IE老是自动关闭,请求大侠帮助.谢谢


HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 20:33:59, on 2006-8-27
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\svchost.exe
D:\Program Files\security suite\ewidoctrl.exe
D:\Program Files\security suite\ewidoguard.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\Internat.exe
C:\Program Files\Thunder Network\Thunder\Thunder.exe
C:\Program Files\SkyNet\FireWall\PFW.exe
C:\Program Files\ADSL拨号王\HNMainUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\110\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4836.dll (file missing)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: (no name) - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: ????? - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll
O3 - Toolbar: ????? - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\Program Files\SkyNet\FireWall\pfw.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKCU\..\Run: [Internat.exe] Internat.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Global Startup: NTUSER.DAT
O4 - Global Startup: NTUSER.DAT.LOG
O4 - Global Startup: ntuser.pol
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getAllurl.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149929047968
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC3DEB44-0CAC-4801-BFD6-4D7DDF191A97}: NameServer = 202.102.192.68 202.102.199.68

修复
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

下载超级兔子,专业卸载。
http://www.pctutu.com/news.asp?id=92
安装好后，打开“winspeed”“专业卸载,卸载所有提示的垃圾软件，卸载是不要打开任何浏览窗口。卸载不了可以重启后再去卸载。
卸载完后，重启。
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

找到C:\WINDOWS\\SYSTEM\internat.exe看它的大小是不是32k左右
如果大得出奇，有200多K，那就有问题 到任务管理器里把internat.exe kill掉 再删了它

运行Hijackthis，把下面的选中打上钩，修复
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4836.dll (file missing)
O2 - BHO: (no name) - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O3 - Toolbar: ????? - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

开始－－运行－－输入MSCONFIG--启动－－O4 - HKCU\..\Run: [Internat.exe] Internat.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Global Startup: NTUSER.DAT
O4 - Global Startup: NTUSER.DAT.LOG
O4 - Global Startup: ntuser.pol
前面方框中打钩去掉，确定，重启

谢谢 我无邪 .
我已按你指导的方法做了.使用了winspeed,但有"御载IE插件、御载Win.Survey(MSIBM)"两项不清除。现呈上SREng.LOG,请指教。谢谢！
2006-08-27,21:27:40

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><Internat.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [Microsoft Corporation]
    <IgfxTray><C:\WINNT\system32\igfxtray.exe>  [Intel Corporation]
    <HotKeysCmds><C:\WINNT\system32\hkcmd.exe>  [Intel Corporation]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <SKYNET Personal FireWall><C:\Program Files\SkyNet\FireWall\pfw.exe>  [广州众达天网技术有限公司]
    <KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{54D9498B-CF93-414F-8984-8CE7FDE0D391}><D:\Program Files\security suite\shellhook.dll>  []

==================================
启动文件夹
[迅雷4]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\迅雷4.lnk><N>

==================================
服务
[Adobe LM Service / Adobe LM Service]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[ewido security suite control / ewido security suite control]
  <D:\Program Files\security suite\ewidoctrl.exe><ewido networks>
[ewido security suite guard / ewido security suite guard]
  <D:\Program Files\security suite\ewidoguard.exe><ewido networks>
[kavsvc / kavsvc]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"><Kaspersky Lab>
[LexBce Server / LexBceS]
  <C:\WINNT\system32\LEXBCES.EXE><Lexmark International, Inc.>

==================================
浏览器加载项
[MyIEHelper Class]
  {16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4836.dll, N/A>
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[相关站点]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[金山快译(&K)]
  {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll, >
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINNT\system32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\getAllurl.htm, N/A>

==================================
正在运行的进程
[PID: 172][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 200][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 220][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6997>
[PID: 248][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.7035>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 260][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.7011>
[PID: 432][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 460][C:\WINNT\system32\LEXBCES.EXE]  <Lexmark International, Inc.><8.18>
    [C:\WINNT\system32\lexp2p32.dll]  <Lexmark International, Inc.><8.18>
    [C:\WINNT\system32\lex2kusb.dll]  <Lexmark International, Inc.><8.18>
[PID: 488][C:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.7059>
    [C:\WINNT\system32\LEXLMPM.DLL]  <Lexmark International, Inc.><8.18>
    [C:\WINNT\system32\LexBce.dll]  <Lexmark International, Inc.><8.18>
    [C:\WINNT\system32\spool\PRTPROCS\W32X86\LGBLPP5C.dll]  <><1.0.0.0>
    [C:\WINNT\system32\LGBLpwr.dll]  <Lexmark International, Inc.><0, 1, 61, 1>
[PID: 512][C:\WINNT\system32\LEXPPS.EXE]  <Lexmark International, Inc.><8.18>
    [C:\WINNT\system32\LEXBCE.DLL]  <Lexmark International, Inc.><8.18>
[PID: 528][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 544][D:\Program Files\security suite\ewidoctrl.exe]  <ewido networks><3, 0, 0, 1>
    [D:\Program Files\security suite\lang.dll]  <privat><1, 0, 0, 1>
[PID: 724][C:\WINNT\system32\regsvc.exe]  <Microsoft Corporation><5.00.2195.6701>
[PID: 756][C:\WINNT\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6972>
[PID: 788][C:\WINNT\system32\stisvc.exe]  <Microsoft Corporation><5.00.2195.6656>
[PID: 860][C:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
[PID: 872][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 1196][C:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [C:\WINNT\system32\igfxpph.dll]  <Intel Corporation><3.0.0.4020>
    [C:\WINNT\system32\hccutils.DLL]  <Intel Corporation><3.0.0.4020>
    [C:\WINNT\system32\igfxres.dll]  <Intel Corporation><3.0.0.4020>
    [C:\WINNT\system32\igfxsrvc.dll]  <Intel Corporation><3.0.0.4020>
    [C:\WINNT\system32\igfxdev.dll]  <Intel Corporation><3.0.0.4020>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\shellex.dll]  <Kaspersky Lab><5.0.388.1>
    [D:\Program Files\security suite\shellhook.dll]  <N/A><N/A>
[PID: 1224][C:\WINNT\system32\hkcmd.exe]  <Intel Corporation><3.0.0.4020>
    [C:\WINNT\system32\hccutils.DLL]  <Intel Corporation><3.0.0.4020>
    [C:\WINNT\system32\igfxdev.dll]  <Intel Corporation><3.0.0.4020>
    [C:\WINNT\system32\igfxsrvc.dll]  <Intel Corporation><3.0.0.4020>
    [C:\WINNT\system32\igfxhk.dll]  <Intel Corporation><3.0.0.4020>
    [C:\WINNT\system32\igfxres.dll]  <Intel Corporation><3.0.0.4020>
[PID: 1236][C:\WINNT\SOUNDMAN.EXE]  <Realtek Semiconductor Corp.><5.1.0.36>
[PID: 1264][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3292>
[PID: 1292][C:\Program Files\SkyNet\FireWall\pfw.exe]  <广州众达天网技术有限公司><2.7.7.1004>
    [C:\Program Files\SkyNet\FireWall\SKYMISC.DLL]  <N/A><N/A>
    [C:\Program Files\SkyNet\FireWall\COMPRESSWRAP.DLL]  <N/A><N/A>
[PID: 1328][C:\WINNT\system32\Internat.exe]  <Microsoft Corporation><5.00.2920.0000>
[PID: 1340][C:\Program Files\Thunder Network\Thunder\Thunder.exe]  <深圳市迅雷网络技术有限公司><4, 7, 3, 53>
    [C:\Program Files\Thunder Network\Thunder\log4cplus.dll]  <N/A><N/A>
    [C:\Program Files\Thunder Network\Thunder\ICF.dll]  <N/A><N/A>
    [C:\Program Files\Thunder Network\Thunder\WebBrowserEx.dll]  <N/A><N/A>
    [C:\Program Files\Thunder Network\Thunder\boost_thread-vc6-mt-1_31.dll]  <N/A><N/A>
[PID: 1424][C:\Program Files\Thunder Network\Thunder\TDUpdate.exe]  <N/A><N/A>
[PID: 1144][D:\Program Files\120\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

主要是这一项
C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4836.dll
我也不知道它叫什么名字，你为什么不卸载它呢
其它的看不出问题来
我只知道它是流氓软件。

谢谢我无邪

我清了，可这清不掉。

引用:

【我无邪的贴子】主要是这一项 C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4836.dll 我也不知道它叫什么名字，你为什么不卸载它呢 其它的看不出问题来 我只知道它是流氓软件。 ………………

这一项超难，楼主下载卡巴斯基6.0

引用:

【秋日里的蓝天的贴子】 这一项超难，楼主下载卡巴斯基6.0 ………………

卡巴斯基6.0是免费使用的么？请问和瑞星冲突么？一台电脑是否可以装几种杀毒软件？