Logfile of HijackThis v1.99.1
Scan saved at 18:04:56, on 2006-7-31
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
D:\Rising\Rav\CCenter.exe
D:\Rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
E:\FIREWALL\pfw.exe
D:\Rising\Rav\RavTask.exe
F:\ChinaNet\VnetClient.exe
E:\Thunder\Program\Thunder5.exe
D:\qq\QQ.exe
D:\qq\TIMPlatform.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.209\HijackThis.exe

O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - f:\chinanet\VNETTR~1.DLL
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\qq\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: BrowseHelper Class - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - E:\KV2005\KvShell_1.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\FLASHGET\jccatch.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\FLASHGET\fgiebar.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} - E:\KV2005\KvShell_1.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SKYNET Personal FireWall] E:\FIREWALL\pfw.exe
O4 - HKLM\..\Run: [RavTask] "D:\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\Ctfmon.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\qq\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\qq\SendMMS.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FLASHGET\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FLASHGET\flashget.exe (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\qq\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{927E19C2-D46E-48F6-B0FB-2B88D9AF6E81}: NameServer = 202.102.192.68 202.102.199.68
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Rising\Rav\Ravmond.exe

电脑很卡  速度很慢

最近还出现几次蓝屏

好像没什么问题

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINNT\System32\Ctfmon.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [Microsoft Corporation]
    <SKYNET Personal FireWall><E:\FIREWALL\pfw.exe>  [广州众达天网技术有限公司]
    <RavTask><"D:\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  []
    <yassistse><; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><; (无)>  []

==================================
启动文件夹
服务
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Rising Process Communication Center / RsCCenter]
  <"D:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"D:\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[winserver / winserver]
  <C:\WINNT\G_Server2006.exe><N/A>

==================================
浏览器加载项
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <f:\chinanet\VNETTR~1.DLL, >
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <E:\KV2005\KvShell_1.dll, N/A>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <E:\FLASHGET\jccatch.dll, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <E:\FLASHGET\flashget.exe, N/A>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <E:\FLASHGET\fgiebar.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
  <D:\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\qq\SendMMS.htm, N/A>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

boy740(172504518) 18:21:11
==================================
正在运行的进程
[PID: 144][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.5382>
[PID: 168][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.5265>
[PID: 188][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6970>
    [C:\WINNT\G_Server2006Key.DLL]  <N/A><N/A>
[PID: 216][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.3940>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.3649.297.3>
[PID: 228][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.6902>
[PID: 392][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 420][D:\Rising\Rav\CCenter.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 436][D:\Rising\Rav\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 29>
    [D:\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [D:\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [D:\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [D:\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\Rising\Rav\RsLog.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
    [D:\Rising\Rav\HOOKSYS.dll]  <Rising><18, 1, 0, 9>
    [D:\Rising\Rav\Scanner.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
    [D:\Rising\Rav\libload.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [D:\Rising\Rav\VirusLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [D:\Rising\Rav\regmon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [D:\Rising\Rav\HookWeb.dll]  <rising><18, 0, 0, 2>
    [D:\Rising\Rav\MemMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [D:\Rising\Rav\expscan.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\Rising\Rav\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
    [D:\Rising\Rav\MailMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [D:\Rising\Rav\SpamEng.dll]  <N/A><18, 0, 0, 6>
    [D:\Rising\Rav\engine.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
    [D:\Rising\Rav\PostTrt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[PID: 480][C:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.4299>
[PID: 512][C:\WINNT\System32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 548][C:\WINNT\system32\regsvc.exe]  <Microsoft Corporation><5.00.2195.3649>
[PID: 576][C:\WINNT\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6920>
    [C:\WINNT\G_Server2006Key.DLL]  <N/A><N/A>
[PID: 632][C:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0070>
[PID: 684][C:\WINNT\system32\mspmspsv.exe]  <Microsoft Corporation><7.10.00.3059>
[PID: 716][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 940][C:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3502.5321>
    [C:\WINNT\G_Server2006Key.DLL]  <N/A><N/A>
    [C:\WINNT\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [D:\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Microsoft DirectX 9.0 SDK (April 2005)\Utilities\Bin\x86\TxView.dll]  <N/A><N/A>
[PID: 1064][E:\FIREWALL\pfw.exe]  <广州众达天网技术有限公司><2.7.7.1004>
    [E:\FIREWALL\SKYMISC.DLL]  <N/A><N/A>
    [E:\FIREWALL\COMPRESSWRAP.DLL]  <N/A><N/A>
    [C:\WINNT\G_Server2006Key.DLL]  <N/A><N/A>
[PID: 1072][D:\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [D:\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [D:\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\WINNT\G_Server2006Key.DLL]  <N/A><N/A>
[PID: 296][F:\ChinaNet\VnetClient.exe]  <><2005, 11, 14, 1>
    [F:\ChinaNet\Communicate.dll]  <0><2005, 3, 3, 1>
    [F:\ChinaNet\DialModule.dll]  <GDCN><2005, 11, 15, 1>
    [C:\WINNT\G_Server2006Key.DLL]  <N/A><N/A>
    [F:\ChinaNet\CLIENT~1.DLL]  <><2004, 2, 28, 1>
    [F:\ChinaNet\PLUGIN~1.OCX]  <><2005, 7, 27, 1>
    [F:\ChinaNet\sign.dll]  <0><2004, 12, 1, 1>
    [F:\ChinaNet\PostPlug.dll]  <><2004, 12, 16, 2>
    [F:\ChinaNet\ADVERT~1.OCX]  <><2005, 10, 13, 1>
    [F:\ChinaNet\Gif89a.dll]  <><2005, 6, 21, 1>
    [F:\ChinaNet\VnetBs.ocx]  <><2004, 11, 18, 1>
    [F:\ChinaNet\ACCOUN~2.DLL]  <><2005, 11, 14, 1>
    [F:\ChinaNet\AccountMgr.dll]  <><2005, 11, 14, 17>
    [F:\ChinaNet\VnetSkin.ocx]  <GDDC><2005, 11, 14, 1>
    [F:\ChinaNet\DialogStyle.dll]  <><1, 0, 0, 1>
    [F:\ChinaNet\Timer.ocx]  <><2005, 10, 9, 14>
    [F:\ChinaNet\PLUGIN~2.OCX]  <><2005, 2, 24, 1>
    [F:\ChinaNet\NEWMES~1.DLL]  <><2005, 8, 26, 1>
    [F:\ChinaNet\PassCtrl.dll]  <><1, 0, 0, 1>
    [C:\WINNT\system32\wpcap.dll]  <Politecnico di Torino><3, 0, 0, 18>
    [C:\WINNT\system32\pthreadVC.dll]  <N/A><N/A>
    [C:\WINNT\system32\packet.dll]  <Politecnico di Torino><3, 0, 0, 18>
    [F:\ChinaNet\PlugPush.dll]  <><2004, 12, 21, 1>
    [F:\ChinaNet\ALLINT~1.DLL]  <><2004, 11, 23, 1>
    [F:\ChinaNet\VNetLog.ocx]  <><2005, 10, 9, 1>
    [F:\ChinaNet\StatNum.dll]  <><2004, 11, 18, 1>
    [F:\ChinaNet\VNETON~1.OCX]  <><2005, 3, 2, 1>
    [F:\ChinaNet\ALLFUN~1.DLL]  <GDCN><2005, 10, 9, 1>
    [F:\ChinaNet\VnetOptLog.dll]  <><2005, 9, 13, 9>
    [F:\ChinaNet\DlgSkin.ocx]  <><2005, 11, 14, 1>
    [C:\WINNT\system32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
[PID: 376][E:\Thunder\Program\Thunder5.exe]  <Thunder Networking Technologies,LTD><5.2.0.207>
    [E:\Thunder\Program\UpdateDownload.dll]  <Thunder Networking Technologies,LTD><1, 0, 1, 8>
    [E:\Thunder\Program\download_interface.dll]  <Thunder Networking Technologies,LTD><1, 0, 3, 70>
    [E:\Thunder\Program\log4cplus.dll]  <><1, 0, 2, 1>
    [E:\Thunder\Program\stlport_vc646.dll]  <STLport Consulting, Inc.><4.6.2003.1031>
    [E:\Thunder\Program\asyn_dns.dll]  <N/A><N/A>
    [E:\Thunder\Program\msgmanage.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 15>
    [E:\Thunder\Program\historyinfo_manage.dll]  <Thunder Networking Technologies,LTD><5, 2, 0, 148>
    [C:\WINNT\G_Server2006Key.DLL]  <N/A><N/A>
    [E:\Thunder\Program\RegisterDll.dll]  <Thunder Networking Technologies,LTD><1, 2, 0, 7>
    [E:\Thunder\Program\FloatBar.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 2>
    [E:\Thunder\Components\InMedia\iEmbedShell.dll]  <　><1, 0, 0, 10>
    [E:\Thunder\Components\InMedia\iEmbed03.dll]  <　><2, 2, 1, 33>
    [E:\Thunder\Components\P4PClient\P4PClient.dll]  <Thunder Networking Technologies,LTD><1, 0, 1, 6>
    [C:\WINNT\system32\Ra

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINNT\System32\Ctfmon.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [Microsoft Corporation]
    <SKYNET Personal FireWall><E:\FIREWALL\pfw.exe>  [广州众达天网技术有限公司]
    <RavTask><"D:\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  []
    <yassistse><; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><; (无)>  []

==================================
启动文件夹
服务
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Rising Process Communication Center / RsCCenter]
  <"D:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"D:\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[winserver / winserver]
  <C:\WINNT\G_Server2006.exe><N/A>

==================================
浏览器加载项
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <f:\chinanet\VNETTR~1.DLL, >
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <E:\KV2005\KvShell_1.dll, N/A>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <E:\FLASHGET\jccatch.dll, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <E:\FLASHGET\flashget.exe, N/A>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <E:\FLASHGET\fgiebar.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
  <D:\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\qq\SendMMS.htm, N/A>

==================================

正在运行的进程
[PID: 144][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.5382>
[PID: 168][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.5265>
[PID: 188][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6970>
    [C:\WINNT\G_Server2006Key.DLL]  <N/A><N/A>
[PID: 216][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.3940>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.3649.297.3>
[PID: 228][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.6902>
[PID: 392][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 420][D:\Rising\Rav\CCenter.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 436][D:\Rising\Rav\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 29>
    [D:\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [D:\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [D:\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [D:\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\Rising\Rav\RsLog.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
    [D:\Rising\Rav\HOOKSYS.dll]  <Rising><18, 1, 0, 9>
    [D:\Rising\Rav\Scanner.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
    [D:\Rising\Rav\libload.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [D:\Rising\Rav\VirusLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [D:\Rising\Rav\regmon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [D:\Rising\Rav\HookWeb.dll]  <rising><18, 0, 0, 2>
    [D:\Rising\Rav\MemMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [D:\Rising\Rav\expscan.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\Rising\Rav\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
    [D:\Rising\Rav\MailMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [D:\Rising\Rav\SpamEng.dll]  <N/A><18, 0, 0, 6>
    [D:\Rising\Rav\engine.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
    [D:\Rising\Rav\PostTrt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[PID: 480][C:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.4299>
[PID: 512][C:\WINNT\System32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 548][C:\WINNT\system32\regsvc.exe]  <Microsoft Corporation><5.00.2195.3649>
[PID: 576][C:\WINNT\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6920>
    [C:\WINNT\G_Server2006Key.DLL]  <N/A><N/A>
[PID: 632][C:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0070>
[PID: 684][C:\WINNT\system32\mspmspsv.exe]  <Microsoft Corporation><7.10.00.3059>
[PID: 716][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 940][C:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3502.5321>
    [C:\WINNT\G_Server2006Key.DLL]  <N/A><N/A>
    [C:\WINNT\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [D:\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Microsoft DirectX 9.0 SDK (April 2005)\Utilities\Bin\x86\TxView.dll]  <N/A><N/A>
[PID: 1064][E:\FIREWALL\pfw.exe]  <广州众达天网技术有限公司><2.7.7.1004>
    [E:\FIREWALL\SKYMISC.DLL]  <N/A><N/A>
    [E:\FIREWALL\COMPRESSWRAP.DLL]  <N/A><N/A>
    [C:\WINNT\G_Server2006Key.DLL]  <N/A><N/A>
[PID: 1072][D:\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [D:\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [D:\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\WINNT\G_Server2006Key.DLL]  <N/A><N/A>
[PID: 296][F:\ChinaNet\VnetClient.exe]  <><2005, 11, 14, 1>
    [F:\ChinaNet\Communicate.dll]  <0><2005, 3, 3, 1>
    [F:\ChinaNet\DialModule.dll]  <GDCN><2005, 11, 15, 1>
    [C:\WINNT\G_Server2006Key.DLL]  <N/A><N/A>
    [F:\ChinaNet\CLIENT~1.DLL]  <><2004, 2, 28, 1>
    [F:\ChinaNet\PLUGIN~1.OCX]  <><2005, 7, 27, 1>
    [F:\ChinaNet\sign.dll]  <0><2004, 12, 1, 1>
    [F:\ChinaNet\PostPlug.dll]  <><2004, 12, 16, 2>
    [F:\ChinaNet\ADVERT~1.OCX]  <><2005, 10, 13, 1>
    [F:\ChinaNet\Gif89a.dll]  <><2005, 6, 21, 1>
    [F:\ChinaNet\VnetBs.ocx]  <><2004, 11, 18, 1>
    [F:\ChinaNet\ACCOUN~2.DLL]  <><2005, 11, 14, 1>
    [F:\ChinaNet\AccountMgr.dll]  <><2005, 11, 14, 17>
    [F:\ChinaNet\VnetSkin.ocx]  <GDDC><2005, 11, 14, 1>
    [F:\ChinaNet\DialogStyle.dll]  <><1, 0, 0, 1>
    [F:\ChinaNet\Timer.ocx]  <><2005, 10, 9, 14>
    [F:\ChinaNet\PLUGIN~2.OCX]  <><2005, 2, 24, 1>
    [F:\ChinaNet\NEWMES~1.DLL]  <><2005, 8, 26, 1>
    [F:\ChinaNet\PassCtrl.dll]  <><1, 0, 0, 1>
    [C:\WINNT\system32\wpcap.dll]  <Politecnico di Torino><3, 0, 0, 18>
    [C:\WINNT\system32\pthreadVC.dll]  <N/A><N/A>
    [C:\WINNT\system32\packet.dll]  <Politecnico di Torino><3, 0, 0, 18>
    [F:\ChinaNet\PlugPush.dll]  <><2004, 12, 21, 1>
    [F:\ChinaNet\ALLINT~1.DLL]  <><2004, 11, 23, 1>
    [F:\ChinaNet\VNetLog.ocx]  <><2005, 10, 9, 1>
    [F:\ChinaNet\StatNum.dll]  <><2004, 11, 18, 1>
    [F:\ChinaNet\VNETON~1.OCX]  <><2005, 3, 2, 1>
    [F:\ChinaNet\ALLFUN~1.DLL]  <GDCN><2005, 10, 9, 1>
    [F:\ChinaNet\VnetOptLog.dll]  <><2005, 9, 13, 9>
    [F:\ChinaNet\DlgSkin.ocx]  <><2005, 11, 14, 1>
    [C:\WINNT\system32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
[PID: 376][E:\Thunder\Program\Thunder5.exe]  <Thunder Networking Technologies,LTD><5.2.0.207>
    [E:\Thunder\Program\UpdateDownload.dll]  <Thunder Networking Technologies,LTD><1, 0, 1, 8>
    [E:\Thunder\Program\download_interface.dll]  <Thunder Networking Technologies,LTD><1, 0, 3, 70>
    [E:\Thunder\Program\log4cplus.dll]  <><1, 0, 2, 1>
    [E:\Thunder\Program\stlport_vc646.dll]  <STLport Consulting, Inc.><4.6.2003.1031>
    [E:\Thunder\Program\asyn_dns.dll]  <N/A><N/A>
    [E:\Thunder\Program\msgmanage.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 15>
    [E:\Thunder\Program\historyinfo_manage.dll]  <Thunder Networking Technologies,LTD><5, 2, 0, 148>
    [C:\WINNT\G_Server2006Key.DLL]  <N/A><N/A>
    [E:\Thunder\Program\RegisterDll.dll]  <Thunder Networking Technologies,LTD><1, 2, 0, 7>
    [E:\Thunder\Program\FloatBar.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 2>
    [E:\Thunder\Components\InMedia\iEmbedShell.dll]  <　><1, 0, 0, 10>
    [E:\Thunder\Components\InMedia\iEmbed03.dll]  <　><2, 2, 1, 33>
    [E:\Thunder\Components\P4PClient\P4PClient.dll]  <Thunder Networking Technologies,LTD><1, 0, 1, 6>
    [C:\WINNT\system32\RavExt.dll]  <Beijing Rising Technolog

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

Logfile of HijackThis v1.99.1
Scan saved at 21:19:11, on 2006-7-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Rising\Rav\Ravmond.exe
d:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
d:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
D:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\Tencent\QQ\TIMPlatform.exe
D:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HijackThis\HijackThis.exe

O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: RealPlayer G2 Control - {1002C84D-A326-2D3C-13F3-2C2474392A91} - C:\WINDOWS\system32\flash9.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [Thunder] "D:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra button: 讯通视频语音聊天 - {97C0CDFA-970D-4222-ADDE-6718E89E887C} - http://www.bdsystem.com/ (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O14 - IERESET.INF: START_PAGE_URL=about:blank
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3FA4914-556E-4E74-868F-BBFE4696E63E}: NameServer = 220.170.0.38 220.168.208.6
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\Ravmond.exe