请帮我看看,小伞变红了! bbs.ikaka.com

hwl1212 - 2006-8-27 11:57:00

Logfile of HijackThis v1.99.1
Scan saved at 10:26:18, on 2006-8-27
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\rising\Rav\RavStub.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\resetservice.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msime.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\rising\Rav\RavTask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3X1.EXE
D:\Program Files\PowerDVD\PDVDServ.exe
D:\Program Files\WebThunder\WebThunder.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\rising\Rav\Ravmon.exe
d:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\rising\Rav\CCenter.exe
C:\Program Files\rising\Rav\Ravmond.exe
D:\HijackThis V1.99.1 汉化版\HijackThis.exe

O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - D:\Program Files\WebThunder\WebThunderBHO_011.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: 百度搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\WINDOWS\DOWNLO~1\BaiDuBar.dll
O2 - BHO: (no name) - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - (no file)
O3 - Toolbar: 百度搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\WINDOWS\DOWNLO~1\BaiDuBar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [SonicFocus] "C:\Program Files\Sonic Focus\SFIGUI\SFIGUI.EXE" BOOT
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON ME 100] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3X1.EXE /P12 "EPSON ME 100" /O6 "USB003" /M "ME 100"
O4 - HKLM\..\Run: [RemoteControl] "d:\Program Files\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [WebThunder] d:\Program Files\WebThunder\WebThunder.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Yahoo! Widget Engine.lnk = D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Google 搜索(&G) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: 使用Web迅雷下载 - d:\Program Files\WebThunder\GetUrl.htm
O8 - Extra context menu item: 使用Web迅雷下载全部链接 - d:\Program Files\WebThunder\GetAllUrl.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FLASHGET\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FLASHGET\jc_all.htm
O8 - Extra context menu item: 反向链接 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: 收藏此页到ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - Extra context menu item: 新浪搜索 - http://cha.sina.com.cn/ddt.html
O8 - Extra context menu item: 查看 Exif 信息(&V) - res://D:\Program Files\Exif Show\ExShow.dll/EXSHOW.HTML
O8 - Extra context menu item: 查看 Exif/GPS/IPTC 信息 - d:\Program Files\Opanda\IExif 1.8\IExifCom.htm
O8 - Extra context menu item: 类似网页 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: 缓存的网页快照 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: 翻译英文字词(&T) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O9 - Extra button: 红心游戏 - {00000000-DAEB-480d-867B-D746D955765B} - D:\Program Files\redheart青岛保皇\GameHall.exe
O9 - Extra 'Tools' menuitem: 红心游戏世界 - {00000000-DAEB-480d-867B-D746D955765B} - D:\Program Files\redheart青岛保皇\GameHall.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .amr: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {58CDB34C-B4D7-418B-A0FB-C4C8A01C2F0E} - http://pi2.51.net/download/diybar.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\Administrator\Local Settings\Temp\EI40_\msxml4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D1440673-6A26-4AE2-AC62-3FB23AF07349} (Upload Class) - http://www.0532keda.com/keda/manage/front/upload/TruesyUpload.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05F6FBC7-FC96-45F2-BAF3-A4B50021D011}: NameServer = 10.64.1.1,10.68.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{05F6FBC7-FC96-45F2-BAF3-A4B50021D011}: NameServer = 10.64.1.1,10.68.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{05F6FBC7-FC96-45F2-BAF3-A4B50021D011}: NameServer = 10.64.1.1,10.68.1.1
O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Reset 5 - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

柠檬啵啵糖 - 2006-8-27 12:04:00

瑞星绝对没问题，一定中毒了，在安全模式下杀杀看

我无邪 - 2006-8-27 12:11:00

关闭所有浏览窗口以及一些不必要的程序
运行Hijackthis，扫描结束后在下列选项前打上勾，然后选"修复"
O12 - Plugin for .amr: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {58CDB34C-B4D7-418B-A0FB-C4C8A01C2F0E} - http://pi2.51.net/download/diybar.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\Administrator\Local Settings\Temp\EI40_\msxml4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D1440673-6A26-4AE2-AC62-3FB23AF07349} (Upload Class) - http://www.0532keda.com/keda/manage/front/upload/TruesyUpload.cab
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

hwl1212 - 2006-8-27 13:02:00

2006-08-27,12:50:32

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation]
<BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"> [Nero AG]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SoundMAXPnP><C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe> [Analog Devices, Inc.]
<internat.exe><internat.exe> [Microsoft Corporation]
<SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray> [Analog Devices, Inc.]
<IMONTRAY><C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe> []
<SonicFocus><"C:\Program Files\Sonic Focus\SFIGUI\SFIGUI.EXE" BOOT> []
<RfwMain><"C:\Program Files\rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> []
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<RavTask><"C:\Program Files\rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<EPSON ME 100><C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3X1.EXE /P12 "EPSON ME 100" /O6 "USB003" /M "ME 100"> [SEIKO EPSON CORPORATION]
<RemoteControl><"d:\Program Files\PowerDVD\PDVDServ.exe"> [Cyberlink Corp.]
<NeroFilterCheck><C:\WINDOWS\System32\NeroCheck.exe> [Ahead Software Gmbh]
<PinnacleDriverCheck><C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg> []
<WebThunder><d:\Program Files\WebThunder\WebThunder.exe> [深圳市迅雷网络技术有限公司]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<KernelFaultCheck><C:\WINDOWS\System32\msime.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\reset5]
<WinlogonNotify: reset5><reset5.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<cesmain.dll><; rundll32.exe C:\PROGRA~1\3721\Ces\cmail.dll,Rundll32> []
<csrss><; > []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<dddclient><; > []
<helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> []
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<NeroCheck><; C:\WINDOWS\System32\\NeroCheck.exe> [Ahead Software Gmbh]
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<nwiz><; nwiz.exe /install> [NVIDIA Corporation]
<PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<SoundMAX><; "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray> [Analog Devices, Inc.]
<Super Rabbit SRRestore><; D:\PROGRA~1\SUPERR~1\SUPERR\SRRest.exe /autosave> [Super Rabbit Soft]
<Synchronization Manager><; %SystemRoot%\system32\mobsync.exe /logon> []
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]

==================================
启动文件夹
[Microsoft Office]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk><N>
[NkbMonitor.exe]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\NkbMonitor.exe.lnk><N>
[Adobe Gamma Loader]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk><N>
[Yahoo! Widget Engine]
<C:\Documents and Settings\a\「开始」菜单\程序\启动\Yahoo! Widget Engine.lnk><N>

==================================
服务
[Adobe LM Service / Adobe LM Service]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[DuDu Accelerator o / DDDProxy]
<><N/A>
[Diskeeper / Diskeeper]
<"C:\Program Files\Executive Software\DiskeeperLite\DKService.exe"><Executive Software International, Inc.>
[InstallDriver Table Manager / IDriverT]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Intel(R) Active Monitor / imonNT]
<C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe><Intel Corp.>
[LexBce Server / LexBceS]
<C:\WINDOWS\system32\LEXBCES.EXE><Lexmark International, Inc.>
[NVIDIA Driver Helper Service / NVSvc]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Reset 5 / Reset 5]
<C:\WINDOWS\system32\srvany.exe><N/A>
[Rising Proxy Service / RfwProxySrv]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[WINS Client / RpcPatch]
<><N/A>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[Ulead Burning Helper / UleadBurningHelper]
<C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>
[UStorage Server Service / UStorage Server Service]
<C:\WINDOWS\system32\UStorSrv.exe /Service><OTi>

==================================
浏览器加载项
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\Program Files\WebThunder\WebThunderBHO_011.dll, Thunder Networking Technologies,LTD>
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
{53707962-6F74-2D53-2644-206D7942484F} <d:\Spybot - Search & Destroy\SDHelper.dll, Safer Networking Limited>
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <D:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[百度搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\WINDOWS\DOWNLO~1\BaiDuBar.dll, >
[EpsonToolBandKicker Class]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, SEIKO EPSON CORPORATION>
[红心游戏]
{00000000-DAEB-480d-867B-D746D955765B} <D:\Program Files\redheart青岛保皇\GameHall.exe, >
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\MSMSGS.EXE, Microsoft Corporation>
[百度搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\WINDOWS\DOWNLO~1\BaiDuBar.dll, >
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[EPSON Web-To-Page]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, SEIKO EPSON CORPORATION>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[Upload Class]
{D1440673-6A26-4AE2-AC62-3FB23AF07349} <C:\WINDOWS\Downloaded Program Files\LeeUpload.DLL, 青岛市求实计算机工程有限公司>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[]
{53707962-6F74-2D53-2644-206D7942484F} <d:\Spybot - Search & Destroy\SDHelper.dll, Safer Networking Limited>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\System32\shdocvw.dll, N/A>
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <D:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>

hwl1212 - 2006-8-27 13:04:00

[百度搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\WINDOWS\DOWNLO~1\BaiDuBar.dll, >
[Adobe Acrobat Control for ActiveX]
{CA8A9780-280D-11CF-A24D-444553540000} <D:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\pdf.ocx, Adobe Systems Incorporated>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\System32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[Google 搜索(&G)]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html, N/A>
[使用Web迅雷下载]
<d:\Program Files\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
<d:\Program Files\WebThunder\GetAllUrl.htm, N/A>
[使用网际快车下载]
<D:\Program Files\FLASHGET\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<D:\Program Files\FLASHGET\jc_all.htm, N/A>
[反向链接]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html, N/A>
[收藏此页到ViVi]
<http://vivi.sina.com.cn/collect/click.php?agent=ddt, N/A>
[新浪搜索]
<http://cha.sina.com.cn/ddt.html, N/A>
[查看 Exif 信息(&V)]
<res://D:\Program Files\Exif Show\ExShow.dll/EXSHOW.HTML, N/A>
[查看 Exif/GPS/IPTC 信息]
<d:\Program Files\Opanda\IExif 1.8\IExifCom.htm, N/A>
[类似网页]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html, N/A>
[缓存的网页快照]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html, N/A>
[翻译英文字词(&T)]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html, N/A>

==================================
正在运行的进程
[PID: 424][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 472][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 496][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[C:\WINDOWS\system32\reset5.dll] <N/A><N/A>
[PID: 540][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 552][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 728][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 772][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 840][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 864][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 908][c:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 32>
[c:\program files\rising\rfw\RfwRule.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13>
[c:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
[c:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
[c:\program files\rising\rfw\MonDrv.dll] <rs><1, 0, 0, 4>
[c:\program files\rising\rfw\ProcLib.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
[PID: 1100][C:\WINDOWS\system32\LEXBCES.EXE] <Lexmark International, Inc.><7.4>
[C:\WINDOWS\system32\lexp2p32.dll] <Lexmark International, Inc.><7.4>
[C:\WINDOWS\system32\lex2kusb.dll] <Lexmark International, Inc.><7.4>
[PID: 1136][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
[C:\WINDOWS\system32\EBPMON24.DLL] <SEIKO EPSON CORPORATION><5, 3, 0, 0>
[C:\WINDOWS\system32\LEXLMPM.DLL] <Lexmark International, Inc.><7.4>
[C:\WINDOWS\system32\LexBce.dll] <Lexmark International, Inc.><7.4>
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LXAXPP5C.dll] <Lexmark International><1.0.6.8>
[PID: 1144][C:\WINDOWS\system32\LEXPPS.EXE] <N/A><N/A>
[C:\WINDOWS\system32\LEXBCE.DLL] <Lexmark International, Inc.><7.4>
[PID: 1284][C:\Program Files\Executive Software\DiskeeperLite\DKService.exe] <Executive Software International, Inc.><7.0.418.0>
[C:\Program Files\Executive Software\DiskeeperLite\DKLib.dll] <Executive Software International, Inc.><7.0.418.0>
[C:\Program Files\Executive Software\DiskeeperLite\DkRes.dll] <Executive Software International, Inc.><7.0.418.0>
[PID: 1340][C:\WINDOWS\System32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.4403>
[PID: 1388][C:\WINDOWS\system32\srvany.exe] <N/A><N/A>
[PID: 1412][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] <Analog Devices, Inc.><3, 2, 6, 0>
[PID: 1420][C:\WINDOWS\system32\resetservice.exe] <N/A><N/A>
[PID: 1460][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\WINDOWS\System32\EPScan6\1500\Scnwia50.dll] <><2004, 5, 28, 1>
[PID: 1480][C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe] <Ulead Systems, Inc.><1, 0, 0, 4>
[PID: 1528][C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe] <Intel Corp.><1.1.9.143 >
[C:\Program Files\Intel\Intel(R) Active Monitor\IMONRES.LRC] <Intel Corp.><1.1.9.143 >
[C:\WINDOWS\System32\SensorDLL.DLL] <Intel Corp.><1.1.9.143 >
[PID: 1824][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[D:\Program Files\Nero7\Nero 7\Nero 7\Nero BackItUp\NBShell.dll] <Nero AG><2, 0, 0, 5>
[d:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[D:\Program Files\WebThunder\WebThunderBHO_011.dll] <Thunder Networking Technologies,LTD><6, 0, 0, 2>
[d:\Spybot - Search & Destroy\SDHelper.dll] <Safer Networking Limited><1, 4, 0, 0>
[D:\PROGRA~1\FLASHGET\jccatch.dll] <Amaze Soft><1, 1, 4, 0>
[C:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Common Files\Ahead\lib\NMDataServices.dll] <Nero AG><1, 0, 1, 5>
[C:\Program Files\Common Files\Ahead\lib\NMPluginBase.dll] <Nero AG><1, 0, 1, 5>
[C:\Program Files\Common Files\Ahead\lib\NMCoFoundation.dll] <Nero AG><1, 0, 1, 5>
[C:\Program Files\Common Files\Ahead\lib\NMVDS.dll] <Nero AG><1, 0, 1, 5>
[C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvrPS.dll] <Nero AG><1, 0, 1, 5>
[PID: 1948][C:\WINDOWS\System32\msime.exe] <Microsoft Corporation><5.1.2600.2180>
[PID: 1956][C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe] <Analog Devices, Inc.><4, 0, 3, 6>
[C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll] <Analog Device, Inc.><1, 0, 20, 1>
[PID: 1972][C:\Program Files\Analog Devices\SoundMAX\Smax4.exe] <Analog Devices, Inc.><4, 0, 4, 11>
[PID: 1980][C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe] <><1.1.9.143 >
[C:\Program Files\Intel\Intel(R) Active Monitor\IMONRES.LRC] <Intel Corp.><1.1.9.143 >
[C:\WINDOWS\System32\SensorDLL.DLL] <Intel Corp.><1.1.9.143 >
[PID: 2012][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3249>
[PID: 2024][C:\Program Files\rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[C:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>

hwl1212 - 2006-8-27 13:04:00

[PID: 2044][C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3X1.EXE] <SEIKO EPSON CORPORATION><3.00>
[PID: 172][D:\Program Files\PowerDVD\PDVDServ.exe] <Cyberlink Corp.><6.00.1027>
[d:\Program Files\PowerDVD\CLRCEngine2.dll] <CyberLink Corp.><3.2.2021 >
[PID: 208][D:\Program Files\WebThunder\WebThunder.exe] <深圳市迅雷网络技术有限公司><1, 1, 7, 42>
[D:\Program Files\WebThunder\taskmanage.dll] <Thunder Networking Technologies,LTD><1, 1, 6, 42>
[D:\Program Files\WebThunder\download_interface.dll] <Thunder Networking Technologies,LTD><1, 0, 3, 70>
[D:\Program Files\WebThunder\asyn_dns.dll] <N/A><N/A>
[D:\Program Files\WebThunder\RegisterDll.dll] <Thunder Networking Technologies,LTD><2, 0, 0, 13>
[D:\Program Files\WebThunder\historyinfo_manage.dll] <Thunder Networking Technologies,LTD><5, 2, 0, 150>
[D:\Program Files\WebThunder\UpdateDownload.dll] <Thunder Networking Technologies,LTD><1, 0, 1, 8>
[D:\Program Files\WebThunder\UpdateExec.dll] <Thunder Networking Technologies,LTD><1, 0, 1, 5>
[D:\Program Files\WebThunder\iEmbedShell.dll] <　><1, 0, 0, 10>
[d:\Program Files\WebThunder\iEmbed03.dll] <　><2, 2, 1, 33>
[C:\Program Files\rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 228][C:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 248][C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe] <Nero AG><1, 0, 1, 5>
[C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvrPS.dll] <Nero AG><1, 0, 1, 5>
[C:\Program Files\Common Files\Ahead\lib\NMDataServices.dll] <Nero AG><1, 0, 1, 5>
[PID: 268][c:\program files\rising\rfw\RfwMain.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 52>
[c:\program files\rising\rfw\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
[c:\program files\rising\rfw\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[c:\program files\rising\rfw\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 352][C:\Program Files\rising\Rav\Ravmon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 32>
[C:\Program Files\rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
[C:\Program Files\rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[C:\Program Files\rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 308][D:\Program Files\Nikon\PictureProject\NkbMonitor.exe] <Nikon Corporation><1, 0, 0, 3007>
[PID: 2540][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
[C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll] <Yahoo! Inc.><2005, 11, 4, 1>
[D:\Program Files\WebThunder\WebThunderBHO_011.dll] <Thunder Networking Technologies,LTD><6, 0, 0, 2>
[D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><6.0.1.2003110300>
[d:\Spybot - Search & Destroy\SDHelper.dll] <Safer Networking Limited><1, 4, 0, 0>
[D:\PROGRA~1\FLASHGET\jccatch.dll] <Amaze Soft><1, 1, 4, 0>
[c:\program files\google\googletoolbar1.dll] <Google Inc.><3, 0, 131, 0>
[C:\WINDOWS\DOWNLO~1\BaiDuBar.dll] <><2, 0, 0, 0>
[C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll] <SEIKO EPSON CORPORATION><1, 0, 0, 0>
[C:\Program Files\rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 3612][D:\System Repair Engineer\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

瑞星卡卡安全论坛