Logfile of HijackThis v1.99.1
Scan saved at 9:38:32, on 2005-8-11
Platform: Windows 2000  (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
D:\program files\rising\rfw\rfwsrv.exe
D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINNT\system32\MSTASK.EXE
C:\WINNT\system32\stisvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
D:\program files\rising\rfw\RfwMain.exe
D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\WINNT\system32\rundll32.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\3721\assistse.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\360so\360Main.exe
C:\WINNT\System32\internat.exe
C:\Program Files\Tencent\qq\QQ.exe
D:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\WINNT\System32\conime.exe
D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
D:\PROGRAM FILES\RISING\RAV\RavStub.exe
d:\program files\rising\rav\RAVMON.EXE
D:\Program Files\Tencent\TT\TTraveler.exe
C:\Program Files\Tencent\qq\QQ.exe
D:\Program Files\FlashGet\flashget.exe
E:\火影\155847200541134207\HijackThis.exe

O2 - BHO: IEHandle Class - {31EBA2E2-58B2-4980-9C41-F12F5F1422C5} - C:\Program Files\Common Files\Collegesoft\Share Components\TPHANDLE.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\3721\Assist\Angling.dll
O2 - BHO: 360搜 - {472101C2-1109-43f4-9112-31F33E3F2127} - C:\Program Files\360so\360so.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\Assist\asbar.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\downlo~1\CnsHook.dll
O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\Assist\asbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [RfwMain] d:\Program Files\Rising\Rfw\rfwmain.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [JrRClean] G:\系统工具\网络提速.exe
O4 - HKLM\..\Run: [AdStatus Service] C:\Program Files\AdStatus Service\AdStatServ.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AutoInsQyule] C:\Program Files\Qyule\QyuleInstall.exe
O4 - HKLM\..\Run: [assistse] "C:\PROGRA~1\3721\assistse.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [360Main.exe] C:\PROGRA~1\360so\360Main.exe
O4 - HKLM\..\Run: [proxysm] C:\Documents and Settings\lh\My Documents\proxysm260\发布\proxysm.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [AutoInsQyule] C:\Program Files\Qyule\QyuleInstall.exe
O4 - Startup: 腾讯QQ.lnk = D:\Program Files\Tencent\QQ\QQ.exe
O8 - Extra context menu item: !搜一搜 - res://C:\WINNT\downlo~1\CnsMinEx.dll/1003
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O8 - Extra context menu item: 用比特精灵下载(&B) - E:\火影\BitSpirit\bsurl.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_3721_assist (file missing)
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC68996B-ADFE-4CEF-AC96-E66925413C21}: NameServer = 61.187.91.18 202.103.96.68
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: IEXPLORE_Server (IEXPLORE Server) - Unknown owner - C:\WINNT\IEXPLORE_Server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - D:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: windows - Unknown owner - C:\WINNT\windows.exe

O23 - Service: IEXPLORE_Server (IEXPLORE Server) - Unknown owner - C:\WINNT\IEXPLORE_Server.exe
O23 - Service: windows - Unknown owner - C:\WINNT\windows.exe

这2项是灰鸽子.

请参考:http://forum.ikaka.com/topic.asp?board=28&artid=5666824

我是把这2个文件夹都删除了吗？

汗.不要删除.

参考一下1楼链接的帖子.里面有详细的清除方法.

我按照http://forum.ikaka.com/topic.asp?board=28&artid=5666824这个帖子在注册表编辑器中删除了上面2个病毒得exe文件，就是在编辑器右边显示得，然后我再重启进入安全模式，按照帖子得介绍进入了c:\WINNT 但是已经找不到病毒的程序文件了，我向问一下，这是否已经证明病毒已清除了，不会再出现了，如果不是的（即没有清除），那又该怎么办呢？请指教，谢谢！

O4 - HKCU\..\Run: [internat.exe] internat.exe这个也有问题~
O23 - Service: IEXPLORE_Server (IEXPLORE Server) - Unknown owner - C:\WINNT\IEXPLORE_Server.exe
O23 - Service: windows - Unknown owner - C:\WINNT\windows.exe
这2项是灰鸽子！
有个问题我想不通，你一个人就有2个灰鸽子的的服务器端，难道成为了2个人的肉鸡？

O23 - Service: windows - Unknown owner - C:\WINNT\windows.exe
O23 - Service: IEXPLORE_Server (IEXPLORE Server) - Unknown owner - C:\WINNT\IEXPLORE_Server.exe
老兄好惨 一人中两个灰鸽子