不晓得是中了么毒，主页被改为了http://www.9505.com，瑞星监

控也被屏蔽了。
病毒库升级到了最新，还是搞不定~！
昨天还出现过RavMonD.exe这个进程占用系统资源100%的情况.
照一位老兄地方法到注册表中找

HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Mai

n\StartPage等几个键进行修改时，发现注册表中居然没有, 倒~~
下面附上我现在扫的日志，请高手看哈~麻烦一个祥细的解决办法

。多谢了~

HijackThis_815汉化版扫描日志 V1.99.1
保存于 12:38:27, 日期 2006-10-4
操作系统： Windows XP SP2 (WinNT 5.01.2600)
浏览器： Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
D:\SKYNET\FIREWALL\pfw.exe
D:\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Rising\Rav\Ravmon.exe
D:\Rising\Rav\Rav.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HijackThis\HijackThis.exe

O1 - Hosts: 219.139.58.97 www.hao123.com
O1 - Hosts: 219.139.58.97 hao123.com
O1 - Hosts: 219.139.58.97 www.7b.com.cn
O1 - Hosts: 219.139.58.97 7b.com.cn
O1 - Hosts: 219.139.58.97 www.7939.com
O1 - Hosts: 219.139.58.97 7939.com
O1 - Hosts: 219.139.58.97 www.maohehe.com
O1 - Hosts: 219.139.58.97 maohehe.com
O1 - Hosts: 219.139.58.97 www.sina-baidu.com
O1 - Hosts: 219.139.58.97 sina-baidu.com
O1 - Hosts: 219.139.58.97 60.191.60.107
O1 - Hosts: 219.139.58.97 www.maipao.com
O1 - Hosts: 219.139.58.97 maipao.com
O1 - Hosts: 219.139.58.97 update.virussky.com
O1 - Hosts: 219.139.58.97 down.virussky.com
O1 - Hosts: 219.139.58.97 219.139.58.97
O1 - Hosts: 219.139.58.97 59.34.148.81
O1 - Hosts: 219.139.58.97 60.191.60.114
O1 - Hosts: 219.139.58.97 www.ycdy.com
O1 - Hosts: 219.139.58.97 ycdy.com
O1 - Hosts: 219.139.58.97 www.2tu.cn
O1 - Hosts: 219.139.58.97 2tu.cn
O1 - Hosts: 219.139.58.97 www.91tu.cn
O1 - Hosts: 219.139.58.97 91tu.cn
O1 - Hosts: 219.139.58.97 www.haotop.com
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v11.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - IE工具栏增项: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - D:\金山快译2006\IEBand.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - 启动项HKLM\\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - 启动项HKLM\\Run: [SKYNET Personal FireWall] D:\SKYNET\FIREWALL\pfw.exe
O4 - 启动项HKLM\\Run: [rundll32] rundll32 rscfg.dll s
O4 - 启动项HKLM\\Run: [RavTask] "D:\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - d:\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - d:\Thunder\getallurl.htm
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - NT 服务: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - NT 服务: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - NT 服务: Oracle OLAP 9.0.1.0.1 (OLAPServer) - Oracle Corporation - D:\Oracle\bin\xsolap.exe
O23 - NT 服务: Oracle OLAP Agent - Unknown owner - D:\Oracle\bin\xsaagent.exe
O23 - NT 服务: OracleOraHome90ClientCache - Unknown owner - D:\Oracle\BIN\ONRSD.EXE
O23 - NT 服务: OracleOraHome90HTTPServer - Unknown owner - D:\Oracle\Apache\Apache\Apache.exe
O23 - NT 服务: OracleOraHome90PagingServer - Unknown owner - D:\Oracle/bin/pagntsrv.exe
O23 - NT 服务: OracleOraHome90SNMPPeerEncapsulator - Unknown owner - D:\Oracle\BIN\ENCSVC.EXE
O23 - NT 服务: OracleOraHome90SNMPPeerMasterAgent - Unknown owner - D:\Oracle\BIN\AGNTSVC.EXE
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Unknown owner - C:\Rising\Rav\CCenter.exe (file missing)
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Rising\Rav\Ravmond.exe
O23 - NT 服务: Visibroker Smart Agent (xsSmartAgent) - Unknown owner - D:\Oracle\bin\osagent.exe

*******************************************************************************



日志2：

2006-10-04,14:09:47

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Intel Corporation]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Intel Corporation]
    <SKYNET Personal FireWall><D:\SKYNET\FIREWALL\pfw.exe>  [广州众达天网技术有限公司]
    <rundll32><rundll32 rscfg.dll s>  [N/A]
    <RavTask><"D:\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>

==================================
服务
[Adobe LM Service / Adobe LM Service]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[ASP.NET State Service / aspnet_state]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Autodesk Licensing Service / Autodesk Licensing Service]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk, Inc.>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Oracle OLAP 9.0.1.0.1 / OLAPServer]
  <D:\Oracle\bin\xsolap.exe><Oracle Corporation>
[Oracle OLAP Agent / Oracle OLAP Agent]
  <D:\Oracle\bin\xsaagent.exe><N/A>
[OracleOraHome90Agent / OracleOraHome90Agent]
  <D:\Oracle\bin\agntsrvc.exe><Oracle Corporation>
[OracleOraHome90ClientCache / OracleOraHome90ClientCache]
  <D:\Oracle\BIN\ONRSD.EXE><N/A>
[OracleOraHome90HTTPServer / OracleOraHome90HTTPServer]
  <D:\Oracle\Apache\Apache\Apache.exe><N/A>
[OracleOraHome90PagingServer / OracleOraHome90PagingServer]
  <D:\Oracle/bin/pagntsrv.exe><N/A>
[OracleOraHome90SNMPPeerEncapsulator / OracleOraHome90SNMPPeerEncapsulator]
  <D:\Oracle\BIN\ENCSVC.EXE><N/A>
[OracleOraHome90SNMPPeerMasterAgent / OracleOraHome90SNMPPeerMasterAgent]
  <D:\Oracle\BIN\AGNTSVC.EXE><N/A>
[OracleOraHome90TNSListener / OracleOraHome90TNSListener]
  <><N/A>
[OracleServiceZY / OracleServiceZY]
  <d:\oracle\bin\ORACLE.EXE ZY><Oracle Corporation>
[Rising Process Communication Center / RsCCenter]
  <"C:\Rising\Rav\CCenter.exe"><N/A>
[User Profile Hive Cleanup / UPHClean]
  <C:\Program Files\UPHClean\uphclean.exe><Microsoft Corporation>
[svchoct.exe / Windows Time  ]
  <><N/A>
[Visibroker Smart Agent / xsSmartAgent]
  <D:\Oracle\bin\osagent.exe><N/A>

==================================
驱动程序
[Service for Avance AC97 Audio (WDM) / ALCXWDM]
  <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CnsMinKP / CnsMinKP]
  <\SystemRoot\system32\drivers\CnsMinKP.sys><Copyright (C) 3721 Corporation.>
[ExpScaner / ExpScaner]
  <\??\D:\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont]
  <\??\D:\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\D:\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\D:\Rising\Rav\HookSys.sys><Rising>
[ialm / ialm]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IdeBusDr / IdeBusDr]
  <\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
[Intel(R) Ultra ATA Controller / IdeChnDr]
  <\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
[KSCDMAN / KSCDMAN]
  <system32\drivers\kscdman.sys><KingSoft Corp.>
[MEMSCAN / MEMSCAN]
  <\??\D:\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[Netgroup Packet Filter / NPF]
  <system32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt]
  <\??\D:\QQ\npkcrypt.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[SKNFW / SKNFW]
  <\??\C:\WINDOWS\system32\Drivers\SKNFW.sys><N/A>
[SVKP / SVKP]
  <\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking>

==================================
浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55}

<C:\WINDOWS\system32\xunleibho_v11.dll, Thunder

Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe

Systems Incorporated>
[金山快译(&K)]
  {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <D:\金山快译

2006\IEBand.dll, 金山软件股份有限公司>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55}

<C:\WINDOWS\system32\xunleibho_v11.dll, Thunder

Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe

Systems Incorporated>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95}

<C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6}

<C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[金山快译(&K)]
  {6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <D:\金山快译

2006\IEBand.dll, 金山软件股份有限公司>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2}

<C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127}

<C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000}

<C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx,

Macromedia, Inc.>
[&使用迅雷下载]
  <d:\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <d:\Thunder\getallurl.htm, N/A>

==================================
正在运行的进程
[PID: 300][\SystemRoot\System32\smss.exe]  [Microsoft

Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 348][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft

Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 372][\??\C:\WINDOWS\system32\winlogon.exe] 

[Microsoft Corporation, 5.1.2600.2180

(xpsp_sp2_rtm.040803-2158)]
[PID: 416][C:\WINDOWS\system32\services.exe]  [Microsoft

Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 428][C:\WINDOWS\system32\lsass.exe]  [Microsoft

Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 572][C:\WINDOWS\system32\svchost.exe]  [Microsoft

Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 620][C:\WINDOWS\system32\svchost.exe]  [Microsoft

Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660][C:\WINDOWS\System32\svchost.exe]  [Microsoft

Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Oracle\bin\oci.dll]  [Oracle Corporation,

9.0.1.1.1]
[PID: 704][C:\WINDOWS\system32\svchost.exe]  [Microsoft

Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 752][C:\WINDOWS\system32\svchost.exe]  [Microsoft

Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 984][C:\Program Files\Common Files\Autodesk

Shared\Service\AdskScSrv.exe]  [Autodesk, Inc., 2.51.000]
[PID: 1108][C:\WINDOWS\system32\svchost.exe]  [Microsoft

Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1144][C:\Program Files\UPHClean\uphclean.exe] 

[Microsoft Corporation, 1.5.5.21]
[PID: 1356][C:\WINDOWS\System32\alg.exe]  [Microsoft

Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1688][C:\WINDOWS\Explorer.EXE]  [Microsoft

Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rscfg.dll]  [N/A, N/A]
    [C:\Program Files\Adobe\Acrobat 7.0

\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising

Technology Co., Ltd., 18, 0, 0, 21]
    [D:\WinRAR\rarext.dll]  [N/A, N/A]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising

Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Adobe\Acrobat 7.0

\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated,

7.0.0.2004121400]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft

Corporation, 7.10.3052.4]
[PID: 1796][C:\WINDOWS\system32\hkcmd.exe]  [Intel

Corporation, 3,0,0,1918]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel

Corporation, 3,0,0,1918]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel

Corporation, 3,0,0,1918]
    [C:\WINDOWS\system32\rscfg.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel

Corporation, 3,0,0,1918]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation,

3,0,0,1918]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel

Corporation, 3,0,0,1918]
[PID: 1804][D:\SKYNET\FIREWALL\pfw.exe]  [广州众达天网技

术有限公司, 2.7.7.1000]
    [D:\SKYNET\FIREWALL\SKYMISC.DLL]  [N/A, N/A]
    [D:\SKYNET\FIREWALL\COMPRESSWRAP.DLL]  [N/A, N/A]
    [C:\WINDOWS\system32\rscfg.dll]  [N/A, N/A]
[PID: 1824][D:\Rising\Rav\RavTask.exe]  [Beijing Rising

Technology Co., Ltd., 18, 0, 0, 22]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising

Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising

Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Rising\Rav\CfgDll.dll]  [Beijing Rising

Technology Co., Ltd., 18, 0, 0, 11]
    [D:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\WINDOWS\system32\rscfg.dll]  [N/A, N/A]
[PID: 1832][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft

Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rscfg.dll]  [N/A, N/A]
[PID: 1992][D:\Rising\Rav\Ravmon.exe]  [Beijing Rising

Technology Co., Ltd., 18, 0, 1, 33]
    [D:\Rising\Rav\RsGuiLib.dll]  [Beijing Rising

Technology Co., Ltd., 18, 0, 0, 26]
    [D:\Rising\Rav\BWList.dll]  [Beijing Rising

Technology Co., Ltd., 18, 0, 0, 19]
    [D:\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising

Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Rising\Rav\CfgDll.dll]  [Beijing Rising

Technology Co., Ltd., 18, 0, 0, 11]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising

Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Rising\Rav\PngDll.dll]  [Beijing Rising

Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\system32\rscfg.dll]  [N/A, N/A]
[PID: 1080][C:\Program Files\Internet

Explorer\iexplore.exe]  [Microsoft Corporation,

6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rscfg.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\xunleibho_v11.dll]  [Thunder

Networking Technologies,LTD, 4, 6, 0, 48]
    [C:\Program Files\Adobe\Acrobat 7.0

\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated,

7.0.0.2004121400]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft

Corporation, 7.10.3052.4]
    [D:\Rising\Rav\RavScrCh.dll]  [Beijing Rising

Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] 

[Macromedia, Inc., 8,0,22,0]
[PID: 600][D:\QQ\QQ.exe]  [TENCENT, 0, 0, 0, 0]
    [D:\QQ\CoralAssist.DLL]  [Coral Team, 4.5.0 build

20060515]
    [D:\QQ\CoralQQ.DLL]  [Coral Team, 4.5.1 Build

20060620]
    [D:\QQ\ipsearcher.dll]  [N/A, 1.0.0.4]
    [D:\QQ\MSVCR80.dll]  [Microsoft Corporation,

8.00.50727.42]
    [D:\QQ\mfc42.dll]  [Microsoft Corporation,

6.00.8665.0]
    [D:\QQ\msvcp80.dll]  [Microsoft Corporation,

8.00.50727.42]
    [D:\QQ\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [D:\QQ\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [D:\QQ\BasicCtrlDll.dll]  [Tencent, 5, 0, 200, 160]
    [C:\WINDOWS\system32\rscfg.dll]  [N/A, N/A]
    [D:\QQ\RICHED32.DLL]  [Microsoft Corporation,

5.00.2134.1]
    [D:\QQ\RICHED20.dll]  [Microsoft Corporation,

5.31.23.1218]
    [D:\QQ\QQAPI.dll]  [, 1, 0, 0, 1]
    [D:\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [D:\QQ\LoginCtrl.dll]  [, 1, 0, 0, 1]
    [D:\QQ\npkcntc.dll]  [INCA Internet Co., Ltd., 2006,

3, 2, 1]
    [D:\QQ\npkpdb.dll]  [INCA Internet Co., Ltd., 2003,

10, 1, 1]
    [D:\QQ\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [D:\QQ\QQMainFrame.dll]  [N/A, N/A]
    [D:\QQ\CQQApplication.dll]  [N/A, N/A]
    [D:\QQ\NewSkin.dll]  [, 1, 0, 0, 1]
    [D:\QQ\HostingMgr.dll]  [, 1, 0, 0, 1]
    [D:\QQ\CameraDll.dll]  [, 1, 0, 0, 1]
    [D:\QQ\MailSummary.dll]  [, 1, 0, 0, 1]
    [D:\QQ\QQSpace.dll]  [, 1, 0, 0, 1]
    [D:\QQ\vbscript.dll]  [Microsoft Corporation,

5.6.0.7426]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [D:\QQ\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [D:\QQ\GroupLive.dll]  [N/A, N/A]
    [D:\QQ\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [D:\QQ\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [D:\QQ\QQPlugin.dll]  [N/A, N/A]
    [D:\QQ\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [D:\QQ\QRingMng.dll]  [N/A, N/A]
    [D:\QQ\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [D:\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [D:\QQ\QQPet.dll]  [, 1, 0, 0, 1]
    [D:\QQ\QQAvatar.dll]  [N/A, N/A]
    [D:\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [D:\QQ\QQSysMsgMng.dll]  [N/A, N/A]
    [D:\QQ\BQQApplication.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft

Corporation, 4.00.950]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising

Technology Co., Ltd., 18, 0, 0, 21]
    [D:\QQ\CommercesMng.dll]  [, 1, 0, 0, 1]
    [D:\QQ\PersonalDesktop.dll]  [深圳市腾讯计算机系统公

司QQ工作小组, 1, 0, 0, 2]
    [D:\QQ\QQUdpGetFileLib.dll]  [tencent, 0, 2, 2, 3]
    [D:\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5,

0, 101, 200]
    [D:\QQ\QQSceneMng.dll]  [N/A, N/A]
    [D:\QQ\QQPhoneHelper.dll]  [腾讯科技（深圳）有限公司,

2, 0, 6, 60]
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] 

[Macromedia, Inc., 8,0,22,0]
[PID: 1520][D:\QQ\TIMPlatform.exe]  [tencent, 0, 3, 1, 8]
    [C:\WINDOWS\system32\rscfg.dll]  [N/A, N/A]
    [D:\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 328][F:\NewDownload\SREng\SREng.exe]  [Smallfrogs

Studio, 2.2.6.605]
    [C:\WINDOWS\system32\rscfg.dll]  [N/A, N/A]

==================================

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
219.139.58.97  www.hao123.com
219.139.58.97  hao123.com
219.139.58.97  www.7b.com.cn
219.139.58.97  7b.com.cn
219.139.58.97  www.7939.com
219.139.58.97  7939.com
219.139.58.97  www.maohehe.com
219.139.58.97  maohehe.com
219.139.58.97  www.sina-baidu.com
219.139.58.97  sina-baidu.com
219.139.58.97  60.191.60.107
219.139.58.97  www.maipao.com
219.139.58.97  maipao.com
219.139.58.97  update.virussky.com
219.139.58.97  down.virussky.com
219.139.58.97  219.139.58.97
219.139.58.97  59.34.148.81
219.139.58.97  60.191.60.114
219.139.58.97  www.ycdy.com
219.139.58.97  ycdy.com
219.139.58.97  www.2tu.cn
219.139.58.97  2tu.cn
219.139.58.97  www.91tu.cn
219.139.58.97  91tu.cn
219.139.58.97  www.haotop.com

==================================