我的2000的系统，通过update打过补丁，安装瑞星的防火墙和杀毒，有卡卡助手。可是在浏览网页的时候老是莫名其妙的会弹出一些网页，包括这个www.139.com。请问是怎么回事？杀过N遍毒都提示正常。附上我的扫描日志：

Logfile of Kaka v2. 0. 2. 5 Scan Module v1. 0. 2. 9
Scan saved at 00:15:40, on 2006-12-08
Platform: Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)
MSIE: Internet Explorer v6.00 SP1; (6.00.2800.1106)


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINNT\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: Thunder Browser Helper - {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Thunder Network\ComDlls\XunLeiBHO_006.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - d:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO:  (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\KakaTool.dll
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] d:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\Thunder Network\Program\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Program\getallurl.htm
O9 - Extra Button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\Program Files\Thunder Network\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\Program Files\Thunder Network\Thunder.exe
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163754477156
O17 - HKLM\System\CCS\Services\Tcpip\..\{282FB622-7134-4AA8-88B1-F84DB684D92A}: NameServer = 61.134.1.4 218.30.19.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1623789-E2DD-497B-AB3B-21A232545CE0}: NameServer = 61.134.1.4,218.30.19.40
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINNT\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx
O20 - Winlogon Notify: AtiExtEvent
O20 - Winlogon Notify: wzcnotif
O23 - Service: Ati HotKey Poller (Ati HotKey Poller) -  - C:\WINNT\system32\ati2evxx.exe
O23 - Service: ATI Smart (ATI Smart) -  - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\system32\dmadmin.exe /com
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "d:\Program Files\Rising\Rav\CCenter.exe"
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - "d:\Program Files\Rising\Rav\Ravmond.exe"

另外我在whois.com找到了139.com的资料，不知道对不对？我也在反恶意软件论坛发了帖子，希望能帮我分析问题，尽快的找出解决的办法。谢谢！！
附上在whois.com上的139.com的资料：
Whois lookup for 139.com.


Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.


Domain Name: 139.COM
Registrar: HICHINA WEB SOLUTIONS (HONG KONG) LIMITED
Whois Server: grs.hichina.com
Referral URL: http://whois.hichina.com
Name Server: NS1.139.COM
Name Server: NS2.139.COM
Status: ACTIVE
EPP Status: ok
Updated Date: 06-Dec-2006
Creation Date: 25-Apr-1997
Expiration Date: 26-Apr-2014

>>> Last update of whois database: Thu, 07 Dec 2006 11:19:48 EST <<<

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name ..................... 139.com
Name Server ..................... NS2.139.COM
NS1.139.COM
Registrant ID ................... registrant
Registrant Name ................. staff
Registrant Organization ......... HiChina Web Solutions (Hong Kong) Limited
Registrant Address .............. 3/F., HiChina Mansion,
No.27 Gulouwai Avenue Dongcheng District,
Beijing, China
Registrant City ................. Beijing
Registrant Province/State ....... Beijing
Registrant Postal Code .......... 100011
Registrant Country Code ......... CN
Registrant Phone Number ......... +86.01064242299 -
Registrant Fax .................. +86.01064254247 -
Registrant Email ................ domainadm@hichina.com
Technical ID .................... tech
Technical Name .................. tech
Technical Organization .......... HiChina Web Solutions (Hong Kong) Limited
Technical Address ............... 3/F., HiChina Mansion,
No.27 Gulouwai Avenue Dongcheng District,
Beijing, China
Technical City .................. Beijing
Technical Province/State ........ Beijing
Technical Postal Code ........... 100011
Technical Country Code .......... CN
Technical Phone Number .......... +86.01064242299 -
Technical Fax ................... +86.01064254247 -
Technical Email ................. domainadm@hichina.com
Administrative ID ............... admin
Administrative Name ............. admin
Administrative Organization ..... HiChina Web Solutions (Hong Kong) Limited
Administrative Address .......... 3/F., HiChina Mansion,
No.27 Gulouwai Avenue Dongcheng District,
Beijing, China
Administrative City ............. Beijing
Administrative Province/State ... Beijing
Administrative Postal Code ...... 100011
Administrative Country Code ..... CN
Administrative Phone Number ..... +86.01064242299 -
Administrative Fax .............. +86.01064254247 -
Administrative Email ............ domainadm@hichina.com
Billing ID ...................... billing
Billing Name .................... billing
Billing Organization ............ HiChina Web Solutions (Hong Kong) Limited
Billing Address ................. 3/F., HiChina Mansion,
No.27 Gulouwai Avenue Dongcheng District,
Beijing, China
Billing City .................... Beijing
Billing Province/State .......... Beijing
Billing Postal Code ............. 100011
Billing Country Code ............ CN
Billing Phone Number ............ +86.01064242299 -
Billing Fax ..................... +86.01064254247 -
Billing Email ................... domainadm@hichina.com
Expiration Date ................. 2014-04-27 04:00:00

通过ping得到www.139.com的地址为59.151.16.198,www1.139.com的IP为60.160.111.136。分属两个不同的地址段。如果大家有空的话可以继续分析。谢谢！！

现在弹出的网页是http://www.myad.cn/code/vip.asp。我在防火墙里看到IE打开了5个端口，可一转眼就自动断开了。我的任务栏只有一个“404NOT FOUND”的提示。郁闷啊。而且在断开这个端口前我看到IP的前几位好象是“8.0.”什么的这样的一个IP。请各位帮我分析。谢谢！！

请下载SREng2（最新版） ，使用“智能扫描”，按下“扫描”按钮进行扫描，
扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完，分次粘完，请不要修改。

下载地址
http://www.kztechs.com/sreng/sreng2.zip

我的原则是在系统中用尽量少的工具解决尽量多的问题。尽管如此，还是谢谢楼上能帮我分析问题。下面帖上我的sreng报告：
2006-12-08,23:07:45

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <zBrowser Launcher><d:\Program Files\Logitech\iTouch\iTouch.exe>  [Logitech Inc.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)RealNetworks, Inc.]
    <RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Corporation]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{08315C1A-9BA9-4B7C-A432-26885F78DF28}?><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <Network.ConnectionTray><C:\WINNT\system32\NETSHELL.dll>  [(Verified)Microsoft Corporation]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Corporation]
    <SysTray><stobject.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
    <WinlogonNotify: wzcnotif><wzcdlg.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Corporation]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINNT\system32\Ati2evxx.exe><N/A>
[ATI Smart / ATI Smart]
  <C:\WINNT\system32\ati2sgag.exe><>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Rising Proxy  Service / RfwProxySrv]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"d:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"d:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Cdr4_2K / Cdr4_2K]
  <C:\WINNT\SYSTEM32\DRIVERS\Cdr4_2K.SYS><Roxio>
[Cdralw2k / Cdralw2k]
  <C:\WINNT\SYSTEM32\DRIVERS\Cdralw2k.SYS><Roxio>
[dmboot / dmboot]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[ExpScaner / ExpScaner]
  <\??\d:\Program Files\Rising\Rav\ExpScan.sys><>
[fcdabus / fcdabus]
  <system32\DRIVERS\fcdabus.sys><FarStone Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB]
  <system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[FVDSCSI / FVDSCSI]
  <system32\DRIVERS\fvdscsi.sys><FarStone Inc.>
[GMSIPCI / GMSIPCI]
  <\??\G:\INSTALL\GMSIPCI.SYS><N/A>
[WAN Miniport Driver For PPPoE Protocol / GNetPPPoE]
  <system32\DRIVERS\PPPoE.SYS><Guangdong Data Communications Network Co.Ltd.>
[HookCont / HookCont]
  <\??\d:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg]
  <\??\d:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\d:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
  <\??\d:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[iTouch Keyboard Filter / itchfltr]
  <system32\DRIVERS\itchfltr.sys><Logitech, Inc.>
[Logitech PS/2 Mouse Filter Driver / L8042pr2]
  <system32\DRIVERS\L8042pr2.Sys><Logitech, Inc.>
[Logitech Mouse Class Filter Driver / LMouFlt2]
  <system32\DRIVERS\LMouFlt2.Sys><Logitech, Inc.>
[MEMSCAN / MEMSCAN]
  <\??\d:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
  <\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt]
  <\??\D:\program files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[QuickCam IM(PID_08A0) / PID_08A0]
  <system32\DRIVERS\LV302AV.SYS><Logitech Inc.>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv]
  <\??\d:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS]
  <\??\d:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[VIA AGP Filter / viaagp1]
  <\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[VIA USB Filter / viafilter]
  <\SystemRoot\System32\Drivers\viausb.sys><VIA Technologies, Inc.>
[viaide / viaide]
  <\SystemRoot\system32\DRIVERS\viaide.sys><VIA Technologies, Inc.>
[viamraid / viamraid]
  <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>

第二部分：
浏览器加载项
[Thunder Browser Helper]
  {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Thunder Network\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <d:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Program Files\Thunder Network\Thunder.exe, Thunder Networking Technologies,LTD>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINNT\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINNT\system32\WEBACT~1.OCX, QQ>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINNT\system32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <D:\Program Files\Thunder Network\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\Program Files\Thunder Network\Program\getallurl.htm, N/A>

==================================
正在运行的进程
[PID: 152][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 180][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 200][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
    [C:\WINNT\system32\Ati2evxx.dll]  [N/A, N/A]
[PID: 228][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 240][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
[PID: 348][C:\WINNT\system32\Ati2evxx.exe]  [N/A, N/A]
    [C:\WINNT\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2494]
[PID: 424][d:\program files\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
    [d:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
    [d:\program files\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
    [d:\program files\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
    [d:\program files\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [d:\program files\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 436][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 464][d:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 592][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 640][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6972]
[PID: 688][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 756][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 836][d:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [d:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [d:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 996][C:\WINNT\system32\Ati2evxx.exe]  [N/A, N/A]
    [C:\WINNT\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2494]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
[PID: 972][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [D:\Program Files\Thunder Network\ComDlls\XunLeiBHO_006.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.5.2005092300]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
    [D:\Program Files\Logitech\iTouch\iTchHk.dll]  [Logitech Inc., 1.0.0]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [D:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [d:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINNT\system32\PPPOE.DLL]  [Guangdong Data Communications Network Co.Ltd., 5.00.2195.1620]
    [D:\Program Files\Logitech\iTouch\kbdhook.dll]  [Logitech Inc., 2.22.289]
[PID: 772][C:\WINNT\system32\taskmgr.exe]  [Microsoft Corporation, 5.00.2195.6620]
    [D:\Program Files\Logitech\iTouch\iTchHk.dll]  [Logitech Inc., 1.0.0]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
[PID: 1136][C:\WINNT\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.38]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
[PID: 1176][D:\Program Files\Logitech\iTouch\iTouch.exe]  [Logitech Inc., 2.22.289]
    [D:\Program Files\Logitech\iTouch\iTchHk.dll]  [Logitech Inc., 1.0.0]
    [D:\Program Files\Logitech\iTouch\iTouchrc.dll]  [Logitech Inc., 2.22.289]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
    [D:\Program Files\Logitech\iTouch\kbdhook.dll]  [Logitech Inc., 2.22.289]
[PID: 1188][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3760]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
[PID: 1280][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
[PID: 1260][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.578\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [D:\Program Files\Logitech\iTouch\iTchHk.dll]  [Logitech Inc., 1.0.0]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
    [D:\Program Files\Logitech\iTouch\kbdhook.dll]  [Logitech Inc., 2.22.289]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================

最近跳出来的网页是www.myad.com,IP解析为61.129.35.156,在CNNIC上的注册信息如下：
CNNIC IP WHOIS数据库

地址段范围:  61.129.34.0 - 61.129.35.255 
网络名:  GREEN-POWER-BAR 
单位描述: G reen Power Bar 
国家:  CN 
管理联系人:  ZY108-AP 
技术联系人:  ZY108-AP 
维护方帐号:  MAINT-CHINANET-SH 
更改记录:  ip-admin@mail.online.sh.cn 20040618 
地址段状态:  ASSIGNED NON-PORTABLE 
数据来源:  APNIC 



联系人:  Zhu Ying 
通信地址:  F18,819 West Beijing Road,Shanghai 200081 
国家:  CN 
电话: + 86-21-52128580 
传真:  +86-21-52128566 
电子邮件:  ip-admin@mail.online.sh.cn 
联系人帐号:  ZY108-AP 
维护方帐号:  MAINT-CHINANET-SH 
更改记录:  ip-admin@mail.online.sh.cn 20031016 
数据来源:  APNIC 

还有，我今天更改了DNS服务器，把原来有218.30.19.40给去掉了，换上了原来的DNS。现在测试中，测试结果以后继续中...

看看学习