哥哥\姐姐们
我有问题向大家求助!!!
希望高手们看看,然后回复小弟!!
谢谢了!
我在打开我的电脑时
出现了下面的提示.
:"江民一扫光提示您  程序Expiorer.exe对
注册表中的"安全策略自动运行"位置处进行了修改
设置键操作
小弟该怎么办?

Expiorer?? 

正常的是Explorer 它修改了名字借以迷惑用户!


试试在安全模式下杀杀毒```  就是开机时 狂按F8~~哈哈~~

楼主你好。
建议在安全模式下用江民查杀，或者扫描一份hijackthis日志

扫了HJ日志后
我进行了修复
还是这样！
怎么办？

如果你没打错，这个程序名字是非正常的

那该怎么办？？

你把HijackThis日志贴上来吧

这些是我的HJ日志
请大家看看
下面两篇都是Logfile of HijackThis v1.99.1
Scan saved at 20:23:55, on 2005-9-3
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\3721\Dlaccel\YDownloader.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\KV2005\KVMonXP.kxp
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\KMDEVMONSRV.exe
C:\WINDOWS\system32\KMdevmonx.exe
C:\PROGRA~1\KV2005\KVSrvXP.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\KV2005\TrojDie.kxp
C:\Program Files\KV2005\KRegEx.exe
C:\Program Files\KVFW\kvfw.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Panasonic\多功能机\StatusMon.exe
C:\WINDOWS\System32\DllHost.exe
C:\Program Files\FBNClient\FBNClient\fbnClient.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\mp\mp3\HijackThis.exe

R3 - Default URLSearchHook is missing
O1 - Hosts: 218.5.76.54 www.hung-ya.com
O1 - Hosts: 218.5.76.54 hung-ya.com
O1 - Hosts: 218.5.76.54 www.hung-ya.com
O1 - Hosts: 218.5.76.54 hung-ya.com
O1 - Hosts: 218.5.76.54 www.bbs.hungya.com
O1 - Hosts: 218.5.76.54 bbs.hungya.com
O1 - Hosts: 218.5.76.54 www.popoq.com
O1 - Hosts: 218.5.76.54 popoq.com
O1 - Hosts: 218.5.76.54 www.jokescn.com
O1 - Hosts: 218.5.76.54 jokescn.com
O1 - Hosts: 218.5.76.54 www.xdvod.com
O1 - Hosts: 218.5.76.54 xdvod.com
O1 - Hosts: 218.5.76.54 www.qq38.com
O1 - Hosts: 218.5.76.54 qq38.com
O1 - Hosts: 218.5.76.54 www.qq38.com
O1 - Hosts: 218.5.76.54 qq38.com
O1 - Hosts: 218.5.76.54 www.5929.com
O1 - Hosts: 218.5.76.54 5929.com
O1 - Hosts: 218.5.76.54 www.xunlei.com
O1 - Hosts: 218.5.76.54 xunlei.com
O1 - Hosts: 218.5.76.54 www.verycd.com
O1 - Hosts: 218.5.76.54 verycd.com
O1 - Hosts: 218.5.76.54 www.zhao118.com
O1 - Hosts: 218.5.76.54 zhao118.com
O1 - Hosts: 218.5.76.54 www.zhao118.com
O1 - Hosts: 218.5.76.54 zhao118.com
O1 - Hosts: 218.5.76.54 www.61th.com
O1 - Hosts: 218.5.76.54 61th.com
O1 - Hosts: 218.5.76.54 www.15pp.com
O1 - Hosts: 218.5.76.54 15pp.com
O1 - Hosts: 218.5.76.54 www.vod99.com
O1 - Hosts: 218.5.76.54 vod99.com
O1 - Hosts: 218.5.76.54 www.xdvod.com
O1 - Hosts: 218.5.76.54 xdvod.com
O1 - Hosts: 218.5.76.54 www.5929.com
O1 - Hosts: 218.5.76.54 5929.com
O1 - Hosts: 218.5.76.54 www.verycd.com
O1 - Hosts: 218.5.76.54 verycd.com
O1 - Hosts: 218.5.76.54 www.haowz.com
O1 - Hosts: 218.5.76.54 haowz.com
O1 - Hosts: 218.5.76.54 www.15pp.com
O1 - Hosts: 218.5.76.54 15pp.com
O1 - Hosts: 218.5.76.54 www.61th.com
O1 - Hosts: 218.5.76.54 61th.com
O1 - Hosts: 218.5.76.54 www.wg101.com
O1 - Hosts: 218.5.76.54 wg101.com
O1 - Hosts: 218.5.76.54 www.k234.com
O1 - Hosts: 218.5.76.54 k234.com
O1 - Hosts: 218.5.76.54 www.hao358.com
O1 - Hosts: 218.5.76.54 hao358.com
O1 - Hosts: 218.5.76.54 www.hao358.com
O1 - Hosts: 218.5.76.54 hao358.com
O1 - Hosts: 218.5.76.54 www.mtvdy.com
O1 - Hosts: 218.5.76.54 mtvdy.com
O1 - Hosts: 218.5.76.54 www.20so.com
O1 - Hosts: 218.5.76.54 20so.com
O1 - Hosts: 218.5.76.54 www.dd1000.com
O1 - Hosts: 218.5.76.54 dd1000.com
O1 - Hosts: 218.5.76.54 www.v1000.com

O1 - Hosts: 218.5.76.54 v1000.com
O1 - Hosts: 218.5.76.54 www.huise.com
O1 - Hosts: 218.5.76.54 huise.com
O1 - Hosts: 218.5.76.54 www.916918.com
O1 - Hosts: 218.5.76.54 916918.com
O1 - Hosts: 218.5.76.54 www.ye263.com
O1 - Hosts: 218.5.76.54 ye263.com
O1 - Hosts: 218.5.76.54 www.c-cb.com
O1 - Hosts: 218.5.76.54 c-cb.com
O1 - Hosts: 218.5.76.54 www.zhao123.com
O1 - Hosts: 218.5.76.54 zhao123.com
O1 - Hosts: 218.5.76.54 www.51115.com
O1 - Hosts: 218.5.76.54 51115.com
O1 - Hosts: 218.5.76.54 www.4399.com
O1 - Hosts: 218.5.76.54 4399.com
O1 - Hosts: 218.5.76.54 www.chinagames.net
O1 - Hosts: 218.5.76.54 chinagames.net
O1 - Hosts: 218.5.76.54 www.skycn.com
O1 - Hosts: 218.5.76.54 skycn.com
O1 - Hosts: 218.5.76.54 www.tiexue.net
O1 - Hosts: 218.5.76.54 tiexue.net
O1 - Hosts: 218.5.76.54 www.qq163.com
O1 - Hosts: 218.5.76.54 qq163.com
O1 - Hosts: 218.5.76.54 www.tt67.com
O1 - Hosts: 218.5.76.54 tt67.com
O1 - Hosts: 218.5.76.54 www.chinamp3.com
O1 - Hosts: 218.5.76.54 chinamp3.com
O1 - Hosts: 218.5.76.54 www.pg168.com
O1 - Hosts: 218.5.76.54 pg168.com
O1 - Hosts: 218.5.76.54 www.yymp3.com
O1 - Hosts: 218.5.76.54 yymp3.com
O1 - Hosts: 218.5.76.54 www.yy138.com
O1 - Hosts: 218.5.76.54 yy138.com
O1 - Hosts: 218.5.76.54 www.dj99.com
O1 - Hosts: 218.5.76.54 dj99.com
O1 - Hosts: 218.5.76.54 www.sogua.com
O1 - Hosts: 218.5.76.54 sogua.com
O1 - Hosts: 218.5.76.54 www.snsn.net
O1 - Hosts: 218.5.76.54 snsn.net
O1 - Hosts: 218.5.76.54 www.flash8.net
O1 - Hosts: 218.5.76.54 flash8.net
O1 - Hosts: 218.5.76.54 www.mop.com
O2 - BHO: EyeOnBrowser Class - {1272F701-349D-4DB3-BBCD-10CBDCD049FE} - C:\WINDOWS\Downlo~1\_IS_WEBH.dll
O2 - BHO: URLMonitor Class - {3ED9FFDA-79DB-4B2D-99B7-16EA3C4A3A92} - C:\WINDOWS\System32\hap.dll
O2 - BHO: DownloadValue Class - {616D4040-5712-4F0F-BCF1-5C6420A99E14} - C:\WINDOWS\System32\winhtp.dll
O2 - BHO: BrowseHelper Class - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - C:\Program Files\KV2005\KvShell_1.dll
O2 - BHO: YOK广告拦截插件 - {972566B2-93BF-41AA-B06D-5F81DB7E38E1} - C:\WINDOWS\System32\yokhad.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll
O2 - BHO: (no name) - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O2 - BHO: IEBandObj Class - {D4F7605B-084D-4353-A1E1-C1BC3161938C} - C:\PROGRA~1\Yahoo!\MiniMsgr\ymini.dll
O2 - BHO: 优客扩展 - {FA6EBA7B-7ADB-4860-8C42-F5296A2343DC} - C:\WINDOWS\System32\yokcol.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll
O3 - Toolbar: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no file)
O3 - Toolbar: 完美网译通 - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINDOWS\WORLD2\TOOLBAR\hmtoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} - C:\Program Files\KV2005\KvShell_1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [yahoo_mini] C:\Program Files\3721\Dlaccel\YDownloader.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [advapi32] RUNDLL32 C:\WINDOWS\Downlo~1\_IS_ISC.dll,isc
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KvMonXP] C:\Program Files\KV2005\KVMonXP.kxp /auto
O4 - HKCU\..\Run: [KVFW] C:\Program Files\KVFW\kvfw.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat
O4 - HKCU\..\Run: [KvXP] C:\Program Files\KV2005\KvXP_1.kxp /ScanBoot
O4 - Global Startup: Panasonic 多功能机 状态监视器.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &使用下载加速专家下载 - C:\Program Files\3721\Dlaccel\geturl.htm
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Sandai Technologies Inc\Thunder\getAllurl.htm
O8 - Extra context menu item: YOK搜索(&Y) - C:\WINDOWS\System32\yoksch.htm
O8 - Extra context menu item: 使用搜狗直通车下载 - C:\PROGRA~1\P4P\dl.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\kvwspxp_1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\kvwspxp_1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\kvwspxp_1.dll
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O16 - DPF: {1F831FA1-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} (BlueskyVideo Control) - http://www.bluesky.cn/download/v2_60.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://cn.download.yahoo.com/dl/install/yinst0401.cab
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday 控件) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {98A62E3F-A8C5-4EF0-8A00-C70CF9D18A89} (LoaderCore Class) - http://tb.sogou.com/DLLoader.cab
O16 - DPF: {991481A7-4669-4E15-8C24-100404E1F5CB} (Blueskyvoice Control) - http://www.bluesky.cn/download/blueskyvoice_60.cab
O16 - DPF: {AE563722-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {EF9F1C48-1A63-495A-9317-B7B71B34A9CF} (Msp Class) - http://ddddl.dudu.com/ddd/update/plugin/sinamsp.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview 控件) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{10DFF542-7F30-472F-A61E-326DC8ADA671}: NameServer = 202.96.0.133,210.82.8.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{10DFF542-7F30-472F-A61E-326DC8ADA671}: NameServer = 202.96.0.133,210.82.8.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{10DFF542-7F30-472F-A61E-326DC8ADA671}: NameServer = 202.96.0.133,210.82.8.1
O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\System32\mbprot.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: _Server (GrayPigeonServer) - Unknown owner - C:\WINDOWS\Server.exe (file missing)
O23 - Service: Multi-Function Station Device Monitor (KMDevmonSrv) - Unknown owner - C:\WINDOWS\system32\KMDEVMONSRV.exe
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Unknown owner - C:\KAV2005\KPfwSvc.EXE (file missing)
O23 - Service: KVSrvXP - JiangMin New Tech Ltd. - C:\PROGRA~1\KV2005\KVSrvXP.exe
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Unknown owner - C:\KAV2005\KWatch.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

楼主，你好。
请修复所有O1项

关于
O2 - BHO: EyeOnBrowser Class - {1272F701-349D-4DB3-BBCD-10CBDCD049FE} - C:\WINDOWS\Downlo~1\_IS_WEBH.dll
请参看下帖：
http://forum.ikaka.com/topic.asp?board=67&artid=6909890
有三种清除方法