Logfile of Kaka v2. 0. 0. 9 Scan Module v2. 0. 0. 1
Scan saved at 09:30:35, on 2006-10-17
Platform: Microsoft Windows XP Personal Service Pack 1 (Build 2600)
MSIE: Internet Explorer v6.00 SP1;Q810847;Q813951; (6.00.2800.1106 (xpsp1.020828-1920))


Running processes:
[smss.exe]
CommandLine =

[csrss.exe]
CommandLine = C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[winlogon.exe]
CommandLine = winlogon.exe

[services.exe]
CommandLine = C:\WINDOWS\system32\services.exe

[lsass.exe]
CommandLine = C:\WINDOWS\system32\lsass.exe

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k rpcss

[CCenter.exe]
CommandLine = "C:\Program Files\Rising\Rav\CCenter.exe"

[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k netsvcs

[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k NetworkService

[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k LocalService

[RavMonD.exe]
CommandLine = "C:\Program Files\Rising\Rav\Ravmond.exe"

[explorer.exe]
CommandLine = C:\WINDOWS\Explorer.EXE

[rfwsrv.exe]
CommandLine = "C:\Program Files\Rising\Rfw\rfwsrv.exe"

[cdnup.exe]
CommandLine = "C:\Program Files\CNNIC\Cdn\cdnup.exe"

[rundll32.exe]
CommandLine = Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32

[spoolsv.exe]
CommandLine = C:\WINDOWS\system32\spoolsv.exe

[RavStub.exe]
CommandLine = "C:\Program Files\Rising\Rav\RavStub.exe" /RAVMOND

[rfwmain.exe]
CommandLine =  -StartUp

[alg.exe]
CommandLine = C:\WINDOWS\System32\alg.exe

[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k aspwstate

[clipsvr.exe]
CommandLine = C:\WINDOWS\system32\clipsvr.exe

[DVDRAMSV.exe]
CommandLine = C:\WINDOWS\System32\DVDRAMSV.exe

[JWPEN.EXE]
CommandLine = C:\WINDOWS\System32\JWPEN.exe

[rundll32.exe]
CommandLine = C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\MMSASS~1\MMSSVER.DLL,Service

[powermsgr.exe]
CommandLine = c:\windows\powermsgr.exe

[rundll.exe]
CommandLine = C:\WINDOWS\SYSTEM32\RUNDLL.EXE C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL,Export 1087

[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k NFSWZCSVC

[srvany.exe]
CommandLine = c:\windows\system32\srvany.exe

[SMAgent.exe]
CommandLine = "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe"

[rundll32.exe]
CommandLine = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\STDSVER.DLL,Service

[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k imgsvc

[rundll32.exe]
CommandLine = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\sdmAgent20.dll,StartAgent

[winlogon.exe]
CommandLine = c:\windows\system32\wbem\winlogon.exe

[hkcmd.exe]
CommandLine = "C:\WINDOWS\System32\hkcmd.exe"

[PmProxy.exe]
CommandLine = "C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe"

[00THotkey.exe]
CommandLine = "C:\WINDOWS\System32\00THotkey.exe"

[ltsmmsg.exe]
CommandLine = "C:\WINDOWS\LTSMMSG.exe"

[TPWRTRAY.EXE]
CommandLine = "C:\WINDOWS\System32\TPWRTRAY.EXE"

[TFNF5.exe]
CommandLine = "C:\WINDOWS\System32\TFNF5.exe"

[Apoint.exe]
CommandLine = "C:\Program Files\Apoint2K\Apoint.exe"

[TouchED.exe]
CommandLine = "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"

[ezSP_Px.exe]
CommandLine = "C:\WINDOWS\System32\ezSP_Px.exe"

[DragDrop.exe]
CommandLine = "C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe" /StartUp

[HWSERVER.EXE]
CommandLine = "C:\HW99\HWPEN\HWSERVER.EXE"

[InCD.exe]
CommandLine = "C:\Program Files\Ahead\InCD\InCD.exe"

[ApntEx.exe]
CommandLine = "Apntex.exe"

[PPHIDPAD.EXE]
CommandLine = "C:\WINPENJR\Win32\pphidpad.exe"

[conime.exe]
CommandLine = C:\WINDOWS\System32\conime.exe

[RavTask.exe]
CommandLine = "C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM

[RavMon.exe]
CommandLine = "C:\Program Files\Rising\Rav\Ravmon.exe" -SYSTEM

[lxbxmon.exE]
CommandLine = "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"

[ezprint.exe]
CommandLine = "C:\Program Files\Lexmark 7100 Series\ezprint.exe"

[lxbxcoms.exe]
CommandLine = C:\WINDOWS\System32\lxbxcoms.exe -service

[ylive.exe]
CommandLine = "C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe"

[yassistse.exe]
CommandLine = "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"

[realsched.exe]
CommandLine = "C:\WINDOWS\system\realsched.exe"

[ctfmon.exe]
CommandLine = "C:\WINDOWS\System32\ctfmon.exe"

[QQ.exe]
CommandLine = "C:\Program Files\Tencent\QQ\QQ.exe"

[TIMPlatform.exe]
CommandLine = "C:\Program Files\Tencent\QQ\TIMPlatform.exe" -Embedding

[IEXPLORE.EXE]
CommandLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE"

[rundll32.exe]
CommandLine = C:\WINDOWS\System32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll

[jjsvr4.exe]
CommandLine = "C:\Program Files\jj4\jjsvr4.exe"

[KkScan.exe]
CommandLine = "C:\Program Files\Rising\KakaToolBar\KkScan.exe"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.google.com/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.yahoo.com.cn
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.7255.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.yahoo.com.cn
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.baidu.com/
R3 - URLSearchHook: IE Toolbar - {04C7B109-8162-A0D6-B186-DBE176064A3E} - C:\PROGRA~1\EQISOT~1\eqiso.dll
R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 219.139.58.97  www.hao123.com
O1 - Hosts: 219.139.58.97  hao123.com
O1 - Hosts: 219.139.58.97  www.7b.com.cn
O1 - Hosts: 219.139.58.97  7b.com.cn
O1 - Hosts: 219.139.58.97  www.7939.com
O1 - Hosts: 219.139.58.97  www.maohehe.com
O1 - Hosts: 219.139.58.97  www.sina-baidu.com
O1 - Hosts: 219.139.58.97  sina-baidu.com
O1 - Hosts: 219.139.58.97  www.maipao.com
O1 - Hosts: 219.139.58.97  update.virussky.com
O1 - Hosts: 219.139.58.97  down.virussky.com
O1 - Hosts: 219.139.58.97  www.ycdy.com
O1 - Hosts: 219.139.58.97  ycdy.com
O1 - Hosts: 219.139.58.97  www.2tu.cn
O1 - Hosts: 219.139.58.97  2tu.cn
O1 - Hosts: 219.139.58.97  www.91tu.cn
O1 - Hosts: 219.139.58.97  91tu.cn
O1 - Hosts: 219.139.58.97  www.haotop.com
O1 - Hosts: 219.139.58.97  news01.virussky.com
O1 - Hosts: 219.139.58.97  news02.virussky.com
O1 - Hosts: 219.139.58.97  news03.virussky.com
O1 - Hosts: 219.139.58.97  news04.virussky.com
O1 - Hosts: 219.139.58.97  news40.virussky.com
O1 - Hosts: 219.139.58.97  news41.virussky.com
O1 - Hosts: 219.139.58.97  news42.virussky.com
O1 - Hosts: 219.139.58.97  www.an85.com
O1 - Hosts: 219.139.58.97  an85.com
O1 - Hosts: 219.139.58.97  www.360safe.com
O1 - Hosts: 219.139.58.97  360safe.com
O1 - Hosts: 219.139.58.97  dl.360safe.com
O1 - Hosts: 219.139.58.97  bbs.360safe.com
O1 - Hosts: 219.139.58.97  www.gao58.com
O1 - Hosts: 219.139.58.97  count18.51yes.com
O1 - Hosts: 219.139.58.97  www.ok538.com
O1 - Hosts: 219.139.58.97  www.3000sss.com
O1 - Hosts: 219.139.58.97  3000sss.com
O1 - Hosts: 219.139.58.97  www.qq658.com
O1 - Hosts: 219.139.58.97  www.53679.com
O1 - Hosts: 219.139.58.97  www.17587.net
O1 - Hosts: 219.139.58.97  www.17587.com
O1 - Hosts: 219.139.58.97  www.an188.com
O1 - Hosts: 219.139.58.97  cwzwxm.3322.org
O1 - Hosts: 219.139.58.97  www.onediy.net
O1 - Hosts: 219.139.58.97  sohu.fswan.com
O1 - Hosts: 219.139.58.97  www.hewdq.com
O1 - Hosts: 219.139.58.97  go.ipcenter.cn
O1 - Hosts: 219.139.58.97  www.32666.com
O1 - Hosts: 219.139.58.97  show.googleadsenseagent.com
O1 - Hosts: 219.139.58.97  www.2yin.cn

O1 - Hosts: 219.139.58.97  2yin.cn
O1 - Hosts: 219.139.58.97  www.84442.com
O1 - Hosts: 219.139.58.97  www.898333.com
O1 - Hosts: 219.139.58.97  hewdq.com
O1 - Hosts: 219.139.58.97  84442.com
O1 - Hosts: 219.139.58.97  wwww.systeel.com.cn
O1 - Hosts: 219.139.58.97  go.baibaoxiang.cn
O1 - Hosts: 219.139.58.97  www.btbaicai.com
O1 - Hosts: 219.139.58.97  btbaicai.com
O1 - Hosts: 219.139.58.97  www.2t2t.cn
O1 - Hosts: 219.139.58.97  2t2t.cn
O1 - Hosts: 219.139.58.97  3.a.kal.cn
O1 - Hosts: 219.139.58.97  www.222978.com
O1 - Hosts: 219.139.58.97  www.5yaowan.com
O1 - Hosts: 219.139.58.97  show.roogoo.com
O1 - Hosts: 219.139.58.97  ip.alexaanywhere.com
O1 - Hosts: 219.139.58.97  www.znmq.com
O1 - Hosts: 219.139.58.97  www.pctutu.com
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O2 - BHO:  (file missing)
O2 - BHO:  - {669751ED-D558-49AE-B01A-3B374CC7910E} - C:\WINDOWS\System32\ssup.dll
O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar:  (file missing)
O3 - Toolbar:  (file missing)
O3 - Toolbar:  (file missing)
O3 - Toolbar:  (file missing)
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\kakatool.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [pyjj] C:\Program Files\jj4\jjsvr4.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [HWSERVER] C:\HW99\HWPEN\HWSERVER.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 7100 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [SECUPDATE] C:\Program Files\MySec\secupdateaan.exe -sv
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [winrun] C:\DOCUME~1\fujie\LOCALS~1\Temp\svct.com
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [realtpsk] C:\WINDOWS\system\realsched.exe
O4 - HKLM\..\Run: [stup.exe] C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - Startup: desktop.ini =
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: desktop.ini =
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra Button: (no name) - {0062C9BD-B349-40DE-91A0-755F37ACD559}? -
O9 - Extra Button: My网蜜 - {102293E4-758B-4483-946B-714EBCEC91B8}? - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: My网蜜 - {102293E4-758B-4483-946B-714EBCEC91B8}? - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra Button: 酷标 - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5}? - C:\Program Files\coolsign\coolsign.dll
O9 - Extra Button: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra Button: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra Button: 名品折扣 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816 (file missing)
O9 - Extra Button: 名品折扣 - {59BC54A2-56B3-44a0-93E5-432D58746E26}? - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816 (file missing)
O9 - Extra Button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra Button: (no name) - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}? -

O9 - Extra Button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra Button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra Button: 雅虎WIDGET - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra Button: 雅虎WIDGET - {6354ABE6-05F1-49ed-B850-E423120EC338}? - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra Button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra Button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191}? - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191}? - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3}? - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3}? - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra Button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra Button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra Button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra Button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra Button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra Button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra Button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O10 - Unknown file in Winsock LSP: C:\WINDOWS\System32\cdnns.dll
O11 - Options group: [!CNS]  网络实名
O11 - Options group: [CDNCLIENT]  中文上网
O11 - Options group: [TBH] 搜搜地址栏搜索
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O15 - Trusted Zone: 
O16 - DPF: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{54AE2E2C-AE47-4C38-8A75-CB13E19E56B8}: NameServer = 218.2.135.1 61.147.37.1
O18 - Filter : application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll
O18 - Filter : application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll
O18 - Filter : application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O20 - Winlogon Notify: igfxcui
O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - C:\WINDOWS\webwork\webwork.dll
O23 - Service: Application Management (AppMgmt) -  - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: DVD-RAM_Service (DVD-RAM_Service) - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\dvdramsv.exe
O23 - Service: HanWangTablet (HanWangTablet) -  - C:\WINDOWS\System32\jwpen.exe
O23 - Service: Human Interface Device Access (HidServ) -  - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Spectrum24 Events Monitor (IPRIP) - LINKMEDIA Tech - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: JMediaService (JMediaService) -  - C:\WINDOWS\System32\rundll32.exe c:\progra~1\mmsass~1\mmssver.dll,service
O23 - Service: Internet Protect Service (lDOMANE) -  - C:\WINDOWS\System32\rundll.exe c:\windows\system32\wbem\smtpconfs.dll,export 1087
O23 - Service: lxbx_device (lxbx_device) - Lexmark International, Inc. - C:\WINDOWS\System32\lxbxcoms.exe -service
O23 - Service: NetMeeting Remote Desktop Agent (Nwsapagent) - LINKMEDIA Tech - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\Rising\Rav\CCenter.exe"
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\Rising\Rav\Ravmond.exe"
O23 - Service: SockClient (SockClient) -  - C:\WINDOWS\System32\srvany.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StdService (StdService) -  - C:\WINDOWS\System32\rundll32.exe c:\windows\system32\stdsver.dll,service

你这个很麻烦，建议格掉算了
要清理的话c:\windows\system32\wbem\winlogon.exe
参考http://forum.ikaka.com/topic.asp?board=67&artid=8185007
用超级兔子清理掉所有的流氓软件后再重新扫日志上来

隔掉？怎么隔啊？我不太会！我是菜鸟！请高人指点

晕！它删除不掉啊！怎么办？

流氓软件太多了。。。。

给我个能杀掉流氓软件的软件啊！
有什么好的软件？

安全模式下,用超级兔子试试