Logfile of Kaka v2. 0. 0. 9 Scan Module v2. 0. 0. 1
Scan saved at 23:29:29, on 2006-10-03
Platform: Microsoft Windows XP Professional Service Pack 1 (Build 2600)
MSIE: Internet Explorer v6.00 SP1; (6.00.2800.1106 (xpsp1.020828-1920))


Running processes:
[SMSS.EXE]
CommandLine =

[CSRSS.EXE]
CommandLine = C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[WINLOGON.EXE]
CommandLine = winlogon.exe

[SERVICES.EXE]
CommandLine = C:\WINDOWS\system32\services.exe

[LSASS.EXE]
CommandLine = C:\WINDOWS\system32\lsass.exe

[ATI2EVXX.EXE]
CommandLine = C:\WINDOWS\System32\Ati2evxx.exe

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\system32\svchost -k rpcss

[CCenter.exe]
CommandLine = "D:\Program Files\Rising\Rav\CCenter.exe"

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\System32\svchost.exe -k netsvcs

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\System32\svchost.exe -k NetworkService

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\System32\svchost.exe -k LocalService

[RavMonD.exe]
CommandLine = "D:\Program Files\Rising\Rav\Ravmond.exe"

[rfwsrv.exe]
CommandLine = "d:\program files\rising\rfw\rfwsrv.exe"

[SPOOLSV.EXE]
CommandLine = C:\WINDOWS\system32\spoolsv.exe

[RavStub.exe]
CommandLine = "D:\Program Files\Rising\Rav\RavStub.exe" /RAVMOND

[ATI2EVXX.EXE]
CommandLine = Ati2evxx.exe -Client

[RFWMAIN.EXE]
CommandLine = "D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup

[RavTask.exe]
CommandLine = "D:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM

[RavMon.exe]
CommandLine = "D:\Program Files\Rising\Rav\Ravmon.exe" -SYSTEM

[ctfmon.exe]
CommandLine = "C:\WINDOWS\System32\ctfmon.exe"

[alg.exe]
CommandLine = C:\WINDOWS\System32\alg.exe

[wdfmgr.exe]
CommandLine = C:\WINDOWS\System32\wdfmgr.exe

[KkScan.exe]
CommandLine = "C:\Program Files\Rising\KakaToolBar\KkScan.exe"

[Explorer.EXE]
CommandLine = C:\WINDOWS\explorer.exe

[iexplore.exe]
CommandLine = "C:\Program Files\Internet Explorer\iexplore.exe" -nohome

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.hao123.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
O1 - Hosts: 125.91.1.20 localhost
O1 - Hosts: 125.91.1.20 www.7322.com
O1 - Hosts: 125.91.1.20 www.5566.net
O1 - Hosts: 125.91.1.20 www.v111.com
O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 125.91.1.20 www.hao123.com
O1 - Hosts: 125.91.1.20 hao123.com
O1 - Hosts: 125.91.1.20 www.265.com
O1 - Hosts: 125.91.1.20 265.com
O1 - Hosts: 125.91.1.20 www.9991.com
O1 - Hosts: 125.91.1.20 9991.com
O1 - Hosts: 125.91.1.20 www.v111.com
O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 61.162.230.31 www.9505.com
O1 - Hosts: 61.162.230.31 9505.com
O1 - Hosts: 61.162.230.31 www.7939.com
O1 - Hosts: 61.162.230.31 7939.com
O1 - Hosts: 61.162.230.31 59.34.148.98
O1 - Hosts: 61.162.230.31 about:blank
O1 - Hosts: 218.201.94.20 down.Virussky.com
O1 - Hosts: 218.201.94.20 60.191.60.108
O1 - Hosts: 218.201.94.20 219.153.20.209
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\Tencent\qq\QQIEHelper.dll
O2 - BHO: Thunder Browser Helper - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O2 - BHO:  - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - G:\54992824\KuGoo3DownXControl.ocx
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\kakatool.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKLM\..\Run: [RfwMain] "D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "D:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [StormCodec_Helper] "E:\游戏\暴风\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [rundll] rundll32 rlrc.dll s
O4 - Startup: desktop.ini =
O4 - Global Startup: desktop.ini =
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - G:\54992824\KuGoo3DownX.htm
O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Tencent\qq\SendMMS.htm
O8 - Extra context menu item: 解霸实时播放 - C:\Program Files\HEROSOFT\Hero3000\MPURLGET.HTM
O9 - Extra Button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra Button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\Program Files\浩方对战平台\浩方对战平台\GameClient.exe
O9 - Extra Button: 解霸 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Program Files\HEROSOFT\Hero3000\MPLAYER.EXE
O9 - Extra 'Tools' menuitem: 超级解霸 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Program Files\HEROSOFT\Hero3000\MPLAYER.EXE
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Tencent\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Tencent\qq\QQ.EXE
O9 - Extra Button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\Tencent\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\Tencent\qq\QQIEHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://vod.xfol.com/plugin/PowerPlr.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6CA5113-0DA3-4741-A4E6-E9D7E0CC1B8F}: NameServer = 202.103.44.150 202.103.24.68
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O20 - Winlogon Notify: AtiExtEvent
O23 - Service: Ati HotKey Poller (Ati HotKey Poller) -  - C:\WINDOWS\System32\ati2evxx.exe
O23 - Service: ATI Smart (ATI Smart) -  - C:\WINDOWS\System32\ati2sgag.exe
O23 - Service: Human Interface Device Access (HidServ) -  - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "D:\Program Files\Rising\Rav\CCenter.exe"
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - "D:\Program Files\Rising\Rav\Ravmond.exe"

2006-10-04,00:50:55

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RfwMain><"D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <StormCodec_Helper><"E:\游戏\暴风\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    <rundll><rundll32 rlrc.dll s>  [N/A]
    <run><rundll32 rsrc.dll s>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ATIPTA><; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <RemoteControl><; C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe>  [Cyberlink Corp.]
    <SoundMan><; SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\System32\Ati2evxx.exe><N/A>
[ATI Smart / ATI Smart]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy  Service / RfwProxySrv]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"D:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[AC2003 / AC2003]
  <System32\Drivers\AC2003.sys><ABIT Computer Corp.>
[Service for WDM 3D Audio Driver / ALCXSENS]
  <system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner]
  <\??\D:\Program Files\Rising\Rav\ExpScan.sys><>
[HOOKAPI / HOOKAPI]
  <\??\D:\PROGRAM FILES\RISING\RAV\HookApi.Sys><瑞星软件有限公司>
[HookCont / HookCont]
  <\??\D:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\D:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\D:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
  <\??\D:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN]
  <\??\D:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
  <\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[New0 / New0]
  <\??\C:\WINDOWS\System32\new.sys><N/A>
[npkcrypt / npkcrypt]
  <\??\E:\Tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv]
  <\??\D:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
  <System32\DRIVERS\secdrv.sys><N/A>

=================================

==================================
浏览器加载项
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <E:\Tencent\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <G:\54992824\KuGoo3DownXControl.ocx, N/A>
[启动迅雷]
  {0062C9BD-B349-40DE-91A0-755F37ACD559} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <E:\Program Files\浩方对战平台\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[解霸]
  {367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\Program Files\HEROSOFT\Hero3000\MPLAYER.EXE, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Tencent\qq\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <E:\Tencent\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[PowerPlr Control]
  {2354A44B-3CEB-4829-9940-545B03103538} <C:\WINDOWS\DOWNLO~1\PowerPlr.ocx, Powerise Digital>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <E:\Tencent\qq\AddToNetDisk.htm, N/A>
[使用KuGoo3下载(&K)]
  <G:\54992824\KuGoo3DownX.htm, N/A>
[导出到 Microsoft Excel(&x)]
  <res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <E:\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\Tencent\qq\SendMMS.htm, N/A>
[解霸实时播放]
  <C:\Program Files\HEROSOFT\Hero3000\MPURLGET.HTM, N/A>

==================================
正在运行的进程
[PID: 440][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 496][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 520][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [N/A, N/A]
[PID: 564][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 576][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 728][C:\WINDOWS\System32\Ati2evxx.exe]  [N/A, N/A]
[PID: 764][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 820][D:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 836][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 944][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 972][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 992][D:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 35]
    [D:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
    [D:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [D:\Program Files\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 18, 1, 0, 11]
    [D:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
    [D:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [D:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [D:\Program Files\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [D:\Program Files\Rising\Rav\HookWeb.dll]  [rising, 18, 0, 0, 2]
    [D:\Program Files\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [D:\Program Files\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Program Files\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [D:\Program Files\Rising\Rav\MailMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Program Files\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [D:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 34]
    [D:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [D:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [D:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [D:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 27]
    [D:\Program Files\Rising\Rav\RSUnpack.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [D:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [D:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [D:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
    [D:\Program Files\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[PID: 1048][d:\program files\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
    [d:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
    [d:\program files\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
    [d:\program files\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
    [d:\program files\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [d:\program files\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
    [d:\program files\rising\rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 1328][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 1424][D:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [D:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 2032][C:\WINDOWS\system32\Ati2evxx.exe]  [N/A, N/A]
    [C:\WINDOWS\System32\rlrc.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\rsrc.dll]  [N/A, N/A]

[PID: 152][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [C:\WINDOWS\System32\rsrc.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\rlrc.dll]  [N/A, N/A]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
[PID: 184][d:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
    [d:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
    [d:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [d:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\System32\rlrc.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\rsrc.dll]  [N/A, N/A]
[PID: 344][D:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [D:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\WINDOWS\System32\rlrc.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\rsrc.dll]  [N/A, N/A]
[PID: 360][D:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 33]
    [D:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
    [D:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\System32\rsrc.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\rlrc.dll]  [N/A, N/A]
[PID: 472][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\rlrc.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\rsrc.dll]  [N/A, N/A]
[PID: 1244][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1576][C:\WINDOWS\System32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 2640][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\rlrc.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\rsrc.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\kakatool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 0, 9]
    [E:\Tencent\qq\QQIEHelper.dll]  [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
    [G:\54992824\KuGoo3DownXControl.ocx]  [N/A, N/A]
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_003.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 10]
[PID: 2804][G:\新建文件夹\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\WINDOWS\System32\rlrc.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\rsrc.dll]  [N/A, N/A]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
125.91.1.20 localhost
125.91.1.20 www.7322.com
125.91.1.20 www.5566.net
125.91.1.20 www.v111.com
125.91.1.20 www.gjj.cc
125.91.1.20 www.hao123.com
125.91.1.20 hao123.com
125.91.1.20 www.265.com
125.91.1.20 265.com
125.91.1.20 www.9991.com
125.91.1.20 9991.com
125.91.1.20 www.v111.com
125.91.1.20 www.gjj.cc
61.162.230.31 www.9505.com
61.162.230.31 9505.com
61.162.230.31 www.7939.com
61.162.230.31 7939.com
61.162.230.31 59.34.148.98
61.162.230.31 about:blank
218.201.94.20 down.Virussky.com
218.201.94.20 60.191.60.108
218.201.94.20 219.153.20.209

==================================

最坏的是不是系统重新装呢？

不知道这个好不好弄~才重新装的系统，就是为搜索MTV下载才中的招~~~