Logfile of HijackThis v1.99.1
Scan saved at 14:05:52, on 1999-11-14
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINNT\Explorer.EXE
C:\WINNT\AutoUp.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINNT\wupdmgr.exe
C:\WINNT\osaupd.exe
E:\新建文件夹 (3)\hijackthis\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: 百度搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\WINNT\DOWNLO~1\BaiDuBar.dll
O3 - Toolbar: 百度搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\WINNT\DOWNLO~1\BaiDuBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: 百度Flash搜索 - res://C:\WINNT\DOWNLO~1\BaiDuBar.dll/FLASHSEARCH.HTM
O8 - Extra context menu item: 百度mp3搜索 - res://C:\WINNT\DOWNLO~1\BaiDuBar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度信息快递搜索 - res://C:\WINNT\DOWNLO~1\BaiDuBar.dll/BAIDUIE.HTM
O8 - Extra context menu item: 百度图片搜索 - res://C:\WINNT\DOWNLO~1\BaiDuBar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度搜索 - res://C:\WINNT\DOWNLO~1\BaiDuBar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度新闻搜索 - res://C:\WINNT\DOWNLO~1\BaiDuBar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 豪杰超级解霸V8实时播放 - C:\Herosoft\HeroV8\MPURLGET.HTM
O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EABD7BBC-BD70-421D-8A15-49E330E4CCDB}: NameServer = 202.96.64.68,202.96.69.38
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

本人很菜，看不懂，大家帮忙分析一下，谢谢了

有哪位高人懂得，给指点一下好吗

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

这个好象是把?我是菜鸟也不懂
你去高级主题里看灰鸽子里面有

谢谢，我去看一下

【回复“红树叶ん”的帖子】
我晕，这个应该是声卡的程序。如果楼主问的是是否有灰鸽子的话，我会回答没有，除非这是一只HijackThis看不到的灰鸽子。

C:\WINNT\wupdmgr.exe（我只知道在XP中，它是在system 文件夹中的，在2000里，不清楚~~）
下面这个是~~？？
C:\WINNT\AutoUp.exe

再下面的~~上网搜了下，得到如下结论：
C:\WINNT\osaupd.exe

摘要 Osaupd.exe
trojan.spyfalcon.process 
 
  公司资料
spyfalcon.com
spyfalcon.com 
 
  说明 Osaupd.exe
Spyfalcon是乱/adware程式合法masquerades反间谍程式软体,可以改变桌面和窗口其他场合

木马程式都可以出庭为合法目的,反而会产生不良影响或意外.

大部分木马程式软体下载其他有害成分,用户在PC他/她的知识.

这是最有可能应用下载并安装了一个应用,被认为是adware或间谍程式. 
 
  一级威胁(1-10)
8 

具体什么意思~~让人看得有些郁闷~

【回复“不怕中毒不行”的帖子】
结束如下进程
C:\WINNT\AutoUp.exe
C:\WINNT\wupdmgr.exe
C:\WINNT\osaupd.exe

进入注册表
依次搜索下面三个文件：
AutoUp.exe
wupdmgr.exe
osaupd.exe
找到后全部删除

删除
C:\WINNT\AutoUp.exe
C:\WINNT\wupdmgr.exe
C:\WINNT\osaupd.exe

果然有高人，哈哈，谢谢大家