求高手指点怎么手工查杀谢谢

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

要我扫描什么吗
求高手帮看看
c:\winnt\system32\xifkkbgv.dll这个文件删不掉

高手帮我看看

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      22:05:34, 日期 2007-11-13
操作系统：  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lenovo\LenovoClient\scheduler.exe
C:\WINNT\System32\llssrv.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\rising\Rav\CCenter.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\U8SMSSrv.exe
C:\WINNT\system32\ServerNT.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\rising\Rav\RavTask.exe
E:\Program Files\360safe\safemon\360Tray.exe
E:\Program Files\360safe\antiarp\antiarp.exe
C:\WINNT\system32\internat.exe
C:\Program Files\rising\Rav\Ravmon.exe
E:\Program Files\Tencent\TT\TTraveler.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.276\HijackThis1991zww.exe

O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - E:\Program Files\360safe\safemon\safemon.dll
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [360Safetray] E:\Program Files\360safe\safemon\360Tray.exe /start
O4 - 启动项HKLM\\Run: [360Antiarp] E:\Program Files\360safe\antiarp\antiarp.exe /start
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - E:\Program Files\Tencent\qq\AddEmotion.htm
O15 - “受信任的站点”中添加项: http://www.icbc.com.cn
O16 - DPF: {19EFFC12-25FB-479A-A0F2-1569AE1B3365} - http://60.190.101.206/abc.cab
O16 - DPF: {3AA9CF07-DF20-48FF-98BE-DED276E40146} (GDGetTokenInfo Class) - https://mybank.icbc.com.cn/icbc/GDReadPub.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} (Tencent Safety Online Base Module) - http://safe.qq.com/cgi-bin/tso/TSOBase.ocx
O16 - DPF: {C35D7AE1-0865-4A30-BF07-29FA29324155} (CSetLET Class) - https://mybank.icbc.com.cn/icbc/perbank/GDSetLET.cab
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) - http://dl_dir.qq.com/3dshow/3DShowVM.cab
O16 - DPF: {C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} (Kingsoft DUBA OnlineScan) - http://ol.db.kingsoft.com/antiscan/setup/KAVClean.CAB
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O16 - DPF: {E9707834-5BF7-4CFF-A639-398427DE1991} (IcbcSslCacheCleanerCtrl Class) - http://www.icbc.com.cn/left/IcbcSslCacheCleaner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{86884FDE-B42B-4D23-8CE8-BD8CE8496181}: NameServer = 61.29.201.114,202.103.225.68
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Fortinet Service Scheduler (FA_Scheduler) - Lenovo (Beijing) Ltd. - C:\Program Files\Lenovo\LenovoClient\scheduler.exe
O23 - NT 服务: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\CCenter.exe
O23 - NT 服务: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - NT 服务: UFSoft SMS Platform (U8SmsSrv) - Unknown owner - C:\WINNT\system32\U8SMSSrv.exe
O23 - NT 服务: 用友U8预警调度服务 (UFALERTSERVICE) - Unknown owner - (no file)
O23 - NT 服务: U8管理软件 (UFNet) - Unknown owner - C:\WINNT\system32\ServerNT.EXE
O23 - NT 服务: Windows Advanced Manager (wamer) - Unknown owner - C:\Program Files\Microsoft Office\SYSTEM\dodolook_7266.exe (file missing)
O23 - NT 服务: 一起来音乐助手 (Yiqilai) - Yiqilai - C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.exe

高手帮看看呀

[CODE]

2007-11-14,08:32:44

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Server Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  [N/A]
    <RavTask><"C:\Program Files\rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <360Safetray><E:\Program Files\360safe\safemon\360Tray.exe /start>  [奇虎网]
    <360Antiarp><E:\Program Files\360safe\antiarp\antiarp.exe /start>  [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserRemove>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
    <CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl>  [(Verified)Microsoft Windows 2000 Publisher]

==================================
启动文件夹
N/A

==================================
服务
[AVP-SE / AVP-SE][Stopped/Disabled]
  <><N/A>
[C5FD27FF / C5FD27FF][Stopped/Auto Start]
  <><N/A>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Fortinet Service Scheduler / FA_Scheduler][Running/Auto Start]
  <C:\Program Files\Lenovo\LenovoClient\scheduler.exe><Lenovo (Beijing) Ltd.>
[Microsoft Search / MSSEARCH][Running/Auto Start]
  <"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
  <C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
  <C:\WINNT\System32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SQLSERVERAGENT / SQLSERVERAGENT][Running/Auto Start]
  <C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
[Time Windows / TIMES][Stopped/Disabled]
  <><N/A>
[UFSoft SMS Platform / U8SmsSrv][Running/Auto Start]
  <C:\WINNT\system32\U8SMSSrv.exe><N/A>
[用友U8预警调度服务 / UFALERTSERVICE][Stopped/Auto Start]
  <><N/A>
[U8管理软件 / UFNet][Running/Auto Start]
  <C:\WINNT\system32\ServerNT.EXE><N/A>
[Windows Advanced Manager / wamer][Stopped/Auto Start]
  <"C:\Program Files\Microsoft Office\SYSTEM\dodolook_7266.exe"><N/A>
[wint / wint][Stopped/Disabled]
  <C:\WINNT\system32\RunDLL32.exe ><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\System32\mspmsnsv.dll><Microsoft Corporation>
[一起来音乐助手 / Yiqilai][Stopped/Auto Start]
  <"C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.exe"><Yiqilai>

==================================
驱动程序
[360AntiArp / 360AntiArp][Running/System Start]
  <\??\C:\WINNT\system32\drivers\360AntiArp.sys><奇虎网>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[fortidrv / fortidrv][Running/Boot Start]
  <\SystemRoot\System32\drivers\fortidrv.sys><N/A>
[fortips / fortips][Running/Auto Start]
  <\??\C:\WINNT\System32\drivers\fortips.sys><N/A>
[usb Card Device / ft2kEnum][Running/Manual Start]
  <system32\DRIVERS\ic2kenum.sys><OEM Corporation>
[Fortinet network virtual adapter / ft_vnic][Running/Manual Start]
  <System32\DRIVERS\ftvnic.sys><Lenovo(Beijing) Ltd.>
[USB Chip Holder Service / GDBaseSmc][Running/Manual Start]
  <system32\DRIVERS\smccardb.sys><OEM>
[USB Chip Service / GD_USB][Stopped/Manual Start]
  <system32\DRIVERS\usbtoken.sys><>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HanWang Pen Class Driver / hwmclass][Running/System Start]
  <System32\DRIVERS\hwmclass.sys><Windows (R) 2000 DDK provider>
[%hwpen3.SvcDesc% / hwpen3][Stopped/Manual Start]
  <System32\DRIVERS\hwpen3.sys><Windows (R) 2000 DDK provider>
[j34xq0 / j34xq0][Running/Auto Start]
  <\??\C:\WINNT\system32\drivers\j34xq0.sys><N/A>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINNT\system32\drivers\kmsinput.sys><N/A>
[KRegEx / KRegEx][Stopped/Manual Start]
  <\??\C:\WINNT\system32\drivers\KRegEx.sys><N/A>
[KSysCall / KSysCall][Stopped/System Start]
  <\??\C:\PROGRA~1\KV2005\KSysCall.sys><N/A>
[KVDP / KVDP][Stopped/Manual Start]
  <\??\C:\PROGRA~1\KV2005\KVDP_4.sys><N/A>
[KWATCH / KWATCH][Stopped/Manual Start]
  <\??\C:\KAV\KWATCH.SYS><N/A>
[New0 / New0][Stopped/Auto Start]
  <\??\C:\WINNT\System32\new.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\E:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[USB Mass Storage / OEMSTOR][Stopped/Manual Start]
  <system32\DRIVERS\USBMSDk.SYS><USB Mass Storage.>
[PProtect / PProtect][Stopped/Manual Start]
  <\??\C:\WINNT\system32\drivers\PProtect.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SmartCard Reader Device  / Reader_Device][Running/Manual Start]
  <system32\DRIVERS\usbic2k.sys><OEM>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Sense3 / Sense3][Running/Auto Start]
  <System32\Drivers\sense3.sys><Beijing Senselock>
[Sentinel / Sentinel][Running/Auto Start]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><>
[Superk53 / Superk53][Running/Auto Start]
  <\SystemRoot\System32\drivers\superk53.sys><Microsoft Corporation>
[VIA AGP Filter / viaagp1][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[VIA USB Filter / viafilter][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\viausb.sys><VIA Technologies, Inc.>
[viaide / viaide][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\viaide.sys><VIA Technologies, Inc.>
[vkvxve / vkvxve3][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\vkvxve3.sys><N/A>
[WINIO / WINIO][Stopped/Manual Start]
  <\??\C:\WINNT\Downloaded Program Files\CONFLICT.5\winio.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[VIMICRO USB PC Camera / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
[GDGetTokenInfo Class]
  {3AA9CF07-DF20-48FF-98BE-DED276E40146} <C:\WINNT\system32\GDREAD~1.DLL, >
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINNT\system32\INPUTC~1.DLL, >
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINNT\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[CSetLET Class]
  {C35D7AE1-0865-4A30-BF07-29FA29324155} <C:\WINNT\system32\GDSetLET.dll, >
[WebActivater Control]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINNT\system32\3DShowVM.ocx, QQ>
[Kingsoft DUBA OnlineScan]
  {C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} <C:\WINNT\System32\kingsoft\ONLINE~1\kavclean.ocx, kingsoft>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Ravonline]
  {DA984A6D-508E-11D6-AA49-0050FF3C628D} <C:\WINNT\Downloaded Program Files\RsOnline.dll, Beijing Rising Tech. Co., Ltd.>
[IcbcSslCacheCleanerCtrl Class]
  {E9707834-5BF7-4CFF-A639-398427DE1991} <C:\WINNT\Downloaded Program Files\IcbcSslCacheCleaner.dll, 中国工商银行>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <e:\Program Files\360safe\live.dll, 360safe.com>
[添加到QQ表情]
  <E:\Program Files\Tencent\qq\AddEmotion.htm, N/A>

==================================

正在运行的进程
[PID: 160][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 196][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 216][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
[PID: 244][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 256][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
[PID: 396][C:\WINNT\System32\SCardSvr.exe]  [Microsoft Corporation, 5.00.2195.6609]
[PID: 644][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.9]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 652][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 716][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
    [C:\WINNT\system32\EBPMON2.DLL]  [SEIKO EPSON CORPORATION, 2, 3, 0, 0]
    [C:\WINNT\system32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 756][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 768][C:\Program Files\Lenovo\LenovoClient\scheduler.exe]  [Lenovo (Beijing) Ltd., 1.0.407.0]
    [C:\Program Files\Lenovo\LenovoClient\utilsdll.dll]  [Lenovo (Beijing) Ltd., 1.0.407.0]
    [C:\Program Files\Lenovo\LenovoClient\LIBEAY32.dll]  [N/A, ]
[PID: 800][C:\WINNT\System32\llssrv.exe]  [Microsoft Corporation, 5.00.2195.7021]
[PID: 812][C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\OPENDS60.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\UMS.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\SQLSORT.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\Resources\2052\sqlevn70.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\SSNETLIB.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\SSNMPN70.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\SSmsLPCn.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\SQLFTQRY.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Common Files\System\OLE DB\sqloledb.dll]  [Microsoft Corporation, 2000.080.0380]
    [C:\WINNT\system32\MSDART.DLL]  [Microsoft Corporation, 2.61.7326.0]
    [C:\Program Files\Common Files\System\OLE DB\MSDATL3.DLL]  [Microsoft Corporation, 2.61.7326.0]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\xpsqlbot.dll]  [Microsoft Corporation, 2000.080.0194.00]
[PID: 988][C:\WINNT\system32\WINDOW~1\Server\nspmon.exe]  [Microsoft Corporation, 4.1.00.3934]
[PID: 1072][C:\WINNT\system32\WINDOW~1\Server\nscm.exe]  [Microsoft Corporation, 4.1.00.3934]
[PID: 1096][C:\WINNT\System32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.4403]
    [C:\WINNT\system32\HANWANGP.IME]  [HanWang Corporation, 4.00.950]
[PID: 1140][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 1192][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6972]
[PID: 1272][C:\WINNT\system32\stisvc.exe]  [Microsoft Corporation, 5.00.2195.6656]
[PID: 1336][C:\WINNT\system32\U8SMSSrv.exe]  [N/A, ]
[PID: 1368][C:\WINNT\system32\ServerNT.EXE]  [N/A, ]
    [C:\WINNT\system32\UMiscell.dll]  [, 1, 0, 0, 1]
    [C:\WINNT\system32\sgv.dll]  [, 8, 2, 0, 0]
    [C:\WINNT\system\Sense3.dll]  [N/A, ]
    [C:\WINNT\system32\SecuComm.dll]  [N/A, ]
    [C:\WINNT\system32\MSDART.DLL]  [Microsoft Corporation, 2.61.7326.0]
    [C:\Program Files\Common Files\System\OLE DB\sqloledb.dll]  [Microsoft Corporation, 2000.080.0380]
    [C:\Program Files\Common Files\System\OLE DB\MSDATL3.DLL]  [Microsoft Corporation, 2.61.7326.0]
    [C:\Program Files\Common Files\System\OLE DB\SQLOLEDB.RLL]  [Microsoft Corporation, 2000.080.0380]
    [C:\WINNT\system32\DBNETLIB.DLL]  [Microsoft Corporation, 2000.080.0380.00]
    [C:\WINNT\system32\DBmsLPCn.dll]  [Microsoft Corporation, 2000.080.0194.00]
[PID: 1388][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 1420][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1428][C:\WINNT\system32\Dfssvc.exe]  [Microsoft Corporation, 5.00.2195.6664]
[PID: 980][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe]  [Microsoft Corporation, 9.107.5512.0]
    [C:\Program Files\Common Files\System\MSSearch\Bin\mssws.dll]  [Microsoft Corporation, 9.107.5512.0]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\mssrch.dll]  [Microsoft Corporation, 9.107.5512.0]
    [C:\Program Files\Common Files\System\MSSearch\Bin\tquery.dll]  [Microsoft Corporation, 9.107.5512.0]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\propdefs.dll]  [Microsoft Corporation, 9.107.5512.0]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\srchidx.dll]  [Microsoft Corporation, 9.107.5512.0]
[PID: 856][C:\WINNT\system32\WINDOW~1\Server\nspm.exe]  [Microsoft Corporation, 4.1.00.3917]
    [C:\WINNT\system32\WINDOW~1\Server\nmsa.dll]  [Microsoft Corporation, 4.1.00.3917]
    [C:\WINNT\system32\Windows Media\Server\nsodbc.dll]  [Microsoft Corporation, 4.1.00.3917]
    [C:\WINNT\system32\Windows Media\Server\mdsprx.dll]  [Microsoft Corporation, 4.1.00.3917]
    [C:\WINNT\system32\imaadp32.acm]  [Microsoft Corporation, 5.00.2195.6612]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\msg711.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\msgsm32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\tssoft32.acm]  [DSP GROUP, INC., 1.01]
    [C:\WINNT\system32\tsd32.dll]  [, ]
    [C:\WINNT\system32\lhacm.acm]  [Microsoft Corporation, 4.4.3385]
    [C:\WINNT\system32\msg723.acm]  [Microsoft Corporation, 4.4.3385]
    [C:\WINNT\system32\iac25_32.ax]  [Intel Corporation, 2.05.53]
    [C:\WINNT\system32\msaud32.acm]  [Microsoft Corporation, 4.1.00.3927]
    [C:\WINNT\system32\vct3216.acm]  [Voxware, Inc., 1.6.0.17]
    [C:\WINNT\system32\vct3216.dll]  [Voxware, Inc., 1.6.0.12]
    [C:\WINNT\system32\msms001.vwp]  [Voxware, Inc., 2.0.2.61]
    [C:\WINNT\system32\mvoice.vwp]  [Voxware, Inc., 2.0.0.12.01]
    [C:\WINNT\system32\sl_anet.acm]  [Sipro Lab Telecom Inc., 2.80]
    [C:\WINNT\system32\l3codeca.acm]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 5, 0, 43]
    [C:\WINNT\system32\vorbis.acm]  [HMS http://hp.vector.co.jp/authors/VA012897/, 0, 0, 3, 6]
[PID: 1620][C:\WINNT\system32\WINDOW~1\Server\nsum.exe]  [Microsoft Corporation, 4.1.00.3930]
    [C:\WINNT\system32\Windows Media\Server\accesscontrol.dll]  [Microsoft Corporation, 4.1.00.3917]
[PID: 1632][C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\WINNT\system32\SQLUNIRL.dll]  [Microsoft Corporation, 2000.080.0380.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\SQLSVC.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\WINNT\system32\odbcbcp.dll]  [Microsoft Corporation,  2000.080.0380.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\W95SCM.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\SEMMAP.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\Resources\2052\SQLSVC.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\Resources\2052\SEMMAP.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\Resources\2052\sqlagent.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\SQLAGENT.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLCMDSS.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLCMDSS.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLREPSS.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLREPSS.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLATXSS.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLATXSS.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\BINN\AXSCPHST.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\BINN\Resources\2052\AXSCPHST.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\WINNT\System32\SQLSRV32.dll]  [Microsoft Corporation,  2000.080.0380.00]
    [C:\WINNT\System32\sqlsrv32.rll]  [Microsoft Corporation,  2000.080.0380.00]
    [C:\WINNT\system32\DBNETLIB.DLL]  [Microsoft Corporation, 2000.080.0380.00]
    [C:\WINNT\system32\DBmsLPCn.dll]  [Microsoft Corporation, 2000.080.0194.00]

[PID: 240][C:\WINNT\System32\inetsrv\inetinfo.exe]  [Microsoft Corporation, 5.00.0984]
[PID: 1880][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\System32\unimdm.tsp]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\System32\kmddsp.tsp]  [Microsoft Corporation, 5.00.2150.1]
    [C:\WINNT\System32\ndptsp.tsp]  [Microsoft Corporation, 5.00.2143.1]
    [C:\WINNT\System32\ipconf.tsp]  [Microsoft Corporation, 5.00.2143.1]
    [C:\WINNT\System32\h323.tsp]  [Microsoft Corporation, 5.00.2195.6901]
[PID: 1348][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [E:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\WINNT\system32\ALSNDMGR.CPL]  [Realtek Semiconductor Corp., 2.1.09]
    [C:\WINNT\system32\LICCPA.CPL]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\powercfg.cpl]  [Microsoft Corporation, 5.00.3502.6601]
    [C:\WINNT\system32\U8SMSConfig.CPL]  [, 1, 0, 0, 1]
    [C:\WINNT\system32\nvtuicpl.cpl]  [NVIDIA Corporation, 6.14.10.4403]
    [C:\WINNT\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.4403]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINNT\system32\PYJJU.IME]  [北京六合源软件技术有限公司, 2, 2, 0, 4]
[PID: 936][C:\Program Files\rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.20]
    [C:\Program Files\rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\Program Files\rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[PID: 1536][E:\Program Files\360safe\safemon\360Tray.exe]  [奇虎网, 3, 6, 4, 3001]
    [E:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [E:\Program Files\360safe\safemon\SafeKrnl.dll]  [奇虎网, 3, 6, 0, 1001]
    [E:\Program Files\360safe\AntiAdwa.dll]  [360Safe.com, 3, 6, 3, 1001]
    [E:\Program Files\360safe\live.dll]  [360safe.com, 1, 0, 1, 1021]
[PID: 1548][E:\Program Files\360safe\antiarp\antiarp.exe]  [奇虎网, 1, 0, 0, 2001]
    [E:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
[PID: 1876][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [E:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
[PID: 1868][C:\Program Files\rising\rav\RsAgent.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.7]
    [C:\WINNT\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINNT\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\rising\rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\rising\rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[PID: 376][C:\WINNT\msagent\AgentSvr.exe]  [Microsoft Corporation, 2.00.0.3424]
    [E:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1316][E:\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [E:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [E:\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
[PID: 2180][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106]
    [E:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]

==================================
文件关联
.TXT  Error. [NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  Error. [%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINNT\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 812, C:\PROGRA~1\MI6841~1\MSSQL\BINN\SQLSERVR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1096, C:\WINNT\SYSTEM32\NVSVC32.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1336, C:\WINNT\SYSTEM32\U8SMSSRV.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1368, C:\WINNT\SYSTEM32\SERVERNT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 980, C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSSEARCH\BIN\MSSEARCH.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1632, C:\PROGRA~1\MI6841~1\MSSQL\BINN\SQLAGENT.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1536, E:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1536, E:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1548, E:\PROGRAM FILES\360SAFE\ANTIARP\ANTIARP.EXE]

==================================
API HOOK
入口点错误：CreateProcessA (危险等级: 高,  被下面模块所HOOK: E:\Program Files\360safe\safemon\safemon.dll)
入口点错误：CreateProcessW (危险等级: 高,  被下面模块所HOOK: E:\Program Files\360safe\safemon\safemon.dll)

==================================
隐藏进程
N/A

==================================


[/CODE]

已复制扫描
高手帮看看呀谢谢