Logfile of HijackThis v1.99.1
Scan saved at 16:55:59, on 2007-2-2
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
D:\Rising\Rav\Ravmond.exe
C:\Program Files\Rising\Rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Rising\Rav\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rfw\RfwMain.exe
C:\WINDOWS\System32\svchost.exe
D:\Rising\Rav\RavTask.exe
D:\Rising\Rav\Ravmon.exe
C:\Program Files\Rising\KakaToolBar\runiep.exe
C:\Program Files\Rising\Rfw\ScanBD.exe
C:\WINDOWS\uninstall\rundl132.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Chinanet\VnetClient.exe
D:\04\Maxthon2\Maxthon.exe
E:\我的下载\HijackThis.exe

O3 - Toolbar: (no name) - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C}? - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [RavTask] "D:\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\KakaToolBar\runiep.exe
O4 - HKLM\..\Run: [RavScanBD] "C:\Program Files\Rising\Rfw\ScanBD.exe" /INST
O4 - HKLM\..\Run: [load] C:\WINDOWS\uninstall\rundl132.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b}? - D:\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b}? - D:\QQ\QQ.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170399568044
O17 - HKLM\System\CCS\Services\Tcpip\..\{0ABDF004-2EA4-4F0C-BD36-89279D98E9BF}: NameServer = 221.228.255.1 218.2.135.1
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O23 - Service:  - Unknown owner - C:\WINDOWS\systemt.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Rising\Rav\Ravmond.exe


而且怎么有些项没有呢？帮忙看看，，一开机就自动添恶意网址在收藏夹，和桌面上

谢谢，，秋日里的蓝天，，已删除

我用了hijackthis，在http://www.hijackthis.de/#anl网上又排查了几遍，，就剩下这03。017。018几个看不懂，，帮忙解释解释，不胜感激，，

Logfile of HijackThis v1.99.1
Scan saved at 22:17:52, on 2007-2-2
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
D:\Rising\Rav\Ravmond.exe
C:\Program Files\Rising\Rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Rising\Rav\RavStub.exe
C:\Program Files\Rising\Rfw\RfwMain.exe
C:\WINDOWS\System32\svchost.exe
D:\Rising\Rav\RavTask.exe
D:\Rising\Rav\Ravmon.exe
C:\Program Files\Rising\KakaToolBar\runiep.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Chinanet\VnetClient.exe
D:\应用\02\TDXW.EXE
D:\04\Maxthon2\Maxthon.exe
C:\WINDOWS\System32\wuauclt.exe
E:\我的下载\反毒\HijackThis.exe

O3 - Toolbar: (no name) - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C}? - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0ABDF004-2EA4-4F0C-BD36-89279D98E9BF}: NameServer = 221.228.255.1 218.2.135.1
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: msdaipp - (no CLSID) - (no file)

重启后又来了，，晕了，，

[CODE]

2007-02-02,23:17:08

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <RavTask><"D:\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <runeip><C:\Program Files\Rising\KakaToolBar\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <RavScanBD><"C:\Program Files\Rising\Rfw\ScanBD.exe" /INST>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
N/A

==================================
服务
[  /  ][Stopped/Disabled]
  <><N/A>
[BF3A8358 / BF3A8358][Stopped/Auto Start]
  <C:\WINDOWS\System32\BF3A8358.EXE -service><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <C:\Program Files\Rising\Rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Win32 Display Driver / Win32DDS][Stopped/Auto Start]
  <C:\WINDOWS\System32\\rundll32.exe windds32.dll,input><Microsoft Corporation>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CMBProtector / CMBProtector][Running/Auto Start]
  <\??\C:\WINDOWS\System32\Drivers\CMBProtector.dat><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\D:\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\D:\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\D:\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\D:\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\D:\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <System32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Stopped/Disabled]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\D:\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>

==================================
浏览器加载项
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\应用\淘宝旺旺\WangWangX4.dll, 阿里软件（中国）有限公司>

==================================
正在运行的进程
[PID: 424][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 488][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 512][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 556][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 568][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 760][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 824][D:\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 840][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 916][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 984][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1000][D:\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43]

[D:\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [D:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Rising\Rav\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [D:\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [D:\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [D:\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [D:\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [D:\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [D:\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [D:\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [D:\Rising\Rav\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [D:\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [D:\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [D:\Rising\Rav\HookCont.dll]  [Rising, 19, 0, 0, 0]
    [D:\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [D:\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
    [D:\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
    [D:\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [D:\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [D:\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 40]
    [D:\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
    [D:\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [D:\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
    [D:\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [D:\Rising\Rav\ScanNet.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[PID: 1128][C:\Program Files\Rising\Rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 30]
    [C:\Program Files\Rising\Rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 12]
    [C:\Program Files\Rising\Rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
    [C:\Program Files\Rising\Rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
    [C:\Program Files\Rising\Rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [C:\Program Files\Rising\Rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 1284][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.1699 (xpsp2.050610-1533)]
[PID: 1548][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [D:\war\rarext.dll]  [N/A, N/A]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1612][D:\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [D:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1760][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1788][C:\Program Files\Rising\Rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 48]
    [C:\Program Files\Rising\Rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
    [C:\Program Files\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1868][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 240][D:\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [D:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 272][D:\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
    [D:\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [D:\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [D:\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [D:\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 392][C:\Program Files\Rising\KakaToolBar\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\KakaToolBar\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 300][C:\Program Files\Rising\Rfw\ScanBD.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
    [D:\Rising\Rav\RsCommx.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [D:\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 288][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2316][C:\Program Files\Chinanet\VnetClient.exe]  [, 1, 0, 0, 1]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [D:\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 2944][D:\04\Maxthon2\Maxthon.exe]  [Maxthon International ltd., 2, 0, 1, 5462]
    [D:\04\Maxthon2\mxpp.dll]  [Maxthon, 1, 0, 0, 12]
    [D:\04\Maxthon2\MxSk.dll]  [Maxthon, 1, 0, 0, 100]
    [D:\04\Maxthon2\MxProxy2.dll]  [, 1, 0, 0, 2233]
    [D:\04\Maxthon2\MxFav.dll]  [Maxthon, 1, 0, 0, 9]
    [D:\04\Maxthon2\maxzlib.dll]  [N/A, 1.2.3]
    [D:\04\Maxthon2\mxtool.dll]  [, 1, 0, 0, 1]
    [D:\04\Maxthon2\mxfeedU.dll]  [, 1, 0, 45, 45]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [D:\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [D:\war\rarext.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 3260][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1100][C:\WINDOWS\System32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 2980][E:\我的下载\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 3208][C:\WINDOWS\System32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================


[/CODE]

先谢过秋日里的蓝天，，我已按你说的做了，就没找到C:\WINDOWS\System32\windds32.dll这个文件，，
C:\WINDOWS\System32\Drivers\CMBProtector.dat 这个也要删除吧，
拷贝的如下，
另说下，这两天又杀出好多好多中了威金的毒，，可在安全模式下再杀就没了，，

MZ             @                                      ? ???L?This program cannot be run in DOS mode.$      ?鸘?║?║?║?∕?ǒ?≒?◤?╙?ǒ?═?≧ichU?                        PE  L
 ?        

 €        )    €   
€  €  


    €    E 
                            €  <                          €  H
  ?                                            €  h                          .text  \    €                  h.rdata  
  €  €
  €              @  H.data        €                  @  菼NIT    ?  €    €                ?reloc  ?  €    €              @  B                                                                                                                KBClassFilter: DriverEntry: Start
  \ D e v i c e \ C M B P r o t e c t o r    KBClassFilter: DriverEntry: IoCreateDevice CDO Failed: %x
  \ D O S D e v i c e s \ C M B P r o t e c t o r C D O  KBClassFilter: DriverEntry: IoCreateSymbolicLink Failed: %x
    KBClassFilter: DriverEntry: Success
U嬱冹VWh 
?  婨??
?
岴$$
P謍
3Wh
  j"岴鳳j5
?
;莭PhP
枋  YYWWWWh
  痣S?
僅?
€`?
婡(
  h?
岴餚謲E鳳岴餚?
;莭Ph?
鑥  YYWWWWh  ??
j8X?
?\
兝=  r椤
莯  ?
?
莯  h

?
茾D?
?
茾pA
?
h
墄4?  Y_3繼陕 蘇BClassFilter: IrpCommonDispatch: Start
    KBClassFilter: IrpCommonDispatch: IRP_MJ_CREATE
    KBClassFilter: IrpCommonDispatch: IRP_MJ_CREATE_NAMED_PIPE
KBClassFilter: IrpCommonDispatch: IRP_MJ_CLOSE
KBClassFilter: IrpCommonDispatch: IRP_MJ_READ
  KBClassFilter: IrpCommonDispatch: IRP_MJ_WRITE
KBClassFilter: IrpCommonDispatch: IRP_MJ_QUERY_INFORMATION
KBClassFilter: IrpCommonDispatch: IRP_MJ_SET_INFORMATION
  KBClassFilter: IrpCommonDispatch: IRP_MJ_QUERY_EA
  KBClassFilter: IrpCommonDispatch: IRP_MJ_SET_EA
    KBClassFilter: IrpCommonDispatch: IRP_MJ_FLUSH_BUFFERS
    KBClassFilter: IrpCommonDispatch: IRP_MJ_QUERY_VOLUME_INFORMATION
      KBClassFilter: IrpCommonDispatch: IRP_MJ_SET_VOLUME_INFORMATION
    KBClassFilter: IrpCommonDispatch: IRP_MJ_DIRECTORY_CONTROL
KBClassFilter: IrpCommonDispatch: IRP_MJ_FILE_SYSTEM_CONTROL
  KBClassFilter: IrpCommonDispatch: IRP_MJ_DEVICE_CONTROL
        KBClassFilter: IrpCommonDispatch: IRP_MJ_INTERNAL_DEVICE_CONTROL
  KBClassFilter: IrpCommonDispatch: IRP_MJ_SHUTDOWN
  KBClassFilter: IrpCommonDispatch: IRP_MJ_LOCK_CONTROL
  KBClassFilter: IrpCommonDispatch: IRP_MJ_CLEANUP
  KBClassFilter: IrpCommonDispatch: IRP_MJ_CREATE_MAILSLOT
  KBClassFilter: IrpCommonDispatch: IRP_MJ_QUERY_SECURITY
    KBClassFilter: IrpCommonDispatch: IRP_MJ_SET_SECURITY
  KBClassFilter: IrpCommonDispatch: IRP_MJ_SYSTEM_CONTROL
    KBClassFilter: IrpCommonDispatch: IRP_MJ_DEVICE_CHANGE
KBClassFilter: IrpCommonDispatch: IRP_MJ_QUERY_QUOTA
  KBClassFilter: IrpCommonDispatch: IRP_MJ_SET_QUOTA
VWhX
梃  婦$媥(?
Yu9婰$婣` 3?苩HHt2覂?t?  缷饓A?2覊q?
嬈辂  媡$婩` 凐囍  $叜
h?
榭  h?
榈  h?
楂  h$
椤  hT
闂  h?
閸  h?
閮  h?
雦h0
雞hd
雗h?
雊h?
隸h,
隮hh
隦h?
隟h?
隓h,
?h`
?h?
?h?
?h

?hD

?h|

?h?
?h?
?h(
韬
  Y﨔#僃`$婳嬛?
_^? ?
?
?
?
?
?




#
*
1
8
?
F
M
T
[
b
i
p
?
w
~
?
?
HIDClassFilter: IrpPNP: Start
  KBWatch: IrpPNP: IRP_MN_REMOVE_DEVICE: Start
SVWh

枸  媡$婩`媆$媨(Y禜
IIt﨔#兝$塅`婳嬛?
?h:

瑜  﨔#僃`$Y婳嬛?
w?
S?
3繽^[? 蘃IDClassFilter: IrpFDOPower: Start
VWh?
鐷  婦$媡$媥(YV?
﨔#僃`$Vw?
_^? 蘇BWatch: IrpCDODeviceControlProcessing: ENABLE_KEYBOARD_WATCH
  KBWatch: IrpCDODeviceControlProcessing: ENABLE_KEYBOARD_WATCH
V媡$婩`婡- " t1冭t2覌吻F  ??
?  离,h2
鑖  Y铚  3离hr
鑂  婩Y0杵  塅^? HIDClassFilter: IrpInternalDeviceControl: Start
Vh
?  婦$;
Yut$P鐽婰$2覌??
?婡(婽$﨎#傿`$婬?
嬸嬈^? KBClassFilter: IrpFDOReadCompletionRoutine: Start
  KBWatch: IrpFDOReadCompletionRoutine: Key Pressed
Vh?
鐻  媡$儈 Y|8婩Wj3襙鼢婲3襙吚v#兞f?
t
B兞;衦螂h?
?  Y钃  €~! t婩`€H
婩^? 蘇BClassFilter: IrpFDORead: Start, pDeviceObject = %x
SV媡$WVh\
璎  媈(婽$媟`YY岶躩孁Y螗€` 婤`僠 冭$茾?
艪鄫K?
_^[? KBWatch: EnabledKeyBoardWatch: IoGetDeviceInterfaces() GUID_DEVINTERFACE_KEYBOARD Failed:%x
    KBWatch: EnabledKeyBoardWatch: pwszDeviceSymbolicLinkList = %ws
        KBWatch: EnableKeyBoardWatch: ObReferenceObjectByHandle() Failed:%x
U嬱QQ? 

u3篱  VW岴黀j
3鯲h
?
孁;Wh?
鐴  YY嬊雝婨鼖1PhB
?  YY岴鳳u   ;苪Pu??
Y婱鼚DA塃黤90u蔠?
Vh
VVh  u?
孁;Wh?
雿? 

  3繽^陕 虄= 

u?
?
? 
  锰KBWatch: SendKeyPressNotify: Call KeSetEvent()
? 

uh?
鑓  Yj j 5
?
锰婦$?婬;L$t婡吚u鹇 蘇BWatch: CreateFilterForDevice: ZwCreateFile Failed:%x
KBWatch: CreateFilterForDevice: ObReferneceObjectByHandle Failed:%x
    KBWatch: CreateFilterForDevice: GetRelatedDeviceObject return Failed    KBWatch: CreateFilterForDevice: GetFilterDeviceObjectFromDeviceStack() return FilterDeviceObject    KBWatch: CreateFilterForDevice: pTargetDeviceObject = %x
  KBWatch: CreateFilterForDevice: IoCreateDevice Failed:%x
      KBWatch: CreateFilterForDevice: IoAttachDeviceToDeviceStack PDO Failed
KBWatch: CreateFilterForDevice: pTargetDeviceObject is not attachable
U嬱冹4SVWu岴霵?
3跾Sj`j
j
岴靿E跃€  VS岴銹岴蘌h€  岴鳳荅?  塢星E谸  塢軌]??
孁;鹽Wh
钃
  Y嬊閭
  S岴黀SSVu??
孁;鹽WhR
鑙
  YY?
  u??
嬸;髩u魎婱??
u??
h?
?
  ?
V5
圗柘?吚t,奙€
婱??
u??
Wh?
桴  Y殇  V栾  鯜€叝  媭  鯜厽  奙€
VhF
杌  媢YYVSSj"Sj 5
?
孁;鹽Wh?
钁  YY隚?€`?媥(u羟  6?
;脡Guh?
鑐  Y6?
?  离
?f丯 3婱??
u??
嬊?奙€
婱??
u??
h

?  3繷_^[陕 ?%?
%?
                                    ?  ?      ^  v  ?  ?  ?  ?  ?  ?  ?  L  ,  :  D  \  t  ?  ?  ?  ?  4    $                  ?      t      脰K堬V?紝 犐軷SDS荖 &K?&???  D:\SOURCE~1\EEFE~1\C436~1\6228~1\SOURCE~1\CMBSAF~1\objfre_wxp_x86\i386\CMBProtector.dat.pdb                                                                                                                                                                                                                                                ?          ?  ?  ?            €                      ?  ?      ^  v  ?  ?  ?  ?  ?  ?  ?  L  ,  :  D  \  t  ?  ?  ?  ?  4    $      ?KeBugCheckEx  A
IoCreateSymbolicLink  8
IoCreateDevice  RtlInitUnicodeString  0 DbgPrint  %
IoAttachDeviceToDeviceStack ?IofCallDriver ?IofCompleteRequest  I
IoDeleteDevice  L
IoDetachDevice  +PoCallDriver  7PoStartNextPowerIrp ObReferenceObjectByHandle L ExFreePool  ?wcslen  e
IoGetDeviceInterfaces %ObfDereferenceObject  MKeSetEvent  ]
IoGetAttachedDevice ?ZwClose o
IoGetRelatedDeviceObject  ?ZwCreateFile  ntoskrnl.exe  M KfLowerIrql D KeRaiseIrqlToDpcLevel HAL.dll                                                                                                                              24@4E4O4W4m4s4}4?????????555 5%5,51585=5B5_;????????<<<<$<+<2<9<@<G<N<U<\<c<j<q<x<<????????????????????????==
====l=?????=>(>???C?R?m???    t  80??????22:2Q2W2g2s2{2????????c5?????6666%6:6C6L6R6????????77%7.777<7R7X7