Logfile of HijackThis v1.99.1
Scan saved at 14:01:23, on 2005-12-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\DrvMon.exe
D:\Program Files\popo\popo.exe
D:\Program Files\popo\popo.exe
C:\Program Files\rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\download\248783200522382732\HijackThis.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v1.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F57} - C:\WINDOWS\system32\ThunderBHO.dll
O2 - BHO: Target Class - {002AF282-E42D-4B51-9F70-F1570C02FAAD} - C:\Program Files\NetMeting\Target\Target.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\程序\QQ\QQIEHelper.dll
O2 - BHO: MacroMediapd - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - C:\WINDOWS\system32\microapmddt.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IBM Warranty Notification] "C:\Program Files\IBM\acp\ERTS0749\ERTS0749.exe /nointro"
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [GCXX-Manager-Class] "C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" -startup
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavScanBD] "C:\Program Files\rising\Rav\ScanBD.exe" /INST
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - Global Startup: AutoCAD 启动加速器.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm
O8 - Extra context menu item: 使用网际快车下载 - F:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\程序\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\程序\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\程序\QQ\SendMMS.htm
O8 - Extra context menu item: 豪杰超级解霸V8实时播放 - C:\Herosoft\HeroV8\MPURLGET.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: IBM Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: 迅雷 - {1FBA04EE-3024-11D2-8F1F-000019796948}} - C:\Program Files\Sandai Technologies Inc\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 迅雷 - {1FBA04EE-3024-11D2-8F1F-000019796948}} - C:\Program Files\Sandai Technologies Inc\Thunder\Thunder.exe
O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O9 - Extra 'Tools' menuitem: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O9 - Extra button: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing)
O9 - Extra 'Tools' menuitem: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\程序\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\程序\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\程序\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\程序\QQ\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://vod.58028.net/plugin/PowerPlr.ocx
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120175077900
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {7A97B026-F3BB-49F6-BEAC-75021AD45B4E} (SLAProbe Control) - http://202.102.15.200:81/sla/SLAProbe/SLAProbe.ocx
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/ravkill/rsonline.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

还是在点击网页上的其他链接的同时弹出其他乱七八糟的网页!还有我的机器启动时会自动打开瑞星的漏洞扫描程序.但是不能用,显示该页无法打开.点击扫描时会弹出--脚本错误的警告!!

刚刚点刷新时转到了http://www.ecwit.com/

请用最新版System Repair Engineer扫描一个log贴上来。

System Repair Engineer下载地址见
【推荐】System Repair Engineer 2.0.12.350 RC1版
http://forum.ikaka.com/topic.asp?board=67&artid=7540414

2005-12-30,14:28:24

System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows XP Home Edition Service Pack 2 - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ibmmessages><C:\Program Files\IBM\Messages By IBM\ibmmessages.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <DrvMon.exe><C:\WINDOWS\system32\DrvMon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <S3TRAY2><S3Tray2.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <SynTPLpr><C:\Program Files\Synaptics\SynTP\SynTPLpr.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <ATIModeChange><Ati2mdxx.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <BluetoothAuthenticationAgent><rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <TPKMAPHELPER><C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <TpShocks><TpShocks.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <TPHOTKEY><C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <BMMLREF><C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <BMMMONWND><rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <TP4EX><tp4ex.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <EZEJMNAP><C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <ibmmessages><C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <UpdateManager><"c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <IBMPRC><C:\IBMTOOLS\UTILS\ibmprc.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <QCWLICON><C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <MSPY2002><C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <IBM Warranty Notification><"C:\Program Files\IBM\acp\ERTS0749\ERTS0749.exe /nointro">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <GCXX-Manager-Class><"C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" -startup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RavScanBD><"C:\Program Files\rising\Rav\ScanBD.exe" /INST>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINDOWS\system32\Userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

==================================
启动文件夹
[AutoCAD 启动加速器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AutoCAD 启动加速器.lnk><N>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\System32\Ati2evxx.exe><N/A>
[Autodesk Licensing Service / Autodesk Licensing Service]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[IBM Rapid Restore Ultra Service / IBM Rapid Restore Ultra Service]
  <C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe><>
[IBM PM Service / IBMPMSVC]
  <C:\WINDOWS\System32\ibmpmsvc.exe><N/A>
[IBM PSA Access Driver Control / PsaSrv]
  <C:\WINDOWS\system32\PsaSrv.exe><N/A>
[QCONSVC / QCONSVC]
  <System32\QCONSVC.EXE><IBM Corp.>
[RegSrvc / RegSrvc]
  <C:\WINDOWS\System32\RegSrvc.exe><Intel Corporation>
[Rising Personal Firewall Service / RfwService]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Spectrum24 Event Monitor / S24EventMonitor]
  <C:\WINDOWS\System32\S24EvMon.exe><Intel Corporation >
[setrysvc / setrysvc]
  <C:\WINDOWS\System32\setrysvc.exe C:\WINDOWS\System32\semwltry.exe><N/A>
[IBM KCU Service / TpKmpSVC]
  <C:\WINDOWS\system32\TpKmpSVC.exe><N/A>
[WLTRYSVC / WLTRYSVC]
  <C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe><N/A>

==================================
浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v1.dll, >
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F57} <C:\WINDOWS\system32\ThunderBHO.dll, >
[Target Class]
  {002AF282-E42D-4B51-9F70-F1570C02FAAD} <C:\Program Files\NetMeting\Target\Target.dll, N/A>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\程序\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[MacroMediapd]
  {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} <C:\WINDOWS\system32\microapmddt.dll, N/A>
[迅雷]
  {1FBA04EE-3024-11D2-8F1F-000019796948}} <C:\Program Files\Sandai Technologies Inc\Thunder\Thunder.exe, 深圳市三代科技开发有限公司>
[豪杰超级解霸V8]
  {367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\Herosoft\HeroV8\STHSDVD.EXE, N/A>
[MMSAssistMenu]
  {6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL, >
[kele8]
  {84920E5F-3788-49cd-A274-E365578DF174} <http://www.kele8.com/, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\程序\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\程序\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft? Corporation>
[PowerPlr Control]
  {2354A44B-3CEB-4829-9940-545B03103538} <C:\WINDOWS\DOWNLO~1\PowerPlr.ocx, Powerise Digital>
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\system32\WEBACT~1.OCX, QQ>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\INPUTC~1.DLL, >
[SLAProbe Control]
  {7A97B026-F3BB-49F6-BEAC-75021AD45B4E} <C:\WINDOWS\DOWNLO~1\SLAProbe.ocx, AKAZAM Communications>
[Java Plug-in 1.4.1]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll, IBM.>
[Java Plug-in 1.4.1]
  {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} <C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll, IBM.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[Ravonline]
  {DA984A6D-508E-11D6-AA49-0050FF3C628D} <C:\WINDOWS\Downloaded Program Files\RsOnline.dll, Beijing Rising Tech. Co., Ltd.>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v1.dll, >
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F57} <C:\WINDOWS\system32\ThunderBHO.dll, >
[Target Class]
  {002AF282-E42D-4B51-9F70-F1570C02FAAD} <C:\Program Files\NetMeting\Target\Target.dll, N/A>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft? Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\System32\mshtml.dll, N/A>
[Menu Class]
  {27D784D7-9217-4227-B43B-E06E4781E0CB} <C:\WINDOWS\system32\AlxTB1.dll, Alexa Internet>
[Alexa]
  {3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} <C:\\WINDOWS\\system32\\SHDOCVW.DLL, Microsoft Corporation>
[NaviHelperObj Class]
  {3E422F49-1566-40D3-B43D-077EF739AC32} <C:\WINDOWS\system32\NaviHelper.dll, TODO: <公司名>>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\程序\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[BrowserProxy4 Class]
  {69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3} <C:\WINDOWS\system32\AlxTB1.dll, Alexa Internet>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\INPUTC~1.DLL, >
[SLAProbe Control]
  {7A97B026-F3BB-49F6-BEAC-75021AD45B4E} <C:\WINDOWS\DOWNLO~1\SLAProbe.ocx, AKAZAM Communications>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\System32\shdocvw.dll, Microsoft Corporation>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\system32\SUBMIT~1.DLL, >
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\System32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>

[MacroMediapd]
  {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} <C:\WINDOWS\system32\microapmddt.dll, N/A>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[AlxTB BHO Class]
  {F1FABE79-25FC-46DE-8C5A-2C6DB9D64333} <C:\WINDOWS\system32\AlxTB1.dll, Alexa Internet>
[&使用迅雷下载]
  <C:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm, N/A>
[使用网际快车下载]
  <F:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <F:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
  <D:\程序\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\程序\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\程序\QQ\SendMMS.htm, N/A>
[豪杰超级解霸V8实时播放]
  <C:\Herosoft\HeroV8\MPURLGET.HTM, N/A>

==================================
正在运行的进程
[PID: 780][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 828][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 852][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\Ati2evxx.dll]  <N/A><N/A>
[PID: 896][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 908][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\pwdmon.dll]  <N/A><N/A>
[PID: 1064][C:\WINDOWS\System32\ibmpmsvc.exe]  <N/A><N/A>
[PID: 1132][C:\WINDOWS\System32\Ati2evxx.exe]  <N/A><N/A>
[PID: 1148][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1232][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1272][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1368][C:\WINDOWS\System32\S24EvMon.exe]  <Intel Corporation ><8, 0, 0, 164>
[PID: 1464][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1552][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1628][C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1688][C:\Program Files\Rising\Rav\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 6>
    [C:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RsLog.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
    [C:\Program Files\Rising\Rav\HOOKSYS.dll]  <Rising><18, 1, 0, 9>
    [C:\Program Files\Rising\Rav\Scanner.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28>
    [C:\Program Files\Rising\Rav\libload.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\VirusLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\regmon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\Program Files\Rising\Rav\HookWeb.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\MemMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 8>
    [C:\Program Files\Rising\Rav\expscan.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
    [C:\Program Files\Rising\Rav\MailMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\Program Files\Rising\Rav\SpamEng.dll]  <N/A><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\engine.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [C:\Program Files\Rising\Rav\PostTrt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\Program Files\Rising\Rav\UnExe.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\Program Files\Rising\Rav\ScanExec.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\Program Files\Rising\Rav\ScanEx.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\Program Files\Rising\Rav\NvFile.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [C:\Program Files\Rising\Rav\ScanMac.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [C:\Program Files\Rising\Rav\ScanSct.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\Unpacker.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\Program Files\Rising\Rav\ExtMail.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 8>
    [C:\Program Files\Rising\Rav\ScanNet.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1724][c:\program files\rising\rfw\rfwsrv.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 25>
    [c:\program files\rising\rfw\RfwRule.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 10>
    [c:\program files\rising\rfw\rfwlog.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
    [c:\program files\rising\rfw\Rfwdrv.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 19>
    [c:\program files\rising\rfw\MonDrv.dll]  <rs><1, 0, 0, 4>
    [c:\program files\rising\rfw\ProcLib.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
    [c:\program files\rising\rfw\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[PID: 2012][C:\Program Files\Rising\Rav\RavStub.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>

[C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 212][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
    [C:\WINDOWS\system32\hpbmmon.dll]  <Hewlett-Packard><10.00.14>
    [C:\WINDOWS\system32\hpdomon.dll]  <Hewlett-Packard><03.42.00>
    [C:\WINDOWS\system32\HPBHealr.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  <Windows (R) 2000 DDK provider><5.00.2195.1620>
[PID: 580][C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe]  <><4,0,0,4026>
[PID: 668][C:\WINDOWS\System32\QCONSVC.EXE]  <IBM Corp.><3, 1, 0, 0>
[PID: 716][C:\WINDOWS\System32\RegSrvc.exe]  <Intel Corporation><8, 0, 0, 164>
[PID: 1588][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1668][C:\WINDOWS\system32\TpKmpSVC.exe]  <N/A><N/A>
[PID: 1748][C:\WINDOWS\system32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 2536][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 384][C:\WINDOWS\system32\Ati2evxx.exe]  <N/A><N/A>
[PID: 624][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\AcSignIcon.dll]  <Autodesk><16.2.54.0>
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  <Autodesk><16.2.54.0>
    [C:\WINDOWS\system32\SynTPFcs.dll]  <Synaptics, Inc.><7.5.17.8 19Nov03>
    [C:\Herosoft\HeroV8\VCvtShell.dll]  <herosoft><1, 0, 0, 1>
    [C:\WINDOWS\system32\xunleibho_v1.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\ThunderBHO.dll]  <><4, 0, 3, 21>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[PID: 264][C:\Program Files\Synaptics\SynTP\SynTPLpr.exe]  <Synaptics, Inc.><7.5.17.8 19Nov03>
    [C:\WINDOWS\system32\SynTPFcs.dll]  <Synaptics, Inc.><7.5.17.8 19Nov03>
[PID: 1176][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe]  <Synaptics, Inc.><7.5.17.8 19Nov03>
    [C:\WINDOWS\system32\SynCOM.dll]  <Synaptics, Inc.><7.5.17.8 19Nov03>
    [C:\WINDOWS\system32\SynTPAPI.dll]  <Synaptics, Inc.><7.5.17.8 19Nov03>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
    [C:\WINDOWS\system32\SynTPFcs.dll]  <Synaptics, Inc.><7.5.17.8 19Nov03>
[PID: 2232][C:\WINDOWS\system32\TpShocks.exe]  <IBM Corp.><1, 0, 0, 1>
    [C:\WINDOWS\system32\Sensor.dll]  <N/A><N/A>
[PID: 2252][C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe]  <N/A><N/A>
    [C:\Program Files\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Oemdspif.dll]  <ATI Technologies, Inc.><6.14.0010>
[PID: 2280][C:\WINDOWS\system32\rundll32.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll]  <N/A><N/A>
    [C:\PROGRA~1\ThinkPad\UTILIT~1\tppwrw32.dll]  <IBM Corp.><1, 0, 0, 0>
[PID: 2296][C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe]  <N/A><N/A>
[PID: 2324][C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe]  <IBM Corp.><1, 0, 0, 0>
[PID: 2328][C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe]  <IBM Corporation><1.06>
[PID: 2340][c:\program files\rising\rfw\RfwMain.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 40>
    [c:\program files\rising\rfw\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [c:\program files\rising\rfw\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [c:\program files\rising\rfw\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\WINDOWS\system32\SynTPFcs.dll]  <Synaptics, Inc.><7.5.17.8 19Nov03>
[PID: 2364][C:\Program Files\IBM\Messages By IBM\ibmmessages.exe]  <IBM><2.011>
    [C:\WINDOWS\system32\AIBMRUNL.dll]  <N/A><N/A>
    [C:\Program Files\IBM\Messages By IBM\AcpPollingEngine.dll]  <><1, 0, 0, 4>
    [C:\WINDOWS\System32\IbmEgath.dll]  <IBM Corporation><3, 0, 0, 11>
    [C:\WINDOWS\system32\SynTPFcs.dll]  <Synaptics, Inc.><7.5.17.8 19Nov03>
[PID: 700][C:\IBMTOOLS\UTILS\ibmprc.exe]  <IBM Corp.><1, 0, 0, 3>
[PID: 2488][C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE]  <IBM Corp.><3, 1, 0, 0>
    [C:\Program Files\ThinkPad\ConnectUtilities\QCON.dll]  <IBM Corp.><3, 1, 0, 0>
    [C:\Program Files\ThinkPad\ConnectUtilities\MerlinC201.dll]  <Novatel Wireless Inc.><1, 0, 0, 1>
    [C:\Program Files\ThinkPad\ConnectUtilities\ANCA.dll]  <N/A><N/A>
    [C:\Program Files\ThinkPad\ConnectUtilities\ANC.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\SbrngAPI.dll]  <Intel Corporation><8, 0, 0, 164>
    [C:\WINDOWS\system32\PfMgrApi.dll]  <Intel Corporation><8, 0, 0, 164>
    [C:\WINDOWS\system32\PsRegApi.dll]  <Intel Corporation><8, 0, 0, 164>
    [C:\WINDOWS\system32\WConfig.DLL]  <Intel Corporation><8, 0, 0, 164>
    [C:\WINDOWS\system32\WiFiAdap.DLL]  <Intel Corporation><8, 0, 0, 164>
    [C:\WINDOWS\system32\C1XStngs.dll]  <Intel Corporation><8, 0, 0, 164>
    [C:\WINDOWS\system32\S24MUDLL.dll]  <Intel Corporation><8, 0, 0, 164>
    [C:\WINDOWS\system32\SynTPFcs.dll]  <Synaptics, Inc.><7.5.17.8 19Nov03>
    [C:\Program Files\ThinkPad\ConnectUtilities\Res\CH\IconRes.dll]  <N/A><N/A>
[PID: 2532][C:\Program Files\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\WINDOWS\system32\SynTPFcs.dll]  <Synaptics, Inc.><7.5.17.8 19Nov03>
[PID: 2652][C:\Program Files\Rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 99>
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [C:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\WINDOWS\system32\SynTPFcs.dll]  <Synaptics, Inc.><7.5.17.8 19Nov03>
[PID: 2676][C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe]  <Sony Ericsson><3.2.2.1414 10/27/2004 21:33:32>
    [C:\Program Files\Sony Ericsson\Wireless Manager\GCXX_RC.DLL]  <Sony Ericsson><3.2.2.1414 10/27/2004 21:33:32>
    [C:\WINDOWS\system32\SynTPFcs.dll]  <Synaptics, Inc.><7.5.17.8 19Nov03>
[PID: 2864][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\SynTPFcs.dll]  <Synaptics, Inc.><7.5.17.8 19Nov03>
[PID: 2896][C:\Program Files\Messenger\msmsgs.exe]  <Microsoft Corporation><4.7.3001>
    [C:\WINDOWS\system32\SynTPFcs.dll]  <Synaptics, Inc.><7.5.17.8 19Nov03>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[PID: 3100][C:\WINDOWS\system32\DrvMon.exe]  <Alcor Micro, Corp.><1, 0, 0, 9>
    [C:\WINDOWS\system32\SynTPFcs.dll]  <Synaptics, Inc.><7.5.17.8 19Nov03>
[PID: 3156][D:\Program Files\popo\popo.exe]  <网易(163.com)><1, 0, 0, 1>
    [D:\Program Files\popo\XGDI.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\XFile.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\P2PMgr.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\XComm.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\Trace.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\Updater.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\UNZIP32.dll]  <Info-ZIP><5.5>
    [D:\Program Files\popo\ResLoc.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\MailChecker.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\ExtraEditor.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\XMP.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\fmod.dll]  <Firelight Technologies Pty, Ltd><3.73>

[D:\Program Files\popo\UrlObj.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\Bobo.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\SOX.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\share.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\XVideo.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\VCodec.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\XVoice.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\XEmotion.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\MsgHis.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\SynTPFcs.dll]  <Synaptics, Inc.><7.5.17.8 19Nov03>
    [D:\Program Files\popo\plugins\MSN.DLL]  <><1, 0, 0, 1>
    [D:\Program Files\popo\plugins\LIBCURL.dll]  <N/A><N/A>
    [D:\Program Files\popo\plugins\SSLEAY32.dll]  <N/A><N/A>
    [D:\Program Files\popo\plugins\LIBEAY32.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[PID: 3936][D:\Program Files\popo\popo.exe]  <网易(163.com)><1, 0, 0, 1>
    [D:\Program Files\popo\XGDI.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\XFile.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\P2PMgr.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\XComm.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\Trace.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\Updater.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\UNZIP32.dll]  <Info-ZIP><5.5>
    [D:\Program Files\popo\ResLoc.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\MailChecker.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\ExtraEditor.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\XMP.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\fmod.dll]  <Firelight Technologies Pty, Ltd><3.73>
    [D:\Program Files\popo\UrlObj.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\Bobo.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\SOX.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\share.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\XVideo.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\VCodec.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\XVoice.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\XEmotion.dll]  <><1, 0, 0, 1>
    [D:\Program Files\popo\MsgHis.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\SynTPFcs.dll]  <Synaptics, Inc.><7.5.17.8 19Nov03>
    [D:\Program Files\popo\plugins\MSN.DLL]  <><1, 0, 0, 1>
    [D:\Program Files\popo\plugins\LIBCURL.dll]  <N/A><N/A>
    [D:\Program Files\popo\plugins\SSLEAY32.dll]  <N/A><N/A>
    [D:\Program Files\popo\plugins\LIBEAY32.dll]  <N/A><N/A>
[PID: 2924][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\SynTPFcs.dll]  <Synaptics, Inc.><7.5.17.8 19Nov03>
    [C:\WINDOWS\system32\AcSignIcon.dll]  <Autodesk><16.2.54.0>
    [C:\WINDOWS\system32\xunleibho_v1.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\ThunderBHO.dll]  <><4, 0, 3, 21>
    [C:\Program Files\NetMeting\Target\Target.dll]  <N/A><1, 0, 0, 1>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><6.0.0.2003051500>
    [D:\程序\QQ\QQIEHelper.dll]  <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\WINDOWS\system32\macromed\flash\Flash.ocx]  <Macromedia, Inc.><7,0,19,0>
[PID: 2496][C:\Program Files\Sandai Technologies Inc\Thunder\Thunder.exe]  <深圳市三代科技开发有限公司><4, 2, 0, 25>
    [C:\Program Files\Sandai Technologies Inc\Thunder\Common.dll]  <N/A><N/A>
    [C:\Program Files\Sandai Technologies Inc\Thunder\log4cplus.dll]  <N/A><N/A>
    [C:\Program Files\Sandai Technologies Inc\Thunder\boost_thread-vc6-mt-1_31.dll]  <N/A><N/A>
    [C:\Program Files\Sandai Technologies Inc\Thunder\TaskManageMent.dll]  <N/A><N/A>
    [C:\Program Files\Sandai Technologies Inc\Thunder\Downloader.dll]  <N/A><N/A>
    [C:\Program Files\Sandai Technologies Inc\Thunder\HTTPDownloader.dll]  <N/A><N/A>
    [C:\Program Files\Sandai Technologies Inc\Thunder\sock5.dll]  <N/A><N/A>
    [C:\Program Files\Sandai Technologies Inc\Thunder\HubAgent.dll]  <N/A><N/A>
    [C:\Program Files\Sandai Technologies Inc\Thunder\FTPDownloader.dll]  <N/A><N/A>
    [C:\Program Files\Sandai Technologies Inc\Thunder\P2PDownloader.dll]  <N/A><N/A>
    [C:\Program Files\Sandai Technologies Inc\Thunder\ICF.dll]  <><4, 1, 1, 23>
    [C:\Program Files\Sandai Technologies Inc\Thunder\WebBrowserEx.dll]  <深圳市三代科技开发有限公司><4, 1, 0, 22>
    [C:\WINDOWS\system32\SynTPFcs.dll]  <Synaptics, Inc.><7.5.17.8 19Nov03>
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\WINDOWS\system32\macromed\flash\Flash.ocx]  <Macromedia, Inc.><7,0,19,0>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[PID: 3444][D:\download\8\sreng2\SREng.exe]  <Smallfrogs Studio><2.0.12.350>
    [C:\WINDOWS\system32\SynTPFcs.dll]  <Synaptics, Inc.><7.5.17.8 19Nov03>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

怎么老是搞不掉啊!!

【回复“laoda1”的帖子】
用SREng删除这些浏览器加载项:
[MacroMediapd]
{B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} <C:\WINDOWS\system32\microapmddt.dll, N/A>
[MMSAssistMenu]
{6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL, >
[Menu Class]
{27D784D7-9217-4227-B43B-E06E4781E0CB} <C:\WINDOWS\system32\AlxTB1.dll, Alexa Internet>
[NaviHelperObj Class]
{3E422F49-1566-40D3-B43D-077EF739AC32} <C:\WINDOWS\system32\NaviHelper.dll, TODO: <公司名>>