各位高手：
非常感谢您留心我这份系统诊断报告，小菜鸟十万火急等待您的帮助！
该诊断报告由360安全卫士提供 http://www.360safe.com
诊断时间: 2007-04-10  18:35:03
诊断平台: Microsoft Windows XP  Service Pack 2
IE版本: Internet Explorer V6.0.2900.2180 Build:62900.2180
计算机物理内存:1023MB - 当前可用内存:703MB

O6 - 低危险 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
O6 - 低危险 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions
O6 - 低危险 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
100 - 未知 - Process: chkfat.exe [] - C:\WINDOWS\system32\chkfat.exe
100 - 未知 - Process: Thunder5.exe [Thunder] - d:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
100 - 未知 - Process: 诊断报告工具.exe [ReportTool Microsoft 基础类应用程序] - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.093\诊断报告工具.exe
R0 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.baidu.com/
O8 - 未知 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ2006\AddToNetDisk.htm
O8 - 未知 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ2006\AddPanel.htm
O8 - 未知 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ2006\AddEmotion.htm
O8 - 未知 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ2006\SendMMS.htm
O9 - 未知 - Extra button: 启动迅雷5(HKLM) - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 未知 - Extra button: 腾讯QQ(HKLM) - D:\Program Files\Tencent\QQ2006\QQ.EXE
O23 - 未知 - Service: AVG Anti-Spyware Guard [AVG Anti-Spyware Guard] - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe - (not running)
O23 - 未知 - Service: WinWMService [WinWMService] - C:\WINDOWS\system32\RAVWM.EXE - (not running)
O23 - 未知 - Service: WMConnectCDS [使用“通用即插即用”与媒体设备共享媒体] - C:\Program Files\Windows Media Connect 2\wmccds.exe - (not running)

=======================================

100 - 安全 - Process: smss.exe [进程为会话管理子系统用以初始化系统变量，ms-dos驱动名称类似lpt1以及com，调用win32壳子系统和运行在windows登陆过程。] - C:\WINDOWS\System32\smss.exe
100 - 安全 - Process: csrss.exe [客户端服务子系统，用以控制windows图形相关子系统。] - C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=base
100 - 安全 - Process: winlogon.exe [windows nt用户登陆程序。] - C:\WINDOWS\system32\winlogon.exe
100 - 安全 - Process: services.exe [用于管理windows服务系统进程。] - C:\WINDOWS\system32\services.exe
100 - 安全 - Process: lsass.exe [本地安全权限服务控制windows安全机制。] - C:\WINDOWS\system32\lsass.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k DcomLaunch
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k rpcss
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\System32\svchost.exe -k netsvcs
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k NetworkService
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k LocalService
100 - 安全 - Process: spoolsv.exe [windows打印任务控制程序，用以打印机就绪。] - C:\WINDOWS\system32\spoolsv.exe
100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell，包括开始菜单、任务栏，桌面和文件管理。] - C:\WINDOWS\Explorer.exe
100 - 安全 - Process: ctfmon.exe [office xp输入法图标。] - C:\WINDOWS\system32\ctfmon.exe
100 - 安全 - Process: nvsvc32.exe [nvidia driver helper service在nvida显卡驱动中被安装。] - C:\WINDOWS\system32\nvsvc32.exe
100 - 安全 - Process: wdfmgr.exe [windows media player播放器相关程序。] - C:\WINDOWS\system32\wdfmgr.exe
100 - 安全 - Process: IEXPLORE.EXE [microsoft internet explorer浏览器用于浏览网页。] - C:\Program Files\Internet Explorer\iexplore.exe
100 - 安全 - Process: msiexec.exe [windows installer的一部分。用来帮助windows installer package files (msi)格式的安装文件。] - C:\WINDOWS\system32\msiexec.exe /V
100 - 安全 - Process: IEXPLORE.EXE [microsoft internet explorer浏览器用于浏览网页。] - C:\Program Files\Internet Explorer\iexplore.exe
100 - 安全 - Process: IEXPLORE.EXE [microsoft internet explorer浏览器用于浏览网页。] - C:\Program Files\Internet Explorer\IEXPLORE.EXE
100 - 安全 - Process: WinRAR.exe [一款解压缩软件，支持.rar和.zip等格式。] - C:\Program Files\WinRAR\WinRAR.exe
R0 - 安全 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer=

R1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=about:blank
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=about:blank
O2 - 安全 - BHO: (Thunder Browser Helper) - [迅雷附带下载监视器相关文件。] - {889D2FEB-5411-4565-8998-1DD2C5261283} - d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll
O4 - 安全 - HKLM\..\Run: [NvCplDaemon] [是NVIDIA显示卡相关动态链接库文件。] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 安全 - HKLM\..\Run: [AVP] [卡巴斯基杀毒软件相关程序。] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - 安全 - HKCU\..\Run: [ctfmon.exe] [office xp输入法图标。] C:\WINDOWS\system32\ctfmon.exe
O8 - 安全 - Extra context menu item: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - 安全 - Extra context menu item: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - 安全 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - 安全 - Extra button: 卡巴斯基Web反病毒保护插件(HKLM) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O16 - 安全 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in) - http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
O18 - 安全 - Protocol: OFFICE 相关 - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O18 - 安全 - Protocol: OFFICE 相关 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O23 - 安全 - Service: Autodesk Licensing Service [Autodesk的服务程序。] - "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe" - (not running)
O23 - 安全 - Service: NVSvc [是NVIDIA显示卡相关程序。] - C:\WINDOWS\system32\nvsvc32.exe - (running)
O23 - 安全 - Service: AVP [卡巴斯基杀毒软件相关程序。] - "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r - (not running)

=======================================

O40 - svchost.exe - Microsoft Corporation - c:\windows\system32\qmgr.dll - 后台智能传送服务 - cdc7027806a38968592c54ea2555c147
O40 - svchost.exe - Microsoft Corporation - C:\WINDOWS\System32\unimdmat.dll - Unimodem Service Provider AT Mini Driver - 19f802b474bae0513bb54e58db107784
O40 - svchost.exe - Microsoft Corporation - C:\WINDOWS\system32\modemui.dll - Windows Modem Properties - 7401edccfb94a037fbab90c73d399be3
O40 - svchost.exe - Microsoft Corporation - C:\WINDOWS\system32\wbem\wbemcons.dll - WMI Standard Event Consumers - a480b4ecbce27e6ca2b9304e6cd3366d
O40 - Explorer.exe - Anti-Malware Development a.s. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll - AVG Anti-Spyware shellexecutehook - 4c7f099b3ffde9805ae290de3e593397
O40 - Explorer.exe -  - C:\WINDOWS\system32\skipri.dll -  - fed7814cc407d8b6a235a0cc732aa7e7
O40 - Explorer.exe -  - C:\Program Files\Common Files\Microsoft Shared\MSINFO\85F9811D.dll -  - c9c4d26961154623efe60eee1b22ac79
O40 - Explorer.exe -  - C:\WINDOWS\system32\winsock32.dll -  - d6e295893002a432d6e36a0d16690c39
O40 - Explorer.exe - WIBU-SYSTEMS AG - C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll - WIBU-SYSTEMS Shell Extension Handler - d9c12321f1eef818bde53e1df24b8523
O40 - Explorer.exe - Adobe Systems, Inc. - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll - PDF Shell Extension - 4b0991cd076b617a2231b19a6663c1c9
O40 - Explorer.exe - NVIDIA Corporation - C:\WINDOWS\system32\nvcpl.dll - NVIDIA Display Properties Extension -
O40 - Explorer.exe - NVIDIA Corporation - C:\WINDOWS\system32\NVRSZHC.DLL - NVIDIA Simplified Chinese language resource library - 8bf83475c2e1bdb6bdd99cc9fa1a4b19
O40 - Explorer.exe - NVIDIA Corporation - C:\WINDOWS\system32\nvshell.dll - NVIDIA Desktop Explorer, Version 105.25  - 079371d1694b79f169e214633bb7a7ba
O40 - Explorer.exe - Thunder Networking Technologies,LTD - d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll - XunLeiBHO - f86be67dc96656afec3e74784f9546a9

=======================================

O41 - ApiMon - ApiMon - C:\WINDOWS\system32\drivers\ApiMon.sys - (not running) -  -  -
O41 - AVG Anti-Spyware Driver - AVG Anti-Spyware Driver - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys - (not running) -  -  - 7d78b7fd0ebe00f177b053a08c78e35b
O41 - AvgAsCln - AVG7 Clean Driver - C:\WINDOWS\system32\drivers\AvgAsCln.sys - (not running) - AVG7 Clean Driver - GRISOFT, s.r.o. - 6d4a1da6e6d522b3ebbcbff4a3589ec5
O41 - ddsxeiservice - ddsxeiservice - D:\Program Files\sXe Injected\ddsxei.sys - (not running) -  -  - 68a6b624f4a5ab928b81a144d42d03fc
O41 - dtscsi - dtscsi - C:\WINDOWS\system32\drivers\dtscsi.sys - (running) -  -  -
O41 - gameenum - Game Port Enumerator - C:\WINDOWS\system32\drivers\gameenum.sys - (running) - Game Port Enumerator - Microsoft Corporation - 5f92fd09e5610a5995da7d775eadcd12
O41 - GMSIPCI - GMSIPCI - H:\INSTALL\GMSIPCI.SYS - (not running) -  -  -
O41 - MSICPL - MSICPL - H:\install4\MSICPL.sys - (not running) -  -  -
O41 - npkcrypt - nProtect KeyCrypt Driver - D:\Program Files\Tencent\QQ2006\npkcrypt.sys - (running) - nProtect KeyCrypt Driver - INCA Internet Co., Ltd. - 8bcb281a2540e7aff0cd00f9878fe21f
O41 - NTACCESS - NTACCESS - H:\NTACCESS.sys - (not running) -  -  -
O41 - nvata - NVIDIA? nForce(TM) IDE Performance Driver - C:\WINDOWS\system32\drivers\nvata.sys - (running) - NVIDIA? nForce(TM) IDE Performance Driver - NVIDIA Corporation - dce353985c988bfb7e84fd942068151f
O41 - nvatabus - NVIDIA? nForce(TM) IDE Performance Driver - C:\WINDOWS\system32\drivers\nvatabus.sys - (running) - NVIDIA? nForce(TM) IDE Performance Driver - NVIDIA Corporation - 83f0275a21d9772b51cef57e35afae61
O41 - nvcchflt - NVIDIA? nForce(TM) Cache Filter Driver - C:\WINDOWS\system32\drivers\nvcchflt.sys - (running) - NVIDIA? nForce(TM) Cache Filter Driver - NVIDIA Corporation - fb7213bc5279c1af5e4e9ca05d944f2c
O41 - NVENETFD - NVIDIA Networking Function Driver. - C:\WINDOWS\system32\drivers\NVENETFD.sys - (running) - NVIDIA Networking Function Driver. - NVIDIA Corporation - 468e839f0f7aff5c9baa4717b82cdd11
O41 - nvnetbus - NVIDIA Networking Bus Driver. - C:\WINDOWS\system32\drivers\nvnetbus.sys - (running) - NVIDIA Networking Bus Driver. - NVIDIA Corporation - 7a6444c5f0d53c7e6e7f500bc4c930f7
O41 - Processor - Processor Device Driver - C:\WINDOWS\system32\drivers\processr.sys - (running) - Processor Device Driver - Microsoft Corporation - eaeacff54f6551d8f097165d1543b076
O41 - prodrv06 - StarForce Protection Environment Driver - C:\WINDOWS\system32\drivers\prodrv06.sys - (running) - StarForce Protection Environment Driver - Protection Technology - 0dfd0df9ab7a227cedf97fadee60f793
O41 - prohlp02 - StarForce Protection Helper Driver - C:\WINDOWS\system32\drivers\prohlp02.sys - (running) - StarForce Protection Helper Driver - Protection Technology - f2e44d17ea6334b39f35cc42251b2aca
O41 - prosync1 - StarForce Protection Synchronization Driver - C:\WINDOWS\system32\drivers\prosync1.sys - (running) - StarForce Protection Synchronization Driver - Protection Technology - f3471e7971ee62420451d958da635064
O41 - ROOTMODEM - Legacy Non-Pnp Modem Device Driver - C:\WINDOWS\system32\drivers\rootmdm.sys - (running) - Legacy Non-Pnp Modem Device Driver - Microsoft Corporation - d8b0b4ade32574b2d9c5cc34dc0dbbe7
O41 - sfhlp01 - StarForce Protection Helper Driver - C:\WINDOWS\system32\drivers\sfhlp01.sys - (running) - StarForce Protection Helper Driver - Protection Technology - 462aee0ea0481ea8bd45cac876a4ccc4
O41 - sptd - sptd - C:\WINDOWS\system32\drivers\sptd.sys - (running) -  -  -
O41 - TSP - spuper-ptor - C:\WINDOWS\system32\drivers\klif.sys - (not running) - spuper-ptor - Kaspersky Lab - 64a31d211df5f118a258fa37f5d2fd47
O41 - UnlockerDriver4 - UnlockerDriver4 - d:\Program Files\Unlocker\UnlockerDriver4.sys - (not running) -  -  -
O41 - usbohci - OHCI USB Miniport Driver - C:\WINDOWS\system32\drivers\usbohci.sys - (running) - OHCI USB Miniport Driver - Microsoft Corporation - bdfe799a8531bad8a5a985821fe78760
O41 - WIBUKEY - WIBU-KEY Windows NT Kernel Driver - C:\WINDOWS\system32\drivers\Wibukey.sys - (running) - WIBU-KEY Windows NT Kernel Driver - WIBU-SYSTEMS AG - 09ebc00530cc3493df55219d0da5e03a
O41 - klif - spuper-ptor - C:\WINDOWS\system32\drivers\klif.sys - (running) - spuper-ptor - Kaspersky Lab - 64a31d211df5f118a258fa37f5d2fd47

=======================================

看来好象是置顶上面说的木马群,可问题是进不了安全模式啊(发生错误),请教机子还有救吗?

我觉得实在杀不掉,只有忍心重装了..!

我觉得实在杀不掉,忍心重装吧

同命相连啊

是啊,都中了.

哈

日志没明显症状哈

看来是插进程的

扫SRENG日志

(不过估计也打不开)

下载 System Repair Engineer，
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改
日志一次发不完，请分次发上来
（SRE若无法运行，删除已下载的SRE，重新下载SRE，解压后重命名为123.com运行）

估计是中了病毒图标是小白兔的一种病毒，如果开机后系统可执行文件都变成兔子模样，那就是这种病毒。它能破坏系统的安全模式，使系统无法进入。具体解决方案请参见《电脑报》4月23日或30日F版有关电脑急诊（有一幅一个医生拿听诊器给电脑检查插图那一版）。