不知道为什么,用IE下载的文件都会消失!到下载文件指定的目录去看,什么也没有,怎么回事啊?重装也一样~

【回复“justinilove”的帖子】
您好,为了方便更好的解决问题请用 hijackthis1.99.1把日志扫描完贴到贴子上来.

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      8:39:13, 日期 2005/7/27
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\winser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\KAV2005\KWatch.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\KAV2005\KPfwSvc.EXE
C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sdaemon.exe
C:\KAV2005\KAVStart.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\KAV2005\KAVPFW.EXE
C:\KAV2005\KMailMon.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sandai Technologies Inc\Thunder\Thunder.exe
C:\Program Files\Sandai Technologies Inc\Thunder\MediaIssue\Issue.exe
D:\Downlonds and install\Install Files\新建文件夹 (3)\WinRAR.exe
C:\DOCUME~1\J\LOCALS~1\Temp\Rar$EX02.884\HijackThis1991zww.exe

R3 - 默认的URLSearchHook丢失。用HijackThis修复
O2 - BHO: KAVIEHelper Class - {1B2F92A1-CDAF-4511-9382-91E3F5CE0880} - C:\PROGRA~1\KOS\KOSIEBar.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - IE工具栏增项: 金山毒霸安全助手 - {EF72500A-C234-46C4-BF0A-9AA6913DDF34} - C:\PROGRA~1\KOS\KOSIEBar.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [SDaemon] C:\WINDOWS\sdaemon.exe
O4 - 启动项HKLM\\Run: [SystemTray] systray.exe
O4 - 启动项HKLM\\Run: [internat.exe] internat.exe
O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\Run: [SWd] C:\WINDOWS\winwd.exe
O4 - 启动项HKLM\\Run: [迅雷4] C:\Program Files\Sandai Technologies Inc\Thunder\MediaIssue\TDUpdate.exe
O4 - 启动项HKLM\\Run: [KavStart] "C:\KAV2005\KAVStart.exe" -startup
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KavPFW] "C:\KAV2005\KAVPFW.EXE"
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Sandai Technologies Inc\Thunder\getAllurl.htm
O8 - IE右键菜单中的新增项目: 使用搜狗直通车下载 - C:\PROGRA~1\P4P\dl.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\DOCUME~1\J\LOCALS~1\Temp\Rar$EX00.355\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\DOCUME~1\J\LOCALS~1\Temp\Rar$EX00.355\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Downlonds and install\Install Files\新建文件夹 (2)\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Downlonds and install\Install Files\新建文件夹 (2)\QQIEHelper.dll
O15 - “受信任的站点”中添加项: easyabc.95599.cn
O15 - “受信任的站点”中添加项: www.95599.cn
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {58CDB34C-B4D7-418B-A0FB-C4C8A01C2F0E} - http://pi.51.net/download/diybar2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121243946342
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05D043E9-A7E5-4F99-B6B8-A8181C18133E}: NameServer = 61.139.2.69 202.98.96.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E50429B-DBFA-447F-AFF2-E474AC02834C}: NameServer = 61.139.2.69
O17 - HKLM\System\CS2\Services\Tcpip\..\{05D043E9-A7E5-4F99-B6B8-A8181C18133E}: NameServer = 61.139.2.69 202.98.96.68
O23 - NT 服务: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - C:\KAV2005\KPfwSvc.EXE
O23 - NT 服务: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - C:\KAV2005\KWatch.EXE
O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - NT 服务: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - NT 服务: winser - Unknown owner - C:\WINDOWS\system32\winser.exe
O23 - NT 服务: Windows Media Connect (WMC) 帮助程序 (WmcCdsLs) - Unknown owner - C:\Program Files\Windows Media Connect\mswmcls.exe (file missing)

【回复“justinilove”的帖子】
修复:
R3 - 默认的URLSearchHook丢失。用HijackThis修复
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O4 - 启动项HKLM\\Run: [SDaemon] C:\WINDOWS\sdaemon.exe
O4 - 启动项HKLM\\Run: [SWd] C:\WINDOWS\winwd.exe
O15 - “受信任的站点”中添加项: easyabc.95599.cn(此项是您添加的请不用修复)
O15 - “受信任的站点”中添加项: www.95599.cn(此项是您添加的请不用修复)
O16 - DPF: {58CDB34C-B4D7-418B-A0FB-C4C8A01C2F0E} - http://pi.51.net/download/diybar2.cab
O23 - NT 服务: winser - Unknown owner - C:\WINDOWS\system32\winser.exe(此服务是您了解的请不用修复)

O23 - NT 服务: Windows Media Connect (WMC) 帮助程序 (WmcCdsLs) - Unknown owner - C:\Program Files\Windows Media Connect\mswmcls.exe (file missing

删除文件:

C:\WINDOWS\sdaemon.exe
C:\WINDOWS\winwd.exe

以下如果您清楚O23 - NT 服务: winser - Unknown owner - C:\WINDOWS\system32\winser.exe则不用进行.
开始--控制面版--管理工具--服务--找到＂winser＂属性--改成＂已禁用＂

找到
C:\WINDOWS\system32\winser.exe删除

哦,谢谢~但还有问题!
winwd.exe找不到
winser服务不能停止!(图)

【回复“justinilove”的帖子】

抱歉,刚刚查了下资料,这两个启动项目的资料如下：

SDaemon U sdaemon.exe

PC Security from Tropical Software. 'PC Security?5.1 is the ultimate in computer security, offering multiple locking systems for the Windows environment and internet. Lock files, monitor programs' activities, even detect intruders! PC Security offers flexible and complete password protection, "Drag and Drop" support, plus many other handy features'



SWd N winwd.exe

PC Security from Tropical Software - lock files, password protect, etc


应该都是安装了以下软件形成的相关程序，不是病毒~~

您的电脑问题解决了吗?

引用:

【花落花又开的贴子】【回复“justinilove”的帖子】

问题还米有解决啊~下载文件仍然要消失啊~

【回复“justinilove”的帖子】



建议您去看看http://forum.ikaka.com/topic.asp?board=67&artid=5268115

此贴有详细的说明.