瑞星卡卡安全论坛

- Global Startup: 河南网通宽带用户客户端.lnk = C:\Program Files\racer-henan-cnc\racer.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O16 - DPF: _{88D969C0-F192-11D4-A65F-0040963251E5} - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: _{F138084D-84D7-48CD-BEA8-04772457516E} - http://218.85.138.27/vqqsdl1009.cab
O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\windows\System32\mbprot.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - C:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: SDAgent Service (SDAgentService) - 北京兴华基业软件技术有限公司 - C:\Program Files\Common Files\smartde\sde.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: squall - Unknown owner - C:\windows\squall.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: squall - Unknown owner - C:\windows\squall.exe
灰鸽子的服务，解决办法看这里http://forum.ikaka.com/topic.asp?board=28&artid=5666824

楼主用的是笔记本吗?如果是,
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
是安全的

O23 - Service: squall - Unknown owner - C:\windows\squall.exe
可能是灰鸽子

不是笔记本。三个都要杀吗？十分感谢大家的帮助！！！

【回复“xunhuan”的帖子】



前两个是ATI显卡提供的服务项。第3项是灰鸽子的服务项。

谢谢谢谢@！！！！

现在就杀@！！，还有，baskdoor.Delf.srz,杀不死，需要解压，怎么办？

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      23:23:00, 日期 2005-10-28
操作系统：  Windows XP  (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 (6.00.2600.0000)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\rising\Rfw\Rfw.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\rising\Rav\Rav.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\TEMP\Rar$EX03.117\HijackThis1991zww.exe
C:\WINDOWS\TEMP\Rar$EX04.118\HijackThis1991zww.exe
C:\WINDOWS\System32\NOTEPAD.EXE

R3 - 默认的URLSearchHook丢失。用HijackThis修复
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\AddrPlus\IEHelp.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [rfw] C:\Program Files\rising\Rfw\Rfw.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [Poco] C:\Program Files\PP\pp.exe
O4 - 启动项HKLM\\Run: [YDTMain.exe] C:\PROGRA~1\YDT\YDTMain.exe
O4 - 启动项HKLM\\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [AddrPlus] RUNDLL32.EXE C:\PROGRA~1\TENCENT\AddrPlus\QAHook.dll,Rundll32
O4 - 启动项HKLM\\Run: [WangWang] "C:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE"
O4 - 启动项HKLM\\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat
O4 - 启动项HKLM\\Run: [internat.exe] internat.exe
O4 - 启动项HKLM\\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - 启动项HKLM\\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - 启动项HKLM\\Run: [cncrack] http://www.cctv30.com
O4 - 启动项HKLM\\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - 启动项HKLM\\RunOnce: [Register_C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll] C:\WINDOWS\System32\regsvr32.exe /s C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O4 - 启动项HKLM\\RunOnce: [CnsAssecblk] regsvr32.exe /s C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YASSEC~1.DLL
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O9 - 浏览器额外的按钮: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - 浏览器额外的按钮: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=?allyesPara=816 (file missing)
O9 - 浏览器额外的按钮: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/?source=Cns (file missing)
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420} (CNNIC_IDN) - http://jump.cnnic.cn/stat/stat?sid=0008&url=http://159.226.202.54/download/cnnic/mini/cdn.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} (Kingsoft DUBA OnlineScan) - http://211.152.52.102/duba/antiscan/update/OCX/KAVClean.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{3779EFDD-261F-41EE-A441-0457DAE60E57}: NameServer = 218.108.248.219 218.108.248.245
O17 - HKLM\System\CS1\Services\Tcpip\..\{3779EFDD-261F-41EE-A441-0457DAE60E57}: NameServer = 218.108.248.219 218.108.248.245
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - NT 服务: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - NT 服务: help - Unknown owner - C:\WINDOWS\help.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - NT 服务: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

师傅能帮我看看吗？

O23 - NT 服务: help - Unknown owner - C:\WINDOWS\help.exe

可疑啊

！！！！！！！！！！！！！！！！！！！！！！！！！！！！！！！！！！！！！现在就杀@！！，还有，baskdoor.Delf.srz,杀不死，需要解压，怎么办？

那怎么删除啊？

不要问我，我也是菜鸟啊

大家帮忙啊，baskdoor.Delf.srz,杀不死，需要解压，怎么办？

【回复“xunhuan”的帖子】



请清空IE临时文件。

我刚才在安全模式下杀灰鸽子，注册表删了，但在windos下找不到文件，又用瑞星杀了一遍，没有发现灰鸽子，这样不知道是不是已经安全了？还有（baskdoor.Delf.srz,杀不死，需要解压）清空IE临时文件不管用啊？

能帮我看看上面的哪个是啊？

【回复“xunhuan”的帖子】



暂时关闭系统还原。

！！！！！！！！！我刚才在安全模式下杀灰鸽子，注册表删了，但在windos下找不到文件，又用瑞星杀了一遍，没有发现灰鸽子，这样不知道是不是已经安全了？还有（baskdoor.Delf.srz,杀不死，需要解压）清空IE临时文件不管用啊？
！！！！！！！avonwu不要问我了，我也不懂的，浪费你时间

关闭系统还原会有什么副作用吗？

还有我的灰鸽子杀干净了没，

我的也是,那位大虾帮我看看啊,以下是病毒名称,谢谢:
Trojan.PSW.Lmir.iry
Trojan.DL.Small.azj
Trojan.PSW.JHOnline.ab
Trojan.DL.Small.qv
以下是进程和日志:
进程：

System Idle Process
System
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
F:\ggg\瑞星\Rav\RavMonD.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\ati2evxx.exe
F:\ggg\瑞星\Rising\Rfw\rfwsrv.exe
C:\WINDOWS\explorer.exe
F:\ggg\瑞星\Rav\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
F:\ggg\瑞星\Rising\Rfw\rfwmain.exe
F:\ggg\瑞星\Rav\RavTimer.exe
F:\ggg\瑞星\Rav\RavMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\3721\AssistSe.exe
C:\WINDOWS\system32\ctfmon.exe
F:\ggg\瑞星\Rav\CCenter.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\notepad.exe
E:\g盘\HijaclThis\IceSWord结束一些进程删除注册表项\新建文件夹\IceSword\IceSword.exe
F:\ggg\傲游\傲游上网\新建文件夹\Maxthon\Maxthon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
日志:
HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 0:58:39, on 2005-10-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
F:\GGG\瑞星\RAV\Ravmond.exe
C:\WINDOWS\system32\Ati2evxx.exe
f:\ggg\瑞星\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
F:\GGG\瑞星\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
F:\ggg\瑞星\Rising\Rfw\rfwmain.exe
F:\GGG\瑞星\RAV\RAVTIMER.EXE
F:\GGG\瑞星\RAV\RAVMON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\3721\assistse.exe
C:\WINDOWS\system32\ctfmon.exe
F:\GGG\瑞星\RAV\CCENTER.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\ggg\傲游\傲游上网\新建文件夹\Maxthon\Maxthon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\g盘\HijaclThis\新建文件夹\HijackThis.exe

R3 - URLSearchHook:
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\3721\Assist\Angling.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O3 - Toolbar: ????? - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O4 - HKLM\..\Run: [ATIPTA] rem C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] rem %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RfwMain] "F:\ggg\
O4 - HKLM\..\Run: [RavTimer] F:\GGG\
O4 - HKLM\..\Run: [RavMon] F:\GGG\
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [CnsMin] rem Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [assistse] "C:\PROGRA~1\3721\assistse.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] rem "F:\
O4 - HKLM\..\Run: [TkBellExe] rem "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: _memDbg.txt
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\
O11 - Options group: [!CNS] 
O17 - HKLM\System\CCS\Services\Tcpip\..\{3178492A-636C-45D3-8DD5-670D9307A9ED}: NameServer = 202.103.225.68 202.103.224.68