Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\winnt\system32\spoolsv.exe
C:\winnt\System32\svchost.exe
C:\winnt\system32\nvsvc32.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\winnt\system32\MSTask.exe
C:\WINNT\SYSTEM32\RUNDLL32.EXE
C:\Program Files\Common Files\COMM\Network.exe
C:\winnt\System32\WBEM\WinMgmt.exe
C:\winnt\system32\svchost.exe
C:\winnt\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\winnt\CSRSS.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\winnt\system32\Internat.exe
C:\Program Files\ChinaNet\VnetClient.exe
E:\传神外挂\main.dat
E:\传神外挂\main.dat
E:\传神外挂\main.dat
E:\传神外挂\main.dat
E:\传神外挂\main.dat
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\新建文件夹\CatchAll20050914\HijackThis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll
O2 - BHO: AntiFish Class - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [Trojan Program] C:\winnt\CSRSS.EXE
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\RunServices: [Trojan Program] C:\winnt\CSRSS.EXE
O4 - HKCU\..\Run: [Internat.exe] Internat.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O17 - HKLM\System\CCS\Services\Tcpip\..\{10DC6A38-1B7C-4DB5-BBB1-DF4B15B2E013}: NameServer = 218.85.157.99 202.101.98.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{A55A848B-0164-402A-AD58-5DA85321AF10}: NameServer = 202.101.98.55
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\winnt\System32\dmadmin.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\新建文件夹\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\winnt\system32\nvsvc32.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - C:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Network System (Universal Disk Manager) - COMENET TECHNOLOGY - C:\Program Files\Common Files\COMM\Network.exe

结束进程：C:\Program Files\Common Files\COMM\Network.exe
修复O23 - Service: Network System (Universal Disk Manager) - COMENET TECHNOLOGY - C:\Program Files\Common Files\COMM\Network.e
删除：C:\Program Files\Common Files\COMM文件夹
＝＝＝＝＝＝＝＝＝＝＝＝＝
C:\winnt\CSRSS.EXE
O4 - HKLM\..\Run: [Trojan Program] C:\winnt\CSRSS.EXE
O4 - HKLM\..\RunServices: [Trojan Program] C:\winnt\CSRSS.EXE

晕，这个可能很麻烦．
参考baohe斑斑的：《关于“一个超BT的传奇木马”CSRSS.EXE（兼答“花落花又开”）》
http://forum.ikaka.com/topic.asp?board=28&artid=7050264

另一参考帖子：花落花又开《机器中有“c\windows\csrss.exe”的朋友来看看。一个超BT的传奇木马。》
http://forum.ikaka.com/topic.asp?board=28&artid=7040084

我只是从表面上看象,要不请将此文件压缩打包发送到baohe斑竹的邮箱:baohelin@yahoo.com.cn,请baohe版主替你解疑

昏 不错我传奇号被到了N回了
姐姐帮我吖

斑竹有专帖了.我只是借花献佛.如果确认是斑竹上述帖子中说的BT东东,愚见还是GHOST吧.

昏啊  不要吧!!!!!!!麻烦死了
555555555

还有 结束进程：C:\Program Files\Common Files\COMM\Network.exe
老是拒绝访问!!!!!

禁用Network System 服务:

开始-运行，输入services.msc-服务---查找（Network System ）---右击---属性---启动类型---禁止---应用---停止.—确定

我在安全模式下修复了 也删除了!!!没事了吧 哥哥
但是我那个传奇木马怎么办吖

晕倒~~
不要光说不练
看前面的回帖