[PID: 1448][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1360][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1444][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1396][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\kakatool.dll]  <Beijing Rising Technology Co., Ltd.><2, 0, 0, 9>
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
[PID: 372][C:\DOCUME~1\cao\LOCALS~1\Temp\Rar$EX00.094\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

[Main]
Program=超级兔子IE修复专家
Version=V7.75
WindowsVersion=Windows XP
IEVersion=6.0.2900.2180
WinDir=C:\WINDOWS\
WinSystemDir=C:\WINDOWS\system32\
USERPROFILE=C:\Documents and Settings\cao
Admin=1
Detail=1
Date=2006-08-23
Time=01:23:43
Code=,
CDCode=,
Reg=0

[Soft]
Max=0

[IE]
1_HKey=HKEY_CURRENT_USER
1_Key=Software\Microsoft\Internet Explorer\Main
1_Name=Window Title
1_Value=
2_HKey=HKEY_CURRENT_USER
2_Key=Software\Microsoft\Internet Explorer\Main
2_Name=Local Page
2_Value=
3_HKey=HKEY_CURRENT_USER
3_Key=Software\Microsoft\Internet Explorer\Main
3_Name=Search Page
3_Value=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
4_HKey=HKEY_CURRENT_USER
4_Key=Software\Microsoft\Internet Explorer\Main
4_Name=Start Page
4_Value=about:blank
5_HKey=HKEY_CURRENT_USER
5_Key=Software\Microsoft\Internet Explorer\Main
5_Name=Default_page_url
5_Value=
6_HKey=HKEY_CURRENT_USER
6_Key=Software\Microsoft\Internet Explorer\Main
6_Name=First Home Page
6_Value=
7_HKey=HKEY_LOCAL_MACHINE
7_Key=Software\Microsoft\Internet Explorer\Main
7_Name=Search Page
7_Value=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
8_HKey=HKEY_LOCAL_MACHINE
8_Key=Software\Microsoft\Internet Explorer\Main
8_Name=Start Page
8_Value=http://www.haokan123.com/
9_HKey=HKEY_LOCAL_MACHINE
9_Key=Software\Microsoft\Internet Explorer\Main
9_Name=Default_page_url
9_Value=
10_HKey=HKEY_LOCAL_MACHINE
10_Key=Software\Microsoft\Internet Explorer\Main
10_Name=First Home Page
10_Value=
11_HKey=HKEY_LOCAL_MACHINE
11_Key=Software\Microsoft\Internet Explorer\Main
11_Name=Search Page
11_Value=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
12_HKey=HKEY_LOCAL_MACHINE
12_Key=Software\Microsoft\Internet Explorer\Main
12_Name=Start Page
12_Value=http://www.haokan123.com/
Max=12

[IE2]
1_HKey=HKEY_CURRENT_USER
1_Key=Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
1_Name={01E04581-4EEE-11D0-BFE9-00AA005B4383}
1_FileName=%SystemRoot%\system32\browseui.dll
1_FileSize=1016832
1_FileDate=2004-8-7
1_FileVersion=6.0.2900.2180
2_HKey=HKEY_CURRENT_USER
2_Key=Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
2_Name={0E5CBF21-D15F-11D0-8301-00AA005B4383}
2_FileName=%SystemRoot%\system32\SHELL32.dll
2_FileSize=8309760
2_FileDate=2006-3-17 12:04:42
2_FileVersion=6.0.2900.2869
3_HKey=HKEY_CURRENT_USER
3_Key=Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
3_Name={6C3797D2-3FEF-4CD4-B654-D3AE55B4128C}
3_FileName=
3_FileVersion=
4_HKey=HKEY_CURRENT_USER
4_Key=Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
4_Name={01E04581-4EEE-11D0-BFE9-00AA005B4383}
4_FileName=%SystemRoot%\system32\browseui.dll
4_FileSize=1016832
4_FileDate=2004-8-7
4_FileVersion=6.0.2900.2180
5_HKey=HKEY_LOCAL_MACHINE
5_Key=SOFTWARE\Microsoft\Internet Explorer\Toolbar
5_Name={DB9ECD4F-FB8F-4311-B3CE-90B976C2707C}
5_FileName=C:\WINDOWS\system32\kakatool.dll
5_FileSize=344064
5_FileDate=2006-8-17 15:59:06
5_FileVersion=2.0.0.9
Max=5

[IE3]
1_HKey=HKEY_CURRENT_USER
1_Key=Software\Microsoft\Internet Explorer\MenuExt\上传到QQ网络硬盘
1_FileName=
1_FileVersion=
2_HKey=HKEY_CURRENT_USER
2_Key=Software\Microsoft\Internet Explorer\MenuExt\添加到QQ自定义面板
2_FileName=
2_FileVersion=
3_HKey=HKEY_CURRENT_USER
3_Key=Software\Microsoft\Internet Explorer\MenuExt\添加到QQ表情
3_FileName=
3_FileVersion=
4_HKey=HKEY_CURRENT_USER
4_Key=Software\Microsoft\Internet Explorer\MenuExt\用QQ彩信发送该图片
4_FileName=
4_FileVersion=
5_HKey=HKEY_CURRENT_USER
5_Key=SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
5_Clsid=
5_ButtonText=
5_MenuText=
5_FileName=
5_FileVersion=
6_HKey=HKEY_LOCAL_MACHINE
6_Key=SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6414512B-B978-451D-A0D8-FCFDF33E833C}
6_Download=http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155234370140
6_FileName=C:\WINDOWS\Downloaded Program Files\wuweb.inf
6_FileSize=291
6_FileDate=2005-5-26 4:19:32
6_FileVersion=
7_HKey=HKEY_LOCAL_MACHINE
7_Key=SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E787FD25-8D7C-4693-AE67-9406BC6E22DF}
7_Download=https://password.qq.com/download/qqedit.cab
7_FileName=C:\WINDOWS\Downloaded Program Files\qqedit.inf
7_FileSize=677
7_FileDate=2006-3-27 15:00:16
7_FileVersion=
8_HKey=HKEY_LOCAL_MACHINE
8_Key=SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FEE1002D-90A5-4A5D-AABE-01803FFBCF7A}
8_Download=http://ps.itv.mop.com/dn/files/pCastCtl-1.0.0.90-signed.cab
8_FileName=C:\WINDOWS\Downloaded Program Files\pCastctl.inf
8_FileSize=251
8_FileDate=2006-8-1 14:33:32
8_FileVersion=
9_HKey=HKEY_LOCAL_MACHINE
9_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3DB62BAD-FEF3-4E42-855D-0F55407A7992}
9_NameServer=
9_Clsid=
9_FileName=
9_FileVersion=
10_HKey=HKEY_LOCAL_MACHINE
10_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5C66922B-32D9-477D-8F41-4E8E078370CE}
10_NameServer=
10_Clsid=
10_FileName=
10_FileVersion=
11_HKey=HKEY_LOCAL_MACHINE
11_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{97D7397A-CD76-48B4-9B04-71BE2F934050}
11_NameServer=
11_Clsid=
11_FileName=
11_FileVersion=
12_HKey=HKEY_LOCAL_MACHINE
12_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B9589E10-786F-454D-8DCF-A6CF8BE50CA9}
12_NameServer=
12_Clsid=
12_FileName=
12_FileVersion=
13_HKey=HKEY_LOCAL_MACHINE
13_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D2300C58-90EB-48EC-8A22-44686A55DFE7}
13_NameServer=
13_Clsid=
13_FileName=
13_FileVersion=
14_HKey=HKEY_LOCAL_MACHINE
14_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E41128E8-A201-49F7-B072-63F5DF5679A0}
14_NameServer=
14_Clsid=
14_FileName=
14_FileVersion=
Max=14

[Link]
1_HKey=HKEY_CLASSES_ROOT
1_Key=.exe
1_Name=
1_Value=exefile
1_HKeyLink=HKEY_CLASSES_ROOT
1_KeyLink=exefile\shell\open\command
1_NameLink=
1_ValueLink="%1" %*
2_HKey=HKEY_CLASSES_ROOT
2_Key=.com
2_Name=
2_Value=comfile
2_HKeyLink=HKEY_CLASSES_ROOT
2_KeyLink=comfile\shell\open\command
2_NameLink=
2_ValueLink="%1" %*
3_HKey=HKEY_CLASSES_ROOT
3_Key=.lnk
3_Name=
3_Value=lnkfile
3_HKeyLink=HKEY_CLASSES_ROOT
3_KeyLink=lnkfile\CLSID
3_NameLink=
3_ValueLink={00021401-0000-0000-C000-000000000046}
4_HKey=HKEY_CLASSES_ROOT
4_Key=.txt
4_Name=
4_Value=txtfile
4_HKeyLink=HKEY_CLASSES_ROOT
4_KeyLink=txtfile\shell\open\command
4_NameLink=
4_ValueLink=%SystemRoot%\system32\NOTEPAD.EXE %1
4_FileSizeLink=66560
4_FileDateLink=2004-8-7
4_FileVersionLink=5.1.2600.2180
5_HKey=HKEY_CLASSES_ROOT
5_Key=.htm
5_Name=
5_Value=htmlfile
5_HKeyLink=HKEY_CLASSES_ROOT
5_KeyLink=htmlfile\shell\open\command
5_NameLink=
5_ValueLink="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
5_FileSizeLink=93184
5_FileDateLink=2004-8-7 8:00:00
5_FileVersionLink=6.0.2900.2180
6_HKey=HKEY_CLASSES_ROOT
6_Key=.html
6_Name=
6_Value=htmlfile
6_HKeyLink=HKEY_CLASSES_ROOT
6_KeyLink=htmlfile\shell\open\command
6_NameLink=
6_ValueLink="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
6_FileSizeLink=93184
6_FileDateLink=2004-8-7 8:00:00
6_FileVersionLink=6.0.2900.2180
7_HKey=HKEY_CLASSES_ROOT
7_Key=.url
7_Name=
7_Value=InternetShortcut
7_HKeyLink=HKEY_CLASSES_ROOT
7_KeyLink=InternetShortcut\shell\open\command
7_NameLink=
7_ValueLink=rundll32.exe shdocvw.dll,OpenURL %l
8_HKey=HKEY_CLASSES_ROOT
8_Key=PROTOCOLS\Filter\text/html
8_Name=CLSID
8_Value=
9_HKey=HKEY_CLASSES_ROOT
9_Key=PROTOCOLS\Filter\text/plain
9_Name=CLSID
9_Value=
10_HKey=HKEY_LOCAL_MACHINE
10_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
10_Name=
10_Value=http://
11_HKey=HKEY_LOCAL_MACHINE
11_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes
11_Name=www
11_Value=http://
Max=11

[Shdoclc]
1_FileSize=498176
1_FileDate=2004-8-7
1_FileVersion=6.0.2900.2180
Max=1

[AppInit_DLLs]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
1_Name=AppInit_DLLs
1_Value=
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
2_Name=Userinit
2_Value=C:\WINDOWS\system32\Userinit.exe
2_FileSize=23552
2_FileDate=2004-8-7
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
3_Name=Shell
3_Value=EXPLORER.EXE
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
4_Name=System
3_Value=
Max=4

[WinSock2NameSpace]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
1_Name=DisplayString
1_Value=Tcpip
1_Enabled=1
1_LibraryPath=%SystemRoot%\System32\mswsock.dll
1_FileSize=240640
1_FileDate=2004-8-7
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
2_Name=DisplayString
2_Value=NTDS
2_Enabled=1
2_LibraryPath=%SystemRoot%\System32\winrnr.dll
2_FileSize=16896
2_FileDate=2004-8-7
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
3_Name=DisplayString
3_Value=网络位置知晓 (NLA) 名称空间
3_Enabled=1
3_LibraryPath=%SystemRoot%\System32\mswsock.dll
3_FileSize=240640
3_FileDate=2004-8-7
Max=3

[WinSock2Protocol]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
1_Name=PackedCatalogItem
1_FileName=%SystemRoot%\system32\mswsock.dll c a m v i d 3 0 . i n f
1_Value=
??挀挀搀攀挀漀搀攀?椀渀昀 ā  氀挀攀爀琀挀氀愀猀?椀渀昀  戀瀅挀漀洀洀甀渀椀挀?椀渀昀    ??揿漀洀渀琀??椀渀昀    吀
挀漀爀攀氀椀猀琀?椀渀昀  戀％?揿礀挀氀愀搀昀?      ? ????耀?銡?ā              ? ? ? ? ā ?          ?匀????吀挀瀀椀瀀?嬀吀?倀??倀崀                                                                                                                                                                                                                                           
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
2_Name=PackedCatalogItem
2_FileName=%SystemRoot%\system32\mswsock.dll c a m v i d 3 0 . i n f
2_Value=
??挀挀搀攀挀漀搀攀?椀渀昀 ā  氀挀攀爀琀挀氀愀猀?椀渀昀  戀瀅挀漀洀洀甀渀椀挀?椀渀昀    ??揿漀洀渀琀??椀渀昀    吀
挀漀爀攀氀椀猀琀?椀渀昀  戀％?揿礀挀氀愀搀??      ? ????耀?銡?ā              ? ? ? ? ? ?      ?  MSAFD Tcpip [UDP/IP]                                                                                                                                                                                                                                           
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
3_Name=PackedCatalogItem
3_FileName=%SystemRoot%\system32\mswsock.dll c a m v i d 3 0 . i n f
3_Value=
??挀挀搀攀挀漀搀攀?椀渀昀 ā  氀挀攀爀琀挀氀愀猀?椀渀昀  戀瀅挀漀洀洀甀渀椀挀?椀渀昀    ??揿漀洀渀琀??椀渀昀    吀
挀漀爀攀氀椀猀琀?椀渀昀  戀％?揿礀挀氀愀搀??      ? ????耀?銡?ā              ? ? ? ? ?  ?    ?  MSAFD Tcpip [RAW/IP]                                                                                                                                                                                                                                           
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
4_Name=PackedCatalogItem
4_FileName=%SystemRoot%\system32\rsvpsp.dll
4_Value=?揿愀洀瘀椀搀?　?椀渀昀 ā 戀? ccdecode.inf
  ? certclas.inf  ?? communic.inf    ??comnt5.inf    ? corelist.inf  ???cyclad☉       ?鵠?????
龍???唼u 砀??嚇u ? ? ? ? ? ?      ?  RSVP UDP Service Provider ??    ā ?矵?? ??
  捻欿??矵?w ???矵豈?聆氿?封?攀瘀椀挀攀尀笀???????????　???　????????????????　??　紀 ??????　??　紀 ????屐瀂鯁倂?

????蠴畖? ?畕類??墶矷??  ???矚易?坐u 瀀鯁 ??龐矛???矚??矵??矵
?? ??  tt??矵
??矵    X ??矵
??
陳畗  ???SY?倀?? ā ?躐?漀渀琀?矵
5_HKey=HKEY_LOCAL_MACHINE
5_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
5_Name=PackedCatalogItem
5_FileName=%SystemRoot%\system32\rsvpsp.dll
5_Value=?揿愀洀瘀椀搀?　?椀渀昀 ā 戀? ccdecode.inf
  ? certclas.inf  ?? communic.inf    ??comnt5.inf    ? corelist.inf  ???cyclad?       ?鵠?????
ockdow  ?  ? ? ? ? ā ?          刀匀嘀倀?吀?倀?匀攀爀瘀椀挀攀?倀爀漀瘀椀搀攀爀  ?姨?姨???????囝??      ?????? ?囝??囜 搀??矵 ???樀?w 囜囜耂 ā ???t?  ??t?  ?  ??铀? ? ? ā ?t???
??囜    ` 誥矵?蠿????矵 ? ?蠀?  ???w??矵??矵??  ??斴矷????????矵?矚      ?          ? ?????ā ? ??    栀鯊 搀岨?矵?桷鯊 搀岨??
6_HKey=HKEY_LOCAL_MACHINE
6_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
6_Name=PackedCatalogItem
6_FileName=%SystemRoot%\system32\mswsock.dll c a m v i d 3 0 . i n f
6_Value=
??挀挀搀攀挀漀搀攀?椀渀昀 ā  氀挀攀爀琀挀氀愀猀?椀渀昀  戀瀅挀漀洀洀甀渀椀挀?椀渀昀    ??揿漀洀渀琀??椀渀昀    吀
挀漀爀攀氀椀猀琀?椀渀昀  戀％?揿礀挀氀愀搀??      ? 　弘玍?锑è往??
                    耀        ?匀????一攀琀??伀匀?嬀尀?攀瘀椀挀攀尀一攀琀?吀开吀挀瀀椀瀀开笀???????????　???　????????????????　??　紀崀?匀?儀倀????吀?　                                                                                                                                                                         
7_HKey=HKEY_LOCAL_MACHINE
7_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
7_Name=PackedCatalogItem
7_FileName=%SystemRoot%\system32\mswsock.dll c a m v i d 3 0 . i n f
7_Value=
??挀挀搀攀挀漀搀攀?椀渀昀 ā  氀挀攀爀琀挀氀愀猀?椀渀昀  戀瀅挀漀洀洀甀渀椀挀?椀渀昀    ??揿漀洀渀琀??椀渀昀    吀
挀漀爀攀氀椀猀琀?椀渀昀  戀％?揿礀挀氀愀搀??      ? 　弘玍?锑è往??
                    耀        ?匀????一攀琀??伀匀?嬀尀?攀瘀椀挀攀尀一攀琀?吀开吀挀瀀椀瀀开笀???????????　???　????????????????　??　紀崀???吀??刀???　                                                                                                                                                                         
8_HKey=HKEY_LOCAL_MACHINE
8_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
8_Name=PackedCatalogItem
8_FileName=%SystemRoot%\system32\mswsock.dll c a m v i d 3 0 . i n f
8_Value=
??挀挀搀攀挀漀搀攀?椀渀昀 ā  氀挀攀爀琀挀氀愀猀?椀渀昀  戀瀅挀漀洀洀甀渀椀挀?椀渀昀    ??揿漀洀渀琀??椀渀昀    吀
挀漀爀攀氀椀猀琀?椀渀昀  戀％?揿礀挀氀愀搀??        　弘玍?锑è往??
                   ??        ?匀????一攀琀??伀匀?嬀尀?攀瘀椀挀攀尀一攀琀?吀开吀挀瀀椀瀀开笀???????????　????????????　??????????　紀崀?匀?儀倀????吀??                                                                                                                                                                         
9_HKey=HKEY_LOCAL_MACHINE
9_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
9_Name=PackedCatalogItem
9_FileName=%SystemRoot%\system32\mswsock.dll c a m v i d 3 0 . i n f
9_Value=
??挀挀搀攀挀漀搀攀?椀渀昀 ā  氀挀攀爀琀挀氀愀猀?椀渀昀  戀瀅挀漀洀洀甀渀椀挀?椀渀昀    ??揿漀洀渀琀??椀渀昀    吀
挀漀爀攀氀椀猀琀?椀渀昀  戀％?揿礀挀氀愀搀??        　弘玍?锑è往??
                   ??        ?匀????一攀琀??伀匀?嬀尀?攀瘀椀挀攀尀一攀琀?吀开吀挀瀀椀瀀开笀???????????　????????????　??????????　紀崀???吀??刀????                                                                                                                                                                         
10_HKey=HKEY_LOCAL_MACHINE
10_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
10_Name=PackedCatalogItem
10_FileName=%SystemRoot%\system32\mswsock.dll c a m v i d 3 0 . i n f
10_Value=
??挀挀搀攀挀漀搀攀?椀渀昀 ā  氀挀攀爀琀挀氀愀猀?椀渀昀  戀瀅挀漀洀洀甀渀椀挀?椀渀昀    ??揿漀洀渀琀??椀渀昀    吀
挀漀爀攀氀椀猀琀?椀渀昀  戀％?揿礀挀氀愀搀??        　弘玍?锑è往??
                   ＿?        MSAFD NetBIOS [\Device\NetBT_Tcpip_{F9DE49EA-8406-4523-B289-91B8F0BDE0DA}] SEQPACKET 2                                                                                                                                                                         
11_HKey=HKEY_LOCAL_MACHINE
11_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011
11_Name=PackedCatalogItem
11_FileName=%SystemRoot%\system32\mswsock.dll c a m v i d 3 0 . i n f
11_Value=
??挀挀搀攀挀漀搀攀?椀渀昀 ā  氀挀攀爀琀挀氀愀猀?椀渀昀  戀瀅挀漀洀洀甀渀椀挀?椀渀昀    ??揿漀洀渀琀??椀渀昀    吀
挀漀爀攀氀椀猀琀?椀渀昀  戀％?揿礀挀氀愀搀??        　弘玍?锑è往??
                   ＿?        MSAFD NetBIOS [\Device\NetBT_Tcpip_{F9DE49EA-8406-4523-B289-91B8F0BDE0DA}] DATAGRAM 2                                                                                                                                                                         
Max=11

[WinSock2Winsock]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=System\CurrentControlSet\Services\Winsock2\Winsock
1_Name=PathName
1_Value=
1_Found=0
Max=1

[WOW]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Control\WOW
1_Name=cmdline
1_Value=%SystemRoot%\system32\ntvdm.exe -o
1_Filename=C:\WINDOWS\SYSTEM32\NTVDM.EXE
1_FileSize=417280
1_FileDate=2004-8-7
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SYSTEM\CurrentControlSet\Control\WOW
2_Name=wowcmdline
2_Value=%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
2_Filename=C:\WINDOWS\SYSTEM32\NTVDM.EXE
2_FileSize=417280
2_FileDate=2004-8-7
Max=2

[ShellExecuteHooks]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
1_Name={AEB6717E-7E19-11d0-97EE-00C04FD91972}
1_ClsidName=URL 执行挂钩
1_FileName=C:\WINDOWS\system32\shell32.dll
1_FileSize=8309760
1_FileDate=2006-3-17 12:04:42
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
2_Name={32CD708B-60A7-4C00-9377-D73EAA495F0F}
2_ClsidName=ShlExecHack Class
2_FileName=C:\WINDOWS\system32\RavExt.dll
2_FileSize=98304
2_FileDate=2006-8-14 20:56:28
Max=2

[ShellServiceObjectDelayLoad]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
1_Name=PostBootReminder
1_Value={7849596a-48ea-486e-8937-a2a3009f31a9}
1_ClsidName=PostBootReminder 对象
1_FileName=%SystemRoot%\system32\SHELL32.dll
1_FileSize=8309760
1_FileDate=2006-3-17 12:04:42
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
2_Name=CDBurn
2_Value={fbeb8a05-beee-4442-804e-409d6c4515e9}
2_ClsidName=烧 CD 的 ShellFolder
2_FileName=%SystemRoot%\system32\SHELL32.dll
2_FileSize=8309760
2_FileDate=2006-3-17 12:04:42
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
3_Name=WebCheck
3_Value={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
3_ClsidName=WebCheck
3_FileName=%SystemRoot%\system32\webcheck.dll
3_FileSize=265728
3_FileDate=2004-8-7
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
4_Name=SysTray
4_Value={35CEC8A3-2BE6-11D2-8773-92E220524153}
4_ClsidName=SysTray
4_FileName=C:\WINDOWS\system32\stobject.dll
4_FileSize=121344
4_FileDate=2004-8-7
Max=4

[SharedTaskScheduler]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
1_Name={438755C2-A8BA-11D1-B96B-00A0C90312E1}
1_Value=Browseui 预加载程序
1_FileName=%SystemRoot%\system32\browseui.dll
1_FileSize=1016832
1_FileDate=2004-8-7
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
2_Name={8C7461EF-2B13-11d2-BE35-3078302C2030}
2_Value=组件类别缓存程序
2_FileName=%SystemRoot%\system32\browseui.dll
2_FileSize=1016832
2_FileDate=2004-8-7
Max=2

[ProtocolDefaults]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
1_Name=http
1_Value=3
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
2_Name=https
2_Value=3
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
3_Name=ftp
3_Value=3
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
4_Name=file
4_Value=3
5_HKey=HKEY_LOCAL_MACHINE
5_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
5_Name=@ivt
5_Value=1
6_HKey=HKEY_LOCAL_MACHINE
6_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
6_Name=shell
6_Value=0
Max=6

[BootExecute]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Control\Session Manager
1_Name=BootExecute
1_Value=autocheck autochk *
Max=1

[AutoRun]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=Software\Microsoft\Windows\CurrentVersion\Run
1_Name=IMJPMIG8.1
1_Value="c:\windows\ime\imjp8_1\imjpmig.exe" /spoil /remadvdef /migration32
1_FileSize=208952
1_FileDate=2004-8-7 8:00:00
1_FileVersion=8.1.4202.0
2_HKey=HKEY_LOCAL_MACHINE
2_Key=Software\Microsoft\Windows\CurrentVersion\Run
2_Name=PHIME2002ASync
2_Value=c:\windows\system32\ime\tintlgnt\tintsetp.exe /sync
2_FileSize=455168
2_FileDate=2004-8-7 8:00:00
2_FileVersion=5.2.0.2801
3_HKey=HKEY_LOCAL_MACHINE
3_Key=Software\Microsoft\Windows\CurrentVersion\Run
3_Name=PHIME2002A
3_Value=c:\windows\system32\ime\tintlgnt\tintsetp.exe /imename
3_FileSize=455168
3_FileDate=2004-8-7 8:00:00
3_FileVersion=5.2.0.2801
4_HKey=HKEY_LOCAL_MACHINE
4_Key=Software\Microsoft\Windows\CurrentVersion\Run
4_Name=TkBellExe
4_Value="c:\program files\common files\real\update_ob\realsched.exe"  -osboot
4_FileSize=180269
4_FileDate=2006-7-17 16:56:50
4_FileVersion=0.1.0.3275
5_HKey=HKEY_LOCAL_MACHINE
5_Key=Software\Microsoft\Windows\CurrentVersion\Run
5_Name=RavTask
5_Value="d:\program files\rising\rav\ravtask.exe" -system
5_FileSize=114688
5_FileDate=2006-8-14 20:45:28
5_FileVersion=18.0.0.22
6_HKey=HKEY_LOCAL_MACHINE
6_Key=Software\Microsoft\Windows\CurrentVersion\Run
6_Name=RfwMain
6_Value="d:\program files\rising\rising\rfw\rfwmain.exe" -startup
6_FileSize=417792
6_FileDate=2006-8-18 18:47:34
6_FileVersion=4.0.0.52
7_HKey=HKEY_LOCAL_MACHINE
7_Key=Software\Microsoft\Windows\CurrentVersion\Run
7_Name=mmsk
7_Value=d:\program files\rising\木马杀客\mmsk.exe
7_FileSize=715264
7_FileDate=2006-7-24 0:25:52
7_FileVersion=2.0.0.6
8_HKey=HKEY_LOCAL_MACHINE
8_Key=Software\Microsoft\Windows\CurrentVersion\RunOnce
8_Name=Super Rabbit Winspeed
8_Value="d:\新建文件夹\magicset\winspeed.exe" /autokill:150,149,148,147,146,145,144,143,142,141,140,139,138,137,136,135,134,133,132,131,130,129,128,127,126,125,124,123,122,121,120,119,118,117,116,115,114,113,112,111,110,109,108,107,106,105,104,103,102,101,100,99,98,97,96,95,94,93,92,91,90,89,88,87,86,85,84,83,82,81,80,79,78,77,76,75,74,73,72,71,70,69,68,67,66,65,64,63,62,61,60,59,58,57,56,55,54,53,52,51,50,49,48,47,46,45,44,43,42,41,40,39,38,37,36,35,34,33,32,31,30,29,28,27,26,25,24,23,22,21,20,19,18,17,16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1
8_FileSize=1540096
8_FileDate=2006-8-10 0:32:48
8_FileVersion=7.76.0.0
9_HKey=HKEY_LOCAL_MACHINE
9_Key=Software\Microsoft\Windows NT\CurrentVersion\Windows
9_Name=load
9_Value=
10_HKey=HKEY_CURRENT_USER
10_Key=Software\Microsoft\Windows\CurrentVersion\Run
10_Name=ctfmon.exe
10_Value=c:\windows\system32\ctfmon.exe
10_FileSize=15360
10_FileDate=2004-8-7
10_FileVersion=5.1.2600.2180
11_HKey=HKEY_CURRENT_USER
11_Key=Software\Microsoft\Windows NT\CurrentVersion\Windows
11_Name=load
11_Value=
Max=11

[ModuleUsage]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/pCastCtl.dll
1_Name=.Owner
1_Value=Unknown Owner
1_Clsid=
1_FileName=C:\WINDOWS\system32\pCastCtl.dll
1_FileVersion=
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll
2_Name=.Owner
2_Value=Unknown Owner
2_Clsid=
2_FileName=C:\WINDOWS\system32\wuweb.dll
2_FileSize=173536
2_FileDate=2005-5-26 4:19:32
2_FileVersion=5.8.0.2469
Max=2

[Process]
1_FileName=C:\WINDOWS\SYSTEM32\SMSS.EXE
1_FileSize=50688
1_FileDate=2004-8-7
1_FileVersion=5.1.2600.2180
2_FileName=C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2_FileSize=487424
2_FileDate=2004-8-7
2_FileVersion=5.1.2600.2180
3_FileName=C:\WINDOWS\SYSTEM32\SERVICES.EXE
3_FileSize=108032
3_FileDate=2004-8-7
3_FileVersion=5.1.2600.2180
4_FileName=C:\WINDOWS\SYSTEM32\LSASS.EXE
4_FileSize=13312
4_FileDate=2004-8-7
4_FileVersion=5.1.2600.2180
5_FileName=C:\WINDOWS\SYSTEM32\SVCHOST.EXE
5_FileSize=14336
5_FileDate=2004-8-7
5_FileVersion=5.1.2600.2180
6_FileName=C:\WINDOWS\SYSTEM32\SVCHOST.EXE
6_FileSize=14336
6_FileDate=2004-8-7
6_FileVersion=5.1.2600.2180
7_FileName=C:\WINDOWS\SYSTEM32\CONIME.EXE
7_FileSize=27648
7_FileDate=2004-8-7
7_FileVersion=5.1.2600.2180
8_FileName=C:\WINDOWS\EXPLORER.EXE
8_FileSize=976896
8_FileDate=2004-8-7
8_FileVersion=6.0.2900.2180
9_FileName=D:\新建文件夹\MAGICSET\IEHELP.EXE
9_FileSize=735232
9_FileDate=2006-8-9 0:29:16
9_FileVersion=7.75.0.0
10_FileName=[SYSTEM PROCESS]
11_FileName=C:\WINDOWS\system32\CSRSS.EXE
11_FileSize=6144
11_FileDate=2004-8-7
11_FileVersion=5.1.2600.2180
12_FileName=WMIPRVSE.EXE
Max=12

[Hosts]
HostsFile=C:\WINDOWS\system32\Drivers\Etc\Hosts
Max=0

[Service]
1_ServiceName=DcomLaunch
1_DisplayName=DCOM Server Process Launcher
1_Description=为 DCOM 服务提供加载功能。
1_Status=已启动
1_StartType=自动
1_ServiceDll=C:\WINDOWS\SYSTEM32\RPCSS.DLL
1_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH

2_ServiceName=HTTPFilter
2_DisplayName=HTTP SSL
2_Description=此服务通过安全套接字层(SSL)实现 HTTP 服务的安全超文本传送协议(HTTPS)。如果此服务被禁用，任何依赖它的服务将无法启动。
2_Status=停止
2_StartType=手动
2_ServiceDll=C:\WINDOWS\SYSTEM32\W3SSL.DLL
2_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER

3_ServiceName=NetDDEdsdm
3_DisplayName=Network DDE DSDM
3_Description=管理动态数据交换 (DDE) 网络共享。如果此服务终止，DDE 网络共享将不可用。如果此服务被禁用，任何依赖它的服务将无法启动。
3_Status=停止
3_StartType=已禁用
3_ServiceDll=
3_ImagePath=C:\WINDOWS\SYSTEM32\NETDDE.EXE

4_ServiceName=RfwProxySrv
4_DisplayName=Rising Proxy  Service
4_Description=Rising Personal Proxy Service
4_Status=停止
4_StartType=手动
4_ServiceDll=
4_ImagePath=D:\PROGRAM FILES\RISING\RISING\RFW\RFWPROXY.EXE

5_ServiceName=RfwService
5_DisplayName=Rising Personal Firewall Service
5_Description=Rising Personal Firewall Service
5_Status=停止
5_StartType=自动
5_ServiceDll=
5_ImagePath=D:\PROGRAM FILES\RISING\RISING\RFW\RFWSRV.EXE

6_ServiceName=RsCCenter
6_DisplayName=Rising Process Communication Center
6_Description=
6_Status=停止
6_StartType=自动
6_ServiceDll=
6_ImagePath="D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE"

7_ServiceName=RsRavMon
7_DisplayName=RsRavMon Service
7_Description=
7_Status=停止
7_StartType=自动
7_ServiceDll=
7_ImagePath="D:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE"

8_ServiceName=Tech
8_DisplayName=Volume Optimization
8_Description=Windows 文件卷的优化服务，使得系统具有更快的文件卷访问和存取功能。如果停止服务，帮助和支持中心将不可用。
8_Status=停止
8_StartType=自动
8_ServiceDll=
8_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

9_ServiceName=WmdmPmSN
9_DisplayName=Portable Media Serial Number Service
9_Description=Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
9_Status=停止
9_StartType=手动
9_ServiceDll=C:\WINDOWS\SYSTEM32\MSPMSNSV.DLL
9_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

10_ServiceName=wscsvc
10_DisplayName=Security Center
10_Description=监视系统安全设置和配置。
10_Status=停止
10_StartType=已禁用
10_ServiceDll=C:\WINDOWS\SYSTEM32\WSCSVC.DLL
10_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

11_ServiceName=xmlprov
11_DisplayName=Network Provisioning Service
11_Description=为自动网络提供管理基于域的 XML 配置文件。
11_Status=停止
11_StartType=手动
11_ServiceDll=C:\WINDOWS\SYSTEM32\XMLPROV.DLL
11_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

Max=11

[END]
Max=1

HijackThis_815汉化版扫描日志 V1.99.1
保存于      01:45:32 上午, 日期 2006-8-23
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Rising\Rav\Ravmond.exe
D:\Program Files\Rising\Rising\Rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\Rising\Rising\Rfw\rfwmain.exe
D:\Program Files\Rising\Rav\Ravmon.exe
D:\Program Files\Rising\木马杀客\mmsk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\cao\桌面\工具\HijackThis1991zww.exe

R3 - 默认的URLSearchHook丢失。用HijackThis修复
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [RavTask] "D:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [RfwMain] "D:\Program Files\Rising\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [mmsk] D:\Program Files\Rising\木马杀客\mmsk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155234370140
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://password.qq.com/download/qqedit.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl-1.0.0.90-signed.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E41128E8-A201-49F7-B072-63F5DF5679A0}: NameServer = 202.100.128.68
O23 - NT 服务: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rising\Rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\Ravmond.exe

Logfile of Kaka v2. 0. 0. 9 Scan Module v2. 0. 0. 1
Scan saved at 01:45:21, on 2006-08-23
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))


Running processes:
[smss.exe]
CommandLine =

[csrss.exe]
CommandLine = C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[winlogon.exe]
CommandLine = winlogon.exe

[SERVICES.EXE]
CommandLine = C:\WINDOWS\system32\services.exe

[LSASS.EXE]
CommandLine = C:\WINDOWS\system32\lsass.exe

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k DcomLaunch

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k rpcss

[CCenter.exe]
CommandLine = "D:\Program Files\Rising\Rav\CCenter.exe"

[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k netsvcs

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k NetworkService

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k LocalService

[RavMonD.exe]
CommandLine = "D:\Program Files\Rising\Rav\Ravmond.exe"

[rfwsrv.exe]
CommandLine = "D:\Program Files\Rising\Rising\Rfw\rfwsrv.exe"

[Explorer.EXE]
CommandLine = C:\WINDOWS\Explorer.EXE

[spoolsv.exe]
CommandLine = C:\WINDOWS\system32\spoolsv.exe

[RavStub.exe]
CommandLine = "D:\Program Files\Rising\Rav\RavStub.exe" /RAVMOND

[realsched.exe]
CommandLine = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[RavTask.exe]
CommandLine = "D:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM

[RFWMAIN.EXE]
CommandLine = "D:\Program Files\Rising\Rising\Rfw\rfwmain.exe" -Startup

[RavMon.exe]
CommandLine = "D:\Program Files\Rising\Rav\Ravmon.exe" -SYSTEM

[mmsk.exe]
CommandLine = "D:\Program Files\Rising\木马杀客\mmsk.exe"

[ctfmon.exe]
CommandLine = "C:\WINDOWS\system32\ctfmon.exe"

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k imgsvc

[alg.exe]
CommandLine = C:\WINDOWS\System32\alg.exe

[iexplore.exe]
CommandLine = "C:\Program Files\Internet Explorer\iexplore.exe" http://www.ikaka.com/

[KkScan.exe]
CommandLine = "D:\Program Files\Rising\KkScan.exe"

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.haokan123.com/
R3 - Default URLSearchHook is missing
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RavTask] "D:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "D:\Program Files\Rising\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [mmsk] D:\Program Files\Rising\木马杀客\mmsk.exe
O4 - HKLM\..\RunOnce: [Super Rabbit Winspeed] "D:\新建文件夹\MagicSet\winspeed.exe" /autokill:150,149,148,147,146,145,144,143,142,141,140,139,138,137,136,135,134,133,132,131,130,129,128,127,126,125,124,123,122,121,120,119,118,117,116,115,114,113,112,111,110,109,108,107,106,105,104,103,102,101,100,99,98,97,96,95,94,93,92,91,90,89,88,87,86,85,84,83,82,81,80,79,78,77,76,75,74,73,72,71,70,69,68,67,66,65,64,63,62,61,60,59,58,57,56,55,54,53,52,51,50,49,48,47,46,45,44,43,42,41,40,39,38,37,36,35,34,33,32,31,30,29,28,27,26,25,24,23,22,21,20,19,18,17,16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1
O4 - HKLM\..\RunOnce: [RavStub] "D:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - Startup: desktop.ini =
O4 - Global Startup: desktop.ini =
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155234370140
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://password.qq.com/download/qqedit.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl-1.0.0.90-signed.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E41128E8-A201-49F7-B072-63F5DF5679A0}: NameServer = 202.100.128.68
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O23 - Service: Human Interface Device Access (HidServ) -  - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "D:\Program Files\Rising\Rav\CCenter.exe"
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - "D:\Program Files\Rising\Rav\Ravmond.exe"
O23 - Service: Volume Optimization (Tech) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe -k netsvcs

就这么多了，请高手看下，我中的病毒是不是清理完了，要是么清理完，接下来该怎么做？

不能沉啊。。。。。。。。。。。。。。。。。。。。。。。。