正在运行的进程
[PID: 656][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 720][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 744][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 788][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 800][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 956][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 980][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1172][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1240][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1324][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 1, 9>
    [C:\PROGRA~1\3721\helper.dll]  <N/A><1, 0, 8, 1014>
    [C:\PROGRA~1\3721\alrex.dll]  <N/A><1, 0, 0, 1>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <N/A><2, 0, 0, 1013>
    [C:\WINDOWS\downlo~1\CnsHook.dll]  <北京三七二一科技有限公司><1, 0, 2, 4>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <N/A><2, 0, 4, 1030>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 0, 1006>
    [C:\PROGRA~1\3721\AutoLive.dll]  <N/A><1, 1, 2, 1023>
    [C:\PROGRA~1\3721\alLiveEx.dll]  < ><1, 0, 2, 1005>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><7.0.5.2005092300>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
[PID: 1596][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  <Windows (R) 2000 DDK provider><5.00.2195.1620>
[PID: 1768][C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE]  <rising><17, 0, 0, 1>
[PID: 1796][C:\PROGRAM FILES\RISING\RAV\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><17, 0, 1, 57>
    [C:\PROGRAM FILES\RISING\RAV\guidll.dll]  <rising><17, 0, 0, 13>
    [C:\PROGRAM FILES\RISING\RAV\RsCommX.dll]  <rising><17, 0, 0, 3>
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL]  <Rising Corp.><17, 0, 0, 7>
    [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  <rising><17, 0, 0, 60>
    [C:\Program Files\rising\Rav\Scanner.dll]  <Rising><17, 0, 0, 43>
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
    [C:\Program Files\rising\Rav\libload.dll]  <Rising><17, 0, 0, 14>
    [C:\Program Files\rising\Rav\VirusLib.dll]  <Rising><17, 0, 0, 26>
    [C:\PROGRAM FILES\RISING\RAV\MailMon.dll]  < ><17, 0, 0, 9>
    [C:\Program Files\rising\Rav\SpamEng.dll]  <N/A><17, 0, 0, 7>
    [C:\Program Files\rising\Rav\engine.dll]  <rising><17, 0, 0, 40>
    [C:\Program Files\rising\Rav\UnExe.dll]  <Rising><17, 0, 0, 27>
    [C:\PROGRAM FILES\RISING\RAV\MemMon.dll]  <北京瑞星><17, 8, 0, 0>
    [C:\Program Files\rising\Rav\ScanEx.dll]  <Rising><17, 0, 0, 33>
    [C:\Program Files\rising\Rav\PostTrt.dll]  <Rising><17, 0, 0, 21>
    [C:\Program Files\rising\Rav\NvFile.dll]  <瑞星><17, 0, 0, 13>
    [C:\PROGRAM FILES\RISING\RAV\expscan.dll]  <N/A><17, 0, 0, 6>
    [C:\PROGRAM FILES\RISING\RAV\mPorts.dll]  <Beijing Rising Technology Corporation Limited><3, 0, 0, 3>
    [C:\Program Files\rising\Rav\ScanMac.dll]  <rising><17, 0, 0, 17>
    [C:\Program Files\rising\Rav\ScanSct.dll]  <rising><17, 0, 0, 30>
    [C:\Program Files\rising\Rav\ScanExec.dll]  <N/A><17, 0, 0, 21>
    [C:\PROGRAM FILES\RISING\RAV\regmon.dll]  < ><17, 0, 0, 12>
    [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll]  <rising><17, 0, 0, 4>
    [C:\Program Files\rising\Rav\Unpacker.dll]  <rising><17, 0, 0, 19>
    [C:\Program Files\rising\Rav\ExtOLE.dll]  <rising><17, 0, 0, 20>
[PID: 1828][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1844][C:\WINDOWS\System32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 1960][C:\WINDOWS\System32\MsPMSPSv.exe]  <Microsoft Corporation><7.00.00.1956>
[PID: 2016][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 27>
    [C:\PROGRAM FILES\RISING\RAV\RsCommX.dll]  <rising><17, 0, 0, 3>
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
[PID: 212][C:\WINDOWS\System32\Rundll32.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 1, 9>
    [C:\WINDOWS\downlo~1\CnsMinIO.dll]  <北京三七二一科技有限公司><1, 0, 3, 4>
    [C:\WINDOWS\downlo~1\cnsio.dll]  <北京三七二一科技有限公司><1, 0, 2, 5>
    [C:\WINDOWS\downlo~1\CnsMinEx.dll]  <国风因特软件(北京)有限公司><1, 0, 2, 4>
[PID: 412][C:\WINDOWS\System32\igfxtray.exe]  <Intel Corporation><3,0,0,2039>
    [C:\WINDOWS\System32\hccutils.DLL]  <Intel Corporation><3,0,0,2039>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 1, 9>
    [C:\WINDOWS\System32\igfxdev.dll]  <Intel Corporation><3,0,0,2039>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <N/A><2, 0, 0, 1013>
    [C:\PROGRA~1\3721\helper.dll]  <N/A><1, 0, 8, 1014>
    [C:\WINDOWS\System32\igfxsrvc.dll]  <Intel Corporation><3,0,0,2039>
    [C:\WINDOWS\System32\igfxres.dll]  <Intel Corporation><3,0,0,2039>
    [C:\WINDOWS\System32\igfxress.dll]  <Intel Corporation><3,0,0,2039>

[PID: 420][C:\WINDOWS\System32\hkcmd.exe]  <Intel Corporation><3,0,0,2039>
    [C:\WINDOWS\System32\hccutils.DLL]  <Intel Corporation><3,0,0,2039>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 1, 9>
    [C:\WINDOWS\System32\igfxdev.dll]  <Intel Corporation><3,0,0,2039>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <N/A><2, 0, 0, 1013>
    [C:\PROGRA~1\3721\helper.dll]  <N/A><1, 0, 8, 1014>
    [C:\WINDOWS\System32\igfxsrvc.dll]  <Intel Corporation><3,0,0,2039>
    [C:\WINDOWS\System32\igfxhk.dll]  <Intel Corporation><3,0,0,2039>
    [C:\WINDOWS\System32\igfxres.dll]  <Intel Corporation><3,0,0,2039>
[PID: 428][C:\WINDOWS\SOUNDMAN.EXE]  <Realtek Semiconductor Corp.><5.0.14>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 1, 9>
[PID: 436][C:\WINDOWS\AGRSMMSG.exe]  <Agere Systems><2.1.23 2.1.23 01/22/2003 17:47:39>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 1, 9>
[PID: 444][C:\WINDOWS\system32\rundll32.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\PROGRA~1\3721\helper.dll]  <N/A><1, 0, 8, 1014>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 1, 9>
    [C:\PROGRA~1\3721\AutoLive.dll]  <N/A><1, 1, 2, 1023>
    [C:\PROGRA~1\3721\alLiveEx.dll]  < ><1, 0, 2, 1005>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <N/A><2, 0, 0, 1013>
    [C:\PROGRA~1\3721\notifier.dll]  <N/A><1, 0, 0, 5>
[PID: 464][C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 39>
    [C:\PROGRA~1\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
    [C:\PROGRA~1\RISING\RAV\RSAPPMGR.DLL]  <Rising Corp.><17, 0, 0, 7>
    [C:\PROGRA~1\RISING\RAV\CfgDll.dll]  <rising><17, 0, 0, 60>
    [C:\PROGRA~1\RISING\RAV\RsCommX.dll]  <rising><17, 0, 0, 3>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 1, 9>
[PID: 472][C:\PROGRA~1\RISING\RAV\RAVMON.EXE]  <Beijing Rising Technology Co., Ltd.><17, 0, 1, 37>
    [C:\PROGRA~1\RISING\RAV\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 40>
    [C:\PROGRA~1\RISING\RAV\RSAPPMGR.DLL]  <Rising Corp.><17, 0, 0, 7>
    [C:\PROGRA~1\RISING\RAV\CfgDll.dll]  <rising><17, 0, 0, 60>
    [C:\PROGRA~1\RISING\RAV\RsCommX.dll]  <rising><17, 0, 0, 3>
    [C:\PROGRA~1\RISING\RAV\PngDll.dll]  <Rising><17, 0, 0, 2>
    [C:\PROGRA~1\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
    [C:\PROGRA~1\3721\helper.dll]  <N/A><1, 0, 8, 1014>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 1, 9>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <N/A><2, 0, 0, 1013>
[PID: 484][C:\WINDOWS\VM_STI.EXE]  <VM.><4.2.610.4>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 1, 9>
    [C:\PROGRA~1\3721\helper.dll]  <N/A><1, 0, 8, 1014>
    [C:\WINDOWS\System32\msdmo.dll]  <N/A><N/A>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <N/A><2, 0, 0, 1013>
[PID: 492][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3249>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 1, 9>
    [C:\PROGRA~1\3721\helper.dll]  <N/A><1, 0, 8, 1014>
[PID: 540][D:\DownLoads\daemon.exe]  <DAEMON'S HOME><3.47.0.0>
    [C:\WINDOWS\daemon.dll]  <N/A><3.47.0.0>
    [D:\DownLoads\PFCTOC.DLL]  <Padus(R), Inc.><1, 0, 0, 12>
    [D:\DownLoads\Plugins\Images\bw5mount.dll]  <N/A><1.0.2.0>
    [D:\DownLoads\Plugins\Images\ccdmount.dll]  <GENERIC><1.02.0.0>
    [D:\DownLoads\Plugins\Images\mdsmount.dll]  <GENERIC><1.01.0.0>
    [D:\DownLoads\Plugins\Images\nrgmount.dll]  <GENERIC><1.02.0.0>
    [D:\DownLoads\Plugins\Images\pdimount.dll]  <GENERIC><1.01.0.0>
    [C:\PROGRA~1\3721\helper.dll]  <N/A><1, 0, 8, 1014>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 1, 9>
[PID: 384][C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe]  < ><2, 0, 0, 1002>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <N/A><2, 0, 0, 1013>
    [C:\PROGRA~1\3721\helper.dll]  <N/A><1, 0, 8, 1014>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 1, 9>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <N/A><2, 0, 4, 1030>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 0, 1006>
    [C:\Program Files\Yahoo!\Assistant\yNotifier.dll]  <N/A><1, 0, 0, 5>
[PID: 1132][C:\WINDOWS\System32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <N/A><2, 0, 0, 1013>
    [C:\PROGRA~1\3721\helper.dll]  <N/A><1, 0, 8, 1014>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 1, 9>
[PID: 1472][C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe]  <N/A><1.0>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <N/A><2, 0, 0, 1013>
    [C:\PROGRA~1\3721\helper.dll]  <N/A><1, 0, 8, 1014>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 1, 9>
[PID: 1532][E:\20b2709a537a077bd1\product\QQ.exe]  <TENCENT><14, 19, 0, 220>
    [E:\20b2709a537a077bd1\product\QQBaseClassInDll.dll]  <N/A><1, 0, 0, 1>
    [E:\20b2709a537a077bd1\product\QQHelperDll.dll]  <N/A><1, 0, 0, 1>
    [E:\20b2709a537a077bd1\product\BasicCtrlDll.dll]  <Tencent><0, 3, 2, 9>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <N/A><2, 0, 0, 1013>
    [C:\PROGRA~1\3721\helper.dll]  <N/A><1, 0, 8, 1014>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 1, 9>
    [E:\20b2709a537a077bd1\product\QQAPI.dll]  <N/A><1, 0, 0, 1>
    [E:\20b2709a537a077bd1\product\TIMProxy.dll]  <tencent><0, 3, 2, 4>
    [E:\20b2709a537a077bd1\product\LoginCtrl.dll]  <N/A><1, 0, 0, 1>
    [E:\20b2709a537a077bd1\product\npkcntc.dll]  <INCA Internet Co., Ltd.><2005, 9, 1, 1>
    [E:\20b2709a537a077bd1\product\npkpdb.dll]  <INCA Internet Co., Ltd.><2003, 10, 1, 1>
    [E:\20b2709a537a077bd1\product\QQRes.dll]  <tencent><1, 0, 0, 1>
    [E:\20b2709a537a077bd1\product\QQMainFrame.dll]  <N/A><N/A>
    [E:\20b2709a537a077bd1\product\CQQApplication.dll]  <N/A><N/A>
    [E:\20b2709a537a077bd1\product\NewSkin.dll]  <N/A><1, 0, 0, 1>
    [E:\20b2709a537a077bd1\product\MailSummary.dll]  <N/A><1, 0, 0, 1>

【回复“duoo”的帖子】
删除这个启动项:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<DAEMON Tools-2052><"D:\DownLoads\daemon.exe" -lang 2052>

删除这个服务:
[Rdps / Remote procedure Call(Rdps)]
<C:\WINDOWS\Mstaks.exe><N/A>

删除浏览器加载项:
[Google Toolbar Helper]
<c:\program files\google\googletoolbar2.dll>
[DragSearch BHO]
<C:\PROGRA~1\yisou\yisoub.dll>
[手机短信]
<http://sms.3721.com/ie/index.htm?pid=U_3721_assist>
[寻宝乐趣多]
<http://hot.3721.com/rd/shop_btn.htm>

-------------
建议使用一下IE修复.

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<helperdll><Rundll32 C:\WINDOWS\System32\drivers\Pupw.sys,Rundll32>
这一项有问题……
删除
C:\WINDOWS\System32\drivers\Pupw.sys


服务
[Rdps / Remote procedure Call(Rdps)]
<C:\WINDOWS\Mstaks.exe><N/A>


这一项也比较可疑

没用，IE修复广告还在

服务
[Rdps / Remote procedure Call(Rdps)]
<C:\WINDOWS\Mstaks.exe><N/A>
我文件删除掉了呀在安全模式下，

【回复“duoo”的帖子】
参考魔法版主的意见..

C:\WINDOWS\System32\drivers\Pupw.sys
这一项删了吗？

Mstaks.exe您无法确定的话，请压缩打包，密码设为：virus
发到：lymofaxuetu@163.com

我电脑的问题和搂主的一样，请大家帮我看看，非常感谢！我删了
Mstaks.exe, Habast.exe,vkclient.exe, 可是删不掉，实在是不想重装，麻烦大家了！

Logfile of HijackThis v1.99.2
Scan saved at 17:17:27, on 2005-11-16
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\zt\LOCALS~1\Temp\HijackThis.exe
C:\WINNT\system32\Rundll32.exe
C:\WINNT\system32\Rundll32.exe

R3 - Default URLSearchHook is missing
O2 - BHO: BrowserHAP Class - {AEF6F648-78D8-4456-BEE7-5ADE23D209FD} - C:\Program Files\HBClient\hapast.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] ; C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [IMSCMig] ; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [vptray] ; C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SoundMan] ; SOUNDMAN.EXE
O4 - HKLM\..\Run: [Cmaudio] ; RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StatusClient 2.6] ; C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] ; C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] ; "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [hbpassport] C:\PROGRA~1\HBCLIENT\hbast.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] ; "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NETANTS\NAGet.htm
O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NETANTS\NAGetAll.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E196339C-5255-42C3-9C37-D9A36561E15F}: NameServer = 202.96.134.133,202.96.128.166
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe

按照魔法说的删了Pupw.sys，广告象膏药一样粘在桌面，除非你点到广告连接的这个讨厌网站http://www.smscn.be/
我是除不了它了，希望大家注意哦！~~~~