老大，来看看啊。开机自动弹出网页，平时也会弹出来。烦死了啊~~ bbs.ikaka.com

marbol - 2006-7-4 18:14:00

2006-07-04,18:01:28

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
<IEXPLORE.EXE><IEXPLORE.EXE Http://www.rm78.com> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []
<KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize> [Kaspersky Lab]
<MSIES><C:\WINDOWS\Downloaded Program Files\CONFLICT.5\IEXPLORE.EXE> []
<winmask><C:\Program Files\Common Files\Microsoft Shared\MSInfo\winmask.exe> [Microsoft Corporation]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]

==================================
启动文件夹
服务
[Alerter / Alerter]
<C:\WINDOWS\System32\msnmask.exe><N/A>
[IMAPI CD-Burning COM Service / ImapiService]
<C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[kavsvc / kavsvc]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>

==================================
浏览器加载项
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <F:\游戏\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[易趣购物]
{DE60714F-AC17-427e-861A-FD60CBDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=1, N/A>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>

==================================
正在运行的进程
[PID: 480][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 548][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 572][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 616][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 628][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 808][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 856][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 948][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 968][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1124][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
[PID: 1316][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)>
[C:\WINDOWS\System32\nvcpl.dll] <NVIDIA Corporation><6.14.10.6693>
[C:\WINDOWS\System32\nvshell.dll] <NVIDIA Corporation><6.14.10.6693>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] <Kaspersky Lab><5.0.388.1>
[PID: 1500][C:\Program Files\Common Files\Microsoft Shared\MSInfo\winmask.exe] <Microsoft Corporation><2.0.0.0>
[PID: 1520][C:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1700][C:\WINDOWS\System32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.6693>
[PID: 1748][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1376][C:\Program Files\Windows Media Player\wmplayer.exe] <Microsoft Corporation><9.00.00.2980>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll] <Kaspersky Lab><5.0.388.2>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[C:\WINDOWS\System32\msdmo.dll] <N/A><N/A>
[C:\WINDOWS\System32\l3codeca.acm] <Fraunhofer Institut Integrierte Schaltungen IIS><1, 9, 0, 0305>
[C:\WINDOWS\System32\ffdshow.ax] <N/A><1, 0, 0, 1>
[C:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll] <Gabest><1, 0, 1, 2>
[PID: 936][F:\电影\22\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[F:\电影\22\sreng2\SREng2\Plugins\SREngPluginDemo.SRE] <Smallfrogs Studio><1, 1, 1, 0>
[PID: 1264][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll] <Kaspersky Lab><5.0.388.2>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>

==================================
文件关联
.TXT Error. [notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. [hh.exe %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [notepad.exe %1]
.INF Error. [notepad.exe %1]
.VBS Error. [wscript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

龙翔断九天 - 2006-7-4 18:54:00

这个比较烦.我遇见时的处理方法：
系统还原到几天以前就可以了

marbol - 2006-7-4 20:15:00

没有做系统还原点
而且前几天就开始这样了
刚开始是半个小时弹一次
现在是10分钟一次
现在越来越严重了
我该怎么办啊

我无邪 - 2006-7-4 22:51:00

运行(双击)System Repair Engineer，使用“系统修复，文件关联，勾选“全选”点“修复”使所有扩展名都恢复正常。
运行(双击)System Repair Engineer，点“启动项目，服务，点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务Alerter ，选择“删除服务”点“设置”选择“否”最后重启
重启后
运行(双击)System Repair Engineer，使用“启动项目，注册表”选中要修复的项，
IEXPLORE.EXE Http://www.rm78.com
点“编辑”在“值”里删除Http://www.rm78.com
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
删除
C:\WINDOWS\System32\msnmask.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.5
如果还未解决问题，请重启后，再扫份日志粘来。

marbol - 2006-7-4 23:24:00

找不到 msnmask.exe 这个文件
但是我搜索到MSNMASK.EXE-29DA5DE8 这个文件已经删除
CONFLICT.5 这个文件也找不到
我把扫描结果发上来给你看一下
2006-07-04,23:10:51

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []
<KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize> [Kaspersky Lab]
<MSIES><C:\WINDOWS\Downloaded Program Files\CONFLICT.16\IEXPLORE.EXE> []
<winmask><C:\Program Files\Common Files\Microsoft Shared\MSInfo\winmask.exe> [Microsoft Corporation]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]

==================================
启动文件夹
服务
[IMAPI CD-Burning COM Service / ImapiService]
<C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[kavsvc / kavsvc]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>

==================================
浏览器加载项
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <F:\游戏\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[易趣购物]
{DE60714F-AC17-427e-861A-FD60CBDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=1, N/A>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>

==================================
正在运行的进程
[PID: 480][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 540][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 572][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 616][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 628][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 796][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 844][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 920][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 992][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1132][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
[PID: 1372][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)>
[C:\WINDOWS\System32\nvcpl.dll] <NVIDIA Corporation><6.14.10.6693>
[C:\WINDOWS\System32\nvshell.dll] <NVIDIA Corporation><6.14.10.6693>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll] <Kaspersky Lab><5.0.388.2>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] <Kaspersky Lab><5.0.388.1>
[PID: 1496][C:\Program Files\Common Files\Microsoft Shared\MSInfo\winmask.exe] <Microsoft Corporation><2.0.0.0>
[PID: 1552][C:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1568][C:\Program Files\Messenger\msmsgs.exe] <Microsoft Corporation><4.0.0155>
[PID: 1640][C:\WINDOWS\System32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.6693>
[PID: 1708][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1264][F:\电影\22\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[PID: 1048][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll] <Kaspersky Lab><5.0.388.2>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 520][F:\电影\22\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

我无邪 - 2006-7-4 23:42:00

日志以看不出问题了
如果有异常请描述一下。

marbol - 2006-7-4 23:45:00

有时候还是会弹出www.163vv.com 这个网站
不过比以前好多了
以前会弹出很多现在只是这一个网站
时间也间隔比较长

我无邪 - 2006-7-5 0:16:00

烦再扫份日志粘上来。

我无邪 - 2006-7-5 0:17:00

重启一下，再扫份日志粘上来。

marbol - 2006-7-5 0:28:00

2006-07-05,00:17:53

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []
<KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize> [Kaspersky Lab]
<MSIES><C:\WINDOWS\Downloaded Program Files\CONFLICT.16\IEXPLORE.EXE> []
<winmask><C:\Program Files\Common Files\Microsoft Shared\MSInfo\winmask.exe> [Microsoft Corporation]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]

==================================
启动文件夹
服务
[IMAPI CD-Burning COM Service / ImapiService]
<C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[kavsvc / kavsvc]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>

==================================
浏览器加载项
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <F:\游戏\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[易趣购物]
{DE60714F-AC17-427e-861A-FD60CBDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=1, N/A>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>

==================================

marbol - 2006-7-5 0:28:00

正在运行的进程
[PID: 480][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 540][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 572][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 616][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 628][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 796][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 844][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 920][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 992][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1132][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
[PID: 1372][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)>
[C:\WINDOWS\System32\nvcpl.dll] <NVIDIA Corporation><6.14.10.6693>
[C:\WINDOWS\System32\nvshell.dll] <NVIDIA Corporation><6.14.10.6693>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll] <Kaspersky Lab><5.0.388.2>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] <Kaspersky Lab><5.0.388.1>
[PID: 1496][C:\Program Files\Common Files\Microsoft Shared\MSInfo\winmask.exe] <Microsoft Corporation><2.0.0.0>
[PID: 1552][C:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1568][C:\Program Files\Messenger\msmsgs.exe] <Microsoft Corporation><4.0.0155>
[PID: 1640][C:\WINDOWS\System32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.6693>
[PID: 1708][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1048][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll] <Kaspersky Lab><5.0.388.2>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[C:\WINDOWS\System32\msdmo.dll] <N/A><N/A>
[C:\WINDOWS\System32\ffdshow.ax] <N/A><1, 0, 0, 1>
[C:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll] <Gabest><1, 0, 1, 2>
[PID: 1280][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll] <Kaspersky Lab><5.0.388.2>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 4076][F:\电影\22\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

瑞星卡卡安全论坛