瑞星卡卡安全论坛

请见附件
具体情况说说..
病毒特征:

1.删除卡卡和360等安全软件
2.自动退出杀毒软件(加密码的杀毒软件s没有这样的情况)
3.在system32 有一个名为 1.1的文件(文件有自保护),不让打包..
3.病毒每3分钟修改一次 hosts表.具体就是把各大网站都指向百度..不过显示 cn.yahoo.com

安全模式进去的时候会发现蓝屏

下载 System Repair Engineer，
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改

[CODE]

2008-08-22,12:57:58

System Repair Engineer 2.6.12.1018
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [File is missing]
    <DAEMON Tools><"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033>  [(Verified)DAEMON Tools Code Signing Services]
    <runeip><"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [File is missing]
    <AntiARPStandalone><C:\Program Files\AntiARP Stand-alone Edition\AntiArp.exe>  []
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
    <qtfstqywi><C:\WINDOWS\system32\loanoltrd.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; >  [N/A]
    <PHIME2002A><; >  [N/A]
    <PHIME2002ASync><; >  [N/A]

==================================
启动文件夹
[eBoostr Control Panel]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\eBoostr Control Panel.lnk --> C:\PROGRA~1\eBoostr\EBOOST~1.EXE [eBoostr.com]><N>

==================================

服务
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Stopped/Auto Start]
  <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><(File is missing)>
[eBoostr Service / EBOOSTRSVC][Running/Auto Start]
  <"C:\Program Files\eBoostr\EBstrSvc.exe"><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Information Technology Co., Ltd.>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[AliIde / AliIde][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD Processor Driver / AmdK8][Running/System Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[AMD Low Level Device Driver / AmdLLD][Running/Manual Start]
  <system32\DRIVERS\AmdLLD.sys><AMD, Inc.>
[AntiARP NDIS Protocol Driver / AntiArpNdisProt][Running/Auto Start]
  <system32\DRIVERS\AntiArpNdisProt.sys><Windows (R) 2000 DDK provider>
[atiide / atiide][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\atiide.sys><ATI Technologies Inc.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Stopped/System Start]
  <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[eBoostr caching filter driver / eBoost][Running/Boot Start]
  <\SystemRoot\system32\drivers\eBoost.sys><eBoostr.com>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Information Technology Co., Ltd.>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Information Technology Co., Ltd.>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[mv61xx / mv61xx][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\mv61xx.sys><Marvell Semiconductor, Inc.>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SiS315 / SiS315][Running/Manual Start]
  <system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiSkp / SiSkp][Running/System Start]
  <system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[SiS PCI Fast Ethernet Adapter Driver for NDIS51 / SISNICXP][Running/Manual Start]
  <system32\DRIVERS\sisnicxp.sys><SiS Corporation>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[xAntiArpSpoof Service / xAntiArp][Running/Manual Start]
  <system32\DRIVERS\xAntiArp.sys><Windows (R) 2000 DDK provider>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Technology Co., Ltd.>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin17.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Technology Co., Ltd.>
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5803.60.(105).dll, ShenZhen Thunder Networking Technologies Ltd.>
[]
  {BE830FD4-E393-417F-9F4B-CC70ABB3384C} <, >
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.5712.71.105.dll, ShenZhen Thunder Networking Technologies Ltd.>
[]
  {F08555B0-9CC3-11D2-AA8E-000000000000} <, >
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.0.181.(105).dll, Xunlei Networking Technologies,LTD>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <d:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 912 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 980 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1004 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1048 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1060 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1220 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1288 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1400 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.33]
[PID: 1444 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1556 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1656 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1776 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\ravmond.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.80]
    [C:\PROGRAM FILES\RISING\RAV\BWList.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.5]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
    [C:\PROGRAM FILES\RISING\RAV\RsLog.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.36]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.29]
    [C:\PROGRAM FILES\RISING\RAV\Hooksys.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12]
    [C:\PROGRAM FILES\RISING\RAV\HookReg.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
    [C:\PROGRAM FILES\RISING\RAV\HookNtos.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
    [C:\PROGRAM FILES\RISING\RAV\rswalmon.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24]
    [C:\PROGRAM FILES\RISING\RAV\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41]
    [C:\PROGRAM FILES\RISING\RAV\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18]
    [C:\PROGRAM FILES\RISING\RAV\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.9]
    [C:\PROGRAM FILES\RISING\RAV\HookCont.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [C:\Program Files\Rising\Rav\fakescan.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.14]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.39]
    [C:\PROGRAM FILES\RISING\RAV\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
    [C:\PROGRAM FILES\RISING\RAV\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.3]
    [C:\PROGRAM FILES\RISING\RAV\extfile.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32]
    [C:\PROGRAM FILES\RISING\RAV\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8]
    [C:\PROGRAM FILES\RISING\RAV\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7]
    [C:\PROGRAM FILES\RISING\RAV\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6]
    [C:\PROGRAM FILES\RISING\RAV\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 89]
    [C:\PROGRAM FILES\RISING\RAV\scanpack.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10]
    [C:\PROGRAM FILES\RISING\RAV\revm.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11]
    [C:\PROGRAM FILES\RISING\RAV\urutils.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7]
    [C:\PROGRAM FILES\RISING\RAV\ur000.dat]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\scriptci.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\uroutine.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
    [C:\PROGRAM FILES\RISING\RAV\posttrt.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24]
    [C:\PROGRAM FILES\RISING\RAV\scansct.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10]
    [C:\PROGRAM FILES\RISING\RAV\extmail.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10]
    [C:\PROGRAM FILES\RISING\RAV\ur023.dat]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3]
[PID: 2032 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.10]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 376 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.0.0.0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 8.0.0.0]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
[PID: 396 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mdiui.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
[PID: 536 / Administrator][C:\Program Files\DAEMON Tools\daemon.exe]  [DT Soft Ltd., 4.08.0.0]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [C:\Program Files\DAEMON Tools\daemon.dll]  [DT Soft Ltd., 4.08.0.0]
    [C:\Program Files\DAEMON Tools\PFCTOC.DLL]  [Padus(R), Inc., 1, 0, 0, 12]
    [C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll]  [, 1.1.0.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\ccdmount.dll]  [GENERIC, 1.10.0.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\cuemount.dll]  [DT Soft Ltd., 1.0.0.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\mdsmount.dll]  [DT Soft Ltd., 1.18.0.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\nrgmount.dll]  [DT Soft Ltd., 1.12.0.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\pdimount.dll]  [GENERIC, 1.01.0.0]
[PID: 580 / Administrator][C:\Program Files\AntiARP Stand-alone Edition\AntiArp.exe]  [N/A, ]
    [C:\Program Files\AntiARP Stand-alone Edition\xantiarp.dll]  [N/A, ]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
[PID: 616 / SYSTEM][C:\Program Files\eBoostr\EBstrSvc.exe]  [N/A, ]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
[PID: 788 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
[PID: 1168 / Administrator][C:\Program Files\eBoostr\eBoostrCP.exe]  [eBoostr.com, 1, 1, 0, 399]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [C:\Program Files\eBoostr\lang\chs\eboostrrc.dll]  [eBoostr.com, 1, 1, 0, 395]
[PID: 1884 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\kmon.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
[PID: 1816 / Administrator][C:\WINDOWS\system32\taskmgr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
[PID: 3664 / Administrator][C:\Program Files\TheWorld 2.0\TheWorld.exe]  [Phoenix Studio, 2, 2, 1, 0]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [C:\PROGRA~1\THEWOR~1.0\languages\chs.dll]  [Phoenix Studio, 2, 2, 1, 0]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[PID: 2000 / Administrator][H:\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.6.12.1018]
[PID: 3396 / Administrator][H:\sreng2\SRE9b4eb966.EXE]  [Smallfrogs Studio, 2.6.12.1018]
    [H:\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
219.235.3.16    search.114.vnet.cn
219.235.3.16    keyword.vnet.cn
219.235.3.16    auto.search.msn.com
219.235.3.16    search.msn.com
219.235.3.16    cnweb.search.live.com
219.235.3.16    www.360safe.com
219.235.3.16    www.k369.com
219.235.3.16    www.5566.net
219.235.3.16    360safe.com
202.165.102.243    update.360safe.com
219.235.3.16    dl.360safe.com
219.235.3.16    down.360safe.com
219.235.3.16    bbs.360safe.com
219.235.3.16    kaba.360safe.com
219.235.3.16    baike.360safe.com
219.235.3.16    www.360.cn
219.235.3.16    360.cn
219.235.3.16    wopti.360.cn
202.165.102.243    update.360.cn
219.235.3.16    dl.360.cn
219.235.3.16    down.360.cn
219.235.3.16    bbs.360.cn
219.235.3.16    kaba.360.cn
219.235.3.16    baike.360.cn
219.235.3.16    360.qihoo.com
219.235.3.16    360safe.qihoo.com
219.235.3.16    forum.ikaka.com
219.235.3.16    www.ikaka.com
202.165.102.243 update.ikaka.com
219.235.3.16    forum.jiangmin.com
202.165.102.243 update.jiangmin.com
219.235.3.16    tieba.baidu.com
219.235.3.16    post.baidu.com
219.235.3.16    zhidao.baidu.com
219.235.3.16    www.baidu.com
202.165.102.243 update.rising.com.cn
219.235.3.16    online.rising.com.cn
202.165.102.243 center.rising.com.cn
219.235.3.16    up.duba.net
219.235.3.16    vi.duba.net
219.235.3.16    shadu.baidu.com
219.235.3.16    du.baidu.com
219.235.3.16    security.symantec.com
219.235.3.16    shadu.duba.net
219.235.3.16    bbs.duba.net
219.235.3.16    www.duba.net
219.235.3.16    online.jiangmin.com
219.235.3.16    cn.mcafee.com
219.235.3.16    www.ahn.com.cn
219.235.3.16    www.kaspersky.com.cn
219.235.3.16    www.pcav.cn
219.235.3.16    www.luosoft.com
219.235.3.16    www.im286.com
219.235.3.16    an.baidu.com
219.235.3.16    ma.baidu.com
219.235.3.16    bbs.htmlman.net
202.165.102.243 download.rising.com.cn
202.165.102.243 rsup08.rising.com.cn
219.235.3.16    10000.286er.com
219.235.3.16    im286.net
219.235.3.16    ju.qihoo.com
219.235.3.16    bbs.chinaz.com
219.235.3.16    www.qihoo.com
202.165.102.243 dnl-cn1.kaspersky-labs.com
202.165.102.243 dnl-cn2.kaspersky-labs.com
202.165.102.243 dnl-cn3.kaspersky-labs.com
202.165.102.243 dnl-cn4.kaspersky-labs.com
202.165.102.243 dnl-cn5.kaspersky-labs.com
202.165.102.243 dnl-cn6.kaspersky-labs.com
202.165.102.243 dnl-cn7.kaspersky-labs.com
202.165.102.243 dnl-cn8.kaspersky-labs.com
202.165.102.243 dnl-cn9.kaspersky-labs.com
202.165.102.243 dnl-cn10.kaspersky-labs.com
202.165.102.243 dnl-cn11.kaspersky-labs.com
202.165.102.243 dnl-cn12.kaspersky-labs.com
202.165.102.243 dnl-cn13.kaspersky-labs.com
202.165.102.243 dnl-cn14.kaspersky-labs.com
202.165.102.243 dnl-cn15.kaspersky-labs.com
202.165.102.243    dnl-eu1.kaspersky-labs.com
202.165.102.243    dnl-eu2.kaspersky-labs.com
202.165.102.243    dnl-eu3.kaspersky-labs.com
202.165.102.243    dnl-eu4.kaspersky-labs.com
202.165.102.243    dnl-eu5.kaspersky-labs.com
202.165.102.243    dnl-eu6.kaspersky-labs.com
202.165.102.243    dnl-eu7.kaspersky-labs.com
202.165.102.243    dnl-eu8.kaspersky-labs.com
202.165.102.243    dnl-eu9.kaspersky-labs.com
202.165.102.243    dnl-eu10.kaspersky-labs.com
202.165.102.243    dnl-eu11.kaspersky-labs.com
202.165.102.243    dnl-eu12.kaspersky-labs.com
202.165.102.243    dnl-eu13.kaspersky-labs.com
202.165.102.243    dnl-eu14.kaspersky-labs.com
202.165.102.243    dnl-eu15.kaspersky-labs.com
202.165.102.243    dnl-us1.kaspersky-labs.com
202.165.102.243    dnl-us2.kaspersky-labs.com
202.165.102.243    dnl-us3.kaspersky-labs.com
202.165.102.243    dnl-us4.kaspersky-labs.com
202.165.102.243    dnl-us5.kaspersky-labs.com
202.165.102.243    dnl-us6.kaspersky-labs.com
202.165.102.243    dnl-us7.kaspersky-labs.com
202.165.102.243    dnl-us8.kaspersky-labs.com
202.165.102.243    dnl-us9.kaspersky-labs.com
202.165.102.243    dnl-us10.kaspersky-labs.com
202.165.102.243    dnl-us11.kaspersky-labs.com
202.165.102.243    dnl-us12.kaspersky-labs.com
202.165.102.243    dnl-us13.kaspersky-labs.com
202.165.102.243    dnl-us14.kaspersky-labs.com
202.165.102.243    dnl-us15.kaspersky-labs.com
202.165.102.243    dnl-ru1.kaspersky-labs.com
202.165.102.243    dnl-ru2.kaspersky-labs.com
202.165.102.243    dnl-ru3.kaspersky-labs.com
202.165.102.243    dnl-ru4.kaspersky-labs.com
202.165.102.243    dnl-ru5.kaspersky-labs.com
202.165.102.243    dnl-ru6.kaspersky-labs.com
202.165.102.243    dnl-ru7.kaspersky-labs.com
202.165.102.243    dnl-ru8.kaspersky-labs.com
202.165.102.243    dnl-ru9.kaspersky-labs.com
202.165.102.243    dnl-ru10.kaspersky-labs.com
202.165.102.243    dnl-ru11.kaspersky-labs.com
202.165.102.243    dnl-ru12.kaspersky-labs.com
202.165.102.243    dnl-ru13.kaspersky-labs.com
202.165.102.243    dnl-ru14.kaspersky-labs.com
202.165.102.243    dnl-ru15.kaspersky-labs.com
202.165.102.243    dnl-jp1.kaspersky-labs.com
202.165.102.243    dnl-jp2.kaspersky-labs.com
202.165.102.243    dnl-jp3.kaspersky-labs.com
202.165.102.243    dnl-jp4.kaspersky-labs.com
202.165.102.243    dnl-jp5.kaspersky-labs.com
202.165.102.243    dnl-jp6.kaspersky-labs.com
202.165.102.243    dnl-jp7.kaspersky-labs.com
202.165.102.243    dnl-jp8.kaspersky-labs.com
202.165.102.243    dnl-jp9.kaspersky-labs.com
202.165.102.243    dnl-jp10.kaspersky-labs.com
202.165.102.243    dnl-jp11.kaspersky-labs.com
202.165.102.243    dnl-jp12.kaspersky-labs.com
202.165.102.243    dnl-jp13.kaspersky-labs.com
202.165.102.243    dnl-jp14.kaspersky-labs.com
202.165.102.243    dnl-jp15.kaspersky-labs.com
202.165.102.243    dnl-kr1.kaspersky-labs.com
202.165.102.243    dnl-kr2.kaspersky-labs.com
202.165.102.243    dnl-kr3.kaspersky-labs.com
202.165.102.243    dnl-kr4.kaspersky-labs.com
202.165.102.243    dnl-kr5.kaspersky-labs.com
202.165.102.243    dnl-kr6.kaspersky-labs.com
202.165.102.243    dnl-kr7.kaspersky-labs.com
202.165.102.243    dnl-kr8.kaspersky-labs.com
202.165.102.243    dnl-kr9.kaspersky-labs.com
202.165.102.243    dnl-kr10.kaspersky-labs.com
202.165.102.243    dnl-kr11.kaspersky-labs.com
202.165.102.243    dnl-kr12.kaspersky-labs.com
202.165.102.243    dnl-kr13.kaspersky-labs.com
202.165.102.243    dnl-kr14.kaspersky-labs.com
202.165.102.243    dnl-kr15.kaspersky-labs.com
202.165.102.243    dnl-cd1.kaspersky-labs.com
202.165.102.243    dnl-cd2.kaspersky-labs.com
202.165.102.243    dnl-cd3.kaspersky-labs.com
202.165.102.243    dnl-cd4.kaspersky-labs.com
202.165.102.243    dnl-cd5.kaspersky-labs.com
202.165.102.243    dnl-cd6.kaspersky-labs.com
202.165.102.243    dnl-cd7.kaspersky-labs.com
202.165.102.243    dnl-cd8.kaspersky-labs.com
202.165.102.243    dnl-cd9.kaspersky-labs.com
202.165.102.243    dnl-cd10.kaspersky-labs.com
202.165.102.243    dnl-cd11.kaspersky-labs.com
202.165.102.243    dnl-cd12.kaspersky-labs.com
202.165.102.243    dnl-cd13.kaspersky-labs.com
202.165.102.243    dnl-cd14.kaspersky-labs.com
202.165.102.243    dnl-cd15.kaspersky-labs.com
202.165.102.243    downloads1.kaspersky-labs.com
202.165.102.243    downloads2.kaspersky-labs.com
202.165.102.243    downloads3.kaspersky-labs.com
202.165.102.243    downloads4.kaspersky-labs.com
202.165.102.243    downloads5.kaspersky-labs.com
219.235.3.16      rss.360safe.com
219.235.3.16      x.360safe.com
219.235.3.16      d.360safe.com
219.235.3.16      updatem.360safe.com
219.235.3.16      softm.360safe.com
219.235.3.16      ishare.sina.com.cn
219.235.3.16      search.cn.yahoo.com
219.235.3.16      www.google.com
219.235.3.16      google.com
219.235.3.16      www.google.cn
219.235.3.16      www.yahoo.com.cn
219.235.3.16      cn.yahoo.com
219.235.3.16      search.tom.com
219.235.3.16      zhuansha.duba.net
219.235.3.16      buy.duba.net
219.235.3.16      kad.www.duba.net
219.235.3.16      cu001.www.duba.net
219.235.3.16      cu002.www.duba.net
219.235.3.16      cu003.www.duba.net
219.235.3.16      cu004.www.duba.net
219.235.3.16      cu005.www.duba.net
219.235.3.16      cu010.www.duba.net
219.235.3.16      client.download.duba.net
219.235.3.16      page.so.163.com
219.235.3.16      www.soso.com
219.235.3.16      sou.china.com
219.235.3.16      test.591jx.com
219.235.3.16      a.topxxxx.cn
219.235.3.16      picon.chinaren.com
219.235.3.16      www.5566.net
127.0.0.1 p.qqkx.com
127.0.0.1 news.netandtv.com
127.0.0.1 z.neter888.cn
127.0.0.1 b.myblank.cn
127.0.0.1 wvw.wokutu.com
127.0.0.1 unionch.qyule.com
127.0.0.1 www.qyule.com
127.0.0.1 it.itjc.cn
127.0.0.1 www.linkwww.com
127.0.0.1 vod.kaicn.com
127.0.0.1 www.tx8688.com
127.0.0.1 b.neter888.cn
127.0.0.1 promote.huanqiu.com
127.0.0.1 www.huanqiu.com
127.0.0.1 www.haokanla.com
127.0.0.1 play.unionsky.cn
127.0.0.1 www.52v.com
127.0.0.1 www.gghka.cn
127.0.0.1 icon.ajiang.net
127.0.0.1 new.ete.cn
127.0.0.1 www.stiae.cn
127.0.0.1 o.neter888.cn
127.0.0.1 comm.jinti.com
127.0.0.1 www.google-analytics.com
127.0.0.1 hz.mmstat.com
127.0.0.1 www.game175.cn
127.0.0.1 x.neter888.cn
127.0.0.1 z.neter888.cn
127.0.0.1  p.etimes888.com
127.0.0.1  hx.etimes888.com
127.0.0.1 abc.qqkx.com
127.0.0.1 dm.popdm.cn
127.0.0.1 www.yl9999.com
127.0.0.1 www.dajiadoushe.cn
127.0.0.1 down.nihao29.cn
127.0.0.1 v.onondown.com.cn
127.0.0.1 www.interoo.net
127.0.0.1 bally1.bally-bally.net
127.0.0.1 www.bao5605509.cn
127.0.0.1  down.nihao29.cn
127.0.0.1  www.mzd020.cn
127.0.0.1  jzm015.cn
127.0.0.1  down.hs7yue.cn
127.0.0.1  new.doups.cn
127.0.0.1  w.qq-uc.cn
127.0.0.1  down.nihao69.cn
127.0.0.1  www.rty456.cn
127.0.0.1  www.werqwer.cn
127.0.0.1  www.jjyyzmj.cn
127.0.0.1  1.360-1.cn
127.0.0.1  5.360-5.cn
127.0.0.1  user1.23-16.net
127.0.0.1  user1.23-18.net
127.0.0.1  www.guccia.net
127.0.0.1  www.interoo.net
127.0.0.1  upa.netsool.net
127.0.0.1  pua.lianxiac.net
127.0.0.1  js.users.51.la
127.0.0.1  vip2.51.la
127.0.0.1  web.51.la
127.0.0.1  qq.gong2008.com
127.0.0.1  2008tl.copyip.com
127.0.0.1  tla.laozihuolaile.cn
127.0.0.1  www.tx6868.cn
127.0.0.1  p001.tiloaiai.com
127.0.0.1  s1.tl8tl.com
127.0.0.1  s1.gong2008.com
127.0.0.1  mm1.laozihuolaile.cn
127.0.0.1  mm2.laozihuolaile.cn
127.0.0.1  tlbm2.laozihuolaile.cn
127.0.0.1  tlbm3.laozihuolaile.cn
127.0.0.1  www.6161q1.cn
127.0.0.1  www.6161q2.cn
127.0.0.1  www.6161h1.cn
127.0.0.1  www.6161h2.cn
127.0.0.1  user1.23-21.net
127.0.0.1  www.skpoot.net
127.0.0.1  user1.kao-360.net
127.0.0.1  user1.23-22.net
127.0.0.1  www.keysooa.net

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1004, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 580, C:\PROGRAM FILES\ANTIARP STAND-ALONE EDITION\ANTIARP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1168, C:\PROGRAM FILES\EBOOSTR\EBOOSTRCP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2000, H:\SRENG2\SRENGLDR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

SRENG-系统修复
操作Hosts

貌似病毒没了

:default4: :default4: :default4:
如一楼的描述，安全模式蓝屏，瑞星卡卡及瑞星杀毒都用不了，AVG antispay ware也被搞定，文件丢失。windows优化大师了一样，也是双击后主程序文件就被删除了！
顺便说一句，百毒真TMD恶心！！

病毒应该没了

弄完
新日志看看