这是日志




2006-10-03,13:30:24

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
    <Super Rabbit IEPro><C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD>  [Super Rabbit Soft]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <FASTKEY><; C:\Program Files\Lenovo\功能键盘\HotKeyB.exe>  [联想电脑公司]
    <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
    <SoundMan><; SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <HF_GameClient><; C:\Program Files\浩方对战平台\gameclient.exe>  [上海浩方在线信息技术有限公司]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk><N>

==================================
服务
[Symantec Event Manager / ccEvtMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[LexBce Server / LexBceS]
  <C:\WINDOWS\system32\LEXBCES.EXE><Lexmark International, Inc.>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[SavRoam / SavRoam]
  <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[Computer Storage / WIDETS]
  <C:\WINDOWS\SYSTEM32\RUNDLL.EXE C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL,Export 1087><N/A>

==================================

浏览器加载项
[google bar]
  {607E95A1-8F89-4343-B9BC-2EFC2B291BB4} <C:\WINDOWS\system32\googlebar.dll, Google Inc.>
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[bingo]
  {B626AE7E-4F5D-4CD4-B457-D8693015DEFC} <C:\WINDOWS\system32\amvda.dll, >
[BrowserProxy4]
  {BCF4D74B-E6BD-4C8F-83D7-90D6439705B9} <C:\WINDOWS\system32\AlxTbl.dll,  Alexa Internet>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[ActiveMovieControl Object]
  {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\WINDOWS\system32\dllcache\vgx.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\system32\dllcache\dhtmled.ocx, Microsoft Corporation>
[SYM]
  {36BF6929-DCBC-4CCD-A620-C5E3BBA77B95} <C:\WINDOWS\system32\usercrd.dll, >
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[google bar]
  {607E95A1-8F89-4343-B9BC-2EFC2B291BB4} <C:\WINDOWS\system32\googlebar.dll, Google Inc.>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, N/A>
[perfdp]
  {995FF616-7583-4D6B-9675-EED24EDC93BB} <C:\WINDOWS\system32\perfidp.dll, N/A>
[Spoolsv Class]
  {9C363D55-07D7-433D-A13E-D9C105202F6F} <C:\WINDOWS\system32\drivers\spoolsv.dll, >
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XBTP03129 Class]
  {B07D1F6B-6B8C-4904-8EE8-5E5A2B4624B3} <C:\PROGRA~1\MICRSO~1\SEARCH~1.DLL, IE Toolbar>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[bingo]
  {B626AE7E-4F5D-4CD4-B457-D8693015DEFC} <C:\WINDOWS\system32\amvda.dll, >
[BrowserProxy4]
  {BCF4D74B-E6BD-4C8F-83D7-90D6439705B9} <C:\WINDOWS\system32\AlxTbl.dll,  Alexa Internet>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
  {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[TencentVmpCtl Class]
  {D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation>
[Class]
  {EB21FA8C-3CEB-402C-A113-5F173BE954ED} <C:\WINDOWS\system32\evttdoe.dll, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================

正在运行的进程
[PID: 592][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 640][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 664][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 708][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 720][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 876][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 972][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1072][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1148][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1272][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1360][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe]  <Symantec Corporation><2.2.0.577>
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  <Symantec Corporation><2.2.0.577>
[PID: 1488][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe]  <Symantec Corporation><2.2.0.577>
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  <Symantec Corporation><2.2.0.577>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL]  <Symantec Corporation><2.2.0.577>
[PID: 1496][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\nvcpl.dll]  <NVIDIA Corporation><6.14.10.8185>
    [C:\WINDOWS\system32\NVRSZHC.DLL]  <NVIDIA Corporation><6.14.10.8185>
    [C:\WINDOWS\system32\nvshell.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\amvda.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\msdmo.dll]  <N/A><N/A>
[PID: 1696][C:\WINDOWS\system32\LEXBCES.EXE]  <Lexmark International, Inc.><7.1>
    [C:\WINDOWS\system32\lexp2p32.dll]  <Lexmark International, Inc.><7.1>
    [C:\WINDOWS\system32\lex2kusb.dll]  <Lexmark International, Inc.><7.1>
[PID: 1724][C:\WINDOWS\system32\LEXPPS.EXE]  <Lexmark International, Inc.><7.1>
    [C:\WINDOWS\system32\LEXBCE.DLL]  <Lexmark International, Inc.><7.1>
[PID: 1732][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
    [C:\WINDOWS\system32\LEXLMPM.DLL]  <Lexmark International, Inc.><7.1>
    [C:\WINDOWS\system32\LexBce.dll]  <Lexmark International, Inc.><7.1>
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LG12PP5C.dll]  <Lexmark International><1.0.7.2>
    [C:\WINDOWS\system32\lg12pwr.dll]  <Lexmark International, Inc.><1, 0, 1, 0>
[PID: 1784][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3208>
[PID: 1864][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1944][C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE]  <Super Rabbit Soft><7.80>
    [C:\PROGRA~1\SUPERR~1\MagicSet\shlobj71.ocx]  <Sky Software (http://www.ssware.com)><7, 1, 0, 0>
[PID: 1504][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 328][C:\Program Files\Symantec AntiVirus\DefWatch.exe]  <Symantec Corporation><9.0.0.338>
[PID: 400][C:\WINDOWS\system32\Svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [c:\windows\system32\msservices\update\svchost.dll]  <N/A><N/A>
    [c:\windows\system32\msservices\update\MsService.dll]  <><1, 0, 0, 1>
    [c:\windows\system32\msservices\update\unreg1.dll]  <N/A><N/A>
    [c:\windows\system32\msservices\update\OldUnReg.dll]  <N/A><N/A>
[PID: 432][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 456][C:\WINDOWS\system32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.8185>
[PID: 896][C:\WINDOWS\system32\server.exe]  <Microsoft Corporation><5, 1, 2600, 2180>
[PID: 1392][C:\Program Files\Symantec AntiVirus\Rtvscan.exe]  <Symantec Corporation><9.0.0.338>
    [C:\WINDOWS\system32\CBA.DLL]  <Intel? Corporation><6.12.0.112 E>
    [C:\WINDOWS\system32\MsgSys.dll]  <Intel? Corporation><6.12.0.112 E>
    [C:\WINDOWS\system32\NTS.dll]  <Intel? Corporation><6.12.0.112 E>
    [C:\WINDOWS\system32\PDS.DLL]  <Intel? Corporation><6.12.0.112 E>
    [C:\Program Files\Symantec AntiVirus\NAVLU.dll]  <Symantec Corporation><9.0.0.338>
    [C:\Program Files\Symantec AntiVirus\I2ldvp3.dll]  <Symantec Corporation><9.0.0.338>
    [C:\Program Files\Symantec AntiVirus\ecmldr32.DLL]  <Symantec Corp.><1.1.0.3>
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  <Symantec Corporation><9.3.0.28>
    [C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL]  <Symantec Corporation><9.0.0.338>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060927.018\ecmsvr32.dll]  <Symantec Corporation><61.2.1.10>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060927.018\NAVEX32a.DLL]  <Symantec Corporation><20061.2.0.26>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060927.018\NAVENG32.DLL]  <Symantec Corporation><20061.2.0.26>
    [C:\Program Files\Symantec AntiVirus\IMail.dll]  <Symantec Corporation><9.0.0.338>
    [C:\Program Files\Symantec AntiVirus\NotesExt.dll]  <Symantec Corporation><9.0.0.338>
    [C:\Program Files\Symantec AntiVirus\vpmsece.dll]  <Symantec Corporation><9.0.0.338>
    [C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll]  <Symantec Corporation><9.0.0.338>
    [C:\Program Files\Symantec AntiVirus\DecSDK.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Dec2.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Dec2ID.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Dec2ZIP.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Dec2SS.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Dec2GZIP.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Dec2CAB.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Dec2LHA.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Dec2ARJ.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Dec2TNEF.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Dec2LZ.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Dec2AMG.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Dec2TAR.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Dec2RTF.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Dec2Text.dll]  <Symantec Corporation><3.02.11.32>
[PID: 1512][C:\WINDOWS\SYSTEM32\RUNDLL.EXE]  <Microsoft Corporation><5.00.2134.1>
[PID: 2324][C:\WINDOWS\system32\wuauclt.exe]  <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 2948][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2956][c:\windows\system32\wbem\winlogon.exe]  <Microsoft><1.0.0.0>
[PID: 172][C:\TDdownload\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
[PID: 2764][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\googlebar.dll]  <Google Inc.><1, 0, 3, 6696>
    [C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll]  <Xiang Feng Technology><2, 2, 0, 1612>
    [C:\WINDOWS\system32\amvda.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\AlxTbl.dll]  < Alexa Internet><5, 1, 2600, 2180>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

可以说，你一点也没有按上面说的做
你按上面说的做完后，删除掉你的扫描软件，因为他有更新的版
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

上次可能操作上有些问题

这是重新扫描的日志




2006-10-03,14:00:02

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <Super Rabbit IEPro><C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD>  [Super Rabbit Soft]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)NVIDIA Corporation]
    <FASTKEY><; C:\Program Files\Lenovo\功能键盘\HotKeyB.exe>  [联想电脑公司]
    <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)NVIDIA Corporation]
    <SoundMan><; SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <HF_GameClient><; C:\Program Files\浩方对战平台\gameclient.exe>  [上海浩方在线信息技术有限公司]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>

==================================
服务
[Application Management / AppMgmt]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET Work State Service / aspwstate]
  <C:\WINDOWS\System32\svchost.exe -k aspwstate-->c:\windows\system32\aspwswin.dll><Microsoft Corporation>
[System Administrator / AtHome]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\mssapi.dll><Microsoft Corporation>
[Symantec Event Manager / ccEvtMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[COM+ Event System Helper / COMEventHelper]
  <C:\WINDOWS\System32\svchost.exe -k COMEventHelper-->c:\windows\system32\comeventhelper.dll><Microsoft Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Distributed Logical Disks Manager / DistriDiskMan]
  <C:\WINDOWS\System32\svchost.exe -k DistriDiskMan-->c:\windows\system32\wuwebldsv.dll><Microsoft Corporation>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[LexBce Server / LexBceS]
  <C:\WINDOWS\system32\LEXBCES.EXE><Lexmark International, Inc.>
[MessageServices / MessageServices]
  <C:\WINDOWS\system32\Svchost.exe -k MessageServices-->C:\WINDOWS\system32\MsServices\update\svchost.dll><N/A>
[NetFrame Wireless Configuration / NFSWZCSVC]
  <C:\WINDOWS\System32\svchost.exe -k NFSWZCSVC-->c:\windows\system32\nfswzwin32.dll><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[SavRoam / SavRoam]
  <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Services / Services]
  <C:\WINDOWS\system32\server.exe><N/A>
[Symantec Network Drivers Service / SNDSrvc]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[Computer Storage / WIDETS]
  <C:\WINDOWS\SYSTEM32\RUNDLL.EXE C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL,Export 1087><Microsoft Corporation>

=================================
驱动程序
[abp480n5 / abp480n5]
  <\SystemRoot\system32\DRIVERS\ABP480N5.SYS><Microsoft Corporation>
[adpu160m / adpu160m]
  <\SystemRoot\system32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[Aha154x / Aha154x]
  <\SystemRoot\system32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2]
  <\SystemRoot\system32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx]
  <\SystemRoot\system32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde]
  <\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp]
  <\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[asc / asc]
  <\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3350p / asc3350p]
  <\SystemRoot\system32\DRIVERS\asc3350p.sys><Microsoft Corporation>
[asc3550 / asc3550]
  <\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[cd20xrnt / cd20xrnt]
  <\SystemRoot\system32\DRIVERS\cd20xrnt.sys><Microsoft Corporation>
[CmdIde / CmdIde]
  <\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k]
  <\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o]
  <\SystemRoot\system32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[VIA Rhine-Family Fast Ethernet Adapter Driver Service / FETND5BV]
  <system32\DRIVERS\fetnd5bv.sys><VIA Technologies, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[fjbfegbd / fjbfegbd]
  <\SystemRoot\system32\drivers\fjbfegbd.sys><中国互联网络信息中心(CNNIC)>
[ini910u / ini910u]
  <\SystemRoot\system32\DRIVERS\ini910u.sys><Microsoft Corporation>
[mraid35x / mraid35x]
  <\SystemRoot\system32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[NAVENG / NAVENG]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060927.018\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060927.018\navex15.sys><Symantec Corporation>
[npkcrypt / npkcrypt]
  <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp]
  <\??\D:\Program Files\Tencent\QQ\npkycryp.sys><N/A>
[NPPTNT2 / NPPTNT2]
  <\??\C:\WINDOWS\system32\npptNT2.sys><INCA Internet Co., Ltd.>
[NTSIM / NTSIM]
  <\??\C:\WINDOWS\system32\ntsim.sys><VIA Networking Technologies, Inc.>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nwlnksipx / nwlnksipx]
  <\??\C:\WINDOWS\system32\drivers\nwlnksipx.sys><Microsoft Corporation>
[pcmmup / pcmmup]
  <\??\C:\WINDOWS\system32\drivers\pcmmup.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080]
  <\SystemRoot\system32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt]
  <\SystemRoot\system32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160]
  <\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280]
  <\SystemRoot\system32\DRIVERS\ql1280.sys><QLogic Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SAVRT / SAVRT]
  <\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL]
  <\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[Prolific2 Serial port driver / Ser2pl]
  <system32\DRIVERS\ser2pl.sys><Prolific Technology Inc.>
[Sparrow / Sparrow]
  <\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[symc810 / symc810]
  <\SystemRoot\system32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx]
  <\SystemRoot\system32\DRIVERS\symc8xx.sys><LSI Logic>
[SymEvent / SymEvent]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV]
  <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI]
  <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[sym_hi / sym_hi]
  <\SystemRoot\system32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3]
  <\SystemRoot\system32\DRIVERS\sym_u3.sys><LSI Logic>
[TCP/IP Protocol Driver / Tcpip]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TosIde / TosIde]
  <\SystemRoot\system32\DRIVERS\toside.sys><Microsoft Corporation>
[ultra / ultra]
  <\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>

=================================
浏览器加载项
[bingo]
  {B626AE7E-4F5D-4CD4-B457-D8693015DEFC} <C:\WINDOWS\system32\amvda.dll, >
[BrowserProxy4]
  {BCF4D74B-E6BD-4C8F-83D7-90D6439705B9} <C:\WINDOWS\system32\AlxTbl.dll,  Alexa Internet>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[ActiveMovieControl Object]
  {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\WINDOWS\system32\dllcache\vgx.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\system32\dllcache\dhtmled.ocx, Microsoft Corporation>
[SYM]
  {36BF6929-DCBC-4CCD-A620-C5E3BBA77B95} <C:\WINDOWS\system32\usercrd.dll, >
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, N/A>
[perfdp]
  {995FF616-7583-4D6B-9675-EED24EDC93BB} <C:\WINDOWS\system32\perfidp.dll, N/A>
[Spoolsv Class]
  {9C363D55-07D7-433D-A13E-D9C105202F6F} <C:\WINDOWS\system32\drivers\spoolsv.dll, >
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XBTP03129 Class]
  {B07D1F6B-6B8C-4904-8EE8-5E5A2B4624B3} <C:\PROGRA~1\MICRSO~1\SEARCH~1.DLL, IE Toolbar>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[bingo]
  {B626AE7E-4F5D-4CD4-B457-D8693015DEFC} <C:\WINDOWS\system32\amvda.dll, >
[BrowserProxy4]
  {BCF4D74B-E6BD-4C8F-83D7-90D6439705B9} <C:\WINDOWS\system32\AlxTbl.dll,  Alexa Internet>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
  {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[TencentVmpCtl Class]
  {D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation>
[Class]
  {EB21FA8C-3CEB-402C-A113-5F173BE954ED} <C:\WINDOWS\system32\evttdoe.dll, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================

正在运行的进程
[PID: 592][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 640][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 664][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 708][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 720][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 880][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 956][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1072][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1144][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1188][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1412][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe]  [Symantec Corporation, 2.2.0.577]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 2.2.0.577]
[PID: 1460][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.8185]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.8185]
    [C:\WINDOWS\system32\nvshell.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\amvda.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
[PID: 1544][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe]  [Symantec Corporation, 2.2.0.577]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 2.2.0.577]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL]  [Symantec Corporation, 2.2.0.577]
[PID: 1688][C:\WINDOWS\system32\LEXBCES.EXE]  [Lexmark International, Inc., 7.1]
    [C:\WINDOWS\system32\lexp2p32.dll]  [Lexmark International, Inc., 7.1]
    [C:\WINDOWS\system32\lex2kusb.dll]  [Lexmark International, Inc., 7.1]
[PID: 1712][C:\WINDOWS\system32\LEXPPS.EXE]  [Lexmark International, Inc., 7.1]
    [C:\WINDOWS\system32\LEXBCE.DLL]  [Lexmark International, Inc., 7.1]
[PID: 1720][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\LEXLMPM.DLL]  [Lexmark International, Inc., 7.1]
    [C:\WINDOWS\system32\LexBce.dll]  [Lexmark International, Inc., 7.1]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LG12PP5C.dll]  [Lexmark International, 1.0.7.2]
    [C:\WINDOWS\system32\lg12pwr.dll]  [Lexmark International, Inc., 1, 0, 1, 0]
[PID: 1836][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1876][C:\Program Files\Symantec AntiVirus\DefWatch.exe]  [Symantec Corporation, 9.0.0.338]
[PID: 1940][C:\WINDOWS\system32\Svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\msservices\update\svchost.dll]  [N/A, N/A]
    [c:\windows\system32\msservices\update\MsService.dll]  [, 1, 0, 0, 1]
    [c:\windows\system32\msservices\update\unreg1.dll]  [N/A, N/A]
    [c:\windows\system32\msservices\update\OldUnReg.dll]  [N/A, N/A]
[PID: 1956][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1984][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.8185]
[PID: 476][C:\Program Files\Symantec AntiVirus\Rtvscan.exe]  [Symantec Corporation, 9.0.0.338]
    [C:\WINDOWS\system32\CBA.DLL]  [Intel? Corporation, 6.12.0.112 E]
    [C:\WINDOWS\system32\MsgSys.dll]  [Intel? Corporation, 6.12.0.112 E]
    [C:\WINDOWS\system32\NTS.dll]  [Intel? Corporation, 6.12.0.112 E]
    [C:\WINDOWS\system32\PDS.DLL]  [Intel? Corporation, 6.12.0.112 E]
    [C:\Program Files\Symantec AntiVirus\NAVLU.dll]  [Symantec Corporation, 9.0.0.338]
    [C:\Program Files\Symantec AntiVirus\I2ldvp3.dll]  [Symantec Corporation, 9.0.0.338]
    [C:\Program Files\Symantec AntiVirus\ecmldr32.DLL]  [Symantec Corp., 1.1.0.3]
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.3.0.28]
    [C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL]  [Symantec Corporation, 9.0.0.338]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060927.018\ecmsvr32.dll]  [Symantec Corporation, 61.2.1.10]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060927.018\NAVEX32a.DLL]  [Symantec Corporation, 20061.2.0.26]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060927.018\NAVENG32.DLL]  [Symantec Corporation, 20061.2.0.26]
    [C:\Program Files\Symantec AntiVirus\IMail.dll]  [Symantec Corporation, 9.0.0.338]
    [C:\Program Files\Symantec AntiVirus\NotesExt.dll]  [Symantec Corporation, 9.0.0.338]
    [C:\Program Files\Symantec AntiVirus\vpmsece.dll]  [Symantec Corporation, 9.0.0.338]
    [C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll]  [Symantec Corporation, 9.0.0.338]
    [C:\Program Files\Symantec AntiVirus\DecSDK.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2ID.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2ZIP.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2SS.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2GZIP.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2CAB.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2LHA.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2ARJ.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2TNEF.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2LZ.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2AMG.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2TAR.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2RTF.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2Text.dll]  [Symantec Corporation, 3.02.11.32]
[PID: 584][C:\WINDOWS\SYSTEM32\RUNDLL.EXE]  [Microsoft Corporation, 5.00.2134.1]
[PID: 912][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2180][c:\windows\system32\wbem\winlogon.exe]  [Microsoft, 1.0.0.0]
[PID: 2232][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3208]
[PID: 2388][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2420][C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE]  [Super Rabbit Soft, 7.80]
    [C:\PROGRA~1\SUPERR~1\MagicSet\shlobj71.ocx]  [Sky Software (http://www.ssware.com), 7, 1, 0, 0]
[PID: 3840][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 2476][D:\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================

楼主要细心，一定要删除它们，才能解决问题。
关闭所有浏览窗口以及一些不必要的程序
打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），使用“系统修复，浏览器加载项”来删除以下选项。
C:\WINDOWS\system32\evttdoe.dll
C:\WINDOWS\system32\AlxTbl.dll
C:\WINDOWS\system32\drivers\spoolsv.dll
C:\WINDOWS\system32\perfidp.dll
C:\WINDOWS\system32\usercrd.dll
C:\WINDOWS\system32\amvda.dll

打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），点“启动项目，服务，点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务System Administrator,COM+ Event System Helper,Distributed Logical Disks Manager,MessageServices ,Services,Computer Storage，选择“删除服务”点“设置”选择“否”最后重启。（每一个逗号隔开的就是一个病毒的服务，请逐一删除）

请到www.27814939.ys168.com,点“我的软件”下载KillBox.exe
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
双击打开KillBox.exe，分别删除
c:\windows\system32\wbem\winlogon.exe
c:\windows\system32\msservices\update
C:\WINDOWS\system32\evttdoe.dll
C:\WINDOWS\system32\AlxTbl.dll
C:\WINDOWS\system32\drivers\spoolsv.dll
C:\WINDOWS\system32\perfidp.dll
C:\WINDOWS\system32\usercrd.dll
C:\WINDOWS\system32\amvda.dll
C:\WINDOWS\system32\mssapi.dll
c:\windows\system32\comeventhelper.dll
c:\windows\system32\wuwebldsv.dll
C:\WINDOWS\system32\MsServices\update\svchost.dll
C:\WINDOWS\system32\server.exe
C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL
（删除时勾选“删除前先结束Explorer.EXE进程”不行再试着勾选"删除DLL文件前反注册此文件"
给菜鸟的东东—KillBox的使用技巧
http://forum.ikaka.com/topic.asp?board=28&artid=8160799

完后重启，再扫个日志粘上来。