, N/A>
[bho Class]
  {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} <C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll, 深圳世强软件开发部>

==================================
正在运行的进程
[PID: 420][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 468][\??\C:\windows\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 492][\??\C:\windows\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 544][C:\windows\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 556][C:\windows\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 716][C:\windows\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 776][C:\windows\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\windows\system32\WSD_SOCK32.dll]  <N/A><N/A>
[PID: 872][C:\windows\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\windows\system32\WSD_SOCK32.dll]  <N/A><N/A>
[PID: 944][C:\windows\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1040][C:\windows\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1256][C:\windows\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\PROGRA~1\ftc\Commenu.dll]  <Fygsoft and Microsoft><3.0.0.63>
    [C:\windows\system32\WSD_SOCK32.dll]  <N/A><N/A>
[PID: 1296][C:\windows\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1540][C:\windows\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1548][C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE]  <Super Rabbit Soft><7.76>
    [C:\PROGRA~1\WINDOW~4\shlobj71.ocx]  <Sky Software (http://www.ssware.com)><7, 1, 0, 0>
    [C:\windows\system32\WSD_SOCK32.dll]  <N/A><N/A>
[PID: 1608][C:\WINDOWS\system32\shadow\ShadowService.exe]  <N/A><N/A>
[PID: 248][C:\windows\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\windows\system32\WSD_SOCK32.dll]  <N/A><N/A>
[PID: 968][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll]  <Xiang Feng Technology><2, 2, 0, 1612>
    [C:\windows\system32\WSD_SOCK32.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\macromed\flash\flash.ocx]  <Macromedia, Inc.><6,0,79,0>
[PID: 1732][C:\windows\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1892][E:\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\windows\system32\WSD_SOCK32.dll]  <N/A><N/A>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\windows\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

c:\Program Files\Intel\rundll32.exe里面的东东看不见

打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），使用“启动项目，注册表”来删除以下选项。
C:\windows\system32\Realplayer.exe
C:\windows\system32\Ravdm.exe
关闭所有浏览窗口以及一些不必要的程序
打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），使用“系统修复，浏览器加载项”来删除以下选项。
C:\windows\system32\sscli.dll
C:\WINDOWS\system32\37211.dll
请到http://forum.ikaka.com/topic.asp?board=67&artid=5188931，下载，LSPFix.exe，WinsockXPFix这两个软件
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows

运行LSPFix.exe
删除
WSD_SOCK32.dll
附说明一份
LSPFix.exe这个软件主要用来辅助修复HijackThis扫描发现的O10项。
使用时，请关闭所有IE界面和文件夹界面后运行LSPFix，运行后，把要修复的那一个O10项从左边转到右边，点“Finish”即可。（不过这之前，需要在“I know what I`m doing”前面打勾。）
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
删除
C:\windows\system32\WSD_SOCK32.dll
修复后重启，如果无法上网，请运行WinsockXPFix，让它修复一下。
回到正常模式，请再扫日志粘上来。

C:\windows\system32\WSD_SOCK32.dll安全模式无法册除访问被拒绝.请确定磁盘未满或被写保护而且文件未被使用

2006-09-03,16:03:07

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\windows\system32\ctfmon.exe>  [Microsoft Corporation]
    <Super Rabbit IEPro><C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD>  [Super Rabbit Soft]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>  []
    <RunShadowTip><C:\WINDOWS\system32\shadow\ShadowTip.exe>  [PowerShadow]
    <TkBellExe><; ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  []
    <Windows木马防火墙><; C:\Program Files\ftc\Trojanwall.exe>  [风云谷]
    <Torjan Program><C:\windows\WINLOGON.EXE>  [CyFdqHKB3ES8XNIP2Ynm]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <Torjan Program><C:\windows\WINLOGON.EXE>  [CyFdqHKB3ES8XNIP2Ynm]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <9><C:\windows\system32\Ravdm.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe 1>  []
    <Userinit><C:\windows\system32\Userinit.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]

==================================
启动文件夹
服务
[Database information combine / DbooInfo]
  <><N/A>
[Shadow System Service / ShadowSystemService]
  <C:\WINDOWS\system32\shadow\ShadowService.exe><N/A>

==================================
浏览器加载项
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Schedule Class]
  {8B316DA1-9950-4926-B9EA-1AEC124AFA45} <C:\windows\system32\sscli.dll, >
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[TjqFshnr Class]
  {85693BE7-E6DD-78CB-1074-CF7BD8C04376} <C:\WINDOWS\DOWNLO~1\lkaovc.dll, fiwjksoft>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Schedule Class]
  {8B316DA1-9950-4926-B9EA-1AEC124AFA45} <C:\windows\system32\sscli.dll, >
[WAB Importer/Exporter]
  {AA158CA5-93B4-4CD4-8D8C-BB6F9F515213} <, N/A>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[]
  {E730189A-9973-4121-B046-AD1C161EC3AF} <C:\WINDOWS\system32\37211.dll, N/A>
[bho Class]
  {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} <C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll, 深圳世强软件开发部>

==================================
正在运行的进程
[PID: 288][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 336][\??\C:\windows\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 360][\??\C:\windows\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 404][C:\windows\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 416][C:\windows\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 572][C:\windows\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 632][C:\windows\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 700][C:\windows\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 768][C:\windows\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 816][C:\windows\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1016][C:\windows\Explorer.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\shadow\pDeskTop.dll]  <N/A><N/A>
    [C:\windows\system32\sscli.dll]  <><5, 0, 2195, 6696>
[PID: 1044][C:\windows\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1332][C:\windows\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1384][C:\windows\WINLOGON.EXE]  <CyFdqHKB3ES8XNIP2Ynm><0.00.0097>
[PID: 1496][C:\WINDOWS\system32\shadow\ShadowService.exe]  <N/A><N/A>
[PID: 1968][C:\windows\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1840][C:\WINDOWS\system32\shadow\ShadowTip.exe]  <PowerShadow><1, 0, 0, 1>
    [C:\WINDOWS\system32\shadow\pDeskTop.dll]  <N/A><N/A>
[PID: 716][C:\Program Files\Maxthon\Maxthon.exe]  <Maxthon International Ltd.><1, 5, 2, 21>
    [C:\Program Files\Maxthon\maxzlib.dll]  < ><1, 0, 0, 2>
    [C:\Program Files\Maxthon\Services\RealTime\real_time.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\macromed\flash\flash.ocx]  <Macromedia, Inc.><6,0,79,0>
    [C:\WINDOWS\system32\PNCRT.dll]  <Real Networks, Inc><6.0.0.0>
    [C:\Program Files\Common Files\Real\Common\pnrs3260.dll]  <RealNetworks, Inc.><6.0.9.3584>
    [C:\WINDOWS\system32\rmoc3260.dll]  <RealNetworks, Inc.><6.0.9.1860>
    [C:\Program Files\Real\RealPlayer\rpplugins\embd3260.dll]  <RealNetworks, Inc.><6.0.12.857>
    [C:\Program Files\Common Files\Real\Common\pngu3267.dll]  <RealNetworks, Inc.><6.7.0.2228>
    [C:\Program Files\Common Files\Real\Common\objb3201.dll]  <RealNetworks, Inc.><0.1.0.5835>
    [C:\Program Files\Real\RealPlayer\rpplugins\rpcl3260.dll]  <RealNetworks, Inc.><6.0.9.2622>
    [C:\Program Files\Real\RealPlayer\rpplugins\rput3260.dll]  <RealNetworks, Inc.><6.0.9.2603>
    [C:\Program Files\Common Files\Real\Common\pnen3260.dll]  <RealNetworks, Inc.><10.0.0.441>
    [C:\Program Files\Common Files\Real\Plugins\vsrlocal.dll]  <RealNetworks, Inc.><10.1.0.368>
    [C:\Program Files\Common Files\Real\Plugins\zipf3260.dll]  <RealNetworks, Inc.><6.0.8.2095>
    [C:\Program Files\Common Files\Real\Plugins\vidsite.dll]  <RealNetworks, Inc.><10.0.0.440>
    [C:\Program Files\Common Files\Real\Plugins\clntxres.dll]  <RealNetworks, Inc.><10.0.0.1990>
    [C:\Program Files\Real\RealPlayer\lang\cdplay_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\dbcomp_cn.dll]

[C:\Program Files\Real\RealPlayer\lang\embed_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\gemctl_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\pngui_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\pdgenxfer_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\rjctl_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\rjeq_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\rjres_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\rjskin_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\rjviz_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\rjfade_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\rjdlg_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\rjmisc_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\rjprog_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\rpapp_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\rpclsvc_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\rpclutil_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\rpdemand_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\rpdsplyr_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\rpgutil_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\rpmnpane_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\rpplylst_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\rpwebctl_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\tcdinfo_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\tclsvc_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\tdwnmgr_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\tmp3_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\twave_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\teasdk_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\tmdedit_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Real\RealPlayer\lang\mydevices_cn.dll]  <RealNetworks, Inc.><6.0.12.261>
    [C:\Program Files\Common Files\Real\Plugins\memfsys.dll]  <RealNetworks, Inc.><10.0.0.429>
    [C:\Program Files\Common Files\Real\Plugins\authmgr.dll]  <RealNetworks, Inc.><10.0.0.889>
    [C:\Program Files\Common Files\Real\Codecs\hxltcolor.dll]  <RealNetworks, Inc.><10.0.0.300>
    [C:\Program Files\Common Files\Real\Plugins\ramfformat.dll]  <RealNetworks, Inc.><10.0.0.1218>
    [C:\Program Files\Real\RealPlayer\rpplugins\rpap3260.dll]  <RealNetworks, Inc.><6.0.9.2519>
    [C:\Program Files\Common Files\Real\Plugins\ramrender.dll]  <RealNetworks, Inc.><10.0.0.1350>
    [C:\Program Files\Common Files\Real\Plugins\httpfsys.dll]  <RealNetworks, Inc.><10.0.0.1779>
    [C:\Program Files\Common Files\Real\Plugins\rmfformat.dll]  <RealNetworks, Inc.><10.0.0.715>
    [C:\Program Files\Common Files\Real\Plugins\rarender.dll]  <RealNetworks, Inc.><10.0.0.445>
    [C:\Program Files\Common Files\Real\Codecs\cook.dll]  <RealNetworks, Inc.><10.0.0.682>
    [C:\Program Files\Common Files\Real\Plugins\rvrender.dll]  <RealNetworks, Inc.><10.0.0.442>
    [C:\Program Files\Common Files\Real\Codecs\RV40.DLL]  <RealNetworks, Inc.><10.0.0.922>
    [C:\Program Files\Common Files\Real\Codecs\drvc.dll]  <RealNetworks, Inc.><10.0.0.922>
[PID: 1376][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll]  <Xiang Feng Technology><2, 2, 0, 1612>
    [C:\windows\system32\sscli.dll]  <><5, 0, 2195, 6696>
    [C:\WINDOWS\system32\macromed\flash\flash.ocx]  <Macromedia, Inc.><6,0,79,0>
[PID: 1796][E:\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  Error. [winfiles]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\windows\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

C:\windows\WINLOGON.EXE
这个链接里有它的专杀，建议你下载幸福狮子的专杀，到安全模式下杀一些，然后再扫份日志粘上来。
http://forum.ikaka.com/topic.asp?board=28&artid=8141143

C:\windows\system32\Ravdm.exe
http://forum.ikaka.com/topic.asp?board=28&artid=8156736

关闭所有浏览窗口以及一些不必要的程序
打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），使用“系统修复，浏览器加载项”来删除以下选项。
C:\WINDOWS\system32\37211.dll

做完这两个后，重启，再扫个日志粘上来。

2006-09-04,13:02:46

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\windows\system32\ctfmon.exe>  [Microsoft Corporation]
    <Super Rabbit IEPro><C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD>  [Super Rabbit Soft]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>  []
    <RunShadowTip><C:\WINDOWS\system32\shadow\ShadowTip.exe>  [PowerShadow]
    <TkBellExe><; ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  []
    <Windows木马防火墙><; C:\Program Files\ftc\Trojanwall.exe>  [风云谷]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\windows\system32\Userinit.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]

==================================
启动文件夹
服务
[Database information combine / DbooInfo]
  <><N/A>
[Shadow System Service / ShadowSystemService]
  <C:\WINDOWS\system32\shadow\ShadowService.exe><N/A>

==================================
浏览器加载项
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[TjqFshnr Class]
  {85693BE7-E6DD-78CB-1074-CF7BD8C04376} <C:\WINDOWS\DOWNLO~1\lkaovc.dll, fiwjksoft>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[WAB Importer/Exporter]
  {AA158CA5-93B4-4CD4-8D8C-BB6F9F515213} <, N/A>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[bho Class]
  {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} <C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll, 深圳世强软件开发部>

==================================
正在运行的进程
[PID: 288][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 336][\??\C:\windows\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 360][\??\C:\windows\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 404][C:\windows\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 416][C:\windows\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 572][C:\windows\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 616][C:\windows\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 684][C:\windows\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 756][C:\windows\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 816][C:\windows\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 972][C:\windows\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1068][C:\windows\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\macromed\flash\flash.ocx]  <Macromedia, Inc.><6,0,79,0>
[PID: 1244][C:\windows\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1252][C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE]  <Super Rabbit Soft><7.76>
    [C:\PROGRA~1\WINDOW~4\shlobj71.ocx]  <Sky Software (http://www.ssware.com)><7, 1, 0, 0>
[PID: 1372][C:\WINDOWS\system32\shadow\ShadowService.exe]  <N/A><N/A>
[PID: 1832][C:\windows\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 232][E:\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\windows\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================