症状如下：发作时在你希望访问的网址后面添加404.html（如：www.sohu.com/404,html)，使你无法登陆正常网址，接下来连接会转到www.tubao.com
进程扫描结果代会儿奉上。已用3721和兔子修过，且重装过IE还是存在。

Logfile of HijackThis v1.99.1
Scan saved at 15:42:51, on 2005-12-12
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\McAfee\Rogue System Sensor\RSSensor.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\MsgSys.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
E:\248783200522382732\HijackThis.exe
C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe

R3 - URLSearchHook: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - C:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~2.DLL
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - C:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~2.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Super Rabbit SRRestore] C:\Program Files\Super Rabbit\MagicSet\srrest.exe /autosave
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://10.16.100.23/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ZHFS.COM
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CE965C3-D91A-43D6-8F1D-3641CF5544FA}: NameServer = 202.96.128.68,202.96.128.110
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ZHFS.COM
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ZHFS.COM
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Norton AntiVirus 客户端 (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - c:\Oracle\Ora81\BIN\ONRSD.EXE
O23 - Service: McAfee Rogue System Sensor (RSSensor) - McAfee, Inc. - C:\McAfee\Rogue System Sensor\RSSensor.exe

R3 - URLSearchHook: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file),O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
删了试试!

Logfile of HijackThis v1.99.1
Scan saved at 16:15:57, on 2005-12-12
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tlntsvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINNT\system32\SafeSignCertReg.exe
C:\WINNT\system32\internat.exe
C:\Program Files\MSNShell\BIN\MSNShell.exe
C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\wnwb2005\wnwb.exe
E:\248783200522382732\HijackThis.exe

R3 - URLSearchHook: bho Class - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: update wnwb - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll
O2 - BHO: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - C:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~1.DLL
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - C:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~1.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [CertificateRegistration] SafeSignCertReg.exe
O4 - HKLM\..\Run: [Super Rabbit SRRestore] C:\Program Files\Super Rabbit\MagicSet\srrest.exe /autosave
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSNShell] C:\Program Files\MSNShell\BIN\MSNShell.exe autorun
O4 - HKCU\..\Run: [Super Rabbit IEPro] C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: 金山词霸 - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {0EB487C8-E9AC-43A6-8C4C-083999B0622F} (InfosecCertInstall Class) - https://corporbank.icbc.com.cn/icbc/certInStall.dll
O16 - DPF: {62B938C4-4190-4F37-8CF0-A92B0A91CC77} (InfoSecNetSign Class) - https://corporbank.icbc.com.cn/icbc/NetSign.dll
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown4.cab
O16 - DPF: {DA215190-98B2-47DE-AE24-DA95481DFFBA} (AxUSBKey Class) - https://mybank.icbc.com.cn/icbc/perbank/AxUSBKey.CAB
O16 - DPF: {E9707834-5BF7-4CFF-A639-398427DE1991} (IcbcSslCacheCleanerCtrl Class) - https://corporbank.icbc.com.cn/icbc/IcbcSslCacheCleaner.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ZHFS.COM
O17 - HKLM\System\CCS\Services\Tcpip\..\{60A0BD9F-027E-4F69-98C4-AE3C58C3BF67}: NameServer = 202.96.128.68,202.96.128.110
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ZHFS.COM
O17 - HKLM\System\CS1\Services\Tcpip\..\{60A0BD9F-027E-4F69-98C4-AE3C58C3BF67}: NameServer = 202.96.128.68,202.96.128.110
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ZHFS.COM
O17 - HKLM\System\CS2\Services\Tcpip\..\{60A0BD9F-027E-4F69-98C4-AE3C58C3BF67}: NameServer = 202.96.128.68,202.96.128.110
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\Oracle\Ora81\BIN\ONRSD.EXE

这是另一台机的。症状相同，但频率更高。我想删刚才删的两项但没找到。

刚才

请用System Repair Engineer扫个日志上来

下载地址见置顶贴
[必读]本版说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931

一贴发不完，分成了三贴
2005-12-14,11:17:13

System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows 2000 Professional Service Pack 4 - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <Internat.exe><internat.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <Super Rabbit IEPro><C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <run><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Synchronization Manager><mobsync.exe /logon>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <McAfeeUpdaterUI><"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <vptray><C:\Program Files\NavNT\vptray.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINNT\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk><N>

==================================
服务
[DefWatch / DefWatch]
  <"C:\Program Files\NavNT\defwatch.exe"><Symantec Corporation>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[McAfee Framework Service / McAfeeFramework]
  <C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart><Network Associates, Inc.>
[Norton AntiVirus 客户端 / Norton AntiVirus Server]
  <"C:\Program Files\NavNT\rtvscan.exe"><Symantec Corporation>
[OracleOraHome81ClientCache / OracleOraHome81ClientCache]
  <c:\Oracle\Ora81\BIN\ONRSD.EXE><N/A>
[McAfee Rogue System Sensor / RSSensor]
  <C:\McAfee\Rogue System Sensor\RSSensor.exe><McAfee, Inc.>
[Windows Management NetWork Service Extensions / Windows Management NetWork Service Extensions]
  <NetManager.exe -exe_start><N/A>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[超级兔子上网精灵]
  {FEDF637B-F631-4583-A210-33CC828D42DB} <C:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~2.DLL, 超级兔子>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[超级兔子上网精灵]
  {FEDF637B-F631-4583-A210-33CC828D42DB} <C:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~2.DLL, 超级兔子>
[ObjWinNTCheck Class]
  {00134F72-5284-44F7-95A8-52A619F70751} <C:\WINNT\Downloaded Program Files\WinNTChk.dll, Trend Micro Inc.>
[MsnMessengerSetupDownloadControl Class]
  {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} <C:\WINNT\Downloaded Program Files\MsnMessengerSetupDownloader.ocx, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>

==================================
正在运行的进程
[PID: 144][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 168][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 164][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6997>
    [C:\WINNT\system32\NavLogon.dll]  <N/A><N/A>
[PID: 216][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.7035>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 228][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.7011>
[PID: 396][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 424][C:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.7059>
[PID: 472][C:\Program Files\NavNT\defwatch.exe]  <Symantec Corporation><7, 50, 0, 1>
[PID: 488][C:\WINNT\System32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 512][C:\Program Files\Network Associates\Common Framework\FrameworkService.exe]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\nailog.dll]  <Network Associates, Inc.><3.5.0.474>
    [C:\Program Files\Network Associates\Common Framework\naXML.dll]  <Network Associates, Inc.><3.5.0.474>
    [C:\Program Files\Network Associates\Common Framework\naCmnLib.dll]  <Network Associates, Inc.><3.5.0.474>
    [C:\Program Files\Network Associates\Common Framework\applib.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\Logging.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\InternetManager.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\naInet.dll]  <Network Associates, Inc.><3.5.0.474>
    [C:\Program Files\Network Associates\Common Framework\UserSpace.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\Management.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\cmalib.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\naPolicyManager.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\ScriptSubSys.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\UpdateSubSys.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\Scheduler.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\Agent.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\naSPIPE.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\ListenServer.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\TCSubSys.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\GenEvtInf.dll]  <Network Associates, Inc.><3.5.0.412>
[PID: 584][C:\Program Files\NavNT\rtvscan.exe]  <Symantec Corporation><7.50.00.846>
    [C:\Program Files\NavNT\Dec2.dll]  <Symantec Corporation><2.16.0.45>
    [C:\Program Files\NavNT\Dec2ARJ.dll]  <Symantec Corporation><2.16.0.45>
    [C:\Program Files\NavNT\Dec2ID.dll]  <Symantec Corporation><2.16.0.45>
    [C:\Program Files\NavNT\Dec2LHA.dll]  <Symantec Corporation><2.16.0.45>
    [C:\Program Files\NavNT\SymLHA.dll]  <Symantec Corporation><2.16.0.45>
    [C:\Program Files\NavNT\Dec2LZ.dll]  <Symantec Corporation><2.16.0.45>
    [C:\Program Files\NavNT\Dec2MIME.dll]  <Symantec Corporation><2.16.0.45>
    [C:\Program Files\NavNT\Dec2Zip.dll]  <Symantec Corporation><2.16.0.45>
    [C:\Program Files\NavNT\Dec2AMG.dll]  <Symantec Corporation><2.16.0.45>
    [C:\Program Files\NavNT\SYMAMG32.DLL]  <Symantec Corporation with portions by FUJITSU DEVICES INC.><2.16.0.45>
    [C:\Program Files\NavNT\Dec2UUE.dll]  <Symantec Corporation><2.16.0.45>
    [C:\Program Files\NavNT\Dec2SS.dll]  <Symantec Corporation><2.16.0.45>
    [C:\Program Files\NavNT\Dec2RTF.dll]  <Symantec Corporation><2.16.0.45>
    [C:\WINNT\system32\CBA.DLL]  <Intel Corporation><6.0.201.0940 E>
    [C:\WINNT\system32\MsgSys.dll]  <Intel Corporation><6.0.201.0940 E>
    [C:\WINNT\system32\NTS.dll]  <Intel Corporation><6.0.201.0940 E>
    [C:\WINNT\system32\PDS.DLL]  <Intel Corporation><6.0.201.0940 E>
    [C:\Program Files\NavNT\NAVLU.dll]  <Symantec Corporation><7.50.00.846>
    [C:\Program Files\NavNT\NAVNTUTL.DLL]  <Symantec/Peter Norton Group><1, 0, 0, 1>
    [C:\Program Files\NavNT\i2ldvp3.dll]  <Symantec Corporation><7.50.00.846>
    [C:\Program Files\NavNT\NAVAPI32.DLL]  <Symantec Corp.><4.1.0.6>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20051212.008\NAVEX32a.DLL]  <Symantec Corporation><20051.3.1.11>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20051212.008\NAVENG32.DLL]  <Symantec Corporation><20051.3.1.11>
    [C:\Program Files\NavNT\NAVAP32.DLL]  <Symantec Corporation><5.3.1.39>
    [C:\WINNT\system32\amslib.dll]  <Intel Corporation><6.0.201.0940 E>
    [C:\WINNT\system32\loc32vc0.dll]  <Intel><3, 0, 0, 2>
[PID: 592][C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe]  <Network Associates, Inc.><3.5.0.412>
    [C:\PROGRA~1\NETWOR~1\COMMON~1\nailog.dll]  <Network Associates, Inc.><3.5.0.474>
    [C:\PROGRA~1\NETWOR~1\COMMON~1\naCmnLib.dll]  <Network Associates, Inc.><3.5.0.474>
    [C:\PROGRA~1\NETWOR~1\COMMON~1\naXML.dll]  <Network Associates, Inc.><3.5.0.474>
    [C:\PROGRA~1\NETWOR~1\COMMON~1\0804\AgentRes.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\AgentPlugin.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\NAGSHR32.DLL]  <Network Associates, Inc.><3.5.0.474>
    [C:\McAfee\Rogue System Sensor\RSSPlugin.dll]  <McAfee, Inc.><1.0.0>
    [C:\Program Files\Network Associates\Common Framework\PCRPlug.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\UpdPlug.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll]  <Network Associates, Inc.><3.5.0.412>
[PID: 672][C:\WINNT\system32\regsvc.exe]  <Microsoft Corporation><5.00.2195.6701>
[PID: 692][C:\McAfee\Rogue System Sensor\RSSensor.exe]  <McAfee, Inc.><1.0.0>
    [C:\McAfee\Rogue System Sensor\RSSPlugin.dll]  <McAfee, Inc.><1.0.0>
    [C:\WINNT\system32\wpcap.dll]  <NetGroup - Politecnico di Torino><3, 1, 0, 22>
    [C:\WINNT\system32\packet.dll]  <NetGroup - Politecnico di Torino><3, 1, 0, 22>
[PID: 712][C:\WINNT\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6972>
[PID: 764][C:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
[PID: 824][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 952][C:\WINNT\Explorer.EXE]  <Microsoft

Corporation><5.00.3700.6690>
    [C:\PROGRA~1\WinZip\WZSHLSTB.DLL]  <WinZip Computing, Inc.><3.0 (32-bit)>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  <Symantec Corporation><7.50.00.846>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><6.0.1.2003110300>
    [C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL]  <N/A><N/A>
[PID: 1308][C:\WINNT\system32\MsgSys.EXE]  <Intel Corporation><6.0.201.0940 E>
    [C:\WINNT\system32\NTS.dll]  <Intel Corporation><6.0.201.0940 E>
    [C:\WINNT\system32\CBA.DLL]  <Intel Corporation><6.0.201.0940 E>
    [C:\WINNT\system32\MsgSys.dll]  <Intel Corporation><6.0.201.0940 E>
    [C:\WINNT\system32\PDS.DLL]  <Intel Corporation><6.0.201.0940 E>
[PID: 1316][C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\nailog.dll]  <Network Associates, Inc.><3.5.0.474>
    [C:\Program Files\Network Associates\Common Framework\naCmnLib.dll]  <Network Associates, Inc.><3.5.0.474>
    [C:\Program Files\Network Associates\Common Framework\naXML.dll]  <Network Associates, Inc.><3.5.0.474>
    [C:\Program Files\Network Associates\Common Framework\0804\UpdRes.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll]  <Network Associates, Inc.><3.5.0.412>
[PID: 1328][C:\Program Files\NavNT\vptray.exe]  <Symantec Corporation><7.50.00.846>
    [C:\Program Files\NavNT\Cliscan.dll]  <Symantec Corporation><7.50.00.846>
    [C:\Program Files\NavNT\NAVNTUTL.DLL]  <Symantec/Peter Norton Group><1, 0, 0, 1>
    [C:\Program Files\NavNT\Cliproxy.dll]  <Symantec Corporation><7.50.00.846>
[PID: 836][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3208>
[PID: 1344][C:\WINNT\system32\internat.exe]  <Microsoft Corporation><5.00.2920.0000>
[PID: 1424][C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE]  <Super Rabbit Soft><7.30>
[PID: 1160][C:\WINNT\system32\conime.exe]  <Microsoft Corporation><5.00.2195.6655>
[PID: 1492][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2800.1106>
    [C:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~2.DLL]  <超级兔子><1.0.6.8>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><6.0.1.2003110300>
[PID: 256][C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe]  <Network Associates, Inc.><2.5.0.308>
    [C:\Program Files\Network Associates\Common Framework\0804\ScrptRes_InUse.dll]  <Network Associates, Inc.><2.5.0.308>
    [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\ScriptSubSys.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\naXML.dll]  <Network Associates, Inc.><3.5.0.474>
    [C:\Program Files\Network Associates\Common Framework\naCmnLib.dll]  <Network Associates, Inc.><3.5.0.474>
    [C:\Program Files\Network Associates\Common Framework\nailog.dll]  <Network Associates, Inc.><3.5.0.474>
[PID: 1524][E:\zhuomian\sreng2\SREng.exe]  <Smallfrogs Studio><2.0.12.350>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

开始→控制面板→管理工具→服务→查找Windows Management NetWork Service Extensions→右击→属性→启动类型→禁止→应用→停止→确定。

重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows

显示隐藏文件

双击我的电脑--工具---文件夹选项--查看选项卡--单击选取"显示隐藏文件或文件夹"--清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示您确定更改时，单击“是”--单击“确定”。

然后找到如下文件并删除（如果有的话）。

NetManager.exe（请用开始菜单中的搜索功能查找）