电脑中招  才疏学浅  各位高手帮帮小弟。谢谢！！！！
Logfile of HijackThis v1.99.0
Scan saved at 20:22:21, on 2006-1-6
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\csrss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\Program Files\rising\Rav\CCenter.exe
C:\Program Files\rising\Rav\Ravmond.exe
C:\winnt\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\winnt\system32\regsvc.exe
C:\winnt\system32\MSTask.exe
C:\winnt\System32\WBEM\WinMgmt.exe
C:\winnt\system32\mspmspsv.exe
C:\winnt\system32\svchost.exe
C:\Program Files\rising\Rav\RavStub.exe
C:\winnt\Explorer.EXE
C:\winnt\system32\Rundll32.exe
C:\winnt\SOUNDMAN.EXE
C:\WINNT\System32\khooker.exe
C:\Program Files\rising\Rfw\Rfw.exe
C:\winnt\system32\rundll32.exe
C:\Program Files\rising\Rav\RavTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\iefresh.exe
C:\Program Files\rising\Rav\Ravmon.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\winnt\system32\internat.exe
C:\winnt\system32\conime.exe
F:\sr\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O1 - Hosts: 218.5.76.51 flash8.net
O1 - Hosts: 218.5.76.51 www.flash8.net
O1 - Hosts: 218.5.76.51 flash8.net
O1 - Hosts: 218.5.76.51 www.flash8.net
O1 - Hosts: 218.5.76.51 mop.com
O1 - Hosts: 218.5.76.51 www.mop.com
O1 - Hosts: 218.5.76.51 mop.com
O1 - Hosts: 218.5.76.51 www.mop.com
O1 - Hosts: 218.5.76.51 tianyaclub.com
O1 - Hosts: 218.5.76.51 www.tianyaclub.com
O1 - Hosts: 218.5.76.51 tianyaclub.com
O1 - Hosts: 218.5.76.51 www.tianyaclub.com
O1 - Hosts: 218.5.76.51 xici.net
O1 - Hosts: 218.5.76.51 www.xici.net
O1 - Hosts: 218.5.76.51 xici.net
O1 - Hosts: 218.5.76.51 www.xici.net
O1 - Hosts: 218.5.76.51 ucanlove.com
O1 - Hosts: 218.5.76.51 www.ucanlove.com
O1 - Hosts: 218.5.76.51 ucanlove.com
O1 - Hosts: 218.5.76.51 www.ucanlove.com
O1 - Hosts: 218.5.76.51 cmfu.com
O1 - Hosts: 218.5.76.51 www.cmfu.com
O1 - Hosts: 218.5.76.51 cmfu.com
O1 - Hosts: 218.5.76.51 www.cmfu.com
O1 - Hosts: 218.5.76.51 21red.net
O1 - Hosts: 218.5.76.51 www.21red.net
O1 - Hosts: 218.5.76.51 21red.net
O1 - Hosts: 218.5.76.51 www.21red.net
O1 - Hosts: 218.5.76.51 pconline.com.cn
O1 - Hosts: 218.5.76.51 www.pconline.com.cn
O1 - Hosts: 218.5.76.51 pconline.com.cn
O1 - Hosts: 218.5.76.51 www.pconline.com.cn
O1 - Hosts: 218.5.76.51 donews.com
O1 - Hosts: 218.5.76.51 www.donews.com
O1 - Hosts: 218.5.76.51 donews.com
O1 - Hosts: 218.5.76.51 www.donews.com
O1 - Hosts: 218.5.76.51 pcauto.com.cn
O1 - Hosts: 218.5.76.51 www.pcauto.com.cn
O1 - Hosts: 218.5.76.51 pcauto.com.cn
O1 - Hosts: 218.5.76.51 www.pcauto.com.cn
O1 - Hosts: 218.5.76.51 265.com
O1 - Hosts: 218.5.76.51 www.265.com
O1 - Hosts: 218.5.76.51 265.com
O1 - Hosts: 218.5.76.51 www.265.com
O1 - Hosts: 218.5.76.51 wo99.com
O1 - Hosts: 218.5.76.51 www.wo99.com
O1 - Hosts: 218.5.76.51 wo99.com
O1 - Hosts: 218.5.76.51 www.wo99.com
O1 - Hosts: 218.5.76.51 familydoctor.com.cn
O1 - Hosts: 218.5.76.51 www.familydoctor.com.cn
O1 - Hosts: 218.5.76.51 familydoctor.com.cn
O1 - Hosts: 218.5.76.51 www.familydoctor.com.cn
O1 - Hosts: 218.5.76.51 flashempire.com
O1 - Hosts: 218.5.76.51 www.flashempire.com
O1 - Hosts: 218.5.76.51 flashempire.com
O1 - Hosts: 218.5.76.51 www.flashempire.com
O1 - Hosts: 218.5.76.51 showgood.tv
O1 - Hosts: 218.5.76.51 www.showgood.tv
O1 - Hosts: 218.5.76.51 showgood.tv
O1 - Hosts: 218.5.76.51 www.showgood.tv
O1 - Hosts: 218.5.76.51 flashfan.net
O1 - Hosts: 218.5.76.51 www.flashfan.net
O1 - Hosts: 218.5.76.51 flashfan.net
O1 - Hosts: 218.5.76.51 www.flashfan.net
O1 - Hosts: 218.5.76.51 long21.net
O1 - Hosts: 218.5.76.51 www.long21.net
O1 - Hosts: 218.5.76.51 long21.net
O1 - Hosts: 218.5.76.51 www.long21.net
O1 - Hosts: 218.5.76.51 sowww.com
O1 - Hosts: 218.5.76.51 www.sowww.com
O1 - Hosts: 218.5.76.51 sowww.com
O1 - Hosts: 218.5.76.51 www.sowww.com
O1 - Hosts: 218.5.76.51 flashhome.net
O1 - Hosts: 218.5.76.51 www.flashhome.net
O1 - Hosts: 218.5.76.51 flashhome.net
O1 - Hosts: 218.5.76.51 www.flashhome.net
O1 - Hosts: 218.5.76.51 cnflash.net
O1 - Hosts: 218.5.76.51 www.cnflash.net
O1 - Hosts: 218.5.76.51 cnflash.net
O1 - Hosts: 218.5.76.51 www.cnflash.net
O1 - Hosts: 218.5.76.51 flashsky.com
O1 - Hosts: 218.5.76.51 www.flashsky.com
O1 - Hosts: 218.5.76.51 flashsky.com
O1 - Hosts: 218.5.76.51 www.flashsky.com
O1 - Hosts: 218.5.76.51 hunansky.com
O1 - Hosts: 218.5.76.51 www.hunansky.com
O1 - Hosts: 218.5.76.51 hunansky.com
O1 - Hosts: 218.5.76.51 www.hunansky.com
O1 - Hosts: 218.5.76.51 52flash.net
O1 - Hosts: 218.5.76.51 www.52flash.net
O1 - Hosts: 218.5.76.51 52flash.net
O1 - Hosts: 218.5.76.51 www.52flash.net
O1 - Hosts: 218.5.76.51 flashh.com
O1 - Hosts: 218.5.76.51 www.flashh.com
O1 - Hosts: 218.5.76.51 flashh.com
O1 - Hosts: 218.5.76.51 www.flashh.com
O1 - Hosts: 218.5.76.51 flashsun.com
O1 - Hosts: 218.5.76.51 www.flashsun.com
O1 - Hosts: 218.5.76.51 flashsun.com
O1 - Hosts: 218.5.76.51 www.flashsun.com
O1 - Hosts: 218.5.76.51 7k7k.com
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\winnt\system32\xunleibho_v5.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F57} - C:\WINNT\system32\THUNDE~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\qq\QQIEHelper.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {D032570A-5F63-4812-A094-87D007C23012} - C:\WINNT\system32\IEBHO.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\DOWNLO~1\CnsHook.dll
O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\yisou\yisoub.dll
O3 - Toolbar: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\yisou\yisou.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O3 - Toolbar: 网络钓鱼克星 - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\WINNT\system32\MainIEBand.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [rfw] C:\Program Files\rising\Rfw\Rfw.exe
O4 - HKLM\..\Run: [helper.dll] C:\winnt\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [NetUpdate] C:\winnt\system32\NetUpdate.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [exporesh] C:\iefresh.exe
O4 - HKLM\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [Super Rabbit SRRestore] C:\PROGRA~1\SUPERR~1\Superr\SRRest.exe /FIRST
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat
O8 - Extra context menu item: !搜一搜 - res://C:\Program Files\yisou\yisou.dll/232
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\winnt\web\related.htm
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\winnt\web\related.htm
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: easyabc.95599.cn
O15 - Trusted Zone: www.95599.cn
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/aliedit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B57EBE05-508C-44B4-826F-9BDFBA5EB4CD}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: KB8965882.LOG
O21 - SSODL: SysTrays - {590498A3-4131-4D8F-BA4B-36791A9803B1} - (no file)
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\winnt\System32\dmadmin.exe
O23 - Service: Rising Process Communication Center - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe

重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows

运行Hijackthis，扫描结束后在下列选项前打上勾，然后选修复“Fix Checked”：

所有01项
O2 - BHO: (no name) - {D032570A-5F63-4812-A094-87D007C23012} - C:\WINNT\system32\IEBHO.dll
O4 - HKLM\..\Run: [NetUpdate] C:\winnt\system32\NetUpdate.exe
O4 - HKLM\..\Run: [exporesh] C:\iefresh.exe
O4 - HKLM\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat
O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat
O20 - AppInit_DLLs: KB8965882.LOG
O21 - SSODL: SysTrays - {590498A3-4131-4D8F-BA4B-36791A9803B1} - (no file)

显示隐藏文件

双击我的电脑--工具---文件夹选项--查看选项卡--单击选取"显示隐藏文件或文件夹"--清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示您确定更改时，单击“是”--单击“确定”。

然后找到如下文件并删除（如果有的话）。

C:\WINNT\system32\IEBHO.dll
C:\winnt\system32\NetUpdate.exe
C:\iefresh.exe
C:\$NtUninstallQ5926809$\整个目录
KB8965882.LOG（请用开始菜单中的搜索功能查找）

浏览器被劫了，网址是http://bbs.34158.com 带色情广告 家里有小朋友 气死人了 迫切需要大家帮忙

谢谢版主的仗义相助，但是问题还是没有解决，是不是我贴的分析不够详细？劳驾您再帮我看看。
Logfile of HijackThis v1.99.0
Scan saved at 22:14:31, on 2006-1-6
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\csrss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\Program Files\rising\Rav\CCenter.exe
C:\Program Files\rising\Rav\Ravmond.exe
C:\winnt\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\winnt\system32\regsvc.exe
C:\winnt\system32\MSTask.exe
C:\winnt\System32\WBEM\WinMgmt.exe
C:\winnt\system32\mspmspsv.exe
C:\winnt\system32\svchost.exe
C:\Program Files\rising\Rav\RavStub.exe
C:\winnt\Explorer.EXE
C:\winnt\system32\Rundll32.exe
C:\winnt\SOUNDMAN.EXE
C:\WINNT\System32\khooker.exe
C:\Program Files\rising\Rfw\Rfw.exe
C:\winnt\system32\rundll32.exe
C:\Program Files\rising\Rav\RavTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\rising\Rav\Ravmon.exe
C:\winnt\system32\internat.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\winnt\system32\UPEngine.EXE
F:\sr\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O1 - Hosts: 218.5.76.51 flash8.net
O1 - Hosts: 218.5.76.51 www.flash8.net
O1 - Hosts: 218.5.76.51 flash8.net
O1 - Hosts: 218.5.76.51 www.flash8.net
O1 - Hosts: 218.5.76.51 mop.com
O1 - Hosts: 218.5.76.51 www.mop.com
O1 - Hosts: 218.5.76.51 mop.com
O1 - Hosts: 218.5.76.51 www.mop.com
O1 - Hosts: 218.5.76.51 tianyaclub.com
O1 - Hosts: 218.5.76.51 www.tianyaclub.com
O1 - Hosts: 218.5.76.51 tianyaclub.com
O1 - Hosts: 218.5.76.51 www.tianyaclub.com
O1 - Hosts: 218.5.76.51 xici.net
O1 - Hosts: 218.5.76.51 www.xici.net
O1 - Hosts: 218.5.76.51 xici.net
O1 - Hosts: 218.5.76.51 www.xici.net
O1 - Hosts: 218.5.76.51 ucanlove.com
O1 - Hosts: 218.5.76.51 www.ucanlove.com
O1 - Hosts: 218.5.76.51 ucanlove.com
O1 - Hosts: 218.5.76.51 www.ucanlove.com
O1 - Hosts: 218.5.76.51 cmfu.com
O1 - Hosts: 218.5.76.51 www.cmfu.com
O1 - Hosts: 218.5.76.51 cmfu.com
O1 - Hosts: 218.5.76.51 www.cmfu.com
O1 - Hosts: 218.5.76.51 21red.net
O1 - Hosts: 218.5.76.51 www.21red.net
O1 - Hosts: 218.5.76.51 21red.net
O1 - Hosts: 218.5.76.51 www.21red.net
O1 - Hosts: 218.5.76.51 pconline.com.cn
O1 - Hosts: 218.5.76.51 www.pconline.com.cn
O1 - Hosts: 218.5.76.51 pconline.com.cn
O1 - Hosts: 218.5.76.51 www.pconline.com.cn
O1 - Hosts: 218.5.76.51 donews.com
O1 - Hosts: 218.5.76.51 www.donews.com
O1 - Hosts: 218.5.76.51 donews.com
O1 - Hosts: 218.5.76.51 www.donews.com
O1 - Hosts: 218.5.76.51 pcauto.com.cn
O1 - Hosts: 218.5.76.51 www.pcauto.com.cn
O1 - Hosts: 218.5.76.51 pcauto.com.cn
O1 - Hosts: 218.5.76.51 www.pcauto.com.cn
O1 - Hosts: 218.5.76.51 265.com
O1 - Hosts: 218.5.76.51 www.265.com
O1 - Hosts: 218.5.76.51 265.com
O1 - Hosts: 218.5.76.51 www.265.com
O1 - Hosts: 218.5.76.51 wo99.com
O1 - Hosts: 218.5.76.51 www.wo99.com
O1 - Hosts: 218.5.76.51 wo99.com
O1 - Hosts: 218.5.76.51 www.wo99.com
O1 - Hosts: 218.5.76.51 familydoctor.com.cn
O1 - Hosts: 218.5.76.51 www.familydoctor.com.cn
O1 - Hosts: 218.5.76.51 familydoctor.com.cn
O1 - Hosts: 218.5.76.51 www.familydoctor.com.cn
O1 - Hosts: 218.5.76.51 flashempire.com
O1 - Hosts: 218.5.76.51 www.flashempire.com
O1 - Hosts: 218.5.76.51 flashempire.com
O1 - Hosts: 218.5.76.51 www.flashempire.com
O1 - Hosts: 218.5.76.51 showgood.tv
O1 - Hosts: 218.5.76.51 www.showgood.tv
O1 - Hosts: 218.5.76.51 showgood.tv
O1 - Hosts: 218.5.76.51 www.showgood.tv
O1 - Hosts: 218.5.76.51 flashfan.net
O1 - Hosts: 218.5.76.51 www.flashfan.net
O1 - Hosts: 218.5.76.51 flashfan.net
O1 - Hosts: 218.5.76.51 www.flashfan.net
O1 - Hosts: 218.5.76.51 long21.net
O1 - Hosts: 218.5.76.51 www.long21.net
O1 - Hosts: 218.5.76.51 long21.net
O1 - Hosts: 218.5.76.51 www.long21.net
O1 - Hosts: 218.5.76.51 sowww.com
O1 - Hosts: 218.5.76.51 www.sowww.com
O1 - Hosts: 218.5.76.51 sowww.com
O1 - Hosts: 218.5.76.51 www.sowww.com
O1 - Hosts: 218.5.76.51 flashhome.net
O1 - Hosts: 218.5.76.51 www.flashhome.net
O1 - Hosts: 218.5.76.51 flashhome.net
O1 - Hosts: 218.5.76.51 www.flashhome.net
O1 - Hosts: 218.5.76.51 cnflash.net
O1 - Hosts: 218.5.76.51 www.cnflash.net
O1 - Hosts: 218.5.76.51 cnflash.net
O1 - Hosts: 218.5.76.51 www.cnflash.net
O1 - Hosts: 218.5.76.51 flashsky.com
O1 - Hosts: 218.5.76.51 www.flashsky.com
O1 - Hosts: 218.5.76.51 flashsky.com
O1 - Hosts: 218.5.76.51 www.flashsky.com
O1 - Hosts: 218.5.76.51 hunansky.com
O1 - Hosts: 218.5.76.51 www.hunansky.com
O1 - Hosts: 218.5.76.51 hunansky.com
O1 - Hosts: 218.5.76.51 www.hunansky.com
O1 - Hosts: 218.5.76.51 52flash.net
O1 - Hosts: 218.5.76.51 www.52flash.net
O1 - Hosts: 218.5.76.51 52flash.net
O1 - Hosts: 218.5.76.51 www.52flash.net
O1 - Hosts: 218.5.76.51 flashh.com
O1 - Hosts: 218.5.76.51 www.flashh.com
O1 - Hosts: 218.5.76.51 flashh.com
O1 - Hosts: 218.5.76.51 www.flashh.com
O1 - Hosts: 218.5.76.51 flashsun.com
O1 - Hosts: 218.5.76.51 www.flashsun.com
O1 - Hosts: 218.5.76.51 flashsun.com
O1 - Hosts: 218.5.76.51 www.flashsun.com
O1 - Hosts: 218.5.76.51 7k7k.com
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\winnt\system32\xunleibho_v5.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F57} - C:\WINNT\system32\THUNDE~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\qq\QQIEHelper.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\DOWNLO~1\CnsHook.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: 网络钓鱼克星 - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\WINNT\system32\MainIEBand.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [rfw] C:\Program Files\rising\Rfw\Rfw.exe
O4 - HKLM\..\Run: [helper.dll] C:\winnt\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Super Rabbit SRRestore] C:\PROGRA~1\SUPERR~1\Superr\SRRest.exe /autosave
O4 - HKLM\..\Run: [NetUpdate] C:\winnt\system32\NetUpdate.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\winnt\web\related.htm
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\winnt\web\related.htm
O11 - Options group: [!CNS]  网络实名
O15 - Trusted Zone: easyabc.95599.cn
O15 - Trusted Zone: www.95599.cn
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/aliedit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B57EBE05-508C-44B4-826F-9BDFBA5EB4CD}: NameServer = 192.168.1.1
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\winnt\System32\dmadmin.exe
O23 - Service: Rising Process Communication Center - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe

谢谢版主，问题解决了，是我自己没有把主页改回来。

再次感谢！！！

安全模式下

修复

所有01项
O4 - HKLM\..\Run: [NetUpdate] C:\winnt\system32\NetUpdate.exe

删除

C:\winnt\system32\NetUpdate.exe

（删除前，麻烦您将这个文件压缩打包，压缩密码设为：virus  发到我的邮箱lymofa@yahoo.com.cn）

版主，按照你的第二套方案执行了，问题还是没有解决，另外NetUpdate.exe已经在第一次修改中删除了，我没有在电脑中找到，没法传给你。您再帮我分析一下，谢谢！！
Logfile of HijackThis v1.99.0
Scan saved at 23:17:02, on 2006-1-6
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\csrss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\Program Files\rising\Rav\CCenter.exe
C:\Program Files\rising\Rav\Ravmond.exe
C:\winnt\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\winnt\system32\regsvc.exe
C:\winnt\system32\MSTask.exe
C:\winnt\System32\WBEM\WinMgmt.exe
C:\winnt\system32\mspmspsv.exe
C:\winnt\system32\svchost.exe
C:\Program Files\rising\Rav\RavStub.exe
C:\winnt\Explorer.EXE
C:\winnt\system32\Rundll32.exe
C:\winnt\SOUNDMAN.EXE
C:\WINNT\System32\khooker.exe
C:\Program Files\rising\Rfw\Rfw.exe
C:\Program Files\rising\Rav\RavTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\rising\Rav\Ravmon.exe
C:\winnt\system32\internat.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\winnt\system32\UPEngine.EXE
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
F:\sr\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\winnt\system32\xunleibho_v5.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F57} - C:\WINNT\system32\THUNDE~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\qq\QQIEHelper.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\DOWNLO~1\CnsHook.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [rfw] C:\Program Files\rising\Rfw\Rfw.exe
O4 - HKLM\..\Run: [helper.dll] C:\winnt\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Super Rabbit SRRestore] C:\PROGRA~1\SUPERR~1\Superr\SRRest.exe /autosave
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\winnt\web\related.htm
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\winnt\web\related.htm
O11 - Options group: [!CNS]  网络实名
O15 - Trusted Zone: easyabc.95599.cn
O15 - Trusted Zone: www.95599.cn
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/aliedit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B57EBE05-508C-44B4-826F-9BDFBA5EB4CD}: NameServer = 192.168.1.1
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\winnt\System32\dmadmin.exe
O23 - Service: Rising Process Communication Center - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe

log已无异常

问题仍在的话，请用System Repair Engineer扫个log贴上来

下载地址见置顶贴
[必读]本版说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931

魔法版主，已经按照你的方法做了，您帮着看看是不是这些，谢谢！log太长了，我分段发表
ystem Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows 2000 Professional Service Pack 4 - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <Internat.exe><internat.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Synchronization Manager><mobsync.exe /logon>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <SoundMan><SOUNDMAN.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <SiS KHooker><C:\WINNT\System32\khooker.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <rfw><C:\Program Files\rising\Rfw\Rfw.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <helper.dll><C:\winnt\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <CnsMin><Rundll32.exe C:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RavTask><"C:\Program Files\rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Super Rabbit SRRestore><C:\PROGRA~1\SUPERR~1\Superr\SRRest.exe /autosave>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
  <INET><C:\WINNT\system32\INETSRV\inetsync.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINNT\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

==================================
启动文件夹
服务
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\winnt\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"C:\Program Files\rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\winnt\system32\xunleibho_v5.dll, >
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F57} <C:\WINNT\system32\THUNDE~1.DLL, >
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, N/A>
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[]
  {53707962-6F74-2D53-2644-206D7942484F} <C:\Program Files\Spybot - Search & Destroy\SDHelper.dll, Safer Networking Limited>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <E:\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FlashGet\jccatch.dll, Amaze Soft>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINNT\DOWNLO~1\CnsHook.dll, 北京三七二一科技有限公司>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\winnt\system32\aliedit\AliEdit.dll, www.alipay.com>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>

================================
正在运行的进程
[PID: 156][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 112][\??\C:\winnt\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 196][\??\C:\winnt\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6898>
[PID: 224][C:\winnt\system32\services.exe]  <Microsoft Corporation><5.00.2195.6700>
    [C:\winnt\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 236][C:\winnt\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.6902>
[PID: 404][C:\winnt\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 432][C:\Program Files\rising\Rav\CCenter.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 448][C:\Program Files\rising\Rav\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 6>
    [C:\Program Files\rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [C:\Program Files\rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\rising\Rav\RsLog.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
    [C:\Program Files\rising\Rav\HOOKSYS.dll]  <Rising><18, 1, 0, 9>
    [C:\Program Files\rising\Rav\Scanner.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28>
    [C:\Program Files\rising\Rav\libload.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\rising\Rav\VirusLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\rising\Rav\regmon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\Program Files\rising\Rav\HookWeb.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\rising\Rav\MemMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 8>
    [C:\Program Files\rising\Rav\expscan.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\rising\Rav\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
    [C:\Program Files\rising\Rav\MailMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\Program Files\rising\Rav\SpamEng.dll]  <N/A><18, 0, 0, 4>
    [C:\Program Files\rising\Rav\engine.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [C:\Program Files\rising\Rav\PostTrt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\Program Files\rising\Rav\UnExe.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\Program Files\rising\Rav\ScanExec.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\Program Files\rising\Rav\ScanEx.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\Program Files\rising\Rav\NvFile.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [C:\Program Files\rising\Rav\ScanMac.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [C:\Program Files\rising\Rav\ScanSct.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\rising\Rav\Unpacker.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 492][C:\winnt\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.6659>
[PID: 524][C:\WINNT\System32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 576][C:\winnt\system32\regsvc.exe]  <Microsoft Corporation><5.00.2195.6701>
[PID: 588][C:\winnt\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6704>
[PID: 688][C:\winnt\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
[PID: 720][C:\winnt\system32\mspmspsv.exe]  <Microsoft Corporation><7.10.00.3059>
[PID: 732][C:\winnt\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 812][C:\Program Files\rising\Rav\RavStub.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [C:\Program Files\rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1020][C:\winnt\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [C:\WINNT\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 3>
    [C:\WINNT\DOWNLO~1\CnsHook.dll]  <北京三七二一科技有限公司><1, 0, 2, 5>
    [C:\winnt\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
    [C:\WINNT\system32\THUNDE~1.DLL]  <><4, 0, 3, 21>
    [C:\PROGRA~1\baidu\bar\baidubar.dll]  <Baidu.com, Inc.><2, 0, 2, 60>
    [C:\PROGRA~1\FlashGet\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
[PID: 1092][C:\winnt\system32\Rundll32.exe]  <Microsoft Corporation><5.00.2134.1>
    [C:\WINNT\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 3>
[PID: 1172][C:\winnt\SOUNDMAN.EXE]  <Avance Logic, Inc.><5.0.07>
    [C:\WINNT\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 3>
[PID: 1196][C:\WINNT\System32\khooker.exe]  <Silicon Integrated Systems Corporation><5.13.01.2010>
    [C:\WINNT\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 3>
[PID: 1224][C:\Program Files\rising\Rfw\Rfw.exe]  <Rising tech Co. ltd><15, 0, 0, 16>
    [C:\Program Files\rising\Rfw\BmpFace.dll]  <><14, 0, 0, 2>
    [C:\Program Files\rising\Rfw\MVEngine.dll]  <瑞星科技股份有限公司><13, 0, 0, 82>
    [C:\Program Files\rising\Rfw\rfw.dll]  <N/A><N/A>
    [C:\Program Files\rising\Rfw\chn\rfw.lag]  <瑞星科技股份有限公司><15, 0, 0, 3>
    [C:\WINNT\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 3>
[PID: 912][C:\Program Files\rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\Program Files\rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\WINNT\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 3>
[PID: 1200][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3292>
    [C:\WINNT\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 3>
[PID: 1320][C:\Program Files\rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 99>
    [C:\Program Files\rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [C:\Program Files\rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [C:\Program Files\rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\WINNT\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 3>
[PID: 1328][C:\winnt\system32\internat.exe]  <Microsoft Corporation><5.00.2920.0000>
    [C:\WINNT\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 3>
[PID: 1260][C:\winnt\system32\conime.exe]  <Microsoft Corporation><5.00.2195.6655>
    [C:\WINNT\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 3>
[PID: 1392][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2600.0000>
    [C:\WINNT\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 3>
    [C:\WINNT\DOWNLO~1\CnsHint.dll]  <3721><1, 0, 0, 4>
    [C:\WINNT\DOWNLO~1\cnsplus.dll]  <3721><1, 0, 0, 2>
    [C:\PROGRA~1\baidu\bar\baidubar.dll]  <Baidu.com, Inc.><2, 0, 2, 60>
    [C:\winnt\system32\xunleibho_v5.dll]  <><4, 3, 3, 30>
    [C:\WINNT\system32\THUNDE~1.DLL]  <><4, 0, 3, 21>
    [c:\PROGRA~1\chinanet\VNETTR~1.DLL]  <><2004, 2, 21, 1>
    [c:\PROGRA~1\chinanet\Communicate.dll]  <0><2005, 3, 3, 1>
    [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  <><2004, 2, 28, 1>
    [C:\WINNT\DOWNLO~1\CnsHook.dll]  <北京三七二一科技有限公司><1, 0, 2, 5>
    [C:\Program Files\Spybot - Search & Destroy\SDHelper.dll]  <Safer Networking Limited><1, 3, 0, 12>
    [E:\qq\QQIEHelper.dll]  <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
    [C:\PROGRA~1\FlashGet\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [C:\WINNT\system32\macromed\flash\Flash.ocx]  <Macromedia, Inc.><7,0,19,0>
[PID: 1032][C:\Program Files\Windows NT\Accessories\WORDPAD.EXE]  <Microsoft Corporation><5.00.2170.1>
    [C:\WINNT\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 3>
[PID: 1432][F:\System Repair Engineer\SREng.exe]  <Smallfrogs Studio><2.0.12.350>
    [C:\WINNT\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 3>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  Error. [C:\WINNT\system32\WScript.exe "%1" %*]
.JS  Error. [C:\WINNT\system32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]