Logfile of HijackThis v1.99.0
Scan saved at 19:11:37, on 2006-8-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Rising\Rav\Ravmond.exe
e:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
E:\Program Files\Rising\Rav\RavTask.exe
E:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
e:\program files\rising\rfw\RfwMain.exe
E:\Program Files\Rising\Rav\rav.exe
E:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Tencent\TT\TTraveler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Bluewater\My Documents\HijackThis\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll (file missing)
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll
O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINDOWS\system32\03dofef0.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll
O3 - Toolbar: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no file)
O4 - HKLM\..\Run: [RavTask] "E:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 收藏此页到新浪ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - Extra context menu item: 新浪搜索 - http://cha.sina.com.cn/ddt.html
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_bscl_66853 (file missing)
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [CDNCLIENT]  中文上网
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {EF9F1C48-1A63-495A-9317-B7B71B34A9CF} (Msp Class) - http://ddddl.dudu.com/ddd/update/plugin/sinamsp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA2CA887-5FE5-4769-89EF-BFDC8E7EFAD4}: NameServer = 61.153.177.201 61.153.177.198
O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\system32\mbprot.dll
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINDOWS\system32\03ddfef0.dll (file missing)
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Rising Proxy  Service - Beijing Rising Technology Co., Ltd. - e:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service - Beijing Rising Technology Co., Ltd. - e:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center - Beijing Rising Technology Co., Ltd. - E:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service - Beijing Rising Technology Co., Ltd. - E:\Program Files\Rising\Rav\Ravmond.exe

关闭所有浏览窗口以及一些不必要的程序
运行Hijackthis，扫描结束后在下列选项前打上勾，然后选"修复"
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINDOWS\system32\03ddfef0.dll (file missing)
O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINDOWS\system32\03dofef0.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll (file missing)

重启后删除
C:\WINDOWS\system32\03dofef0.dll
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

重启后没找到03dofef0.dll
2006-08-27,09:42:07

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联


启动项目


注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(KAVPersonal50)("C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize) [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(EXPLORER.EXE) [Microsoft Corporation]
(Userinit)(userinit.exe,) [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)() []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(UIHost)(logonui.exe) [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
(CdnCtr)(; C:\Program Files\CNNIC\Cdn\cdnup.exe) []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(; C:\WINDOWS\system32\ctfmon.exe) [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
(IMJPMIG8.1)(; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32) [Microsoft Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
(MsnMsgr)(; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background) [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
(NeroCheck)(; C:\WINDOWS\system32\\NeroCheck.exe) [Ahead Software Gmbh]
(nwiz)(; nwiz.exe /install) []
(pbmini)(; C:\Program Files\pcast\PodcastbarMini\PodcastBar.exe -hide) []
(PHIME2002A)(; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName) [Microsoft Corporation]
(PHIME2002ASync)(; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC) [Microsoft Corporation]
(RavTask)(; "E:\Program Files\Rising\Rav\RavTask.exe" -system) []
(systime)(; F:\dao\时钟\clock.exe) [远大书店]
(WangWang)(; "C:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE") [淘宝（中国）软件有限公司]




--------------------------------------------------------------------------------


启动文件夹

服务

[kavsvc / kavsvc]
("C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe")(Kaspersky Lab)
[Kodak Camera Connection Software / KodakCCS]
(C:\WINDOWS\system32\drivers\KodakCCS.exe)(Eastman Kodak Company)
[LexBce Server / LexBceS]
(C:\WINDOWS\system32\LEXBCES.EXE)(Lexmark International, Inc.)
[Logical System Event Report / Lsp]
(Lsp.exe)(N/A)
[MySql / MySql]
(C:/mysql/bin/mysqld-nt.exe)(N/A)
[NVIDIA Display Driver Service / NVSvc]
(C:\WINDOWS\system32\nvsvc32.exe)(NVIDIA Corporation)
[Rising RealTime Update / RRU]
(C:\WINDOWS\ravmond.exe)(N/A)
[System Backup Service / SBS]
(C:\WINDOWS\bkdll32.exe)(N/A)
[StdService / StdService]
(C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\STDSVER.DLL,Service)(N/A)
[Windows System Update Process / Wsup]
(C:\WINDOWS\sp00lsv.exe)(N/A)



--------------------------------------------------------------------------------



浏览器加载项

[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, )
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} (C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A)
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} (C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL, N/A)
[ST]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} (C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll, Microsoft Corporation)
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} (C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft)
[MSNToolBandBHO]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll, Microsoft Corporation)
[WMHlprObj Class]
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} (C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, N/A)
[手机短信]
{00000000-0000-0001-0001-596BAEDD1289} (http://sms.3721.com/ie/index.htm?pid=U_bscl_66853, N/A)
[Yahoo 1G电邮]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} (http://cn.mail.yahoo.com/promo/rd1, N/A)
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} (C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A)
[上网助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} (http://assistant.3721.com/index.htm?fb=Cns, N/A)
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} (http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A)
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} (C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation)
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} (C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft)
[金山快译(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} (C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll, 金山软件股份有限公司)
[MSN]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll, Microsoft Corporation)
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} (C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com)
[Downloader Class]
{5932517A-3326-4439-A708-1C98EDB5C549} (C:\WINDOWS\system32\iMopDl.dll, )
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.)
[Msp Class]
{EF9F1C48-1A63-495A-9317-B7B71B34A9CF} (C:\WINDOWS\Downloaded Program Files\dddmsp.dll, )
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, )
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} (C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation)
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} (%SystemRoot%\System32\mshtml.dll, N/A)
[HHCtrl Object]
{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} (C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation)
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} (C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com)
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} (C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A)
[InfoSecNetSign Class]
{62B938C4-4190-4F37-8CF0-A92B0A91CC77} (C:\WINDOWS\system32\NetSign.dll, Infosec Technologies Co., Ltd.)
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} (C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL, N/A)
[MMSAssist BHO]
{6671A431-5C3D-463D-A7CF-5587F9B7E191} (C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL, )
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[金山快译(&K)]
{6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} (C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll, 金山软件股份有限公司)
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} (C:\WINDOWS\System32\shdocvw.dll, Microsoft Corporation)
[ST]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} (C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll, Microsoft Corporation)
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} (C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft)
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} (C:\WINDOWS\System32\mshtml.dll, Microsoft Corporation)
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} (%SystemRoot%\System32\shdocvw.dll, N/A)
[MSN]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll, Microsoft Corporation)
[MSNToolBandBHO]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll, Microsoft Corporation)
[RealPlayer G2 Control]

{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.)
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} (C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft)
[Msp Class]
{EF9F1C48-1A63-495A-9317-B7B71B34A9CF} (C:\WINDOWS\Downloaded Program Files\dddmsp.dll, )
[WMHlprObj Class]
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} (C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, N/A)
[使用网际快车下载]
(C:\Program Files\FlashGet\jc_link.htm, N/A)
[使用网际快车下载全部链接]
(C:\Program Files\FlashGet\jc_all.htm, N/A)
[收藏此页到新浪ViVi]
(http://vivi.sina.com.cn/collect/click.php?agent=ddt, N/A)
[新浪搜索]
(http://cha.sina.com.cn/ddt.html, N/A)
[添加到QQ自定义面板]
(C:\Program Files\Tencent\QQ\AddPanel.htm, N/A)
[添加到QQ表情]
(C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A)
[用QQ彩信发送该图片]
(C:\Program Files\Tencent\QQ\SendMMS.htm, N/A)
[访问通用网址]
(C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A)



--------------------------------------------------------------------------------



正在运行的进程

[PID: 720][\SystemRoot\System32\smss.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 788][\??\C:\WINDOWS\system32\csrss.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 812][\??\C:\WINDOWS\system32\winlogon.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 856][C:\WINDOWS\system32\services.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 868][C:\WINDOWS\system32\lsass.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1016][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1084][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[C:\WINDOWS\system32\cdnns.dll] (CNNIC)(2, 0, 0, 0)
[PID: 1124][C:\WINDOWS\System32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1224][C:\WINDOWS\System32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1288][C:\WINDOWS\System32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1596][C:\WINDOWS\system32\drivers\KodakCCS.exe] (Eastman Kodak Company)(1.1.5100.4)
[PID: 1684][C:\WINDOWS\System32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1724][C:\WINDOWS\system32\wdfmgr.exe] (Microsoft Corporation)(5.2.3790.1230 built by: DNSRV(bld4act))
[PID: 1980][C:\WINDOWS\System32\alg.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1212][C:\WINDOWS\Explorer.EXE] (Microsoft Corporation)(6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))
[C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx] ()(1, 0, 0, 1)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] (Kaspersky Lab)(5.0.1.18)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll] (Kaspersky Lab)(5.0.388.1)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] (Kaspersky Lab)(5.0.388.0)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll] (Kaspersky Lab)(5.0.388.0)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll] (Kaspersky Lab)(5.0.388.1)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] (Kaspersky Lab)(5.0.388.0)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll] (Kaspersky Lab)(5.0.388.1)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll] (Kaspersky Lab)(5.0.388.2)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll] (Kaspersky Lab)(5.0.388.1)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll] (Kaspersky Lab)(5.0.388.0)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl] (Kaspersky Lab)(5.0.388.0)
[c:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl] (Kaspersky Lab)(5.0.388.0)
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl] (Kaspersky Lab)(5.0.388.0)
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl] (Kaspersky Lab)(5.0.388.0)
[c:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl] (Kaspersky Lab)(5.0.388.0)
[PID: 1360][C:\WINDOWS\system32\wscntfy.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 904][C:\WINDOWS\system32\ctfmon.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1720][C:\Program Files\Tencent\TT\TTraveler.exe] (腾讯公司)(3.0.0.246)
[C:\Program Files\Tencent\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll] (腾讯公司)(1, 1, 0, 5)
[C:\Program Files\Tencent\TT\Plugins\TWeather\TWeather.dll] ()(1, 0, 0, 3)
[C:\Program Files\Tencent\TT\PersonalDesktop.dll] (深圳市腾讯计算机系统公司QQ工作小组)(1, 0, 0, 4)
[C:\WINDOWS\system32\cdnns.dll] (CNNIC)(2, 0, 0, 0)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] (Kaspersky Lab)(5.0.1.18)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll] (Kaspersky Lab)(5.0.388.1)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] (Kaspersky Lab)(5.0.388.0)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll] (Kaspersky Lab)(5.0.388.0)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll] (Kaspersky Lab)(5.0.388.1)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] (Kaspersky Lab)(5.0.388.0)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll] (Kaspersky Lab)(5.0.388.1)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll] (Kaspersky Lab)(5.0.388.2)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll] (Kaspersky Lab)(5.0.388.1)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll] (Kaspersky Lab)(5.0.388.0)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl] (Kaspersky Lab)(5.0.388.0)
[c:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl] (Kaspersky Lab)(5.0.388.0)
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl] (Kaspersky Lab)(5.0.388.0)
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl] (Kaspersky Lab)(5.0.388.0)
[c:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl] (Kaspersky Lab)(5.0.388.0)
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] (Macromedia, Inc.)(8,0,22,0)
[PID: 628][C:\Documents and Settings\Bluewater\桌面\游戏\SREng2\SREng.exe] (Smallfrogs Studio)(2.0.21.505)
[C:\WINDOWS\system32\cdnns.dll] (CNNIC)(2, 0, 0, 0)



--------------------------------------------------------------------------------



文件关联

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS Error. []
.LNK OK. [{00021401-0000-0000-C000-000000000046}]



--------------------------------------------------------------------------------


Winsock 提供者



--------------------------------------------------------------------------------

控制面板－－管理工具－－服务－－查找 Windows System Update Process
禁止这个服务

重启后删除
C:\WINDOWS\sp00lsv.exe

[C:\WINDOWS\system32\cdnns.dll
请下载LSPFix和WinsockXPFix这两个软件，
小软件下载
http://free5.ys168.com/?ufwihgu168
　　重新启动电脑, 进入安全模式。运行LSPFix.exe，删除：
cdnns.dll
说明：
LSPFix这个软件主要用来辅助修复HijackThis扫描发现的O10项。
使用时，请关闭所有IE界面和文件夹界面后运行LSPFix。运行后，
把要修复的那一个O10项从左边转到右边，点“Finish”即可。
修复后重启计算机，如果无法上网，请运行WinsockXPFix，
让它修复一下。

建议卸载中文上网
关闭所有浏览窗口以及一些不必要的程序
运行(双击)System Repair Engineer，使用“系统修复，浏览器加载项”来删除以下选项。
C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
C:\WINDOWS\Downloaded Program Files\dddmsp.dll

运行(双击)System Repair Engineer，点“启动项目，服务，点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务Rising RealTime Update,System Backup Service,StdService,Windows System Update Process ，选择“删除服务”点“设置”选择“否”最后重启。（每一个逗号隔开的就是一个病毒的服务，请逐一删除）
重启后删除
C:\PROGRA~1\MMSASS~1
C:\WINDOWS\Downloaded Program Files\dddmsp.dll
C:\WINDOWS\sp00lsv.exe
C:\WINDOWS\system32\STDSVER.DLL
C:\WINDOWS\bkdll32.exe
C:\WINDOWS\ravmond.exe
再扫份日志粘上来。

C:\PROGRA~1\MMSASS~1
C:\WINDOWS\Downloaded Program Files\dddmsp.dll
C:\WINDOWS\sp00lsv.exe
C:\WINDOWS\system32\STDSVER.DLL
C:\WINDOWS\bkdll32.exe
C:\WINDOWS\ravmond.exe
重启后这几个文件没找到
2006-08-27,13:44:13

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联


启动项目


注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [Microsoft Corporation]
(MsnMsgr)(; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background) [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(KAVPersonal50)("C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize) [Kaspersky Lab]
(IMJPMIG8.1)(; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32) [Microsoft Corporation]
(NeroCheck)(; C:\WINDOWS\system32\\NeroCheck.exe) [Ahead Software Gmbh]
(nwiz)(; nwiz.exe /install) []
(pbmini)(; C:\Program Files\pcast\PodcastbarMini\PodcastBar.exe -hide) []
(PHIME2002A)(; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName) [Microsoft Corporation]
(PHIME2002ASync)(; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC) [Microsoft Corporation]
(RavTask)(; "E:\Program Files\Rising\Rav\RavTask.exe" -system) []
(systime)(; F:\dao\时钟\clock.exe) [远大书店]
(WangWang)(; "C:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE") [淘宝（中国）软件有限公司]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(EXPLORER.EXE) [Microsoft Corporation]
(Userinit)(userinit.exe,) [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)() []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(UIHost)(logonui.exe) [Microsoft Corporation]




--------------------------------------------------------------------------------

启动文件夹

服务

[kavsvc / kavsvc]
("C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe")(Kaspersky Lab)
[Kodak Camera Connection Software / KodakCCS]
(C:\WINDOWS\system32\drivers\KodakCCS.exe)(Eastman Kodak Company)
[LexBce Server / LexBceS]
(C:\WINDOWS\system32\LEXBCES.EXE)(Lexmark International, Inc.)
[Logical System Event Report / Lsp]
(Lsp.exe)(N/A)
[MySql / MySql]
(C:/mysql/bin/mysqld-nt.exe)(N/A)
[NVIDIA Display Driver Service / NVSvc]
(C:\WINDOWS\system32\nvsvc32.exe)(NVIDIA Corporation)



--------------------------------------------------------------------------------



浏览器加载项

[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, )
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} (C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A)
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} (C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL, N/A)
[ST]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} (C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll, Microsoft Corporation)
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} (C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft)
[MSNToolBandBHO]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll, Microsoft Corporation)
[WMHlprObj Class]
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} (C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, N/A)
[手机短信]
{00000000-0000-0001-0001-596BAEDD1289} (http://sms.3721.com/ie/index.htm?pid=U_bscl_66853, N/A)
[Yahoo 1G电邮]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} (http://cn.mail.yahoo.com/promo/rd1, N/A)
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} (C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A)
[上网助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} (http://assistant.3721.com/index.htm?fb=Cns, N/A)
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} (http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A)
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} (C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation)
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} (C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft)
[金山快译(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} (C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll, 金山软件股份有限公司)
[MSN]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll, Microsoft Corporation)
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} (C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com)
[Downloader Class]
{5932517A-3326-4439-A708-1C98EDB5C549} (C:\WINDOWS\system32\iMopDl.dll, )
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.)
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, )
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} (C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation)
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} (%SystemRoot%\System32\mshtml.dll, N/A)
[HHCtrl Object]
{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} (C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation)
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} (C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com)
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} (C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A)
[InfoSecNetSign Class]
{62B938C4-4190-4F37-8CF0-A92B0A91CC77} (C:\WINDOWS\system32\NetSign.dll, Infosec Technologies Co., Ltd.)
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} (C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL, N/A)
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[金山快译(&K)]
{6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} (C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll, 金山软件股份有限公司)
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} (C:\WINDOWS\System32\shdocvw.dll, Microsoft Corporation)
[ST]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} (C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll, Microsoft Corporation)
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} (C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft)
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} (C:\WINDOWS\System32\mshtml.dll, Microsoft Corporation)
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} (%SystemRoot%\System32\shdocvw.dll, N/A)
[MSN]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll, Microsoft Corporation)
[MSNToolBandBHO]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll, Microsoft Corporation)
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.)
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} (C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft)
[WMHlprObj Class]
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} (C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, N/A)
[使用网际快车下载]
(C:\Program Files\FlashGet\jc_link.htm, N/A)
[使用网际快车下载全部链接]
(C:\Program Files\FlashGet\jc_all.htm, N/A)
[收藏此页到新浪ViVi]
(http://vivi.sina.com.cn/collect/click.php?agent=ddt, N/A)
[新浪搜索]
(http://cha.sina.com.cn/ddt.html, N/A)
[添加到QQ自定义面板]
(C:\Program Files\Tencent\QQ\AddPanel.htm, N/A)
[添加到QQ表情]
(C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A)
[用QQ彩信发送该图片]
(C:\Program Files\Tencent\QQ\SendMMS.htm, N/A)
[访问通用网址]
(C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A)



--------------------------------------------------------------------------------



正在运行的进程

[PID: 728][\SystemRoot\System32\smss.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 796][\??\C:\WINDOWS\system32\csrss.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 820][\??\C:\WINDOWS\system32\winlogon.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 864][C:\WINDOWS\system32\services.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 876][C:\WINDOWS\system32\lsass.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1024][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1092][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1132][C:\WINDOWS\System32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1244][C:\WINDOWS\System32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1296][C:\WINDOWS\System32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1604][C:\WINDOWS\system32\drivers\KodakCCS.exe] (Eastman Kodak Company)(1.1.5100.4)
[PID: 1688][C:\WINDOWS\System32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1720][C:\WINDOWS\system32\wdfmgr.exe] (Microsoft Corporation)(5.2.3790.1230 built by: DNSRV(bld4act))
[PID: 2000][C:\WINDOWS\System32\alg.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1056][C:\WINDOWS\Explorer.EXE] (Microsoft Corporation)(6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] (Kaspersky Lab)(5.0.1.18)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll] (Kaspersky Lab)(5.0.388.1)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] (Kaspersky Lab)(5.0.388.0)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll] (Kaspersky Lab)(5.0.388.0)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll] (Kaspersky Lab)(5.0.388.1)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] (Kaspersky Lab)(5.0.388.0)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll] (Kaspersky Lab)(5.0.388.1)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll] (Kaspersky Lab)(5.0.388.2)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll] (Kaspersky Lab)(5.0.388.1)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll] (Kaspersky Lab)(5.0.388.0)
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl] (Kaspersky Lab)(5.0.388.0)
[c:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl] (Kaspersky Lab)(5.0.388.0)
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl] (Kaspersky Lab)(5.0.388.0)
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl] (Kaspersky Lab)(5.0.388.0)
[c:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl] (Kaspersky Lab)(5.0.388.0)
[C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx] ()(1, 0, 0, 1)
[PID: 1228][C:\WINDOWS\system32\wscntfy.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1372][C:\WINDOWS\system32\ctfmon.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1224][C:\Documents and Settings\Bluewater\桌面\游戏\SREng2\SREng.exe] (Smallfrogs Studio)(2.0.21.505)



--------------------------------------------------------------------------------



文件关联

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS Error. []
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

日志看不出问题了，有异常你描述一下。
找不到问题不大，你可以这样试试
http://forum.ikaka.com/topic.asp?board=3&artid=8130575