Logfile of Kaka v2. 0. 2. 1 Scan Module v1. 0. 0. 41
Scan saved at 00:31:53, on 2006-11-19
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.yahoo.com.cn
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: Thunder Browser Helper - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O2 - BHO:  - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - E:\PROGRA~1\KuGoo2\KUGOO3~1.OCX
O3 - Toolbar:  (file missing)
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [xy] C:\WINDOWS\Download\svhost32.exe
O4 - HKLM\..\Run: [r] C:\WINDOWS\down\rundll32.exe
O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\rising\Rav\ravstub.exe" /RUNONCE
O4 - Startup: desktop.ini =
O4 - Global Startup: desktop.ini =
O4 - Global Startup: 星空极速.lnk = C:\Program Files\ChinaNet\VnetClient.exe
O8 - Extra context menu item: &使用迅雷下载 - E:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Tencent\QQ0388FT\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - E:\PROGRA~1\KUGOO2\KuGoo3DownX.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Tencent\QQ0388FT\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Tencent\QQ0388FT\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Tencent\QQ0388FT\SendMMS.htm
O9 - Extra Button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - E:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - E:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra Button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\Program Files\浩方对战平台\GameClient.exe
O9 - Extra Button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra Button: JUJU猫 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.jujumao.net (file missing)
O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Tencent\QQ0388FT\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Tencent\QQ0388FT\QQ.EXE
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: {414E7D87-8073-4EFB-9E4B-C8DF04C979EE} (PortalCom AAA 1.0) - http://202.109.117.146/PortalAX02.cab
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) - http://dl_dir.qq.com/3dshow/3DShowVM.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC7942D0-8B5E-4D3D-9A4D-3E4B67955E8D}: NameServer = 202.96.209.133 202.109.117.200
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O23 - Service: Human Interface Device Access (HidServ) -  - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\rising\Rav\CCenter.exe"
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\rising\Rav\Ravmond.exe"
O23 - Service: User Privilege Service (usprserv) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program files\Internet Explorer\PLUGINS\sb.dll

O4 - HKLM\..\Run: [xy] C:\WINDOWS\Download\svhost32.exe
O4 - HKLM\..\Run: [r] C:\WINDOWS\down\rundll32.exe
安全模式下清理上面这两项~
查找并删除相关文件~

另,请下载SREng扫描个日志上来~

http://www.kztechs.com/

2006-11-19,00:48:09

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <NiceMs><C:\Program Files\Internet Explorer\PLUGINS\temp.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTask><"C:\Program Files\rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <xy><C:\WINDOWS\Download\svhost32.exe>  [N/A]
    <r><C:\WINDOWS\down\rundll32.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"C:\Program Files\rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\Userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{06A48AD9-FF57-4E73-937B-B493E72F4226}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk>  [N/A]
    <{6E44887F-5214-41F2-AB46-4728735C4CC6}><C:\Program Files\Internet Explorer\PLUGINS\system16.sys>  [N/A]

==================================
启动文件夹
[星空极速]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\星空极速.lnk --> C:\PROGRA~1\ChinaNet\VNETCL~1.EXE []><N>

==================================
服务
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
  <"C:\Program Files\rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Aureal Game Port Enumerator / admjoy]
  <system32\DRIVERS\admjoy.sys><Aureal, Inc.>
[AliIde / AliIde]
  <\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[FAMETECH USB PC CAMERA / CA561]
  <System32\Drivers\SPCA561.SYS><SP>
[CALLKEY_IO / CALLKEY_IO]
  <\??\C:\Program Files\OneKey\CALLKEY.sys><N/A>
[CmdIde / CmdIde]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[EagleNT / EagleNT]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[ExpScaner / ExpScaner]
  <\??\C:\Program Files\rising\Rav\ExpScan.sys><>
[HookCont / HookCont]
  <\??\C:\Program Files\rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\C:\Program Files\rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\C:\Program Files\rising\Rav\HookSys.sys><Rising>
[HpaFilt / HpaFilt]
  <C:\WINDOWS\SYSTEM32\DRIVERS\HpaFilt.SYS><Legend Corporation>
[HSFHWBS2 / HSFHWBS2]
  <system32\DRIVERS\HSFBS2S2.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP]
  <system32\DRIVERS\HSFDPSP2.sys><Conexant Systems, Inc.>
[mdmxsdk / mdmxsdk]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[MegaIDE / MegaIDE]
  <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[MEMSCAN / MEMSCAN]
  <\??\C:\Program Files\rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[New0 / New0]
  <\??\C:\WINDOWS\system32\new.sys><N/A>
[Netgroup Packet Filter / NPF]
  <system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt]
  <\??\E:\Tencent\QQ0388FT\npkcrypt.sys><N/A>
[npkycryp / npkycryp]
  <\??\E:\Tencent\QQ0388FT\npkycryp.sys><N/A>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[Service for AC'97 Sample Driver (WDM) / SiS7012]
  <system32\drivers\sis7012.sys><Silicon Integrated Systems Corporation>
[SIS AGP Bus Filter / sisagp]
  <\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[ViaIde / ViaIde]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>

==================================
浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v8.dll, Thunder Networking Technologies,LTD>
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <E:\PROGRA~1\KuGoo2\KUGOO3~1.OCX, N/A>
[EyeOnIE]
  {C14393E1-95FF-4DFF-9BE0-EA008D4EF930} <C:\PROGRA~1\test\BHOPLU~1.DLL, >
[启动迅雷]
  {0062C9BD-B349-40DE-91A0-755F37ACD559} <E:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <E:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[豪杰超级解霸V8]
  {367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\Herosoft\HeroV8\STHSDVD.EXE, herosoft>
[JUJU猫]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.jujumao.net, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Tencent\QQ0388FT\QQ.EXE, TENCENT>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[PortalCom AAA 1.0]
  {414E7D87-8073-4EFB-9E4B-C8DF04C979EE} <C:\WINDOWS\DOWNLO~1\PORTAL~1.OCX, Huawei Co. Ltd.>
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <C:\WINDOWS\system32\macromed\download\Download.dll, Macromedia, Inc.>
[WebActivater Control]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v8.dll, Thunder Networking Technologies,LTD>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[PortalCom AAA 1.0]
  {414E7D87-8073-4EFB-9E4B-C8DF04C979EE} <C:\WINDOWS\DOWNLO~1\PORTAL~1.OCX, Huawei Co. Ltd.>
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <E:\PROGRA~1\KuGoo2\KUGOO3~1.OCX, N/A>
[卡卡上网安全助手]
  {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[EyeOnIE]
  {C14393E1-95FF-4DFF-9BE0-EA008D4EF930} <C:\PROGRA~1\test\BHOPLU~1.DLL, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[&使用迅雷下载]
  <E:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <E:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <E:\Tencent\QQ0388FT\AddToNetDisk.htm, N/A>
[使用KuGoo3下载(&K)]
  <E:\PROGRA~1\KUGOO2\KuGoo3DownX.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <E:\Tencent\QQ0388FT\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\Tencent\QQ0388FT\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\Tencent\QQ0388FT\SendMMS.htm, N/A>

==================================

正在运行的进程
[PID: 420][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 484][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 508][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 552][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 564][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 712][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 760][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 824][C:\Program Files\rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 844][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 884][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1036][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1076][C:\Program Files\rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 47]
    [C:\Program Files\rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 18, 1, 0, 12]
    [C:\Program Files\rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 33]
    [C:\Program Files\rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\rising\Rav\HookWeb.dll]  [rising, 18, 0, 0, 2]
    [C:\Program Files\rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [C:\Program Files\rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [C:\Program Files\rising\Rav\MailMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [C:\Program Files\rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 35]
    [C:\Program Files\rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]
    [C:\Program Files\rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [C:\Program Files\rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
    [C:\Program Files\rising\Rav\RSUnpack.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 20]
    [C:\Program Files\rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 24]
    [C:\Program Files\rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [C:\Program Files\rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\rising\Rav\ScanNet.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1276][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\PLUGINS\sb.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\wldll.dll]  [N/A, N/A]
    [C:\WINDOWS\rxdll.dll]  [N/A, N/A]
    [E:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\DOCUME~1\user\LOCALS~1\Temp\11.jpg]  [N/A, N/A]
    [C:\WINDOWS\system32\xunleibho_v8.dll]  [Thunder Networking Technologies,LTD, 4, 5, 1, 33]
    [E:\PROGRA~1\KuGoo2\KUGOO3~1.OCX]  [N/A, N/A]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\LgdGuard.dll]  [, ]
[PID: 1340][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 1464][C:\Program Files\rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [C:\Program Files\rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1700][C:\Program Files\rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\WINDOWS\system32\wldll.dll]  [N/A, N/A]
    [C:\WINDOWS\rxdll.dll]  [N/A, N/A]
[PID: 1728][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3427]
    [C:\WINDOWS\system32\wldll.dll]  [N/A, N/A]
    [C:\WINDOWS\rxdll.dll]  [N/A, N/A]
[PID: 1736][C:\WINDOWS\Download\svhost32.exe]  [N/A, N/A]
    [C:\WINDOWS\system32\wldll.dll]  [N/A, N/A]
    [C:\WINDOWS\rxdll.dll]  [N/A, N/A]
[PID: 1748][C:\WINDOWS\down\rundll32.exe]  [N/A, N/A]
    [C:\WINDOWS\rxdll.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\wldll.dll]  [N/A, N/A]
[PID: 1820][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wldll.dll]  [N/A, N/A]
    [C:\WINDOWS\rxdll.dll]  [N/A, N/A]
[PID: 1836][C:\Program Files\ChinaNet\VnetClient.exe]  [, 2006, 3, 17, 1]
    [C:\Program Files\ChinaNet\Communicate.dll]  [GDCN, 2006, 2, 15, 1]
    [C:\Program Files\ChinaNet\DialModule.dll]  [GDCN, 2006, 3, 8, 18]
    [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  [, 2004, 2, 28, 1]
    [C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX]  [, 2006, 2, 8, 1]
    [C:\PROGRA~1\ChinaNet\sign.dll]  [0, 2004, 12, 1, 1]
    [C:\PROGRA~1\ChinaNet\WEBPLU~1.DLL]  [, 2005, 8, 18, 1]
    [C:\PROGRA~1\ChinaNet\PlugIns\SMSPLU~1\SMSPLU~1.DLL]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\ChinaNet\PostPlug.dll]  [, 2004, 12, 16, 2]
    [C:\PROGRA~1\ChinaNet\ADVERT~1.OCX]  [, 2006, 2, 20, 1]
    [C:\PROGRA~1\ChinaNet\VnetBs.ocx]  [, 2004, 11, 18, 1]
    [C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL]  [, 2006, 5, 29, 14]
    [C:\PROGRA~1\ChinaNet\AccountMgr.dll]  [, 2006, 5, 26, 9]
    [C:\PROGRA~1\ChinaNet\VnetSkin.ocx]  [GDDC, 2005, 11, 14, 1]
    [C:\PROGRA~1\ChinaNet\DialogStyle.dll]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\ChinaNet\Timer.ocx]  [, 2006, 3, 24, 9]
    [C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX]  [, 2006, 4, 4, 1]
    [C:\PROGRA~1\ChinaNet\NEWMES~1.DLL]  [, 2006, 5, 24, 16]
    [C:\PROGRA~1\ChinaNet\PassCtrl.dll]  [GDCN, 2006, 3, 1, 16]
    [C:\WINDOWS\system32\wpcap.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [C:\WINDOWS\system32\pthreadVC.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\packet.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [C:\PROGRA~1\ChinaNet\PlugPush.dll]  [, 2004, 12, 21, 1]
    [C:\PROGRA~1\ChinaNet\ALLINT~1.DLL]  [, 2006, 5, 29, 11]
    [C:\PROGRA~1\ChinaNet\VNETLO~1.OCX]  [, 2005, 10, 9, 1]
    [C:\PROGRA~1\ChinaNet\StatNum.dll]  [, 2006, 3, 1, 1]
    [C:\PROGRA~1\ChinaNet\VNETON~1.OCX]  [, 2005, 3, 2, 1]
    [C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL]  [GDCN, 2006, 5, 24, 14]
    [C:\PROGRA~1\ChinaNet\VnetOptLog.dll]  [, 2006, 3, 14, 10]
    [C:\PROGRA~1\ChinaNet\MAGICD~1.OCX]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\wldll.dll]  [N/A, N/A]
    [C:\WINDOWS\rxdll.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
    [C:\PROGRA~1\ChinaNet\DlgSkin.ocx]  [, 2005, 11, 14, 1]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk]  [N/A, N/A]
    [C:\DOCUME~1\user\LOCALS~1\Temp\11.jpg]  [N/A, N/A]

[PID: 1952][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1568][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3184][E:\Tencent\QQ0388FT\QQ.exe]  [TENCENT, 0, 0, 0, 0]
    [E:\Tencent\QQ0388FT\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [E:\Tencent\QQ0388FT\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [E:\Tencent\QQ0388FT\BasicCtrlDll.dll]  [Tencent, 5, 0, 200, 370]
    [E:\Tencent\QQ0388FT\QQAPI.dll]  [, 1, 0, 0, 1]
    [E:\Tencent\QQ0388FT\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [C:\WINDOWS\system32\wldll.dll]  [N/A, N/A]
    [C:\WINDOWS\rxdll.dll]  [N/A, N/A]
    [E:\Tencent\QQ0388FT\LoginCtrl.dll]  [, 1, 0, 0, 1]
    [E:\Tencent\QQ0388FT\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
    [E:\Tencent\QQ0388FT\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
    [E:\Tencent\QQ0388FT\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [E:\Tencent\QQ0388FT\QQMainFrame.dll]  [N/A, N/A]
    [E:\Tencent\QQ0388FT\CQQApplication.dll]  [N/A, N/A]
    [E:\Tencent\QQ0388FT\NewSkin.dll]  [, 1, 0, 0, 1]
    [E:\Tencent\QQ0388FT\HostingMgr.dll]  [, 1, 0, 0, 1]
    [E:\Tencent\QQ0388FT\CameraDll.dll]  [, 1, 0, 0, 1]
    [E:\Tencent\QQ0388FT\MailSummary.dll]  [, 1, 0, 0, 1]
    [E:\Tencent\QQ0388FT\QQSpace.dll]  [, 1, 0, 0, 1]
    [E:\Tencent\QQ0388FT\QQAllInOne.dll]  [N/A, N/A]
    [E:\Tencent\QQ0388FT\GroupLive.dll]  [N/A, N/A]
    [E:\Tencent\QQ0388FT\SCCore.dll]  [TENCENT, 2, 0, 0, 1]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [E:\Tencent\QQ0388FT\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [E:\Tencent\QQ0388FT\QRingMng.dll]  [N/A, N/A]
    [E:\Tencent\QQ0388FT\QQAvatar.dll]  [N/A, N/A]
    [E:\Tencent\QQ0388FT\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
    [E:\Tencent\QQ0388FT\QQSysMsgMng.dll]  [N/A, N/A]
    [E:\Tencent\QQ0388FT\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [E:\Tencent\QQ0388FT\QQPlugin.dll]  [N/A, N/A]
    [E:\Tencent\QQ0388FT\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [E:\Tencent\QQ0388FT\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [E:\Tencent\QQ0388FT\QQFileTransfer.dll]  [Tencent, 0, 3, 3, 5]
    [E:\Tencent\QQ0388FT\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [E:\Tencent\QQ0388FT\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [E:\Tencent\QQ0388FT\VPortal.dll]  [, 1, 0, 0, 4]
    [E:\Tencent\QQ0388FT\QQPet.dll]  [, 1, 0, 0, 1]
    [E:\Tencent\QQ0388FT\QQCustomFace.dll]  [N/A, N/A]
    [E:\Tencent\QQ0388FT\QQSceneMng.dll]  [N/A, N/A]
    [E:\Tencent\QQ0388FT\GroupConnection.dll]  [Tencent, 0, 3, 3, 5]
    [E:\Tencent\QQ0388FT\BQQApplication.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk]  [N/A, N/A]
    [E:\Tencent\QQ0388FT\CommercesMng.dll]  [, 1, 0, 0, 1]
    [E:\Tencent\QQ0388FT\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [E:\Tencent\QQ0388FT\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 240]
    [E:\Tencent\QQ0388FT\QQPhoneHelper.dll]  [腾讯科技（深圳）有限公司, 2, 0, 6, 60]
    [E:\Tencent\QQ0388FT\ImageOle.dll]  [TODO: <Company name>, 1.0.0.1]
    [E:\Tencent\QQ0388FT\QQZip.dll]  [tencent, 0, 3, 2, 4]
    [C:\DOCUME~1\user\LOCALS~1\Temp\11.jpg]  [N/A, N/A]
[PID: 3276][E:\Tencent\QQ0388FT\TIMPlatform.exe]  [tencent, 0, 3, 1, 8]
    [C:\WINDOWS\system32\wldll.dll]  [N/A, N/A]
    [C:\WINDOWS\rxdll.dll]  [N/A, N/A]
    [E:\Tencent\QQ0388FT\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 3528][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kakatool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 1]
    [C:\WINDOWS\system32\xunleibho_v8.dll]  [Thunder Networking Technologies,LTD, 4, 5, 1, 33]
    [c:\PROGRA~1\chinanet\VNETTR~1.DLL]  [, 2005, 4, 6, 1]
    [c:\PROGRA~1\chinanet\Communicate.dll]  [GDCN, 2006, 2, 15, 1]
    [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  [, 2004, 2, 28, 1]
    [E:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
    [E:\PROGRA~1\KuGoo2\KUGOO3~1.OCX]  [N/A, N/A]
    [C:\WINDOWS\system32\wldll.dll]  [N/A, N/A]
    [C:\WINDOWS\rxdll.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
    [C:\DOCUME~1\user\LOCALS~1\Temp\11.jpg]  [N/A, N/A]
    [C:\PROGRA~1\test\BHOPLU~1.DLL]  [, 1, 0, 0, 1]
[PID: 2608][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wldll.dll]  [N/A, N/A]
    [C:\WINDOWS\rxdll.dll]  [N/A, N/A]
    [C:\DOCUME~1\user\LOCALS~1\Temp\11.jpg]  [N/A, N/A]
[PID: 2668][E:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5.4.0.226]
    [E:\Program Files\Thunder Network\Thunder\Program\UpdateDownload.dll]  [Thunder Networking Technologies,LTD, 1, 0, 1, 8]
    [E:\Program Files\Thunder Network\Thunder\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 0, 0, 1]
    [E:\Program Files\Thunder Network\Thunder\Program\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [E:\Program Files\Thunder Network\Thunder\Program\log4cplus.dll]  [, 1, 0, 2, 1]
    [E:\Program Files\Thunder Network\Thunder\Program\asyn_dns.dll]  [N/A, N/A]
    [E:\Program Files\Thunder Network\Thunder\Program\msgmanage.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 15]
    [E:\Program Files\Thunder Network\Thunder\Program\historyinfo_manage.dll]  [Thunder Networking Technologies,LTD, 5, 2, 0, 148]
    [E:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 1, 0, 18]
    [E:\Program Files\Thunder Network\Thunder\Program\FloatBar.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [E:\Program Files\Thunder Network\Thunder\Plugins\TingTing\TingTing.dll]  [Thunder Networking Technologies,LTD, 1, 1, 1, 9]
    [E:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll]  [　, 1, 0, 0, 11]
    [E:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbed04.dll]  [　, 2, 3, 0, 37]
    [E:\Program Files\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 10]
    [C:\WINDOWS\system32\wldll.dll]  [N/A, N/A]
    [C:\WINDOWS\rxdll.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk]  [N/A, N/A]
    [E:\Program Files\Thunder Network\Thunder\Program\iTargetAd.dll]  [Thunder Networking Technologies,LTD, 1, 0, 1, 59]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
    [C:\DOCUME~1\user\LOCALS~1\Temp\11.jpg]  [N/A, N/A]
[PID: 3364][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\DOCUME~1\user\LOCALS~1\Temp\11.jpg]  [N/A, N/A]
    [C:\WINDOWS\system32\wldll.dll]  [N/A, N/A]
    [C:\WINDOWS\rxdll.dll]  [N/A, N/A]
[PID: 3940][F:\Program Files\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\DOCUME~1\user\LOCALS~1\Temp\11.jpg]  [N/A, N/A]
    [C:\WINDOWS\system32\wldll.dll]  [N/A, N/A]
    [C:\WINDOWS\rxdll.dll]  [N/A, N/A]
    [F:\Program Files\SREng\Plugins\SRECXTMG.SRE]  [Smallfrogs Studio, 1, 5, 0, 55]

==================================

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
125.91.14.230 www.kzdh.com
125.91.14.230 www.7255.com
125.91.14.230 www.7322.com
125.91.14.230 www.7939.com
125.91.14.230 www.piaoxue.com
125.91.14.230 www.feixu.net
125.91.14.230 www.6781.com
125.91.14.230 www.7b.com.cn
125.91.14.230 7b.com.cn
125.91.14.230 www.918188.com
125.91.14.230 hao.allxue.com
125.91.14.230 good.allxue.com
125.91.14.230 baby.allxue.com
125.91.14.230 www.allxue.com
125.91.14.230 about.lank.la
125.91.14.230 www.x114x.com
125.91.14.230 www.37ss.com
125.91.14.230 www.7k.cc
125.91.14.230 www.73ss.com
125.91.14.230 www.hao123.com
125.91.14.230 www.81915.com
125.91.14.230 222.88.90.22
125.91.14.230 www.9991.com
125.91.14.230 www.my123.com
125.91.14.230 www.haokan123.com
125.91.14.230 www.5566.net
125.91.14.230 www.gjj.cc
125.91.14.230 www.2345.com
125.91.14.230 dl.hao318.com
125.91.14.230 www.123wa.com

==================================

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<NiceMs><C:\Program Files\Internet Explorer\PLUGINS\temp.exe> [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<xy><C:\WINDOWS\Download\svhost32.exe> [N/A]
<r><C:\WINDOWS\down\rundll32.exe> [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

<{06A48AD9-FF57-4E73-937B-B493E72F4226}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk> [N/A]
<{6E44887F-5214-41F2-AB46-4728735C4CC6}><C:\Program Files\Internet Explorer\PLUGINS\system16.sys> [N/A]

重启系统,按F8进入安全模式,删除上面的启动项~

查找并删除下面的文件~

C:\Program Files\Internet Explorer\PLUGINS\temp.exe
C:\WINDOWS\Download\svhost32.exe
C:\WINDOWS\down\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk
[C:\Program Files\Internet Explorer\PLUGINS\sb.dll
[C:\WINDOWS\system32\wldll.dll
[C:\WINDOWS\rxdll.dll
[C:\DOCUME~1\user\LOCALS~1\Temp\11.jpg
[C:\WINDOWS\system32\LgdGuard.dll
C:\Program Files\Internet Explorer\PLUGINS\system16.sys

清理HOSTS 文件

清理临时文件夹

IE》属性》删除文件（包括脱机文件）》确定
清空页面文件~
开始>运行>secpol.msc>本地策略>安全选项>启用关机时清理虚拟内存页面文件~

并清理下面文件夹中的内容
C:\Documents and Settings\***(你的用户名)\Local Settings\Temp
c:\windows\temp

..啊 好麻烦 我去弄了 谢谢