2006-09-03,18:03:02

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 98 SE  -

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <internat.exe><internat.exe>  [Microsoft Corporation]
    <ScanRegistry><C:\WINDOWS\scanregw.exe /autorun>  [Microsoft Corporation]
    <TaskMonitor><C:\WINDOWS\taskmon.exe>  [Microsoft Corporation]
    <SystemTray><SysTray.Exe>  [Microsoft Corporation]
    <LoadPowerProfile><Rundll32.exe powrprof.dll,LoadCurrentPwrScheme>  [Microsoft Corporation]
    <Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd>  [C-Media Corporation]
    <NvCplDaemon><RUNDLL32.EXE NvQTwk,NvCplDaemon initialize>  []
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>  [RealNetworks, Inc.]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <LoadPowerProfile><Rundll32.exe powrprof.dll,LoadCurrentPwrScheme>  [Microsoft Corporation]
    <RfwService><"C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE" -service>  [Beijing Rising Technology Co., Ltd.]
    <RsCcenter><"C:\Program Files\Rising\Rav\CCenter.exe">  [Beijing Rising Technology Co., Ltd.]
    <RavMond><"C:\Program Files\Rising\Rav\RavMond.exe">  [Beijing Rising Technology Co., Ltd.]
    <RavMon><"C:\Program Files\Rising\Rav\RavMon.exe" -system>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
服务

==================================
浏览器加载项
[NTIECatcher Class]
  {C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\PROGRAM FILES\XI\NETTRANSPORT 2\NTIEHELPER.DLL, Xi>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <c:\PROGRAM FILES\TENCENT\QQ\QQ.EXE, TENCENT>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX, Macromedia, Inc.>
[使用影音传送带下载]
  <C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
  <C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A>
[添加到QQ自定义面板]
  <c:\PROGRAM FILES\TENCENT\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <c:\PROGRAM FILES\TENCENT\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <c:\PROGRAM FILES\TENCENT\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 4294928893][C:\WINDOWS\SYSTEM\MPREXE.EXE]  <Microsoft Corporation><4.10.1998>
    [C:\PROGRAM FILES\RISING\RFW\PROCLIB.DLL]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
    [C:\PROGRAM FILES\RISING\RFW\RFWAPI.DLL]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 5>
    [C:\PROGRAM FILES\RISING\RFW\RFWDRV.DLL]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
    [C:\PROGRAM FILES\RISING\RFW\RFWLOG.DLL]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
    [C:\PROGRAM FILES\RISING\RFW\RFWRULE.DLL]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13>
[PID: 4294892621][C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 32>
[PID: 4294900241][C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\PROGRAM FILES\RISING\RAV\UNPACKER.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\PROGRAM FILES\RISING\RAV\SCANEXEC.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\PROGRAM FILES\RISING\RAV\SCANSCT.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
    [C:\PROGRAM FILES\RISING\RAV\SCANMAC.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [C:\PROGRAM FILES\RISING\RAV\NVFILE.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [C:\PROGRAM FILES\RISING\RAV\SCANEX.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 14>
    [C:\PROGRAM FILES\RISING\RAV\RSUNPACK.DLL]  <Beijing Rising Technology Co., Ltd.><1, 0, 0, 13>
    [C:\PROGRAM FILES\RISING\RAV\UNEXE.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\PROGRAM FILES\RISING\RAV\POSTTRT.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [C:\PROGRAM FILES\RISING\RAV\ENGINE.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 31>
    [C:\PROGRAM FILES\RISING\RAV\SPAMENG.DLL]  <N/A><18, 0, 0, 6>
    [C:\PROGRAM FILES\RISING\RAV\MAILMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\PROGRAM FILES\RISING\RAV\MEMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\PROGRAM FILES\RISING\RAV\HOOKWEB.DLL]  <rising><18, 0, 0, 2>
    [C:\PROGRAM FILES\RISING\RAV\REGMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\PROGRAM FILES\RISING\RAV\VIRUSLIB.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [C:\PROGRAM FILES\RISING\RAV\LIBLOAD.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\PROGRAM FILES\RISING\RAV\SCANNER.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 32>
    [C:\PROGRAM FILES\RISING\RAV\HOOKSYS.DLL]  <Beijing Rising Technology Co., Ltd.><18, 1, 0, 11>
    [C:\PROGRAM FILES\RISING\RAV\RSLOG.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL]  <rising><18, 0, 0, 1>
[PID: 4294898873][C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 35>
    [C:\PROGRAM FILES\RISING\RAV\BWLIST.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [C:\PROGRAM FILES\RISING\RAV\PNGDLL.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL]  <rising><18, 0, 0, 1>
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[PID: 4294843493][C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33>
    [C:\PROGRAM FILES\RISING\RAV\BWLIST.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [C:\PROGRAM FILES\RISING\RAV\RSGUILIB.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 25>
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\PROGRAM FILES\XI\NETTRANSPORT 2\NTIEHELPER.DLL]  <Xi><1.60.11>
    [C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB 文件夹\MSONSEXT.DLL]  <N/A><N/A>
    [C:\WINDOWS\SYSTEM\DHCPCSVC.DLL]  <N/A><N/A>
    [C:\PROGRAM FILES\WINRAR\RAREXT.DLL]  <N/A><N/A>
    [C:\WINDOWS\SYSTEM\RAVEXT.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[PID: 4294820157][C:\WINDOWS\EXPLORER.EXE]  <Microsoft Corporation><4.72.3110.1>
[PID: 4294791521][C:\WINDOWS\SYSTEM\RPCSS.EXE]  <Microsoft Corporation><4.71.2900>
    [C:\PROGRAM FILES\RISING\RFW\PNGDLL.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\PROGRAM FILES\RISING\RFW\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 4294729801][C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 51>
    [C:\PROGRAM FILES\RISING\RFW\RSGUILIB.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
[PID: 4294679637][C:\WINDOWS\SYSTEM\INTERNAT.EXE]  <Microsoft Corporation><4.10.2222>
[PID: 4294690753][C:\WINDOWS\TASKMON.EXE]  <Microsoft Corporation><4.10.1998>
[PID: 4294692893][C:\WINDOWS\SYSTEM\SYSTRAY.EXE]  <Microsoft Corporation><4.10.2222>
    [C:\WINDOWS\SYSTEM\CMICNFG.CPL]  <C-Media Corporation><1, 0, 0, 17>
[PID: 4294643549][C:\WINDOWS\RUNDLL32.EXE]  <Microsoft Corporation><4.10.1998>
[PID: 4294652813][C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]  <RealNetworks, Inc.><0.1.0.1612>
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL]  <rising><18, 0, 0, 1>
    [C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 4294612741][C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [C:\WINDOWS\SYSTEM\NVDD32.DLL]  <NVidia Corporation><4.13.01.2730>
    [C:\WINDOWS\SYSTEM\NVARCH32.DLL]  <NVidia Corporation><4.13.01.2730>
[PID: 4294642825][C:\WINDOWS\SYSTEM\DDHELP.EXE]  <Microsoft Corporation><4.09.00.0900>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
[PID: 4294646577][C:\WINDOWS\SYSTEM\WMIEXE.EXE]  <Microsoft Corporation><5.00.1755.1>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
    [C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\RESENU.DLL]  <Efficient Networks, Inc.><1, 6, 0, 7>
[PID: 4294575225][C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE]  <N/A><N/A>
    [C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\DSLAPI32.DLL]  <Efficient Networks Inc.><1, 6, 0, 7>
    [C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\PACKETLOG.DLL]  <Efficient Networks, Inc.><1, 6, 0, 7>
    [C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\RESMSGENU.DLL]  <Efficient Networks, Inc.><1, 6, 0, 7>
    [C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX]  <Macromedia, Inc.><7,0,19,0>
    [C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
    [C:\PROGRAM FILES\XI\NETTRANSPORT 2\NTIEHELPER.DLL]  <Xi><1.60.11>
[PID: 4294542573][C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2800.1106>
[PID: 4294451533][C:\WINDOWS\SYSTEM\PSTORES.EXE]  <Microsoft Corporation><5.00.1877.3>
[PID: 4294381641][D:\DOWNLOAD\SRENG2\SRENG.EXE]  <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT  OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [C:\WINDOWS\winhlp32.exe %1]
.INI  OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF  OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS  OK. [C:\WINDOWS\WScript.exe "%1" %*]
.JS  OK. [C:\WINDOWS\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

请下载Hijackthis1.99.1汉化版扫描将日志粘贴上来
下载地址：http://free5.ys168.com/?ufwihgu168

HijackThis_815汉化版扫描日志 V1.99.1
保存于      18:45:25, 日期 06-9-3
操作系统：  Windows 98 SE (Win9x 4.10.2222A)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\TENCENT\QQ\TIMPLATFORM.EXE
C:\PROGRAM FILES\TENCENT\QQ\QQ.EXE
C:\PROGRAM FILES\XI\NETTRANSPORT 2\NETTRANSPORT.EXE
C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE
C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\TENCENT\QQ\QQPET\QQPET.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\NOTEPAD.EXE
D:\TOOLS\HIJACKTHIS1991ZWW.EXE

O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\PROGRAM FILES\XI\NETTRANSPORT 2\NTIEHELPER.DLL
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - 启动项HKLM\\Run: [internat.exe] internat.exe
O4 - 启动项HKLM\\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - 启动项HKLM\\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - 启动项HKLM\\Run: [SystemTray] SysTray.Exe
O4 - 启动项HKLM\\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - 启动项HKLM\\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - 启动项HKLM\\RunServices: [RfwService] "C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE" -service
O4 - 启动项HKLM\\RunServices: [RsCcenter] "C:\Program Files\Rising\Rav\CCenter.exe"
O4 - 启动项HKLM\\RunServices: [RavMond] "C:\Program Files\Rising\Rav\RavMond.exe"
O4 - 启动项HKLM\\RunServices: [RavMon] "C:\Program Files\Rising\Rav\RavMon.exe" -system
O8 - IE右键菜单中的新增项目: 使用影音传送带下载 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - IE右键菜单中的新增项目: 使用影音传送带下载全部链接 - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\PROGRAM FILES\TENCENT\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\PROGRAM FILES\TENCENT\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\PROGRAM FILES\TENCENT\QQ\SendMMS.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\PROGRAM FILES\TENCENT\QQ\AddToNetDisk.htm
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - c:\PROGRAM FILES\TENCENT\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - c:\PROGRAM FILES\TENCENT\QQ\QQ.EXE
O18 - 列举现有的协议: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - 列举现有的协议: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - 列举现有的协议: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - 列举现有的协议: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - 列举现有的协议: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - 列举现有的协议: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - 列举现有的协议: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - 列举现有的协议: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - 列举现有的协议: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - 列举现有的协议: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - 列举现有的协议: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - 列举现有的协议: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - 列举现有的协议: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - 列举现有的协议: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - 列举现有的协议: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM\ITSS.DLL
O18 - 列举现有的协议: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM\ITSS.DLL
O18 - 列举现有的协议: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM\INETCOMM.DLL
O18 - 列举现有的协议: msdaipp - (no CLSID) - (no file)
O18 - 列举现有的协议: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\SYSTEM\MSDXM.OCX

大家帮帮忙啊

开始-运行-REGEDIT-输入恶意网址-查找-删除即可.

运行Hijackthis，把下面的选中打上钩，修复
O4 - 启动项HKLM\\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - 启动项HKLM\\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

删除：
C:\WINDOWS\scanregw.exe
C:\WINDOWS\taskmon.exe

下载超级兔子。
http://www.pctutu.com/srmsdown.asp
安装好后，打开“超级兔子清理王”“专业卸载,卸载所有提示的垃圾软件，
卸载是不要打开任何浏览窗口。卸载不了可以重启后再去卸载。