Logfile of HijackThis v1.99.1
Scan saved at 17:40:48, on 2006-12-4
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\广东省~1\FireBird\bin\fbguard.exe
C:\PROGRA~1\广东省~1\FireBird\bin\fbserver.exe
C:\WINNT\System32\llssrv.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINNT\system32\NetDogSrv.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINNT\system32\SafeSignCertReg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\ep2k_certd_bc.exe
C:\WINNT\system32\ep2k_mon_bc.exe
C:\WINNT\system32\ctfmon.exe
D:\scktsrvr.exe
D:\GRASPCW35\GjpSerCW.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\wnwb2005\wnwb.exe
C:\WINNT\TEMP\ztup.exe
C:\WINNT\svch0st.exe
E:\TT\TTraveler.exe
E:\hijackthis\HijackThis.exe

R3 - URLSearchHook: bho Class - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - E:\PROGRA~1\KuGoo2\KUGOO3~1.OCX
O2 - BHO: update wnwb - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [CertificateRegistration] SafeSignCertReg.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ep2k_certd_bc] C:\WINNT\system32\ep2k_certd_bc.exe -r -s -e
O4 - HKLM\..\Run: [epsmon2k_8AFE14174D4B473F91405AB5D95D27B3] C:\WINNT\system32\ep2k_mon_bc.exe
O4 - HKLM\..\Run: [rzt] C:\WINNT\Intel\rundll32.exe
O4 - HKLM\..\Run: [r] C:\WINNT\down\rundll32.exe
O4 - HKLM\..\Run: [sys] C:\WINNT\Intel\rundll32.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: 套接字服务器.lnk = D:\scktsrvr.exe
O4 - Global Startup: 服务器.lnk = D:\GRASPCW35\GjpSerCW.EXE
O4 - Global Startup: 服务管理器.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: 管家婆服务器支持者.lnk = D:\GRASPCW35\SCKTSRVR.EXE
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - E:\PROGRA~1\KuGoo2\KuGoo3DownX.htm
O8 - Extra context menu item: 使用网际快车下载 - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\qq\SendMMS.htm
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\qq\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\qq\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\qq\QQIEHelper.dll (file missing)
O15 - Trusted Zone: http://www.icbc.com.cn
O15 - Trusted Zone: http://portal.gd-n-tax.gov.cn
O16 - DPF: {26BCA338-BB94-4E8F-A082-3E5735875B79} (CMBSafeHelper Class) - http://www.sz1.cmbchina.com/download/CMBGUARD.cab
O16 - DPF: {D5A97F7C-908F-42AB-9078-3EA687F33C8B} - http://portal.gd-n-tax.gov.cn/wssw/jsp/wsbs/sb/zzsybnsr/HW_SHELL.CAB
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://cache10.itv.mop.com/pCastCtl-1.0.0.88_signed.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{857DF41A-FC9F-4259-9920-B3826E99E153}: NameServer = 202.96.128.68,192.168.16.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{857DF41A-FC9F-4259-9920-B3826E99E153}: NameServer = 202.96.128.68,192.168.16.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{857DF41A-FC9F-4259-9920-B3826E99E153}: NameServer = 202.96.128.68,192.168.16.1
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FirebirdGuardianDefaultInstance - The Firebird Project - C:\PROGRA~1\广东省~1\FireBird\bin\fbguard.exe
O23 - Service: FirebirdServerDefaultInstance - The Firebird Project - C:\PROGRA~1\广东省~1\FireBird\bin\fbserver.exe
O23 - Service: NetDogService - Rainbow China - C:\WINNT\system32\NetDogSrv.EXE
O23 - Service: ELSA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

2006-12-04,17:41:45

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Server Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><ctfmon.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <CertificateRegistration><SafeSignCertReg.exe>  [A.E.T. Europe B.V.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
[套接字服务器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\套接字服务器.lnk --> D:\scktsrvr.exe [Inprise Corporation]><N>
[服务器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务器.lnk --> D:\GRASPC~2\GjpSerCW.EXE [成都任我行软件公司]><N>
[服务管理器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MI6841~1\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>
[管家婆服务器支持者]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\管家婆服务器支持者.lnk --> D:\GRASPC~2\SCKTSRVR.EXE [Borland Software Corporation]><N>

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[FirebirdGuardianDefaultInstance / FirebirdGuardianDefaultInstance]
  <C:\PROGRA~1\广东省~1\FireBird\bin\fbguard.exe -s><The Firebird Project>
[FirebirdServerDefaultInstance / FirebirdServerDefaultInstance]
  <C:\PROGRA~1\广东省~1\FireBird\bin\fbserver.exe -s -g><The Firebird Project>
[Microsoft Search / MSSEARCH]
  <"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER]
  <C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[NetDogService / NetDogService]
  <C:\WINNT\system32\NetDogSrv.EXE><Rainbow China>
[ELSA Driver Helper Service / NVSvc]
  <C:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy  Service / RfwProxySrv]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <C:\Program Files\Rising\Rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SQLSERVERAGENT / SQLSERVERAGENT]
  <C:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe -i MSSQLSERVER><Microsoft Corporation>

==================================
驱动程序
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[BHDCKEY / BHDCKEY]
  <System32\Drivers\usbdriver.sys><N/A>
[Bluetooth Audio Service / BlueletAudio]
  <system32\DRIVERS\blueletaudio.sys><IVT Corporation>
[Bluetooth PAN Network Adapter / BT]
  <system32\DRIVERS\btnetdrv.sys><IVT Corporation>
[Bluetooth USB For Bluetooth Service / Btcsrusb]
  <System32\Drivers\btcusb.sys><IVT Corporation>
[Bluetooth HID Enumerator / BTHidEnum]
  <system32\DRIVERS\vbtenum.sys><N/A>
[Bluetooth HID Manager Service / BTHidMgr]
  <\SystemRoot\System32\Drivers\BTHidMgr.sys><IVT Corporation>
[Cdr4_2K / Cdr4_2K]
  <C:\WINNT\SYSTEM32\DRIVERS\Cdr4_2K.SYS><Roxio>
[Cdralw2k / Cdralw2k]
  <C:\WINNT\SYSTEM32\DRIVERS\Cdralw2k.SYS><Roxio>
[dmboot / dmboot]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[ExpScaner / ExpScaner]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[usb Card Device / ft2kEnum]
  <system32\DRIVERS\ic2kenum.sys><OEM Corporation>
[USB Chip Holder Service / GDBaseSmc]
  <system32\DRIVERS\smccardb.sys><OEM>
[USB Chip Service / GD_USB]
  <system32\DRIVERS\usbtoken.sys><N/A>
[GMSIPCI / GMSIPCI]
  <\??\F:\INSTALL\GMSIPCI.SYS><N/A>
[HookCont / HookCont]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[HOSTNT / HOSTNT]
  <\??\C:\WINNT\system32\drivers\hostnt.sys><N/A>
[MEMSCAN / MEMSCAN]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[MHDRV / MHDRV]
  <\??\C:\WINNT\system32\drivers\mhdrv.sys><Rainbow China Co., Ltd.>
[mProcRs / mProcRs]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[New0 / New0]
  <\??\C:\WINNT\system32\new.sys><N/A>
[npkcrypt / npkcrypt]
  <\??\E:\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nv4 / nv4]
  <System32\DRIVERS\nv4.sys><NVIDIA Corporation>
[Padus ASPI Shell / pfc]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RCMHDOG / RCMHDOG]
  <\??\C:\WINNT\system32\drivers\rcmhdog.sys><Rainbow China Co., Ltd.>
[SmartCard Reader Device  / Reader_Device]
  <system32\DRIVERS\usbic2k.sys><OEM>
[RsFwDrv / RsFwDrv]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS]
  <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[USB Data Cable driver (WDM) / slabbus]
  <system32\DRIVERS\slabbus.sys><MCCI>
[USB Data Cable Drivers / slabser]
  <system32\DRIVERS\slabser.sys><MCCI>
[Rainbow China UMC Driver / UsbC]
  <System32\Drivers\rcusbwdm.sys><Rainbow China Co. Ltd.>
[Virtual Serial port driver / VComm]
  <system32\DRIVERS\VComm.sys><IVT Corporation>

==================================
浏览器加载项
[IeCatch5 Class]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <E:\PROGRA~1\FlashGet\jccatch.dll, FlashGet>
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <E:\PROGRA~1\KuGoo2\KUGOO3~1.OCX, N/A>
[bho Class]
  {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} <C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll, 深圳世强软件开发部>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\qq\QQ.EXE, TENCENT>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <E:\PROGRA~1\FlashGet\flashget.exe, FlashGet.com>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <E:\qq\QQIEHelper.dll, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[金山快译(&K)]
  {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll, 金山软件股份有限公司>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <E:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[CMBSafeHelper Class]
  {26BCA338-BB94-4E8F-A082-3E5735875B79} <C:\WINNT\system32\CMBGUARD.dll, >
[上传到QQ网络硬盘]
  <E:\qq\AddToNetDisk.htm, N/A>
[使用KuGoo3下载(&K)]
  <E:\PROGRA~1\KuGoo2\KuGoo3DownX.htm, N/A>
[使用网际快车下载]
  <E:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <E:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <E:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\qq\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 168][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 192][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 212][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
    [C:\WINNT\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]
[PID: 240][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 252][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
[PID: 380][C:\WINNT\System32\SCardSvr.exe]  [Microsoft Corporation, 5.00.2195.6609]
[PID: 492][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 536][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\WINNT\system32\dllt.dll]  [N/A, N/A]
[PID: 576][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
    [C:\WINNT\system32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\LVCMUI5C.DLL]  [Lenovo (Beijing) Ltd., 0,3,0,0]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\LVCMSTRN.DLL]  [Lenovo (Beijing) Ltd., 1.0.1.14]
    [C:\WINNT\system32\icm32.dll]  [Microsoft Corporation, 5.00]
[PID: 612][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\dllt.dll]  [N/A, N/A]
[PID: 628][C:\PROGRA~1\广东省~1\FireBird\bin\fbguard.exe]  [The Firebird Project, WI-V1.5.1.4481]
    [C:\PROGRA~1\广东省~1\FireBird\bin\fbclient.dll]  [The Firebird Project, WI-V1.5.1.4481]
    [C:\WINNT\system32\dllt.dll]  [N/A, N/A]
[PID: 656][C:\PROGRA~1\广东省~1\FireBird\bin\fbserver.exe]  [The Firebird Project, WI-V1.5.1.4481]
[PID: 716][C:\WINNT\System32\llssrv.exe]  [Microsoft Corporation, 5.00.2195.7021]
[PID: 728][C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.2039.00]
[PID: 868][C:\WINNT\system32\NetDogSrv.EXE]  [Rainbow China, 2, 2, 20, 0]
[PID: 928][C:\WINNT\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.13.10.4072]
[PID: 956][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 1000][C:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1028][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 1088][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1116][C:\WINNT\system32\Dfssvc.exe]  [Microsoft Corporation, 5.00.2195.6664]
[PID: 1192][C:\WINNT\System32\inetsrv\inetinfo.exe]  [Microsoft Corporation, 5.00.0984]
[PID: 1212][C:\WINNT\System32\msdtc.exe]  [Microsoft Corporation, 1999.9.3421.3]
[PID: 1620][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\dllt.dll]  [N/A, N/A]
[PID: 1548][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [E:\PROGRA~1\FlashGet\jccatch.dll]  [FlashGet, 1, 1, 5, 0]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINNT\system32\msdmo.dll]  [N/A, N/A]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\wnwb2005\WNMKEY.DLL]  [深圳世强软件开发部 www.wnwb.com , 2005, 7, 5, 1]
    [E:\qq\qdshm.dll]  [, 1, 0, 101, 20]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [E:\PROGRA~1\KuGoo2\KUGOO3~1.OCX]  [N/A, N/A]
    [C:\Program Files\Common Files\Microsoft Shared\Web Folders\2052\nsextint.dll]  [N/A, N/A]
    [C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL]  [Adobe Systems, Incorporated, 6.0]
[PID: 804][C:\WINNT\system32\SafeSignCertReg.exe]  [A.E.T. Europe B.V., 2.0.0.2]
[PID: 1780][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3275]
    [C:\WINNT\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]
[PID: 1808][C:\WINNT\system32\ep2k_certd_bc.exe]  [, 1, 0, 6, 814]
    [C:\WINNT\system32\ep2pk11_bc.dll]  [, 2, 4, 4, 1103]
    [C:\WINNT\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]
[PID: 1824][C:\WINNT\system32\ep2k_mon_bc.exe]  [, 1, 1, 4, 1202]
    [C:\WINNT\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]
[PID: 1832][C:\WINNT\system32\ctfmon.exe]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\WINNT\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]
[PID: 1860][D:\scktsrvr.exe]  [Inprise Corporation, 5.0.5.62]
    [C:\WINNT\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]
[PID: 1876][D:\GRASPCW35\GjpSerCW.EXE]  [成都任我行软件公司, 3.5.0.3505]
    [C:\WINNT\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]
    [D:\Midas.Dll]  [Borland Software Corporation, 7.0.4.453]
[PID: 1884][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINNT\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]
[PID: 944][C:\Program Files\wnwb2005\wnwb.exe]  [深圳世强软件开发部 www.wnwb.com , 2005, 11, 19, 1]
    [C:\Program Files\wnwb2005\WNMKEY.DLL]  [深圳世强软件开发部 www.wnwb.com , 2005, 7, 5, 1]
[PID: 1496][C:\WINNT\system32\dllhost.exe]  [Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\dllt.dll]  [N/A, N/A]
[PID: 2084][C:\WINNT\TEMP\ztup.exe]  [N/A, N/A]
    [C:\WINNT\TEMP\ximk4.dll]  [N/A, N/A]
    [C:\WINNT\system32\dllt.dll]  [N/A, N/A]
[PID: 2140][C:\WINNT\svch0st.exe]  [N/A, N/A]
    [C:\WINNT\system32\dllt.dll]  [N/A, N/A]
[PID: 2648][E:\TT\TTraveler.exe]  [腾讯公司, 3.1.0.261]
    [C:\WINNT\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]
    [E:\TT\Plugins\TWeather\TWeather.dll]  [, 1, 0, 0, 3]
    [E:\TT\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 4]
    [C:\Program Files\wnwb2005\WNMKEY.DLL]  [深圳世强软件开发部 www.wnwb.com , 2005, 7, 5, 1]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINNT\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
[PID: 2572][E:\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\WINNT\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================

斑主在不在

O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
启动项留下这两个，其他的都删除掉。

谢谢楼上，还是不行，发现了几个可疑进程，不敢动，请帮帮忙

<C:\WINNT\system32\NetDogSrv.EXE><Rainbow China>
[ELSA Driver Helper Service / NVSvc]
这个服务好象有点可疑，防火墙吗？

运行Hijackthis，把下面的选中打上钩，修复
O4 - HKLM\..\Run: [rzt] C:\WINNT\Intel\rundll32.exe
O4 - HKLM\..\Run: [r] C:\WINNT\down\rundll32.exe
O4 - HKLM\..\Run: [sys] C:\WINNT\Intel\rundll32.exe


到安全模式下删除
C:\WINNT\svch0st.exe
C:\WINNT\TEMP\ztup.exe
C:\WINNT\system32\dllhost.exe
C:\WINNT\system32\dllt.dll
C:\WINNT\Intel\rundll32.exe
C:\WINNT\down\rundll32.exe


请问这二个是什么文件
C:\WINNT\system32\ep2k_certd_bc.exe
C:\WINNT\system32\ep2k_mon_bc.exe

谢谢楼上，是不是插件啊，我也不太清楚，能不能删了它啊？