今天早上开机发现开机很慢..启动的软件也半天弹不出来.然后开任务管理器.发现了2个名为drwtsn32的进程.结束了这2个进程后.也不能去掉.但是就恢复正常.请高手指点迷津啊..



Logfile of HijackThis v1.99.1
Scan saved at 14:04:30, on 2006-12-2
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Rising\Rav\Rav.exe
E:\Tencent\QQ\TIMPlatform.exe
E:\Tencent\QQ\QQ.exe
E:\Tencent\TT\TTraveler.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\jujumao\桌面\HijackThis.exe

O1 - Hosts: 207.210.93.28 game01.us.segaonline.jp
O1 - Hosts: 207.210.93.28 patch01.us.segaonline.jp
O1 - Hosts: 207.134.231.160 game01.psobb.segaonline.jp
O1 - Hosts: 207.134.231.160 patch01.psobb.segaonline.jp
O1 - Hosts: 207.134.231.160 db.psobb.cn
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\BitComet\tools\BitCometBHO.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\Tencent\QQ\QQIEHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\Thunder\ComDlls\XunLeiBHO_002.dll
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: 腾讯QQ珊瑚虫版.lnk = E:\Tencent\QQ\CoralQQ.exe
O4 - Startup: 宽带连接.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &使用BitComet下载 - res://E:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &使用BitComet下载全部链接 - res://E:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &使用BitComet下载本页视频 - res://E:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &使用迅雷下载 - E:\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Tencent\QQ\SendMMS.htm
O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - E:\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - E:\Thunder\Thunder.exe
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\浩方对战平台\GameClient.exe
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\Tencent\QQ\QQIEHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093505610780
O17 - HKLM\System\CCS\Services\Tcpip\..\{71460994-A5CC-44CE-B911-60F0C55068CB}: NameServer = 61.144.56.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6B1F28F-00ED-4C9D-A941-4DE2E42893B8}: NameServer = 61.144.56.100 202.96.128.110
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - F:\KuGoo3\InExtend\KuGoo3DownXControl.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

Process list saved on 14:06:16, on 2006-12-2
Platform: Windows XP SP2 (WinNT 5.01.2600)

[pid][full path to filename][file version][company name]
444C:\WINDOWS\System32\smss.exe5.1.2600.2180Microsoft Corporation
528C:\WINDOWS\system32\winlogon.exe5.1.2600.2180Microsoft Corporation
572C:\WINDOWS\system32\services.exe5.1.2600.2180Microsoft Corporation
584C:\WINDOWS\system32\lsass.exe5.1.2600.2180Microsoft Corporation
732C:\WINDOWS\system32\svchost.exe5.1.2600.2180Microsoft Corporation
880C:\Program Files\Rising\Rav\CCenter.exe18.0.0.3Beijing Rising Technology Co., Ltd.
896C:\WINDOWS\System32\svchost.exe5.1.2600.2180Microsoft Corporation
1040C:\Program Files\Rising\Rav\Ravmond.exe18.0.1.47Beijing Rising Technology Co., Ltd.
1100c:\program files\rising\rfw\rfwsrv.exe4.0.0.33Beijing Rising Technology Co., Ltd.
1332C:\WINDOWS\system32\spoolsv.exe5.1.2600.2180Microsoft Corporation
1492c:\program files\rising\rfw\RfwMain.exe4.0.0.52Beijing Rising Technology Co., Ltd.
1568C:\Program Files\Rising\Rav\RavStub.exe18.0.0.16Beijing Rising Technology Co., Ltd.
292C:\Program Files\Rising\Rav\RavTask.exe18.0.0.22Beijing Rising Technology Co., Ltd.
404C:\Program Files\Rising\Rav\Ravmon.exe18.0.1.39Beijing Rising Technology Co., Ltd.
304C:\WINDOWS\SOUNDMAN.EXE5.1.0.11Realtek Semiconductor Corp.
1180C:\WINDOWS\system32\ctfmon.exe5.1.2600.2180Microsoft Corporation
828C:\WINDOWS\system32\wscntfy.exe5.1.2600.2180Microsoft Corporation
1828C:\WINDOWS\explorer.exe6.0.2900.2180Microsoft Corporation
1628C:\Program Files\Rising\Rav\Rav.exe18.0.0.75Beijing Rising Technology Co., Ltd.
2452E:\Tencent\QQ\TIMPlatform.exe0.3.1.8tencent
3172E:\Tencent\QQ\QQ.exe0.0.0.0TENCENT
3792E:\Tencent\TT\TTraveler.exe3.1.0.262腾讯公司
3860C:\WINDOWS\system32\taskmgr.exe5.1.2600.2180Microsoft Corporation
2548C:\Documents and Settings\jujumao\桌面\HijackThis.exe1.99.0.1Soeperman Enterprises Ltd.


DLLs loaded by process C:\Program Files\Rising\Rav\Rav.exe:

[full path to filename][file version][company name]
C:\WINDOWS\system32\ntdll.dll5.1.2600.2180Microsoft Corporation
C:\WINDOWS\system32\kernel32.dll5.1.2600.2180Microsoft Corporation
C:\WINDOWS\system32\USER32.dll5.1.2600.2180Microsoft Corporation
C:\WINDOWS\system32\GDI32.dll5.1.2600.2180Microsoft Corporation
C:\WINDOWS\system32\ADVAPI32.dll5.1.2600.2180Microsoft Corporation
C:\WINDOWS\system32\RPCRT4.dll5.1.2600.2180Microsoft Corporation
C:\WINDOWS\system32\IMM32.DLL5.1.2600.2180Microsoft Corporation
C:\WINDOWS\system32\LPK.DLL5.1.2600.2180Microsoft Corporation
C:\WINDOWS\system32\USP10.dll1.420.2600.2180Microsoft Corporation
C:\WINDOWS\system32\msvcrt.dll7.0.2600.2180Microsoft Corporation
C:\WINDOWS\system32\SHLWAPI.dll6.0.2900.2180Microsoft Corporation
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll6.0.2900.2180Microsoft Corporation
C:\WINDOWS\system32\comctl32.dll5.82.2900.2180Microsoft Corporation
C:\WINDOWS\system32\USERENV.dll5.1.2600.2180Microsoft Corporation
C:\Program Files\Rising\Rav\PlugIn\RsPgScan.dll18.0.0.17Beijing Rising Technology Co., Ltd.
C:\WINDOWS\system32\WINMM.dll5.1.2600.2180Microsoft Corporation
C:\Program Files\Rising\Rav\RSAPPMGR.DLL18.0.0.2Beijing Rising Technology Co., Ltd.
C:\Program Files\Rising\Rav\CfgDll.dll18.0.0.11Beijing Rising Technology Co., Ltd.
C:\WINDOWS\system32\ole32.dll5.1.2600.2180Microsoft Corporation
C:\WINDOWS\system32\OLEAUT32.dll5.1.2600.2180Microsoft Corporation
C:\Program Files\Rising\Rav\RsCommX.dll18.0.0.1rising
C:\Program Files\Rising\Rav\RavUI.Dll18.0.0.65Beijing Rising Technology Co., Ltd.
C:\Program Files\Rising\Rav\RsGuiLib.dll18.0.0.26Beijing Rising Technology Co., Ltd.
C:\WINDOWS\system32\MFC42.DLL6.2.4131.0Microsoft Corporation
C:\WINDOWS\system32\MSVCP60.dll6.2.3104.0Microsoft Corporation
C:\WINDOWS\system32\WSOCK32.dll5.1.2600.2180Microsoft Corporation
C:\WINDOWS\system32\WS2_32.dll5.1.2600.2180Microsoft Corporation
C:\WINDOWS\system32\WS2HELP.dll5.1.2600.2180Microsoft Corporation
C:\WINDOWS\system32\SHELL32.dll6.0.2900.2180Microsoft Corporation
C:\WINDOWS\system32\MFC42LOC.DLL6.0.8665.0Microsoft Corporation
C:\Program Files\Rising\Rav\PngDll.dll18.0.0.5Beijing Rising Technology Co., Ltd.
C:\WINDOWS\system32\uxtheme.dll6.0.2900.2180Microsoft Corporation
C:\WINDOWS\system32\MSCTF.dll5.1.2600.2180Microsoft Corporation
C:\WINDOWS\system32\msctfime.ime5.1.2600.2180Microsoft Corporation
C:\Program Files\Rising\Rav\RSCOMMON.DLL18.0.0.4Beijing Rising Technology Co., Ltd.
C:\WINDOWS\system32\perfproc.dll5.1.2600.2180Microsoft Corporation
C:\Program Files\Rising\Rav\Scanner.dll18.0.0.33Beijing Rising Technology Co., Ltd.
C:\WINDOWS\system32\VERSION.dll5.1.2600.2180Microsoft Corporation
C:\Program Files\Rising\Rav\BWList.dll18.0.0.20Beijing Rising Technology Co., Ltd.
C:\WINDOWS\system32\SETUPAPI.dll5.1.2600.2180Microsoft Corporation
C:\WINDOWS\system32\appHelp.dll5.1.2600.2180Microsoft Corporation
C:\WINDOWS\system32\CLBCATQ.DLL2001.12.4414.258Microsoft Corporation
C:\WINDOWS\system32\COMRes.dll2001.12.4414.258Microsoft Corporation
C:\WINDOWS\System32\cscui.dll5.1.2600.2180Microsoft Corporation
C:\WINDOWS\System32\CSCDLL.dll5.1.2600.2180Microsoft Corporation
C:\Program Files\Rising\Rav\RavUIMsg.dll18.0.0.27Beijing Rising Technology Co., Ltd.
C:\Program Files\Rising\Rav\libload.dll18.0.0.10Beijing Rising Technology Co., Ltd.
C:\Program Files\Rising\Rav\VirusLib.dll18.0.0.13Beijing Rising Technology Co., Ltd.
C:\WINDOWS\system32\DNSAPI.dll5.1.2600.2180Microsoft Corporation
C:\WINDOWS\system32\rasadhlp.dll5.1.2600.2180Microsoft Corporation
C:\Program Files\Rising\Rav\MVEngine.dll18.0.0.20Beijing Rising Technology Co., Ltd.
C:\Program Files\Rising\Rav\PSAPI.DLL4.0.1371.1Microsoft Corporation
C:\WINDOWS\system32\IMAGEHLP.dll5.1.2600.2180Microsoft Corporation
C:\Program Files\Rising\Rav\Engine.dll18.0.0.35Beijing Rising Technology Co., Ltd.
C:\Program Files\Rising\Rav\ScanExec.dll18.0.0.16Beijing Rising Technology Co., Ltd.
C:\Program Files\Rising\Rav\Unpacker.dll18.0.0.7Beijing Rising Technology Co., Ltd.
C:\Program Files\Rising\Rav\UnExe.dll18.0.0.11Beijing Rising Technology Co., Ltd.
C:\Program Files\Rising\Rav\ScanEx.dll18.0.0.34Beijing Rising Technology Co., Ltd.
C:\Program Files\Rising\Rav\RSUnpack.dll1.0.0.21Beijing Rising Technology Co., Ltd.
C:\Program Files\Rising\Rav\ExtFile.dll18.0.0.24Beijing Rising Technology Co., Ltd.
C:\Program Files\Rising\Rav\PostTrt.dll18.0.0.18Beijing Rising Technology Co., Ltd.
C:\WINDOWS\system32\sfc.dll5.1.2600.2180Microsoft Corporation
C:\WINDOWS\system32\sfc_os.dll5.1.2600.2180Microsoft Corporation
C:\WINDOWS\system32\WINTRUST.dll5.131.2600.2180Microsoft Corporation
C:\WINDOWS\system32\CRYPT32.dll5.131.2600.2180Microsoft Corporation
C:\WINDOWS\system32\MSASN1.dll5.1.2600.2180Microsoft Corporation
C:\Program Files\Rising\Rav\NvFile.dll18.0.0.7Beijing Rising Technology Co., Ltd.
C:\Program Files\Rising\Rav\ScanMac.dll18.0.0.10Beijing Rising Technology Co., Ltd.
C:\Program Files\Rising\Rav\ScanSct.dll18.0.0.20Beijing Rising Technology Co., Ltd.
C:\Program Files\Rising\Rav\ExtOLE.dll18.0.0.6Beijing Rising Technology Co., Ltd.
C:\Program Files\Rising\Rav\ScanNet.dll18.0.0.5Beijing Rising Technology Co., Ltd.

用瑞星杀毒和瑞星那个反流氓软件检查过..全部都没发现问题

先顶一下...请高手们帮忙啊

怎么没人来回答我啊!?高手们....

日志里没有看到

进入安全模式，删除启动项即可。