瑞星卡卡安全论坛

Logfile of HijackThis v1.99.1
Scan saved at 8:05:55, on 2006-2-13
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
c:\program files\rising\rfw\rfwproxy.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINNT\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\PROGRA~1\TWEAKA~1\AssistSystray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Tencent\Foxmail\Foxmail.exe
C:\WINNT\system32\ctfmon.exe
C:\Documents and Settings\cbydsc\桌面\hijackthis\HijackThis.exe

O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\KakaTool.dll
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [AssistSystray] C:\PROGRA~1\TWEAKA~1\AssistSystray.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O16 - DPF: {74447F9C-5691-4A9A-8BE4-564092E40B03} (VnetAnprIns Class) - http://plugin.chinavnet.com/VnetPluginIns.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B3A2733-72FC-453E-B228-0F425771C08D}: NameServer = 202.96.128.68,202.96.134.133
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINNT\wc98pp.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINNT\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

机器有什么问题

问题仍在的话，请用最新版Hijackthis1.99.1扫描一个log贴上来。

hijackThis下载地址见置顶帖
[必读]本版说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931

自动打开网页是怎么回事啊?每次的都还不一样```

Logfile of HijackThis v1.99.1
Scan saved at 9:24:44, on 2006-2-11
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
c:\program files\rising\rfw\rfwproxy.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINNT\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\PROGRA~1\TWEAKA~1\AssistSystray.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
F:\myie32dc\MyIE.exe
F:\myie32dc\MyIE.exe
F:\myie32dc\MyIE.exe
F:\myie32dc\MyIE.exe
F:\myie32dc\MyIE.exe
C:\Program Files\Tencent\Foxmail\Foxmail.exe
F:\myie32dc\MyIE.exe
C:\Program Files\Kingsoft\FastAIT 2003\FastAIT.exe
C:\Documents and Settings\cbydsc\桌面\hijackthis\HijackThis.exe

R3 - URLSearchHook: 全能助手广告拦截专家 - {ED51E9A3-16C5-4236-99E0-9F093B021433} - C:\PROGRA~1\TWEAKA~1\AssistIEBar.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\KakaTool.dll
O3 - Toolbar: 全能助手广告拦截专家 - {ED51E9A3-16C5-4236-99E0-9F093B021433} - C:\PROGRA~1\TWEAKA~1\AssistIEBar.dll
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AssistSystray] C:\PROGRA~1\TWEAKA~1\AssistSystray.exe
O4 - HKCU\..\Run: [Foxmail] "C:\Program Files\Tencent\Foxmail\Foxmail.exe" -min
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O16 - DPF: {74447F9C-5691-4A9A-8BE4-564092E40B03} (VnetAnprIns Class) - http://plugin.chinavnet.com/VnetPluginIns.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B3A2733-72FC-453E-B228-0F425771C08D}: NameServer = 202.96.128.68,202.96.134.133
O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINNT\system32\mbprot.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe



Logfile of HijackThis v1.99.1
Scan saved at 9:24:06, on 2006-2-11
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
c:\program files\rising\rfw\rfwproxy.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINNT\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\PROGRA~1\TWEAKA~1\AssistSystray.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
F:\myie32dc\MyIE.exe
F:\myie32dc\MyIE.exe
F:\myie32dc\MyIE.exe
F:\myie32dc\MyIE.exe
F:\myie32dc\MyIE.exe
C:\Program Files\Tencent\Foxmail\Foxmail.exe
F:\myie32dc\MyIE.exe
C:\Program Files\Kingsoft\FastAIT 2003\FastAIT.exe
C:\Documents and Settings\cbydsc\桌面\hijackthis\HijackThis.exe

R3 - URLSearchHook: 全能助手广告拦截专家 - {ED51E9A3-16C5-4236-99E0-9F093B021433} - C:\PROGRA~1\TWEAKA~1\AssistIEBar.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\KakaTool.dll
O3 - Toolbar: 全能助手广告拦截专家 - {ED51E9A3-16C5-4236-99E0-9F093B021433} - C:\PROGRA~1\TWEAKA~1\AssistIEBar.dll
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AssistSystray] C:\PROGRA~1\TWEAKA~1\AssistSystray.exe
O4 - HKCU\..\Run: [Foxmail] "C:\Program Files\Tencent\Foxmail\Foxmail.exe" -min
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O16 - DPF: {74447F9C-5691-4A9A-8BE4-564092E40B03} (VnetAnprIns Class) - http://plugin.chinavnet.com/VnetPluginIns.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B3A2733-72FC-453E-B228-0F425771C08D}: NameServer = 202.96.128.68,202.96.134.133
O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINNT\system32\mbprot.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

【回复“酒是故乡醇”的帖子】



清空IE临时文件，暂时关闭系统还原。重新启动至安全模式，关闭所有不必要的窗口，使用HijackThis扫描后修复（在需要修复的项目前面打对勾，然后按“Fix checked”或“修复”，修复前会询问您是否需要备份，请选择“Yes”或“是”）：
O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINNT\system32\mbprot.dll
重新启动计算机，显示隐藏文件和系统文件，删除（如果存在的话）：
C:\WINNT\system32\mbprot.dll
待修复完成，如果问题依旧，请继续跟帖说明情况。
以上建议仅供参考，如果您认识其中的一些设置抑或是您的手动设置，就不必执行。

我已参照你教的方法进行修复啦！如果没有再自动跳出网页我会来回复的！谢谢你！

C:\WINNT\system32\mbprot.dll
是DUDU的文件
若安装了DUDU
就没有必要修复那一项

另外楼主中的F:\myie32dc\MyIE.exe进程怎么那么多？

回复：教我的修复方法还没有用，网页还是自动跳出来！请求这是什么原因？
http://www.11670.com/pring/website/y/60.php?a=5&b=502076&c=1240&d=1477&e=60&g=null&k=null&exs_1=&x=

【回复“不言放弃”的帖子】这是因为我用网页在泡点

请再扫个log贴上来

【回复“魔法学徒”的帖子】
版主你好，这是你所需要的帖子，请确定一下到底是什么原因引起的呢？谢谢！急需你的帮助！
Logfile of HijackThis v1.99.1
Scan saved at 8:05:55, on 2006-2-13
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
c:\program files\rising\rfw\rfwproxy.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINNT\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\PROGRA~1\TWEAKA~1\AssistSystray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Tencent\Foxmail\Foxmail.exe
C:\WINNT\system32\ctfmon.exe
C:\Documents and Settings\cbydsc\桌面\hijackthis\HijackThis.exe

O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\KakaTool.dll
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [AssistSystray] C:\PROGRA~1\TWEAKA~1\AssistSystray.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O16 - DPF: {74447F9C-5691-4A9A-8BE4-564092E40B03} (VnetAnprIns Class) - http://plugin.chinavnet.com/VnetPluginIns.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B3A2733-72FC-453E-B228-0F425771C08D}: NameServer = 202.96.128.68,202.96.134.133
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINNT\wc98pp.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINNT\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

log无异常，请问浏览什么网页都会弹出这个窗口？

【回复“魔法学徒”的帖子】http://www.11670.com/pring/website/y/60.php?a=5&b=502076&c=1240&d=1477&e=60&g=null&k=null&exs_1=&x=

我是问浏览任何网页都会弹出这个网页吗？

【回复“魔法学徒”的帖子】
我没有打开任何IE都会自动弹出许多网页，加起来总共大概有三个网页吧，请帮忙查看一下这是怎么回事呢？谢谢！
http://www.11670.com/pring/website/y/182.php?a=5&b=502076&c=1240&d=1477&e=18&g=null&k=null&exs_1=&x=&d=1477&c=1240&g=null&a=5&f=&e=18&n2=
http://www.11670.com/pring/website/y/60.php?a=5&b=502076&c=1240&d=1477&e=60&g=null&k=null&exs_1=&x=

请求帮助啊？？？？？

麻烦您用System Repair Engineer扫个log贴上来

下载地址见置顶贴
[必读]本版说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931

【回复“魔法学徒”的帖子】
2006-02-14,08:54:41

System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows 2000 Professional Service Pack 4 - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ctfmon.exe><ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <pccguide.exe><"C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <AssistSystray><C:\PROGRA~1\TWEAKA~1\AssistSystray.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Synchronization Manager><mobsync.exe /logon>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINNT\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

==================================
启动文件夹
服务
[Adobe LM Service / Adobe LM Service]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Trend Micro Central Control Component / PcCtlCom]
  <C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe><Trend Micro Incorporated.>
[Rising Proxy  Service / RfwProxySrv]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Trend Micro Real-time Service / Tmntsrv]
  <C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe><Trend Micro Incorporated.>
[Trend Micro Personal Firewall / TmPfw]
  <C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe><Trend Micro Inc.>
[Trend Micro Proxy Service / tmproxy]
  <C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe><Trend Micro Inc.>

==================================
浏览器加载项
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINNT\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[全能助手广告拦截专家]
  {ED51E9A3-16C5-4236-99E0-9F093B021433} <C:\PROGRA~1\TWEAKA~1\AssistIEBar.dll, 全能助手工作室>
[Office Update Installation Engine]
  {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <C:\WINNT\opuc.dll, Microsoft Corporation>
[VnetAnprIns Class]
  {74447F9C-5691-4A9A-8BE4-564092E40B03} <C:\WINNT\Downloaded Program Files\anprins.dll, 中国电信股份有限公司>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[上传到QQ网络硬盘]
  <{D27CDB6E-AE6D-11CF-96B8-444553540000}, N/A>
[添加到QQ自定义面板]
  <, N/A>
[添加到QQ表情]
  <, N/A>
[添加到广告杀手]
  <, N/A>
[用QQ彩信发送该图片]
  <, N/A>

==================================
正在运行的进程
[PID: 148][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 172][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 192][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6997>
    [C:\WINNT\system32\igfxsrvc.dll]  <Intel Corporation><3,0,0,1918>
    [C:\WINNT\system32\hccutils.DLL]  <Intel Corporation><3,0,0,1918>
[PID: 220][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.7035>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 232][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.7011>
[PID: 396][c:\program files\rising\rfw\rfwproxy.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 7>
    [c:\program files\rising\rfw\RfwRule.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 11>
    [c:\program files\rising\rfw\MonMid.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 2>
[PID: 408][c:\program files\rising\rfw\rfwsrv.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 29>
    [c:\program files\rising\rfw\RfwRule.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 11>
    [c:\program files\rising\rfw\rfwlog.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
    [c:\program files\rising\rfw\Rfwdrv.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 19>
    [c:\program files\rising\rfw\MonDrv.dll]  <rs><1, 0, 0, 4>
    [c:\program files\rising\rfw\ProcLib.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
[PID: 504][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 528][C:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.7059>
    [C:\WINNT\system32\AdobePDF.dll]  <Adobe Systems Incorporated.><7.0.0.00>
    [C:\Program Files\Adobe\Acrobat 7.0\Distillr\AdistRes.CHS]  <N/A><N/A>
    [C:\WINNT\system32\EBPMON24.DLL]  <SEIKO EPSON CORPORATION><1, 12, 0, 0>
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_DU18RE.DLL]  <SEIKO EPSON Corporation><0. 3. 0, 101>
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_DMAI16.DLL]  <SEIKO EPSON Corporation><0. 3. 3. 13>
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\SUGS1UI.DLL]  <Microsoft Corporation><0,3,5,0>
[PID: 612][C:\WINNT\System32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 640][C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe]  <Trend Micro Incorporated.><12.10.0.1038>
    [C:\PROGRA~1\TRENDM~1\INTERN~1\tmdbg.dll]  <N/A><N/A>
    [C:\PROGRA~1\TRENDM~1\INTERN~1\TmpxCfg.dll]  <Trend Micro Inc.><1.0.0.1125>
    [C:\PROGRA~1\TRENDM~1\INTERN~1\TmProxy.dll]  <Trend Micro Inc.><1.0.0.1125>
    [C:\PROGRA~1\TRENDM~1\INTERN~1\TMOACfg.dll]  <Trend Micro Incorporated.><12.10.0.1038>
    [C:\PROGRA~1\TRENDM~1\INTERN~1\tmpp.dll]  <Trend Micro Incorporated.><12.10.0.1038>
    [C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfwApi.dll]  <Trend Micro Inc.><2.0.0.1125>
    [C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlPS.dll]  <Trend Micro Incorporated.><12.10.0.1038>
    [C:\PROGRA~1\TRENDM~1\INTERN~1\tmdp.dll]  <Trend Micro Incorporated.><12.10.0.1038>
    [C:\PROGRA~1\TRENDM~1\INTERN~1\icudt18l.dll]  <IBM Corporation and others><1, 8, 1, 0>
[PID: 704][C:\WINNT\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6972>
[PID: 720][C:\WINNT\system32\stisvc.exe]  <Microsoft Corporation><5.00.2195.6656>
    [C:\WINNT\System32\rtusd.dll]  <><>
[PID: 996][C:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
[PID: 1040][C:\WINNT\system32\mspmspsv.exe]  <Microsoft Corporation><7.10.00.3059>
[PID: 1052][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 1156][C:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\MsInfo.Dll]  <N/A><N/A>
    [C:\WINNT\System32\hccutils.DLL]  <Intel Corporation><3,0,0,1918>
    [C:\WINNT\system32\igfxres.dll]  <Intel Corporation><3,0,0,1918>
    [C:\WINNT\System32\igfxsrvc.dll]  <Intel Corporation><3,0,0,1918>
    [C:\WINNT\System32\igfxdev.dll]  <Intel Corporation><3,0,0,1918>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>

【回复“魔法学徒”的帖子】  [C:\WINNT\system32\igfxress.dll]  <Intel Corporation><3,0,0,1918>
    [C:\WINNT\system32\ALSNDMGR.CPL]  <Realtek Semiconductor Corp.><1.5.58>
    [C:\WINNT\system32\igfxcpl.cpl]  <Intel Corporation><3,0,0,1918>
    [C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.chs]  <Adobe Systems Inc.><7.0.5.2005092300\0>
    [C:\WINNT\System32\igfxpph.dll]  <Intel Corporation><3,0,0,1918>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\Program Files\Trend Micro\Internet Security 2005\Tmdshell.dll]  <Trend Micro Incorporated.><12.10.0.1038>
    [C:\Program Files\Tencent\QQ\qdshm.dll]  <><1, 0, 1, 2>
    [C:\Program Files\Tencent\QQ\TIMProxy.dll]  <tencent><0, 3, 2, 4>
    [C:\Program Files\TweakAssist\AssistQRunShell.dll]  <全能助手工作室><3, 0, 0, 3>
    [C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll]  <Adobe Systems Inc.><7.0.5.2005092300\0>
[PID: 1188][c:\program files\rising\rfw\RfwMain.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 45>
    [c:\program files\rising\rfw\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [c:\program files\rising\rfw\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [c:\program files\rising\rfw\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1236][C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe]  <Trend Micro Inc.><2.0.0.1125>
    [C:\PROGRA~1\TRENDM~1\INTERN~1\tmdbg.dll]  <N/A><N/A>
    [C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfwHlp.dll]  <Trend Micro Incorporated.><12.10.0.1038>
    [C:\PROGRA~1\TRENDM~1\INTERN~1\tmCfwApi.dll]  <Trend Micro Inc.><2.0.0.1125>
    [C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfwRul.dll]  <N/A><N/A>
    [C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfwLog.dll]  <Trend Micro Inc.><2.0.0.1125>
[PID: 1452][C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe]  <Trend Micro Incorporated.><12.10.0.1038>
    [C:\Program Files\Trend Micro\Internet Security 2005\tmdbg.dll]  <N/A><N/A>
    [C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlPS.dll]  <Trend Micro Incorporated.><12.10.0.1038>
    [C:\Program Files\Trend Micro\Internet Security 2005\TmProxy.dll]  <Trend Micro Inc.><1.0.0.1125>
    [C:\PROGRA~1\TRENDM~1\INTERN~1\PccAltUi.dll]  <Trend Micro Incorporated.><12.10.0.1038>
[PID: 1460][C:\PROGRA~1\TWEAKA~1\AssistSystray.exe]  <全能助手工作室><4, 0, 3, 0>
    [C:\PROGRA~1\TWEAKA~1\AssistAlert.dll]  <全能助手工作室><1, 0, 0, 0>
    [C:\PROGRA~1\TWEAKA~1\AssistBWSpy.dll]  <全能助手工作室><1, 0, 1, 0>
    [C:\PROGRA~1\TWEAKA~1\TweakAssistKrnl.dll]  <全能助手工作室><2, 0, 1, 1>
    [C:\PROGRA~1\TWEAKA~1\AssistWallpaper.dll]  <全能助手工作室><2, 0, 0, 3>
[PID: 1468][C:\WINNT\system32\ctfmon.exe]  <Microsoft Corporation><1.00.2409.7 built by: Lab06_N>
[PID: 540][C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe]  <Adobe Systems Inc.><7.0.1.2005092300>
    [C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.chs]  <Adobe Systems Inc.><7.0.0.0>
[PID: 1588][F:\myie32dc\MyIE.exe]  <><3, 2, 0, 475>
    [C:\WINNT\system32\msdmo.dll]  <N/A><N/A>
    [C:\WINNT\system32\FTCodecs\Dlls\avisplitter.dll]  <N/A><N/A>
    [C:\WINNT\system32\FTCodecs\Dlls\RealMedia.dll]  <N/A><N/A>
    [C:\WINNT\system32\lznsrpt.ime]  <LongWen Corporation><3.5.000>
[PID: 1668][F:\myie32dc\MyIE.exe]  <><3, 2, 0, 475>
    [C:\WINNT\system32\FTCodecs\Dlls\avisplitter.dll]  <N/A><N/A>
    [C:\WINNT\system32\FTCodecs\Dlls\RealMedia.dll]  <N/A><N/A>
    [C:\WINNT\system32\msdmo.dll]  <N/A><N/A>
    [C:\WINNT\system32\lznsrpt.ime]  <LongWen Corporation><3.5.000>
[PID: 784][F:\myie32dc\MyIE.exe]  <><3, 2, 0, 475>
    [C:\WINNT\system32\FTCodecs\Dlls\avisplitter.dll]  <N/A><N/A>
    [C:\WINNT\system32\FTCodecs\Dlls\RealMedia.dll]  <N/A><N/A>
    [C:\WINNT\system32\msdmo.dll]  <N/A><N/A>
    [C:\WINNT\system32\lznsrpt.ime]  <LongWen Corporation><3.5.000>
[PID: 1860][F:\myie32dc\MyIE.exe]  <><3, 2, 0, 475>
    [C:\WINNT\system32\FTCodecs\Dlls\avisplitter.dll]  <N/A><N/A>
    [C:\WINNT\system32\FTCodecs\Dlls\RealMedia.dll]  <N/A><N/A>
    [C:\WINNT\system32\msdmo.dll]  <N/A><N/A>
[PID: 1940][F:\myie32dc\MyIE.exe]  <><3, 2, 0, 475>
    [C:\WINNT\system32\FTCodecs\Dlls\avisplitter.dll]  <N/A><N/A>
    [C:\WINNT\system32\FTCodecs\Dlls\RealMedia.dll]  <N/A><N/A>
    [C:\WINNT\system32\msdmo.dll]  <N/A><N/A>
[PID: 2072][F:\myie32dc\MyIE.exe]  <><3, 2, 0, 475>
    [C:\WINNT\system32\FTCodecs\Dlls\avisplitter.dll]  <N/A><N/A>
    [C:\WINNT\system32\FTCodecs\Dlls\RealMedia.dll]  <N/A><N/A>
    [C:\WINNT\system32\msdmo.dll]  <N/A><N/A>
[PID: 2128][C:\Program Files\Tencent\QQ\QQ.exe]  <TENCENT><0, 0, 0, 0>
    [C:\Program Files\Tencent\QQ\QQBaseClassInDll.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Tencent\QQ\QQHelperDll.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Tencent\QQ\BasicCtrlDll.dll]  <Tencent><5, 0, 200, 14>
    [C:\Program Files\Tencent\QQ\QQAPI.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Tencent\QQ\TIMProxy.dll]  <tencent><0, 3, 2, 4>
    [C:\Program Files\Tencent\QQ\LoginCtrl.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Tencent\QQ\npkcntc.dll]  <INCA Internet Co., Ltd.><2005, 9, 1, 1>
    [C:\Program Files\Tencent\QQ\npkpdb.dll]  <INCA Internet Co., Ltd.><2003, 10, 1, 1>
    [C:\Program Files\Tencent\QQ\QQRes.dll]  <tencent><1, 0, 0, 1>
    [C:\Program Files\Tencent\QQ\QQMainFrame.dll]  <N/A><N/A>
    [C:\Program Files\Tencent\QQ\CQQApplication.dll]  <N/A><N/A>
    [C:\Program Files\Tencent\QQ\NewSkin.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Tencent\QQ\HostingMgr.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Tencent\QQ\CameraDll.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Tencent\QQ\MailSummary.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Tencent\QQ\QQSpace.dll]  <><1, 0, 0, 1>
    [C:\WINNT\system32\msdmo.dll]  <N/A><N/A>
    [C:\Program Files\Tencent\QQ\QQGroupMng.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Tencent\QQ\QQConfigPlugin.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Tencent\QQ\FlashAvatarDll.dll]  <><1, 4, 0, 1>
    [C:\Program Files\Tencent\QQ\QQAvatar.dll]  <N/A><N/A>
    [C:\Program Files\Tencent\QQ\QQSysMsgMng.dll]  <N/A><N/A>
    [C:\Program Files\Tencent\QQ\QRingMng.dll]  <N/A><N/A>
    [C:\Program Files\Tencent\QQ\PhoneAPI.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Tencent\QQ\DialerAllinOne.dll]  <tencent><1, 4, 0, 0>
    [C:\Program Files\Tencent\QQ\UserDefinedHead.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Tencent\QQ\LongConnection.dll]  <tencent><0, 3, 3, 8>
    [C:\Program Files\Tencent\QQ\QQPet.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Tencent\QQ\QQAllInOne.dll]  <N/A><N/A>
    [C:\Program Files\Tencent\QQ\SCCore.dll]  <N/A><N/A>
    [C:\Program Files\Tencent\QQ\QQCustomFace.dll]  <N/A><N/A>
    [C:\Program Files\Tencent\QQ\BQQApplication.dll]  <N/A><N/A>
    [C:\Program Files\Tencent\QQ\QQPlugin.dll]  <N/A><N/A>
    [C:\Program Files\Tencent\QQ\PersonalDesktop.dll]  <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
    [C:\Program Files\Tencent\QQ\CommercesMng.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Tencent\QQ\QQAddr.dll]  <深圳市腾讯计算机系统有限公司><5, 0, 101, 141>
    [C:\Program Files\Tencent\QQ\QQSceneMng.dll]  <N/A><N/A>
    [C:\Program Files\Tencent\QQ\QQPhoneHelper.dll]  <腾讯科技（深圳）有限公司><1, 1, 4, 60>
    [C:\Program Files\Tencent\QQ\GroupConnection.dll]  <Tencent><0, 3, 3, 5>
    [C:\Program Files\Tencent\QQ\ImageOle.dll]  <TODO: <Company name>><1.0.0.1>
    [C:\Program Files\Tencent\QQ\QQMagicFace.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Tencent\QQ\QQZip.dll]  <tencent><0, 3, 2, 4>
    [C:\Program Files\Tencent\QQ\ShareFiles.dll]  <N/A><N/A>
    [C:\Program Files\Tencent\QQ\QQFileTransfer.dll]  <Tencent><0, 3, 3, 5>
    [C:\Program Files\Tencent\QQ\QQNetDisk.dll]  <深圳腾讯科技><7, 2, 101, 90>
[PID: 2148][C:\Program Files\Tencent\QQ\TIMPlatform.exe]  <tencent><0, 3, 1, 8>
    [C:\Program Files\Tencent\QQ\TIMProxy.dll]  <tencent><0, 3, 2, 4>
[PID: 2512][C:\WINNT\system32\conime.exe]  <Microsoft Corporation><5.00.2195.6655>
[PID: 2704][C:\WINNT\system32\wuauclt.exe]  <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 888][C:\Program Files\Tencent\Foxmail\Foxmail.exe]  <Tencent Inc.><6.01.102.12>
    [C:\Program Files\Tencent\Foxmail\FoxAntiSpam.dll]  <N/A><N/A>

[C:\Program Files\Tencent\Foxmail\pcre.dll]  <N/A><N/A>
    [C:\Program Files\Tencent\Foxmail\3rdParty\punylib.dll]  <CNNIC><1, 0, 0, 3>
    [C:\Program Files\Tencent\Foxmail\3rdParty\cmplugin.dll]  <N/A><N/A>
[PID: 852][F:\myie32dc\MyIE.exe]  <><3, 2, 0, 475>
    [C:\WINNT\system32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
[PID: 2480][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2800.1106>
    [C:\WINNT\system32\KakaTool.dll]  <Beijing Rising Technology Co., Ltd.><2, 0, 0, 7>
    [C:\PROGRA~1\TWEAKA~1\AssistIEBar.dll]  <全能助手工作室><6, 0, 2, 5>
    [C:\WINNT\system32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
[PID: 1972][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2800.1106>
    [C:\WINNT\system32\KakaTool.dll]  <Beijing Rising Technology Co., Ltd.><2, 0, 0, 7>
    [C:\PROGRA~1\TWEAKA~1\AssistIEBar.dll]  <全能助手工作室><6, 0, 2, 5>
    [C:\WINNT\system32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
[PID: 2708][C:\Documents and Settings\cbydsc\桌面\sreng2\SREng.exe]  <Smallfrogs Studio><2.0.12.350>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

C:\WINNT\System32\rtusd.dll有问题

日志全部导出了？

【回复“不言放弃”的帖子】是的全部导出来啦，请给我看看有什么问题！谢谢！

借助IceSword杀死C:\WINNT\System32\rtusd.dll
操作方法请参考
http://forum.ikaka.com/topic.asp?board=28&artid=6043640

我电脑也出现这样的问题了，你也帮我看看了
Logfile of HijackThis v1.99.1
Scan saved at 19:26:57, on 2009-4-7
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Rising\AntiSpyware\rstray.exe
D:\Program Files\AutoCAD 2007\acad.exe
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe
D:\Program Files\Tencent\QQ2009\Bin\QQ.exe
d:\Program Files\Tencent\QQ2009\Bin\TXPlatform.exe
D:\Program Files\Netease\网易闪电邮\闪电邮\rdaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\安装软件\HijackThis.exe

O2 - BHO: QQCycloneHelper - {00000000-12C9-4305-82F9-43058F20E8D2} - d:\Program Files\Tencent\QQDownload\QQIEHelper02.dll
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: QQ工具栏 - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll
O2 - BHO: ThunderAtOnce Class - {4359F288-5B59-4F71-858C-26C57141C99E} - d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: 卡卡上网安全助手 - {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} - E:\\WINDOWS\\system32\\urlFilter.dll (file missing)
O2 - BHO: CBIEBuddy - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll
O2 - BHO: QuickFlash - {BF50AC63-19DA-487E-AD4A-0B452D823B59} - C:\WINDOWS\system32\fsutk.dll
O2 - BHO: lmrt class - {FFFFEECE-FFF8-8222-2FB0-2935B9090315} - C:\WINDOWS\system32\1042\lmrt.dll
O3 - Toolbar: QQ工具栏 - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [runeip] "C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup
O4 - HKLM\..\Run: [cmxrdaemon] D:\Program Files\Netease\网易闪电邮\闪电邮\rdaemon.exe
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: QQ游戏启动加速程序.lnk = ?
O4 - Global Startup: AutoCAD 启动加速器.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: &使用超级旋风下载 - d:\Program Files\Tencent\QQDownload\geturl.htm
O8 - Extra context menu item: &使用超级旋风下载全部链接 - d:\Program Files\Tencent\QQDownload\getAllurl.htm
O8 - Extra context menu item: &使用超级旋风下载本页视频 - d:\Program Files\Tencent\QQDownload\geturlflv.htm
O8 - Extra context menu item: 使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 复制到我的QQ记事本 - http://mail.qq.com/cgi-bin/loginpage?r=1&templatename=note_copy
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 通过网易邮箱发送 - d:\Program Files\Netease\网易闪电邮\闪电邮\getcontent.htm
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: 联想 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.lenovo.com (file missing)
O9 - Extra button: 金山词霸浏览器栏 - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll
O9 - Extra 'Tools' menuitem: 金山词霸浏览器栏 - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx (file missing)
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx (file missing)
O20 - AppInit_DLLs: kmon.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe