瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 【原创】如何去掉这两个网页
hongtao2 - 2006-6-13 20:25:00
我的计算机经常出现两个网页,很讨厌。清除仍然出现:www.bloven.com/index.htm  另外的是http//1211.144.143.13/vip.htm
请问 如何解决?
谢谢。
我无邪 - 2006-6-13 20:48:00
请下载 System Repair Engineer,使用“智能扫描”,按下“扫描”按钮进行扫描,扫描完成后按下“保存报告”按钮保存报告日志文件(SREng.LOG),把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完,分次粘完,请不要修改。
hongtao2 - 2006-6-13 22:20:00
我无邪:
你好。按照你的指点,我下载了http://www.kztechs.com/sreng/sreng2.zip 。现在将扫描报告上传,请你帮助解决。不胜感谢。2006-06-13,22:02:162006-06-13,22:02:16

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Server Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <internat.exe><internat.exe>  [Microsoft Corporation]
    <Message><D:\WINNT\Downloaded Program Files\CONFLICT.17\svhost.exe>  [番茄花园]
    <ntdll.dll><D:\WINNT\Downloaded Program Files\CONFLICT.17\svhost.exe>  [番茄花园]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <COM Service><gayZZ.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PROMon.exe><PROMon.exe>  [Intel Corporation]
    <NvCplDaemon><RUNDLL32.EXE NvQTwk,NvCplDaemon initialize>  []
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <HPWG myPrintMileage Agent><D:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe>  []
    <windate><windate.exe>  []
    <_KAVImmuniteSasser><LsassPatch.EXE>  []
    <Microsoft Sys Manager><sysmgr.exe>  []
    <msmsgss><C:\WINNT\SYSTEM32\hrtv.exe>  []
    <Fixnice><vcvw.exe>  []
    <MS-4011 Memory Patch><E:\RavSasser.exe -Patch>  []
    <netservices><svchostn.exe>  []
    <Ulead AutoDetector><D:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe>  [Ulead Systems, Inc.]
    <Rcf Driver><rcf.exe>  []
    <Configuration><ntsys32.exe>  []
    <dla><D:\WINNT\system32\dla\tfswctrl.exe>  [VERITAS Software, Inc.]
    <Micrsoft Driver><windrive.exe>  []
    <Windows NT 32><ntlogin32.exe>  []
    <Microsoft Windows Hosting><MSschost.exe>  []
    <Microsoft Explorer><ixplorer.exe>  []
    <Win32 Services><wuamngr.exe>  []
    <Microsoft Synchronization Manager><svshost.exe>  []
    <Microsoft Manager><xXx.exe>  []
    <WDqvsst><C:\WINNT\SYSTEM32\Densip.exe>  []
    <前台报账系统管理><D:\WINNT\system32\UFCOMSQL\UFFore.exe>  [UFSoft]
    <YDTMain.exe><D:\PROGRA~1\YDT\YDTMain.exe>  []
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <MINI_BFYY><D:\Program Files\Ringz Studio\Storm Downloader\StormDownloader.exe>  [深圳市三代科技开发有限公司]
    <RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><"D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <defender><C:\\defender23.exe>  []
    <keyboard><C:\\keyboard23.exe>  []
    <newname><C:\\newname22.exe>  []
    <stup1.exe><D:\PROGRA~1\TENCENT\Adplus\stup1.exe>  [Tencent]
    <mswap><rundll32.exe D:\WINNT\system32\mswap.dll,start>  []
    <Microsoft (R) Windows Update Manager Tool><D:\sck32.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <windate><windate.exe>  []
    <Microsoft Sys Manager><sysmgr.exe>  []
    <Fixnice><vcvw.exe>  []
    <netservices><svchostn.exe>  []
    <Rcf Driver><rcf.exe>  []
    <Configuration><ntsys32.exe>  []
    <Micrsoft Driver><windrive.exe>  []
    <Windows NT 32><ntlogin32.exe>  []
    <Microsoft Windows Hosting><MSschost.exe>  []
    <System Information Manager><Ntsys.exe>  []
    <Microsoft Explorer><ixplorer.exe>  []
    <Win32 Services><wuamngr.exe>  []
    <Microsoft Synchronization Manager><svshost.exe>  []
    <Microsoft Manager><xXx.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><explorer.exe>  [Microsoft Corporation]
    <Userinit><D:\WINNT\SYSTEM32\USERINIT.EXE,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><D:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{F2FA09FB-EE7A-46d8-9145-A1EEF7850052}><D:\WINNT\system32\pmkjk.dll>  []
    <{6A89AAA0-1FFF-4159-ABDB-2FFF21B8A65D}><D:\WINNT\system32\Issrts.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmkjk]
    <WinlogonNotify: pmkjk><pmkjk.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Syncmgr]
    <WinlogonNotify: Syncmgr><D:\WINNT\system32\t2r8lc9u1f.dll>  []

==================================
启动文件夹
[Microsoft Office]
  <D:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk><N>
[腾讯QQ]
  <D:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk><N>

==================================
服务
[bwpab / bwpab]
  <"\\218.11.43.16\admin$\netsvcs.exe" -service><N/A>
[Logical Disk Manager Administrative Service / dmadmin]
  <D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[gibgjvw / gibgjvw]
  <"\\61.55.43.230\E$\dmsvc32.exe" -service><N/A>
[gqsqb / gqsqb]
  <"\\218.11.43.41\admin$\winsm.exe" -service><N/A>
[Network Monitor / Network Monitor]
  <D:\Program Files\Network Monitor\netmon.exe service><N/A>
[Intel(R) NMS / NMSSvc]
  <D:\WINNT\System32\NMSSvc.exe><Intel Corporation>
[NVIDIA Driver Helper Service / NVSvc]
  <D:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>
[PPPoE Service / PPPoEService]
  <D:\PROGRA~1\HBTELCOM\宽带拨~1\app\pppoeservice.exe><N/A>
[Rising Proxy  Service / RfwProxySrv]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Windows Management NetWork Service Extensions / Windows Management NetWork Service Extensions]
  <NetManager.exe -exe_start><N/A>

hongtao2 - 2006-6-13 22:34:00
浏览器加载项
[]
  {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} <D:\WINNT\system32\pmkjk.dll, N/A>
[新浪UC]
  {2253922F-1B26-4C74-8B57-E3AEE748DBB8} <D:\Program Files\sina\UC\UC.exe, 北京新浪信息技术有限公司>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <D:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[用友]
  {83241FE4-9972-11D3-BDC2-000021EA4FD8} <C:\WF821\Desktop\RunIE.exe, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[易趣购物]
  {DE607145-AC19-425e-861A-1D70ABDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=5, N/A>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[新浪点点通]
  {F60C7D81-8471-4D40-AAFE-56D318F34C2D} <D:\WINNT\downlo~1\DDTONG~1.DLL, 北京新浪信息技术有限公司>
[]
  {974AD624-EA50-4831-A6C0-3040F6665396} <D:\WINNT\downlo~1\rssband.dll, 北京新浪信息技术有限公司>
[新浪点点通阅读器]
  {F0646DC8-58CD-4C64-8F6B-525043914685} <D:\WINNT\downlo~1\rssband.dll, 北京新浪信息技术有限公司>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[新浪点点通]
  {F60C7D81-8471-4D40-AAFE-56D318F34C2D} <D:\WINNT\downlo~1\DDTONG~1.DLL, 北京新浪信息技术有限公司>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <d:\program files\google\googletoolbar2.dll, Google Inc.>
[IDDTInitObj Class]
  {15DDE989-CD45-4561-BF99-D22C0D5C2B74} <D:\WINNT\downlo~1\ddtinit.dll, 北京新浪信息技术有限公司>
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <D:\WINNT\system32\WEBACT~1.OCX, QQ>
[WEBChatRoomOCX Control]
  {448A5F6B-8C03-4B54-A338-F00237C508AD} <D:\PROGRA~1\LONGMA~1\UCWEBC~1\UCWEBC~1.OCX, >
[RdxIE Class]
  {56336BCB-3D8A-11D6-A00B-0050DA18DE71} <D:\WINNT\Downloaded Program Files\RdxIE.dll, RealNetworks, Inc.>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <D:\WINNT\DOWNLO~1\INPUTC~1.DLL, >
[MediaTicketsInstaller Control]
  {9EB320CE-BE1D-4304-A081-4B4665414BEF} <D:\WINNT\DOWNLO~1\MEDIAT~1.OCX, N/A>
[Update Class]
  {9F1C11AA-197B-4942-BA54-47A8489BB47F} <D:\WINNT\System32\iuctl.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINNT\system32\Macromed\Flash\FLASH.OCX, Macromedia, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <D:\WINNT\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[&Google Search]
  <res://D:\Program Files\Google\googletoolbar.dll/cmsearch.html, N/A>
[&使用暴风下载器下载]
  <D:\Program Files\Ringz Studio\Storm Downloader\geturl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[使用彩信超级自写发送到手机]
  <http://mms.sina.com.cn/mmsnews.html, N/A>
[使用新浪下载助手下载]
  <D:\WINNT\downlo~1\sinadl.htm, N/A>
[反向链接]
  <res://D:\Program Files\Google\googletoolbar.dll/cmbacklinks.html, N/A>
[发送图片到手机(&M)]
  <http://sms.sina.com.cn/diy/send.html?from=467, N/A>
[收藏此页到新浪ViVi]
  <http://vivi.sina.com.cn/collect/click.php?agent=ddt, N/A>
[新浪搜索]
  <http://cha.sina.com.cn/ddt.html, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[添加到雅虎订阅(&Y)]
  <res://D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\qq\SendMMS.htm, N/A>
[类似网页]
  <res://D:\Program Files\Google\googletoolbar.dll/cmsimilar.html, N/A>
[缓存的网页快照]
  <res://D:\Program Files\Google\googletoolbar.dll/cmcache.html, N/A>
[雅虎搜索]
  <res://D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246, N/A>
hongtao2 - 2006-6-13 22:34:00
==================================
正在运行的进程
[PID: 1292][D:\WINNT\system32\rundll32.exe]  <Microsoft Corporation><5.00.2134.1>
    [D:\WINNT\system32\qcv.dll]  <N/A><N/A>
    [D:\WINNT\system32\cdnns.dll]  <N/A><N/A>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
[PID: 1432][D:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [D:\WINNT\system32\qcv.dll]  <N/A><N/A>
    [D:\WINNT\system32\pmkjk.dll]  <N/A><N/A>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
    [D:\WINNT\Downloaded Program Files\Tjtze.dll]  <Tencent><4, 0, 9, 90>
    [D:\WINNT\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [D:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
[PID: 1520][D:\WINNT\System32\mdm.exe]  <Microsoft Corporation><6.00.8424>
[PID: 1604][D:\WINNT\system32\PROMon.exe]  <Intel Corporation><5.3.7.0>
    [D:\WINNT\system32\NMSAPI.DLL]  <Intel Corporation><2.1.9.0>
    [D:\WINNT\System32\NMSSvcPS.DLL]  <Intel Corporation><2.1.9.0>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
[PID: 1640][D:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe]  <N/A><N/A>
    [D:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\HPWGTRE.dll]  <Hewlett-Packard Company><2003.0417.0.0>
[PID: 1608][D:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe]  <Ulead Systems, Inc.><8.0.0.0>
    [D:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\u32Comm.dll]  <Ulead Systems, Inc.><8.0.0.0>
[PID: 1624][D:\WINNT\system32\dla\tfswctrl.exe]  <VERITAS Software, Inc.><1.02.93a>
    [D:\WINNT\system32\tfswapi.dll]  <VERITAS Software, Inc.><1.02.93a>
    [D:\WINNT\system32\dla\tfswcres.dll]  <VERITAS Software, Inc.><1.02.93a>
[PID: 1668][D:\WINNT\SOUNDMAN.EXE]  <Realtek Semiconductor Corp.><5.1.14>
[PID: 1680][D:\Program Files\Ringz Studio\Storm Downloader\StormDownloader.exe]  <深圳市三代科技开发有限公司><1, 1, 0, 4>
    [D:\Program Files\Ringz Studio\Storm Downloader\boost_thread-vc6-mt-1_31.dll]  <N/A><N/A>
    [D:\WINNT\system32\cdnns.dll]  <N/A><N/A>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
[PID: 1688][D:\Program Files\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [D:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 1696][D:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3292>
[PID: 1752][D:\WINNT\system32\internat.exe]  <Microsoft Corporation><5.00.2920.0000>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
[PID: 1636][D:\WINNT\Downloaded Program Files\CONFLICT.17\svhost.exe]  <番茄花园><1.00>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
[PID: 1728][D:\WINNT\Downloaded Program Files\CONFLICT.17\svhost.exe]  <番茄花园><1.00>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
[PID: 1804][D:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><5.00.2920.0000>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
    [D:\WINNT\Downloaded Program Files\Tjtze.dll]  <Tencent><4, 0, 9, 90>
    [D:\WINNT\downlo~1\DDTONG~1.DLL]  <北京新浪信息技术有限公司><1, 2, 1, 5>
    [D:\WINNT\downlo~1\ddtinit.dll]  <北京新浪信息技术有限公司><1, 2, 1, 7>
    [D:\WINNT\downlo~1\DDTUpdate.dll]  <北京新浪信息技术有限公司><1, 2, 1, 1>
    [D:\WINNT\downlo~1\ddtcomm.dll]  <北京新浪信息技术有限公司><1, 1, 0, 3>
    [D:\WINNT\system32\cdnns.dll]  <N/A><N/A>
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  <><17, 0, 0, 7>
    [D:\WINNT\system32\Macromed\Flash\FLASH.OCX]  <Macromedia, Inc.><7,0,19,0>
[PID: 1972][D:\Program Files\Tencent\QQGame\QQGame.exe]  <深圳市腾讯计算机系统有限公司><0, 10, 108, 45>
    [D:\Program Files\Tencent\QQGame\VHelp.dll]  <><1, 0, 0, 1>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
    [D:\Program Files\Tencent\QQGame\ResEx.dll]  <深圳市腾讯计算机系统有限公司><0, 10, 0, 0>
    [D:\Program Files\Tencent\QQGame\HelpDll.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQGame\GameLogCore.dll]  <><0, 10, 106, 13>
    [D:\Program Files\Tencent\QQGame\Core.dll]  <é??úêDìú???????ú?μí3óD?T1???><0, 10, 0, 0>
    [D:\Program Files\Tencent\QQGame\NetCenter.dll]  <é??úêDìú???????ú?μí3óD?T1???><0, 10, 0, 0>
    [D:\Program Files\Tencent\QQGame\CmdCenter.dll]  <深圳市腾讯计算机系统有限公司><0, 10, 0, 0>
    [D:\Program Files\Tencent\QQGame\GameLogAidMgr.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQGame\COMToolKit.dll]  <><1, 0, 0, 3>
    [D:\Program Files\Tencent\QQGame\QQGameAvatar.dll]  <深圳市腾讯计算机系统有限公司                                    Tencent Computer System Ltd.><0, 10, 0, 0>
    [D:\WINNT\system32\cdnns.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQGame\QQGameAvatarShow.dll]  <深圳市腾讯计算机系统有限公司                                    Tencent Computer System Ltd.><0, 10, 0, 0>
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  <><17, 0, 0, 7>
    [D:\WINNT\system32\Macromed\Flash\FLASH.OCX]  <Macromedia, Inc.><7,0,19,0>
    [D:\Program Files\Tencent\QQGame\QQGameItemMgr.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQGame\ItemShowHelper.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQGame\WorkModule.dll]  <><0, 0, 0, 13>
    [D:\Program Files\TENCENT\Adplus\SSAddr1.dll]  <Tencent><4, 0, 9, 90>
    [D:\Program Files\Tencent\QQGame\Room.dll]  <><1, 0, 0, 28>
    [D:\Program Files\Tencent\QQGame\CUQG.ocx]  <深圳市腾讯计算机系统有限公司                                    Tencent Computer System Ltd.><0, 10, 0, 14>
    [D:\Program Files\Tencent\QQGame\GameProxy.dll]  <N/A><N/A>
[PID: 1796][D:\WINNT\system32\rundll32.exe]  <Microsoft Corporation><5.00.2134.1>
    [D:\WINNT\system32\mswap.dll]  <N/A><N/A>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
    [D:\WINNT\system32\cdnns.dll]  <N/A><N/A>
[PID: 1700][d:\program files\rising\rfw\RfwMain.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 51>
    [d:\program files\rising\rfw\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [d:\program files\rising\rfw\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [d:\program files\rising\rfw\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
    [D:\WINNT\system32\pmkjk.dll]  <N/A><N/A>
[PID: 2124][D:\PROGRA~1\TENCENT\QQGAME\newddz\NEWDDZ.EXE]  <Tencent><0, 10, 104, 15>
    [D:\PROGRA~1\TENCENT\QQGAME\newddz\MagicShow.dll]  <><1, 0, 0, 1>
    [D:\PROGRA~1\TENCENT\QQGAME\newddz\2DEngineDll.dll]  <><1, 0, 0, 1>
    [D:\PROGRA~1\TENCENT\QQGAME\newddz\zlib1.dll]  <N/A><1.2.1>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
    [D:\PROGRA~1\TENCENT\QQGAME\HelpDll.dll]  <><1, 0, 0, 1>
    [D:\PROGRA~1\TENCENT\QQGAME\ResEx.dll]  <深圳市腾讯计算机系统有限公司><0, 10, 0, 0>
    [D:\PROGRA~1\TENCENT\QQGAME\GameListMenu1.dll]  <><1, 0, 0, 1>
    [D:\PROGRA~1\TENCENT\QQGAME\newddz\hcq.dll]  <><1, 0, 0, 1>
    [D:\PROGRA~1\TENCENT\QQGAME\newddz\dlgprj.dll]  <><1, 0, 0, 1>
    [D:\PROGRA~1\Tencent\QQGame\CUQG.ocx]  <深圳市腾讯计算机系统有限公司                                    Tencent Computer System Ltd.><0, 10, 0, 14>
    [D:\Program Files\Tencent\QQGame\GameProxy.dll]  <N/A><N/A>
    [D:\WINNT\system32\l3codeca.acm]  <Fraunhofer Institut Integrierte Schaltungen IIS><1, 9, 0, 0305>
[PID: 2140][D:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><5.00.2920.0000>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
    [D:\WINNT\Downloaded Program Files\Tjtze.dll]  <Tencent><4, 0, 9, 90>
    [D:\WINNT\downlo~1\DDTONG~1.DLL]  <北京新浪信息技术有限公司><1, 2, 1, 5>
    [D:\WINNT\downlo~1\ddtinit.dll]  <北京新浪信息技术有限公司><1, 2, 1, 7>
    [D:\WINNT\downlo~1\DDTUpdate.dll]  <北京新浪信息技术有限公司><1, 2, 1, 1>
    [D:\WINNT\system32\cdnns.dll]  <N/A><N/A>
    [D:\WINNT\system32\pmkjk.dll]  <N/A><N/A>
[PID: 2068][D:\Documents and Settings\Administrator\My Documents\苗宇宽\sreng2\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
    [D:\WINNT\system32\cdnns.dll]  <N/A><N/A>

==================================
文件关联
.TXT  Error. [NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["D:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================
我无邪 - 2006-6-13 23:29:00
因是服务器,要慎重。
以下是我对进程的看法,不一定是对的,请仔细判认,如果你知道,就不必修复。
双击我的电脑,工具,文件夹选项,查看,单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件(推荐)"复选框。在提示确定更改时,单击“是”,清除“隐藏已知文件类型的扩展名
运行System Repair Engineer,使用“系统修复,文件关联,勾选“全选”点“修复”使所有扩展名都恢复正常。
运行System Repair Engineer,点“启动项目,服务,点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务bwpab,Logical Disk Manager Administrative Service,gqsqb,Network Monitor,Windows Management NetWork Service Extensions选择“删除服务”点“设置”选择“否”最后重启。(每一个逗号隔开的就是一个病毒的服务,请逐一删除)
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
关闭所有浏览窗口以及一些不必要的程序
运行System Repair Engineer,使用“系统修复,浏览器加载项”来删除以下选项。
[]
{F2FA09FB-EE7A-46d8-9145-A1EEF7850052} <D:\WINNT\system32\pmkjk.dll, N/A>

运行System Repair Engineer,使用“启动项目,注册表”来删除以下选项。
(如果在注册表里无法识别那一下,可以选中一项后,点“编辑”这样会有很明细的路径)
Message><D:\WINNT\Downloaded Program Files\CONFLICT.17\svhost.exe> [番茄花园]
<ntdll.dll><D:\WINNT\Downloaded Program Files\CONFLICT.17\svhost.exe> [番茄花园]
windate><windate.exe> []
Microsoft Sys Manager><sysmgr.exe> []
netservices><svchostn.exe> []
<Rcf Driver><rcf.exe> []
Windows NT 32><ntlogin32.exe
Micrsoft Driver><windrive.exe
<Microsoft Windows Hosting><MSschost.exe
Microsoft Synchronization Manager><svshost.exe>
Microsoft Manager><xXx.exe>
WDqvsst><C:\WINNT\SYSTEM32\Densip.exe
YDTMain.exe><D:\PROGRA~1\YDT\YDTMain.exe>
defender><C:\\defender23.exe> []
<keyboard><C:\\keyboard23.exe> []
<newname><C:\\newname22.exe> []
D:\sck32.exe
ixplorer.exe
<Win32 Services><wuamngr.exe>
<{F2FA09FB-EE7A-46d8-9145-A1EEF7850052}><D:\WINNT\system32\pmkjk.dll> []
<{6A89AAA0-1FFF-4159-ABDB-2FFF21B8A65D}><D:\WINNT\system32\Issrts.dll>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmkjk]
<WinlogonNotify: pmkjk><pmkjk.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Syncmgr]
<WinlogonNotify: Syncmgr><D:\WINNT\system32\t2r8lc9u1f.dll> []
删除
D:\WINNT\Downloaded Program Files\CONFLICT.17
windate.exe
sysmgr.exe
svchostn.exe
rcf.exe
ntlogin32.exe
windrive.exe
MSschost.exe
svshost.exe(注意区分)
xXx.exe
C:\WINNT\SYSTEM32\Densip.exe
D:\PROGRA~1\YDT
C:\\newname22.exe
C:\\keyboard23.exe
C:\\defender23.exe
D:\sck32.exe
ixplorer.exe
wuamngr.exe
D:\WINNT\system32\pmkjk.dll
D:\WINNT\system32\Issrts.dll
D:\WINNT\system32\t2r8lc9u1f.dll
\\218.11.43.16
\\61.55.43.230
\\218.11.43.41
D:\Program Files\Network Monitor
NetManager.exe
D:\WINNT\system32\pmkjk.dll
修复后请重启,烦再扫份报告粘上来。
另,建议把你知道的进程列出来。
hongtao2 - 2006-6-14 21:42:00
我无邪:你好,我基本按照你说的作了,不好意思。下面的项目我不知道在那里,如何操作。请你在指点一下。在一次感谢。
删除
D:\WINNT\Downloaded Program Files\CONFLICT.17
windate.exe
sysmgr.exe
svchostn.exe
rcf.exe
ntlogin32.exe
windrive.exe
MSschost.exe
svshost.exe(注意区分)
xXx.exe
C:\WINNT\SYSTEM32\Densip.exe
D:\PROGRA~1\YDT
C:\\newname22.exe
C:\\keyboard23.exe
C:\\defender23.exe
D:\sck32.exe
ixplorer.exe
wuamngr.exe
D:\WINNT\system32\pmkjk.dll
D:\WINNT\system32\Issrts.dll
D:\WINNT\system32\t2r8lc9u1f.dll
\\218.11.43.16
\\61.55.43.230
\\218.11.43.41
D:\Program Files\Network Monitor
NetManager.exe
D:\WINNT\system32\pmkjk.dll
hongtao2 - 2006-6-14 21:44:00
下面是我今天扫描的报告,现在发上去,请指点。006-06-14,21:33:27

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Server Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <internat.exe><internat.exe>  [Microsoft Corporation]
    <Message><D:\WINNT\Downloaded Program Files\CONFLICT.17\svhost.exe>  [番茄花园]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <COM Service><gayZZ.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PROMon.exe><PROMon.exe>  [Intel Corporation]
    <NvCplDaemon><RUNDLL32.EXE NvQTwk,NvCplDaemon initialize>  []
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <HPWG myPrintMileage Agent><D:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe>  []
    <_KAVImmuniteSasser><LsassPatch.EXE>  []
    <msmsgss><C:\WINNT\SYSTEM32\hrtv.exe>  []
    <Fixnice><vcvw.exe>  []
    <MS-4011 Memory Patch><E:\RavSasser.exe -Patch>  []
    <Ulead AutoDetector><D:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe>  [Ulead Systems, Inc.]
    <Configuration><ntsys32.exe>  []
    <dla><D:\WINNT\system32\dla\tfswctrl.exe>  [VERITAS Software, Inc.]
    <Win32 Services><wuamngr.exe>  []
    <前台报账系统管理><D:\WINNT\system32\UFCOMSQL\UFFore.exe>  [UFSoft]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <MINI_BFYY><D:\Program Files\Ringz Studio\Storm Downloader\StormDownloader.exe>  [深圳市三代科技开发有限公司]
    <RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><"D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <stup1.exe><D:\PROGRA~1\TENCENT\Adplus\stup1.exe>  [Tencent]
    <mswap><rundll32.exe D:\WINNT\system32\mswap.dll,start>  []
    <Microsoft (R) Windows Update Manager Tool><D:\sck32.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <windate><windate.exe>  []
    <Microsoft Sys Manager><sysmgr.exe>  []
    <Fixnice><vcvw.exe>  []
    <netservices><svchostn.exe>  []
    <Rcf Driver><rcf.exe>  []
    <Configuration><ntsys32.exe>  []
    <Micrsoft Driver><windrive.exe>  []
    <Windows NT 32><ntlogin32.exe>  []
    <Microsoft Windows Hosting><MSschost.exe>  []
    <System Information Manager><Ntsys.exe>  []
    <Microsoft Explorer><ixplorer.exe>  []
    <Win32 Services><wuamngr.exe>  []
    <Microsoft Synchronization Manager><svshost.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><explorer.exe>  [Microsoft Corporation]
    <Userinit><D:\WINNT\SYSTEM32\USERINIT.EXE,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><D:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{F2FA09FB-EE7A-46d8-9145-A1EEF7850052}><D:\WINNT\system32\pmkjk.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmkjk]
    <WinlogonNotify: pmkjk><pmkjk.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck]
    <WinlogonNotify: WebCheck><D:\WINNT\system32\j00slad71d0.dll>  []

==================================
启动文件夹
[Microsoft Office]
  <D:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk><N>
[腾讯QQ]
  <D:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk><N>

==================================
服务
[gibgjvw / gibgjvw]
  <"\\61.55.43.230\E$\dmsvc32.exe" -service><N/A>
[Intel(R) NMS / NMSSvc]
  <D:\WINNT\System32\NMSSvc.exe><Intel Corporation>
[NVIDIA Driver Helper Service / NVSvc]
  <D:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>
[PPPoE Service / PPPoEService]
  <D:\PROGRA~1\HBTELCOM\宽带拨~1\app\pppoeservice.exe><N/A>
[Rising Proxy  Service / RfwProxySrv]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Windows Update Manager Tool / UpdateManagerTool]
  <D:\sck32.exe /updatemgr><N/A>

==================================
我无邪 - 2006-6-14 21:45:00
这些,你可以搜索一下。
先罢了
烦再扫份报告粘上来
hongtao2 - 2006-6-14 21:47:00
浏览器加载项
[]
  {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} <D:\WINNT\system32\pmkjk.dll, N/A>
[新浪UC]
  {2253922F-1B26-4C74-8B57-E3AEE748DBB8} <D:\Program Files\sina\UC\UC.exe, 北京新浪信息技术有限公司>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <D:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[用友]
  {83241FE4-9972-11D3-BDC2-000021EA4FD8} <C:\WF821\Desktop\RunIE.exe, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[易趣购物]
  {DE607145-AC19-425e-861A-1D70ABDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=5, N/A>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[新浪点点通]
  {F60C7D81-8471-4D40-AAFE-56D318F34C2D} <D:\WINNT\downlo~1\DDTONG~1.DLL, 北京新浪信息技术有限公司>
[]
  {974AD624-EA50-4831-A6C0-3040F6665396} <D:\WINNT\downlo~1\rssband.dll, 北京新浪信息技术有限公司>
[新浪点点通阅读器]
  {F0646DC8-58CD-4C64-8F6B-525043914685} <D:\WINNT\downlo~1\rssband.dll, 北京新浪信息技术有限公司>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[新浪点点通]
  {F60C7D81-8471-4D40-AAFE-56D318F34C2D} <D:\WINNT\downlo~1\DDTONG~1.DLL, 北京新浪信息技术有限公司>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <d:\program files\google\googletoolbar2.dll, Google Inc.>
[IDDTInitObj Class]
  {15DDE989-CD45-4561-BF99-D22C0D5C2B74} <D:\WINNT\downlo~1\ddtinit.dll, 北京新浪信息技术有限公司>
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <D:\WINNT\system32\WEBACT~1.OCX, QQ>
[WEBChatRoomOCX Control]
  {448A5F6B-8C03-4B54-A338-F00237C508AD} <D:\PROGRA~1\LONGMA~1\UCWEBC~1\UCWEBC~1.OCX, >
[RdxIE Class]
  {56336BCB-3D8A-11D6-A00B-0050DA18DE71} <D:\WINNT\Downloaded Program Files\RdxIE.dll, RealNetworks, Inc.>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <D:\WINNT\DOWNLO~1\INPUTC~1.DLL, >
[MediaTicketsInstaller Control]
  {9EB320CE-BE1D-4304-A081-4B4665414BEF} <D:\WINNT\DOWNLO~1\MEDIAT~1.OCX, N/A>
[Update Class]
  {9F1C11AA-197B-4942-BA54-47A8489BB47F} <D:\WINNT\System32\iuctl.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINNT\system32\Macromed\Flash\FLASH.OCX, Macromedia, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <D:\WINNT\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[&Google Search]
  <res://D:\Program Files\Google\googletoolbar.dll/cmsearch.html, N/A>
[&使用暴风下载器下载]
  <D:\Program Files\Ringz Studio\Storm Downloader\geturl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[使用彩信超级自写发送到手机]
  <http://mms.sina.com.cn/mmsnews.html, N/A>
[使用新浪下载助手下载]
  <D:\WINNT\downlo~1\sinadl.htm, N/A>
[反向链接]
  <res://D:\Program Files\Google\googletoolbar.dll/cmbacklinks.html, N/A>
[发送图片到手机(&M)]
  <http://sms.sina.com.cn/diy/send.html?from=467, N/A>
[收藏此页到新浪ViVi]
  <http://vivi.sina.com.cn/collect/click.php?agent=ddt, N/A>
[新浪搜索]
  <http://cha.sina.com.cn/ddt.html, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[添加到雅虎订阅(&Y)]
  <res://D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\qq\SendMMS.htm, N/A>
[类似网页]
  <res://D:\Program Files\Google\googletoolbar.dll/cmsimilar.html, N/A>
[缓存的网页快照]
  <res://D:\Program Files\Google\googletoolbar.dll/cmcache.html, N/A>
[雅虎搜索]
  <res://D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246, N/A>

==================================
hongtao2 - 2006-6-14 21:47:00
正在运行的进程
[PID: 1260][D:\WINNT\system32\rundll32.exe]  <Microsoft Corporation><5.00.2134.1>
    [D:\WINNT\system32\ldrt.dll]  <N/A><N/A>
    [D:\WINNT\system32\cdnns.dll]  <N/A><N/A>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
[PID: 1356][D:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [D:\WINNT\system32\ldrt.dll]  <N/A><N/A>
    [D:\WINNT\system32\pmkjk.dll]  <N/A><N/A>
    [D:\WINNT\system32\Yzgji.dll]  <N/A><N/A>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
    [D:\WINNT\Downloaded Program Files\Tjtze.dll]  <Tencent><4, 0, 9, 90>
    [D:\WINNT\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  <><17, 0, 0, 7>
[PID: 1456][D:\WINNT\System32\mdm.exe]  <Microsoft Corporation><6.00.8424>
[PID: 1508][d:\program files\rising\rfw\RfwMain.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 51>
    [d:\program files\rising\rfw\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [d:\program files\rising\rfw\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [d:\program files\rising\rfw\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
[PID: 1588][D:\WINNT\system32\PROMon.exe]  <Intel Corporation><5.3.7.0>
    [D:\WINNT\system32\NMSAPI.DLL]  <Intel Corporation><2.1.9.0>
    [D:\WINNT\System32\NMSSvcPS.DLL]  <Intel Corporation><2.1.9.0>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
[PID: 1620][D:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe]  <N/A><N/A>
    [D:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\HPWGTRE.dll]  <Hewlett-Packard Company><2003.0417.0.0>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
[PID: 1636][D:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe]  <Ulead Systems, Inc.><8.0.0.0>
    [D:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\u32Comm.dll]  <Ulead Systems, Inc.><8.0.0.0>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
[PID: 1560][D:\WINNT\system32\dla\tfswctrl.exe]  <VERITAS Software, Inc.><1.02.93a>
    [D:\WINNT\system32\tfswapi.dll]  <VERITAS Software, Inc.><1.02.93a>
    [D:\WINNT\system32\dla\tfswcres.dll]  <VERITAS Software, Inc.><1.02.93a>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
[PID: 1604][D:\WINNT\SOUNDMAN.EXE]  <Realtek Semiconductor Corp.><5.1.14>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
[PID: 1660][D:\Program Files\Ringz Studio\Storm Downloader\StormDownloader.exe]  <深圳市三代科技开发有限公司><1, 1, 0, 4>
    [D:\Program Files\Ringz Studio\Storm Downloader\boost_thread-vc6-mt-1_31.dll]  <N/A><N/A>
    [D:\WINNT\system32\cdnns.dll]  <N/A><N/A>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
[PID: 1668][D:\Program Files\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [D:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
[PID: 1676][D:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3292>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
[PID: 1696][D:\WINNT\system32\rundll32.exe]  <Microsoft Corporation><5.00.2134.1>
    [D:\WINNT\system32\mswap.dll]  <N/A><N/A>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
    [D:\WINNT\system32\cdnns.dll]  <N/A><N/A>
[PID: 1724][D:\WINNT\system32\internat.exe]  <Microsoft Corporation><5.00.2920.0000>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
[PID: 1744][D:\WINNT\Downloaded Program Files\CONFLICT.17\svhost.exe]  <番茄花园><1.00>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
[PID: 1496][D:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><5.00.2920.0000>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
    [D:\WINNT\Downloaded Program Files\Tjtze.dll]  <Tencent><4, 0, 9, 90>
    [D:\WINNT\downlo~1\DDTONG~1.DLL]  <北京新浪信息技术有限公司><1, 2, 1, 5>
    [D:\WINNT\downlo~1\ddtinit.dll]  <北京新浪信息技术有限公司><1, 2, 1, 7>
    [D:\WINNT\downlo~1\DDTUpdate.dll]  <北京新浪信息技术有限公司><1, 2, 1, 1>
    [D:\WINNT\system32\cdnns.dll]  <N/A><N/A>
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  <><17, 0, 0, 7>
    [D:\WINNT\system32\Macromed\Flash\FLASH.OCX]  <Macromedia, Inc.><7,0,19,0>
    [D:\WINNT\system32\wbapiex.dll]  <><1, 1, 0, 0>
[PID: 1368][D:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><5.00.2920.0000>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
    [D:\WINNT\Downloaded Program Files\Tjtze.dll]  <Tencent><4, 0, 9, 90>
    [D:\WINNT\downlo~1\DDTONG~1.DLL]  <北京新浪信息技术有限公司><1, 2, 1, 5>
    [D:\WINNT\downlo~1\ddtinit.dll]  <北京新浪信息技术有限公司><1, 2, 1, 7>
    [D:\WINNT\downlo~1\DDTUpdate.dll]  <北京新浪信息技术有限公司><1, 2, 1, 1>
    [D:\WINNT\system32\cdnns.dll]  <N/A><N/A>
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  <><17, 0, 0, 7>
    [D:\WINNT\system32\Macromed\Flash\FLASH.OCX]  <Macromedia, Inc.><7,0,19,0>
[PID: 1704][D:\Documents and Settings\Administrator\My Documents\苗宇宽\sreng2\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
    [D:\WINNT\system32\cdnns.dll]  <N/A><N/A>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["D:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
hongtao2 - 2006-6-14 22:10:00
下面的网址是今天又重新出现的:http://www.coupo-ns.com/tau.html
http://www.supercoupon-sales.com/tau.html
http://www.inter-netsales.com/eon.html
http://film.bloven.com/index.htm
http://211.144.143.13/vip.htm
http://www.savi-ngs.com/eon.html
在屏幕的最下边得快捷栏内没有显示,直接出现在屏幕上。有的时候需要点清除健多次才能取消掉。
我无邪 - 2006-6-14 22:39:00
运行System Repair Engineer,点“启动项目,服务,点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务gibgjvw,选择“删除服务”点“设置”选择“否”最后重启
请到www.27814939.ys168.com下载诺顿进程管理器终止所有RUNDLL32.EXE ,windate.exe,vcvw.exe,svchostn.exe,rcf.exe,ntsys32.exe,windrive.exe,ntlogin32.exe,MSschost.exe,Ntsys.exe,ixplorer.exe,wuamngr.exe,svshost.exe,svhost.exe的进程(小技巧,你可以使用诺顿快速的找到进程的目录,自己摸索一下)另,注意判定,如果你知道,就不必修复。另注意,有些病毒会有同样二个以上进程,注意都终止。如果没用就不用终止了。
终止后
运行System Repair Engineer,使用“启动项目,注册表”来删除以下选项。
(如果在注册表里无法识别那一下,可以选中一项后,点“编辑”这样会有很明细的路径)(如果有的话)
D:\WINNT\Downloaded Program Files\CONFLICT.17\svhost.exe> [番茄花园]
C:\WINNT\SYSTEM32\hrtv.exe
windate><windate.exe> []
<Microsoft Sys Manager><sysmgr.exe> []
<Fixnice><vcvw.exe> []
<netservices><svchostn.exe> []
<Rcf Driver><rcf.exe> []
<Configuration><ntsys32.exe> []
<Micrsoft Driver><windrive.exe> []
<Windows NT 32><ntlogin32.exe> []
<Microsoft Windows Hosting><MSschost.exe> []
<System Information Manager><Ntsys.exe> []
<Microsoft Explorer><ixplorer.exe> []
<Win32 Services><wuamngr.exe> []
<Microsoft Synchronization Manager><svshost.exe> []
删除
svshost.exe
wuamngr.exe
ixplorer.exe
Ntsys.exe
MSschost.exe
ntlogin32.exe
windrive.exe
ntsys32.exe
rcf.exe
svchostn.exe
vcvw.exe
sysmgr.exe
windate.exe
\\61.55.43.230
C:\WINNT\SYSTEM32\hrtv.exe
D:\WINNT\Downloaded Program Files\CONFLICT.17
修复后,请重启。
烦再扫份报告粘上来。
hongtao2 - 2006-6-14 22:57:00
请问:
删除
svshost.exe
wuamngr.exe
ixplorer.exe
Ntsys.exe
MSschost.exe
ntlogin32.exe
windrive.exe
ntsys32.exe
rcf.exe
svchostn.exe
vcvw.exe
sysmgr.exe
windate.exe
\\61.55.43.230
C:\WINNT\SYSTEM32\hrtv.exe
D:\WINNT\Downloaded Program Files\CONFLICT.17
在那个位置操作。

我无邪 - 2006-6-14 23:22:00
你打开诺顿管理器的时候,在右边不是有完整的路径吗
如果进程里没有它们
就只能用系统的搜索来寻找了。
hongtao2 - 2006-6-16 22:17:00
svshost.exe终止进程的时候,提示拒绝访问。
这几天,搞的我头都大了, 我把今天的骚扰网页都记下来了,现在贴上去。还请多多指点。
hongtao2 - 2006-6-16 22:18:00
讨厌的网址
http://www.coupo-ns.com/tau.html
http://www.supercoupon-sales.com/tau.html
http://www.inter-netsales.com/eon.html
http://film.bloven.com/index.htm
http://211.144.143.13/vip.htm
http://www.savi-ngs.com/eon.html
http://www.prem-iumcertificate.com/eon.html
http://www.coupo-ns.com/eon.html
http://www.pr-omoting.com/tau.html
http://www.announceme-nt.com/tau.html
http://www.wild-savings.com/eon.html
http://www.prem-iumcertificate.com/tau.html
我无邪 - 2006-6-16 22:46:00
你把网页发来,没有用。
请问你的QQ通过悄悄话发给我。
hongtao2 - 2006-6-16 23:09:00
我不会用QQ,和我同一个机子的人会用, 他现在不在。我该做些什么???

我无邪 - 2006-6-16 23:24:00
有点为难你了
这样好了
你看一下这个列表,如果有你熟悉的,你就把它挑出来。
Message><D:\WINNT\Downloaded Program Files\CONFLICT.17\svhost.exe> [番茄花园]
<ntdll.dll><D:\WINNT\Downloaded Program Files\CONFLICT.17\svhost.exe> [番茄花园]
windate><windate.exe> []
Microsoft Sys Manager><sysmgr.exe> []
netservices><svchostn.exe> []
<Rcf Driver><rcf.exe> []
Windows NT 32><ntlogin32.exe
Micrsoft Driver><windrive.exe
<Microsoft Windows Hosting><MSschost.exe
Microsoft Synchronization Manager><svshost.exe>
Microsoft Manager><xXx.exe>
WDqvsst><C:\WINNT\SYSTEM32\Densip.exe
YDTMain.exe><D:\PROGRA~1\YDT\YDTMain.exe>
defender><C:\\defender23.exe> []
<keyboard><C:\\keyboard23.exe> []
<newname><C:\\newname22.exe> []
D:\sck32.exe
ixplorer.exe
<Win32 Services><wuamngr.exe>
<{F2FA09FB-EE7A-46d8-9145-A1EEF7850052}><D:\WINNT\system32\pmkjk.dll> []
<{6A89AAA0-1FFF-4159-ABDB-2FFF21B8A65D}><D:\WINNT\system32\Issrts.dll>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmkjk]
<WinlogonNotify: pmkjk><pmkjk.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Syncmgr]
<WinlogonNotify: Syncmgr><D:\WINNT\system32\t2r8lc9u1f.dll> []
hongtao2 - 2006-6-17 0:15:00
006-06-17,00:07:49

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Server Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <internat.exe><internat.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <COM Service><gayZZ.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PROMon.exe><PROMon.exe>  [Intel Corporation]
    <NvCplDaemon><RUNDLL32.EXE NvQTwk,NvCplDaemon initialize>  []
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <HPWG myPrintMileage Agent><D:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe>  []
    <_KAVImmuniteSasser><LsassPatch.EXE>  []
    <Fixnice><vcvw.exe>  []
    <MS-4011 Memory Patch><E:\RavSasser.exe -Patch>  []
    <Ulead AutoDetector><D:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe>  [Ulead Systems, Inc.]
    <Configuration><ntsys32.exe>  []
    <dla><D:\WINNT\system32\dla\tfswctrl.exe>  [VERITAS Software, Inc.]
    <Win32 Services><wuamngr.exe>  []
    <前台报账系统管理><D:\WINNT\system32\UFCOMSQL\UFFore.exe>  [UFSoft]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <MINI_BFYY><D:\Program Files\Ringz Studio\Storm Downloader\StormDownloader.exe>  [深圳市三代科技开发有限公司]
    <RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <stup1.exe><D:\PROGRA~1\TENCENT\Adplus\stup1.exe>  [Tencent]
    <mswap><rundll32.exe D:\WINNT\system32\mswap.dll,start>  []
    <Microsoft (R) Windows Update Manager Tool><D:\sck32.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><explorer.exe>  [Microsoft Corporation]
    <Userinit><D:\WINNT\SYSTEM32\USERINIT.EXE,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><D:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{F2FA09FB-EE7A-46d8-9145-A1EEF7850052}><D:\WINNT\system32\pmkjk.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AdminDebug]
    <WinlogonNotify: AdminDebug><D:\WINNT\system32\enpsl1771.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmkjk]
    <WinlogonNotify: pmkjk><pmkjk.dll>  []
hongtao2 - 2006-6-17 0:15:00
启动文件夹
[Microsoft Office]
  <D:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk><N>
[腾讯QQ]
  <D:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk><N>

==================================
服务
[Intel(R) NMS / NMSSvc]
  <D:\WINNT\System32\NMSSvc.exe><Intel Corporation>
[NVIDIA Driver Helper Service / NVSvc]
  <D:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>
[PPPoE Service / PPPoEService]
  <D:\PROGRA~1\HBTELCOM\宽带拨~1\app\pppoeservice.exe><N/A>
[Rising Proxy  Service / RfwProxySrv]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Windows Update Manager Tool / UpdateManagerTool]
  <D:\sck32.exe /updatemgr><N/A>

==================================
浏览器加载项
[]
  {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} <D:\WINNT\system32\pmkjk.dll, N/A>
[新浪UC]
  {2253922F-1B26-4C74-8B57-E3AEE748DBB8} <D:\Program Files\sina\UC\UC.exe, 北京新浪信息技术有限公司>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <D:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[用友]
  {83241FE4-9972-11D3-BDC2-000021EA4FD8} <C:\WF821\Desktop\RunIE.exe, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[易趣购物]
  {DE607145-AC19-425e-861A-1D70ABDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=5, N/A>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[新浪点点通]
  {F60C7D81-8471-4D40-AAFE-56D318F34C2D} <D:\WINNT\downlo~1\DDTONG~1.DLL, 北京新浪信息技术有限公司>
[]
  {974AD624-EA50-4831-A6C0-3040F6665396} <D:\WINNT\downlo~1\rssband.dll, 北京新浪信息技术有限公司>
[新浪点点通阅读器]
  {F0646DC8-58CD-4C64-8F6B-525043914685} <D:\WINNT\downlo~1\rssband.dll, 北京新浪信息技术有限公司>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[新浪点点通]
  {F60C7D81-8471-4D40-AAFE-56D318F34C2D} <D:\WINNT\downlo~1\DDTONG~1.DLL, 北京新浪信息技术有限公司>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <d:\program files\google\googletoolbar2.dll, Google Inc.>
[IDDTInitObj Class]
  {15DDE989-CD45-4561-BF99-D22C0D5C2B74} <D:\WINNT\downlo~1\ddtinit.dll, 北京新浪信息技术有限公司>
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <D:\WINNT\system32\WEBACT~1.OCX, QQ>
[WEBChatRoomOCX Control]
  {448A5F6B-8C03-4B54-A338-F00237C508AD} <D:\PROGRA~1\LONGMA~1\UCWEBC~1\UCWEBC~1.OCX, >
[RdxIE Class]
  {56336BCB-3D8A-11D6-A00B-0050DA18DE71} <D:\WINNT\Downloaded Program Files\RdxIE.dll, RealNetworks, Inc.>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <D:\WINNT\DOWNLO~1\INPUTC~1.DLL, >
[MediaTicketsInstaller Control]
  {9EB320CE-BE1D-4304-A081-4B4665414BEF} <D:\WINNT\DOWNLO~1\MEDIAT~1.OCX, N/A>
[Update Class]
  {9F1C11AA-197B-4942-BA54-47A8489BB47F} <D:\WINNT\System32\iuctl.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINNT\system32\Macromed\Flash\FLASH.OCX, Macromedia, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <D:\WINNT\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[&Google Search]
  <res://D:\Program Files\Google\googletoolbar.dll/cmsearch.html, N/A>
[&使用暴风下载器下载]
  <D:\Program Files\Ringz Studio\Storm Downloader\geturl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[使用彩信超级自写发送到手机]
  <http://mms.sina.com.cn/mmsnews.html, N/A>
[使用新浪下载助手下载]
  <D:\WINNT\downlo~1\sinadl.htm, N/A>
[反向链接]
  <res://D:\Program Files\Google\googletoolbar.dll/cmbacklinks.html, N/A>
[发送图片到手机(&M)]
  <http://sms.sina.com.cn/diy/send.html?from=467, N/A>
[收藏此页到新浪ViVi]
  <http://vivi.sina.com.cn/collect/click.php?agent=ddt, N/A>
[新浪搜索]
  <http://cha.sina.com.cn/ddt.html, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[添加到雅虎订阅(&Y)]
  <res://D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\qq\SendMMS.htm, N/A>
[类似网页]
  <res://D:\Program Files\Google\googletoolbar.dll/cmsimilar.html, N/A>
[缓存的网页快照]
  <res://D:\Program Files\Google\googletoolbar.dll/cmcache.html, N/A>
[雅虎搜索]
  <res://D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246, N/A>
hongtao2 - 2006-6-17 0:16:00
正在运行的进程
[PID: 1448][D:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [D:\WINNT\system32\CdCtlCHS.dll]  <N/A><N/A>
    [D:\WINNT\system32\pmkjk.dll]  <N/A><N/A>
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  <><17, 0, 0, 7>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
    [D:\WINNT\Downloaded Program Files\Tjtze.dll]  <Tencent><4, 0, 9, 90>
    [D:\WINNT\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [D:\WINNT\system32\ALSNDMGR.CPL]  <Realtek Semiconductor Corp.><2.2.10>
    [D:\WINNT\system32\PPPoEService.cpl]  <><1, 0, 0, 1>
    [D:\WINNT\system32\nvtuicpl.cpl]  <NVIDIA Corporation><6.13.10.2832>
    [D:\WINNT\system32\NVWRSZHC.DLL]  <NVIDIA Corporation><6.13.10.2832>
[PID: 1536][d:\program files\rising\rfw\RfwMain.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 51>
    [d:\program files\rising\rfw\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [d:\program files\rising\rfw\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [d:\program files\rising\rfw\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
[PID: 1588][D:\WINNT\system32\PROMon.exe]  <Intel Corporation><5.3.7.0>
    [D:\WINNT\system32\NMSAPI.DLL]  <Intel Corporation><2.1.9.0>
    [D:\WINNT\System32\NMSSvcPS.DLL]  <Intel Corporation><2.1.9.0>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
[PID: 1452][D:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe]  <N/A><N/A>
    [D:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\HPWGTRE.dll]  <Hewlett-Packard Company><2003.0417.0.0>
[PID: 1604][D:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe]  <Ulead Systems, Inc.><8.0.0.0>
    [D:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\u32Comm.dll]  <Ulead Systems, Inc.><8.0.0.0>
[PID: 1644][D:\WINNT\system32\dla\tfswctrl.exe]  <VERITAS Software, Inc.><1.02.93a>
    [D:\WINNT\system32\tfswapi.dll]  <VERITAS Software, Inc.><1.02.93a>
    [D:\WINNT\system32\dla\tfswcres.dll]  <VERITAS Software, Inc.><1.02.93a>
[PID: 1620][D:\WINNT\SOUNDMAN.EXE]  <Realtek Semiconductor Corp.><5.1.14>
[PID: 1660][D:\Program Files\Ringz Studio\Storm Downloader\StormDownloader.exe]  <深圳市三代科技开发有限公司><1, 1, 0, 4>
    [D:\Program Files\Ringz Studio\Storm Downloader\boost_thread-vc6-mt-1_31.dll]  <N/A><N/A>
    [D:\WINNT\system32\cdnns.dll]  <N/A><N/A>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
[PID: 1668][D:\Program Files\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [D:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 1680][D:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3292>
[PID: 1704][D:\WINNT\system32\internat.exe]  <Microsoft Corporation><5.00.2920.0000>
[PID: 1772][D:\WINNT\Downloaded Program Files\CONFLICT.17\svhost.exe]  <番茄花园><1.00>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
[PID: 1784][D:\WINNT\System32\mdm.exe]  <Microsoft Corporation><6.00.8424>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
[PID: 1952][D:\Documents and Settings\Administrator\My Documents\苗宇宽\Norton Process Viewer\taskmgr.exe]  <"                    "><5.2.11.1>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
[PID: 372][D:\Program Files\Tencent\QQGame\QQGame.exe]  <深圳市腾讯计算机系统有限公司><0, 10, 108, 45>
    [D:\Program Files\Tencent\QQGame\VHelp.dll]  <><1, 0, 0, 1>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
    [D:\Program Files\Tencent\QQGame\ResEx.dll]  <深圳市腾讯计算机系统有限公司><0, 10, 0, 0>
    [D:\Program Files\Tencent\QQGame\HelpDll.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQGame\GameLogCore.dll]  <><0, 10, 106, 13>
    [D:\Program Files\Tencent\QQGame\Core.dll]  <é??úêDìú???????ú?μí3óD?T1???><0, 10, 0, 0>
    [D:\Program Files\Tencent\QQGame\NetCenter.dll]  <é??úêDìú???????ú?μí3óD?T1???><0, 10, 0, 0>
    [D:\Program Files\Tencent\QQGame\CmdCenter.dll]  <深圳市腾讯计算机系统有限公司><0, 10, 0, 0>
    [D:\Program Files\Tencent\QQGame\GameLogAidMgr.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQGame\COMToolKit.dll]  <><1, 0, 0, 3>
    [D:\Program Files\Tencent\QQGame\QQGameAvatar.dll]  <深圳市腾讯计算机系统有限公司                                    Tencent Computer System Ltd.><0, 10, 0, 0>
    [D:\WINNT\system32\cdnns.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQGame\QQGameAvatarShow.dll]  <深圳市腾讯计算机系统有限公司                                    Tencent Computer System Ltd.><0, 10, 0, 0>
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  <><17, 0, 0, 7>
    [D:\Program Files\Tencent\QQGame\QQGameItemMgr.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQGame\ItemShowHelper.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQGame\WorkModule.dll]  <><0, 0, 0, 13>
    [D:\Program Files\TENCENT\Adplus\SSAddr1.dll]  <Tencent><4, 0, 9, 90>
    [D:\Program Files\Tencent\QQGame\Room.dll]  <><1, 0, 0, 28>
    [D:\Program Files\Tencent\QQGame\CUQG.ocx]  <深圳市腾讯计算机系统有限公司                                    Tencent Computer System Ltd.><0, 10, 0, 14>
    [D:\Program Files\Tencent\QQGame\GameProxy.dll]  <N/A><N/A>
    [D:\WINNT\system32\Macromed\Flash\FLASH.OCX]  <Macromedia, Inc.><7,0,19,0>
[PID: 1960][D:\Program Files\Microsoft Office\Office\WINWORD.EXE]  <Microsoft Corporation><9.0.2823>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
[PID: 2108][D:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><5.00.2920.0000>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
    [D:\WINNT\Downloaded Program Files\Tjtze.dll]  <Tencent><4, 0, 9, 90>
    [D:\WINNT\downlo~1\DDTONG~1.DLL]  <北京新浪信息技术有限公司><1, 2, 1, 5>
    [D:\WINNT\downlo~1\ddtinit.dll]  <北京新浪信息技术有限公司><1, 2, 1, 7>
    [D:\WINNT\downlo~1\DDTUpdate.dll]  <北京新浪信息技术有限公司><1, 2, 1, 1>
    [D:\WINNT\system32\cdnns.dll]  <N/A><N/A>
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  <><17, 0, 0, 7>
    [D:\WINNT\system32\Macromed\Flash\FLASH.OCX]  <Macromedia, Inc.><7,0,19,0>
    [D:\WINNT\downlo~1\ddtcomm.dll]  <北京新浪信息技术有限公司><1, 1, 0, 3>
[PID: 1192][D:\PROGRA~1\TENCENT\QQGAME\newddz\NEWDDZ.EXE]  <Tencent><0, 10, 104, 15>
    [D:\PROGRA~1\TENCENT\QQGAME\newddz\MagicShow.dll]  <><1, 0, 0, 1>
    [D:\PROGRA~1\TENCENT\QQGAME\newddz\2DEngineDll.dll]  <><1, 0, 0, 1>
    [D:\PROGRA~1\TENCENT\QQGAME\newddz\zlib1.dll]  <N/A><1.2.1>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
    [D:\PROGRA~1\TENCENT\QQGAME\HelpDll.dll]  <><1, 0, 0, 1>
    [D:\PROGRA~1\TENCENT\QQGAME\ResEx.dll]  <深圳市腾讯计算机系统有限公司><0, 10, 0, 0>
    [D:\PROGRA~1\TENCENT\QQGAME\GameListMenu1.dll]  <><1, 0, 0, 1>
    [D:\PROGRA~1\TENCENT\QQGAME\newddz\hcq.dll]  <><1, 0, 0, 1>
    [D:\PROGRA~1\TENCENT\QQGAME\newddz\dlgprj.dll]  <><1, 0, 0, 1>
    [D:\PROGRA~1\Tencent\QQGame\CUQG.ocx]  <深圳市腾讯计算机系统有限公司                                    Tencent Computer System Ltd.><0, 10, 0, 14>
    [D:\Program Files\Tencent\QQGame\GameProxy.dll]  <N/A><N/A>
    [D:\WINNT\system32\l3codeca.acm]  <Fraunhofer Institut Integrierte Schaltungen IIS><1, 9, 0, 0305>
[PID: 1212][D:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE]  <Microsoft Corporation><5.00.2920.0000>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
    [D:\WINNT\Downloaded Program Files\Tjtze.dll]  <Tencent><4, 0, 9, 90>
    [D:\WINNT\downlo~1\DDTONG~1.DLL]  <北京新浪信息技术有限公司><1, 2, 1, 5>
    [D:\WINNT\downlo~1\ddtinit.dll]  <北京新浪信息技术有限公司><1, 2, 1, 7>
    [D:\WINNT\downlo~1\DDTUpdate.dll]  <北京新浪信息技术有限公司><1, 2, 1, 1>
    [D:\WINNT\system32\cdnns.dll]  <N/A><N/A>
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  <><17, 0, 0, 7>
[PID: 1916][D:\WINNT\explorer.exe]  <Microsoft Corporation><5.00.3700.6690>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
    [D:\WINNT\Downloaded Program Files\Tjtze.dll]  <Tencent><4, 0, 9, 90>
    [D:\WINNT\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [D:\WINNT\system32\pmkjk.dll]  <N/A><N/A>
[PID: 2260][D:\Documents and Settings\Administrator\My Documents\苗宇宽\sreng2\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [D:\WINNT\Downloaded Program Files\Iespzv.dll]  <Tencent><4, 0, 9, 90>
    [D:\WINNT\system32\cdnns.dll]  <N/A><N/A>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["D:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================
hongtao2 - 2006-6-17 0:17:00
这个进程是刚刚扫描的,是我把讨厌王爷关掉后扫的。
我无邪 - 2006-6-17 0:39:00
你的问题是,没有按我说的方法去做。
可能你太小心了
想办法弄个QQ来,我为你远程吧。
hongtao2 - 2006-6-17 22:48:00
正在按你说的作,在进程中发现两个没有版本信息的进程,无法移除,后来在注册表中删除了,现在两个网页没上来。
hongtao2 - 2006-6-17 22:53:00
另外, 我的浏览器界面在空白页时候可以打开,输入以前的网址时自动关闭。前天唯独可以打开新浪,昨天新浪页打不开了,为什么???
我无邪 - 2006-6-18 1:50:00
应该是病毒的原因了,你的系统上的那几个都没有解决掉。
1
查看完整版本: 【原创】如何去掉这两个网页
© 2000 - 2026 Rising Corp. Ltd.