Logfile of HijackThis v1.99.1
Scan saved at 1:21:33, on 2007-3-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
D:\瑞星\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
D:\瑞星\Rising\Rav\Ravmond.exe
d:\瑞星\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
D:\瑞星\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\dfsdfsg.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Rpcsx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winsrpc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.EXE
d:\瑞星\rising\rfw\RfwMain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\瑞星\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\BHDCRegC.exe
D:\瑞星\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\sy\My Documents\Huawei\PortalServer\PortalClient.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\Logo1_.exe
D:\MYIE2\MyIE.exe
C:\Program Files\Internet Explorer\PLUGINS\system2.jmp
C:\Program Files\Internet Explorer\IEXPLORE.ime
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\Rpcsa.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
d:\Thunder\Thunder.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\sy\LOCALS~1\Temp\Rar$EX00.453\HijackThis.exe

R3 - URLSearchHook: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v13.dll
O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINDOWS\system32\NaviHelper.dll
O2 - BHO: Helper Class - {6E28339B-7A2A-47B6-AEB2-197004272379} - C:\WINDOWS\vchelper.dll
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - D:\网页\dreamwaver\Dreamweaver 8\FastAIT\IEBand.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [RavTask] "D:\瑞星\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [BHDCRegC] C:\WINDOWS\system32\BHDCRegC.exe
O4 - HKLM\..\Run: [RfwMain] "D:\瑞星\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [load] C:\WINDOWS\uninstall\rundl132.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下载 - d:\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - d:\Thunder\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\QQ\客户端\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\QQ\客户端\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\QQ\客户端\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\QQ\客户端\SendMMS.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/203
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\QQ\客户端\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\QQ\客户端\QQ.EXE
O14 - IERESET.INF: START_PAGE_URL=about:blank
O15 - Trusted Zone: http://www.icbc.com.cn
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\瑞星\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\瑞星\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\瑞星\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\瑞星\Rising\Rav\Ravmond.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

上面是扫描的结果，请高手分析+指教

C:\Program Files\Internet Explorer\IEXPLORE.ime
C:\WINDOWS\system32\dfsdfsg.exe
C:\Program Files\Internet Explorer\PLUGINS\system2.jmp
C:\Program Files\Internet Explorer\IEXPLORE.ime
C:\WINDOWS\Logo1_.exe
上面这些东西我很是怀疑 以前没见过~

刚把我吓大跳
电脑开的好好的
什么也没开
结果耳卖里传出一个电视广播的声音
还是个广告之类的。。。
当我结束了一个IEXPLORE的进程后，声音就没了。。。

请2楼的说清楚好吗
怎么搞？

刚又出现了rundl132.exe这个东西了
昨天刚用专杀杀掉的。。。。那么那么奇怪~~

顶上 就没人帮下忙吗?

是学校里的网~~

哪个专杀?
能给个地址吗?

哪个地址的专杀我下了昨天
江民的能找出那病毒，但是重起没玩多久又出现了。。

3楼的地址我都下了
江民那个查出了病毒，但是重起玩一会又出现了。。。
今天又发现个问题，我一上网前面几分钟速度正常，几分钟后速度就变的很慢，我说的是网速。。。

我再发下我电脑SRE的扫描日志的。。

[CODE]

2007-03-16,16:10:10

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>  [RealNetworks, Inc.]
    <DAEMON Tools-1033><"C:\Program Files\D-Tools\daemon.exe"  -lang 1033>  [DAEMON'S HOME]
    <RavTask><"D:\瑞星\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <BHDCRegC><C:\WINDOWS\system32\BHDCRegC.exe>  [SHHIC]
    <RfwMain><"D:\瑞星\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\UserInit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk>  []
    <{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys>  []
    <{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys>  []
    <{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}><C:\Program Files\Internet Explorer\IEXPLORE.Dat>  []
    <{923509F1-45CB-4EC0-BDE0-1DED35B8FD60}><C:\Program Files\Internet Explorer\IEXPLORE.win>  []

==================================
启动文件夹
N/A

==================================
服务
[sadsaads / afdsfsgg][Running/Auto Start]
  <C:\WINDOWS\system32\dfsdfsg.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATK Keyboard Service / ATKKeyboardService][Running/Auto Start]
  <C:\WINDOWS\ATKKBService.exe><ASUSTeK COMPUTER INC.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Remote Procedure Call System(RPCSx) / Remo][Stopped/Auto Start]
  <C:\WINDOWS\system32\Rpcsx.exe><Microsoft Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <d:\瑞星\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <d:\瑞星\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Remote Procedure Call System(RPCSA) / RpcSA][Stopped/Auto Start]
  <C:\WINDOWS\system32\Rpcsa.exe><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\瑞星\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\瑞星\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[服务名 / svcname][Stopped/Auto Start]
  <C:\WINDOWS\system32\server.exe><N/A>
[Windows System Rpcs / WDSRPC][Stopped/Auto Start]
  <C:\WINDOWS\system32\winsrpc.exe><Microsoft Corporation>

==================================
驱动程序
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aliide.sys><ALi Corporation>
[Enhanced Display Driver Helper Service / asuskbnt][Running/System Start]
  <system32\drivers\atkkbnt.sys><ASUSTeK COMPUTER INC.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[BHDCKEY / BHDCKEY][Running/Manual Start]
  <System32\Drivers\usbdriver.sys><BHDC>
[d347bus / d347bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[EIO / EIO][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\EIO.sys><ASUSTeK Computer Inc.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\D:\瑞星\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\D:\瑞星\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\D:\瑞星\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\D:\瑞星\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\D:\瑞星\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[m5289 / m5289][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\m5289.sys><ULi Electronics Inc.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\D:\瑞星\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\d:\瑞星\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\QQ\客户端\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\D:\瑞星\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\D:\瑞星\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SKNFW / SKNFW][Running/System Start]
  <\??\C:\WINDOWS\system32\Drivers\SKNFW.sys><N/A>
[SkyProcs / SkyProcs][Stopped/Manual Start]
  <\??\C:\Program Files\SkyNet\Firewall\SkyProcs.sys><N/A>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[ULi AGP Bus Filter Driver / uliagpkx][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\agpkx.sys><ULi Electronics Inc.>
[Sony Ericsson W800 driver (WDM) / w800bus][Stopped/Manual Start]
  <system32\DRIVERS\w800bus.sys><MCCI>
[Sony Ericsson W800 USB WMC Modem Filter / w800mdfl][Stopped/Manual Start]
  <system32\DRIVERS\w800mdfl.sys><MCCI>
[Sony Ericsson W800 USB WMC Modem Drivers / w800mdm][Stopped/Manual Start]
  <system32\DRIVERS\w800mdm.sys><MCCI>
[Sony Ericsson W800 USB WMC Device Management Drivers / w800mgmt][Stopped/Manual Start]
  <system32\DRIVERS\w800mgmt.sys><MCCI>
[Sony Ericsson W800 USB WMC OBEX Interface Drivers / w800obex][Stopped/Manual Start]
  <system32\DRIVERS\w800obex.sys><MCCI>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[VIMICRO USB PC Camera (ZC0301PLH) / ZSMC303][Stopped/Manual Start]
  <System32\Drivers\usbVM303.sys><Vimicro Corporation>