瑞星卡卡安全论坛

我的电脑昨晚无故死机,重启电脑后就开始提示瑞星转入后台监控状态,打开瑞星19.20.42版,杀毒,但是找不到病毒,而且瑞星不能升级了,瑞星防火墙也根本打不开......
我原来装了个超级兔子,点击后出现一个Run_TempA文件,然后系统就好象进入死循环,IE窗口或者瑞星主程序窗口一闪一闪,怎么也关不了,除非强行重启电脑.....
我原来经常玩的中国游戏中心,点游戏也进入不了了,没有任何反应....
请问高手这是什么情况,中毒还是中马???帮帮我啊.....55

去下载sreng2,关闭qq，下载软件等一切不必要的程序后扫个日志上来，一次贴不完分段贴，不要修改
http://www.kztechs.com/sreng/sreng2.zip

上日志

[CODE]

2007-04-30,19:17:12

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2, v.2096 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <yf63h75l1gu><C:\DOCUME~1\jiang\LOCALS~1\Temp\iexpl0re.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <sun><C:\WINDOWS\SysSun2\svchost.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <IMSCMig><; >  [N/A]
    <nwiz><; nwiz.exe /install>  [NVIDIA Corporation]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>  [RealNetworks, Inc.]

==================================
启动文件夹
[星空极速]
  <C:\Documents and Settings\jiang\「开始」菜单\程序\启动\星空极速.lnk --> D:\PROGRA~1\Chinanet\VNETCL~1.EXE [N/A]><H>

==================================

服务
[Background Intelligent Transfer Service / BITS][Stopped/Disabled]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->IE_BitsClass.dll><N/A>
[局域网通讯协议 / Hello World][Stopped/Auto Start]
  <C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.EXE><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[MSSQLSERVER / MSSQLSERVER][Stopped/Disabled]
  <C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -sMSSQLSERVER><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Disabled]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Stopped/Disabled]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <d:\program files\rising\rfw\rfwproxy.exe><N/A>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Disabled]
  <C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -i MSSQLSERVER><Microsoft Corporation>

==================================
驱动程序
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Running/Manual Start]
  <system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Program Files\Tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Padus ASPI Shell / pfc][Running/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SKNFW / SKNFW][Running/System Start]
  <\??\C:\WINDOWS\system32\Drivers\SKNFW.sys><N/A>
[VIA AGP Filter / viaagp1][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[WINIO / WINIO][Stopped/Manual Start]
  <\??\C:\DOCUME~1\jiang\LOCALS~1\Temp\Rar$EX22.417\Mickeyss单机版刷段外挂\winio.sys><N/A>

==================================
浏览器加载项
[信息检索]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, N/A>
[相关站点]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[Easy-WebPrint]
  {327C2873-E90D-4c37-AA9D-10AC9BABA46C} <C:\Program Files\Canon\Easy-WebPrint\Toolband.dll, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, Microsoft Corporation>
[CEnroll Class]
  {127698E4-E730-4E5C-A2B1-21490A70C8A1} <C:\WINDOWS\system32\xenroll.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Recorder Control]
  {2423AB16-9F42-457B-A337-FE3B11964DB0} <C:\PROGRA~1\Bluesky\BLUESK~1\recorder.ocx, Bluesky Studio (http://www.bluesky.cn)>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[BlueskyVideo Control]
  {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} <C:\PROGRA~1\Bluesky\BLUESK~1\v2.ocx, 蓝天工作室(http://www.bluesky.cn)>
[Share Control]
  {3072B1F1-0C4D-4E76-A7C6-FBAF129DBCC9} <C:\PROGRA~1\Bluesky\BLUESK~1\share.ocx, http://www.bluesky.cn>
[Easy-WebPrint]
  {327C2873-E90D-4C37-AA9D-10AC9BABA46C} <C:\Program Files\Canon\Easy-WebPrint\Toolband.dll, >
[]
  {37CADC46-CFC7-43E6-A539-D124882BD838} <C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\system\IE_HEL~1.DLL, N/A>
[HHCtrl Object]
  {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <d:\PROGRA~1\chinanet\VNETTR~1.DLL, N/A>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\Program Files\淘宝网\淘宝旺旺\WangWangX4.dll, 阿里软件（中国）有限公司>
[PP Control]
  {7005341F-8E42-47E3-987B-3DBE6288048C} <C:\PROGRA~1\Bluesky\BLUESK~1\pp.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Videohelp Control]
  {75B75D86-D88B-4BEA-BC59-BFD9D7300518} <C:\PROGRA~1\Bluesky\BLUESK~1\VIDEOH~1.OCX, Bluesky Studio(http://www.bluesky.cn)>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Filetran Control]
  {88734439-46D0-42C0-A13F-7E881EE550CF} <C:\PROGRA~1\Bluesky\BLUESK~1\filetran.ocx, Bluesky Studio(http://www.bluesky.cn)>
[腾讯QQ]
  {8A03D6E7-7FDA-4CE9-95D0-988790911BF0} <C:\WINDOWS\pcuact2x.dll, 深圳市腾讯计算机系统有限公司>
[Chat Control]
  {94EFE58C-E678-4808-AD65-24CE4B94C1FE} <C:\PROGRA~1\Bluesky\BLUESK~1\chat.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Blueskyvoice Control]
  {991481A7-4669-4e15-8C24-100404E1F5CB} <C:\PROGRA~1\Bluesky\BLUESK~1\BLUESK~2.OCX, 蓝天工作室(http://www.bluesky.cn)>
[RealPlayer Stream Handler]
  {A1A41E11-91DB-4461-95CD-0C02327FD934} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Display Control]
  {A1D97DB3-E564-4743-B2E7-6F5182CBF406} <C:\PROGRA~1\Bluesky\BLUESK~1\display.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Tracechat Control]
  {A40335C4-D3D1-4E7B-9130-039CDA5B603C} <C:\PROGRA~1\Bluesky\BLUESK~1\TRACEC~1.OCX, bluesky studio>
[信息帮助]
  {A753ED20-5836-4642-A71C-08AE83F21492} <C:\WINDOWS\webhelp3.dll, >
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Blueskyvoice Control]
  {BA0F088C-72C1-475a-92F8-42391DEF6961} <C:\PROGRA~1\Bluesky\BLUESK~1\BLUESK~1.OCX, 蓝天工作室(http://www.bluesky.cn)>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Client Control]
  {C7B0C764-5D4E-433E-A854-591F28520577} <C:\PROGRA~1\Bluesky\BLUESK~1\client.ocx, >
[Play Control]
  {CC20DDA1-9A21-4DEC-B5BE-E61E0351FCA9} <C:\PROGRA~1\Bluesky\BLUESK~1\play.ocx, Bluesky Studio (http://www.bluesky.cn)>
[AUDIO__MID Moniker Class]
  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WAX Moniker Class]
  {CD3AFA83-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[Easy-WebPrint Helper]
  {D5E20F5B-9DB8-4230-BA09-7B8DB43D83EE} <C:\Program Files\Canon\Easy-WebPrint\TemplateHelper.dll, >
[MessengerChecker Class]
  {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} <D:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, TODO: <Company name>>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[Easy-WebPrint打印]
  <res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html, N/A>
[Easy-WebPrint添加到打印列表]
  <res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html, N/A>
[Easy-WebPrint预览]
  <res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html, N/A>
[Easy-WebPrint高速打印]
  <res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <D:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <D:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 424][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 480][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 504][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 548][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 560][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 740][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 776][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 892][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 960][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 1272][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\system32\CNMLM78.DLL]  [CANON INC., 1.90.2.61]
    [C:\WINDOWS\system32\spool\PRTPROCS\W32X86\CNMPD78.DLL]  [CANON INC., 1.90.2.61]
    [C:\WINDOWS\system32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\system32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 1348][D:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [D:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1548][C:\WINDOWS\system32\imapi.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 1596][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1824][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.4.3790.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 1924][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2096 (xpsp_sp2_rc1.040311-2315)]
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 232][C:\WINDOWS\svchost.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 1124][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 1324][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\nwizAskTao.dll]  [N/A, ]
    [C:\WINDOWS\system32\nwiztlbb.dll]  [N/A, ]
    [C:\DOCUME~1\jiang\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\DOCUME~1\jiang\LOCALS~1\Temp\Kavs1.dll]  [N/A, ]
[PID: 1848][d:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
    [d:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [d:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [d:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [d:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [d:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\DOCUME~1\jiang\LOCALS~1\Temp\Kavs1.dll]  [N/A, ]
    [C:\DOCUME~1\jiang\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
[PID: 336][C:\WINDOWS\SysSun2\svchost.exe]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 864][C:\WINDOWS\svchost.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 976][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 388][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 440][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,7,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\DOCUME~1\jiang\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\DOCUME~1\jiang\LOCALS~1\Temp\Kavs1.dll]  [N/A, ]
[PID: 2840][C:\WINDOWS\svchost.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 380][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,7,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\DOCUME~1\jiang\LOCALS~1\Temp\Kavs1.dll]  [N/A, ]
    [C:\DOCUME~1\jiang\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\Program Files\Canon\Easy-WebPrint\Toolband.dll]  [, 2, 5, 1, 6]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Canon\Easy-WebPrint\Resource.dll]  [, 2, 5, 0, 19]
[PID: 996][C:\WINDOWS\svchost.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 2820][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 3300][C:\WINDOWS\svchost.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 3400][C:\DOCUME~1\jiang\LOCALS~1\Temp\419763.exe]  [北京江民新科技术有限公司, 2, 0, 0, 0]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\DOCUME~1\jiang\LOCALS~1\Temp\Kavs1.dll]  [N/A, ]
    [C:\DOCUME~1\jiang\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
[PID: 3512][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 340][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 1224][C:\WINDOWS\svchost.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 2188][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 2704][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 2404][C:\WINDOWS\svchost.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 2648][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 3384][d:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\DOCUME~1\jiang\LOCALS~1\Temp\Kavs1.dll]  [N/A, ]
    [C:\DOCUME~1\jiang\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
[PID: 3644][C:\DOCUME~1\jiang\LOCALS~1\Temp\Rar$EX01.996\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\DOCUME~1\jiang\LOCALS~1\Temp\Kavs1.dll]  [N/A, ]
    [C:\DOCUME~1\jiang\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      mmm.caifu18.net
127.0.0.1      www.18dmm.com
127.0.0.1      d.qbbd.com
127.0.0.1      www.5117music.com
127.0.0.1      www.union123.com
127.0.0.1      www.wu7x.cn
127.0.0.1      www.54699.com
127.0.0.1      www1.6tan.com
127.0.0.1      www2.6tan.com
127.0.0.1      www.97725.com
127.0.0.1      down.97725.com
127.0.0.1      ip.315hack.com
127.0.0.1      ip.54liumang.com
127.0.0.1      www.41ip.com
127.0.0.1      xulao.com
127.0.0.1      www.heixiou.com
127.0.0.1      www.9cyy.com
127.0.0.1      www.hunll.com
127.0.0.1      www.down.hunll.com
127.0.0.1      do.77276.com
127.0.0.1      www.baidulink.com
127.0.0.1      adnx.yygou.cn
127.0.0.1      222.73.220.45
127.0.0.1      www.f5game.com
127.0.0.1      www.guazhan.cn
127.0.0.1      wm,103715.com
127.0.0.1      www.my6688.cn
127.0.0.1      i.96981.com
127.0.0.1      d.77276.com
127.0.0.1      www1.cw988.cn
127.0.0.1      cool.47555.com
127.0.0.1      www.asdwc.com
127.0.0.1      55880.cn
127.0.0.1      61.152.169.234
127.0.0.1      cc.wzxqy.com
127.0.0.1      www.54699.com
127.0.0.1      t.gcuj.com
127.0.0.1      www.puma163.com
127.0.0.1      ceoww.com
127.0.0.1      boolom.com
127.0.0.1      adult-novel.cn
127.0.0.1      ll.chinasese.net
127.0.0.1      www.tellumore.com
127.0.0.1      www.o1wg.com
127.0.0.1      www.qq756.com
127.0.0.1      ll.chinasese.net

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

有什么问题啊??在线等

2楼3楼的兄弟哪去了?帮帮我啊....

参考下1楼，不想多说了！

http://forum.ikaka.com/topic.asp?board=28&artid=8304871

估计白看。

还得回来问。

谢谢ADL,做了如下操作,进安全模式
1/运行C:\WINDOWS\system32\drivers\etc
用记事本打开hosts 删除所有内容，保存。
2/运行%temp% 删除C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp文件夹中的所有文件！
3/删除了C:\WINDOWS\system32\nwiztlbb.exe
C:\WINDOWS\system32\nwizAskTao.exe
现在电脑重启后瑞星防火墙可以打开了,但是瑞星杀毒和防火墙仍然不能升级,而且防火墙里面的系统状态里有一大堆的IEXPLORE.EXE C:\program files\Internet Explorer\IEXPLORE.EXE,一看就不正常啊,接下来怎么解决??????????????

看这个帖子
http://forum.ikaka.com/topic.asp?board=28&artid=8304639

主要问题在[局域网通讯协议 / Hello World][Stopped/Auto Start]
<C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.EXE><N/A>这个上面

感谢感谢,看特征非常符合,我去试下先~~~

引用:

【mothaiba123的贴子】谢谢ADL,做了如下操作,进安全模式 1/运行C:\WINDOWS\system32\drivers\etc 用记事本打开hosts 删除所有内容，保存。 2/运行%temp% 删除C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp文件夹中的所有文件！ 3/删除了C:\WINDOWS\system32\nwiztlbb.exe C:\WINDOWS\system32\nwizAskTao.exe 现在电脑重启后瑞星防火墙可以打开了,但是瑞星杀毒和防火墙仍然不能升级,而且防火墙里面的系统状态里有一大堆的IEXPLORE.EXE C:\program files\Internet Explorer\IEXPLORE.EXE,一看就不正常啊,接下来怎么解决?????????????? ………………

把EXE访问规则中状态为×的规则删除！

看了newcenturymoon的贴子,感觉我的电脑就是中了你说的这个玩艺.按照 你的清除方法,做了如下操作:
1/安全模式下打开sreng2 启动项目 注册表 找到并删除如下项目
<sun><C:\WINDOWS\SysSun2\svchost.exe> []
2/“启动项目”-“服务”-“Win32服务应用程序”中点“隐藏经认证的微软项目”，
选中以下项目，点“删除服务”，再点“设置”，在弹出的框中点“否”：
局域网通讯协议 / Hello World
3/双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹" 并清除"隐藏受保护的操作系统文件（推荐）"前面的钩。在提示确定更改时，单击“是” 然后确定
找到并删除了
C:\WINDOWS\SysSun2文件夹
C:\WINDOWS\system32\nwizAskTao.dll
C:\WINDOWS\system32\nwizAskTao.exe
C:\WINDOWS\system32\nwiztlbb.dll
C:\WINDOWS\system32\nwiztlbb.exe
4/清空 C:\DOCUME~1\用户名\LOCALS~1\Temp

但是我重启电脑之后,系统里面的那些多的IEXPLORE.EXE没有了,但是问题仍然存在,瑞星杀毒和防火墙还是不能升级,一点超级兔子什么的软件,还是出现Run_TempA,我晕了..

再扫你已处理过的系统日志。

发来。

估计驱动那里还有东东。

处理过之后,问题仍旧.....而且问题有越来越严重的趋势,今天上午可以点开的桌面快捷方式,晚上一点,提示什么不是有效的WIN32方式,一个两个都点不开啦..
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <sun><C:\WINDOWS\SysSun2\svchost.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]

晕了,重启后,这个    <sun><C:\WINDOWS\SysSun2\svchost.exe> 又出来了,删不掉,就是它.......
高手请指教,难道真要我格掉系统盘,重装系统???

请帮帮忙

C:\WINDOWS\SysSun2\svchost.exe瑞星杀不出,手动杀和用Icesword杀掉,重启电脑后,还是有,我的瑞星杀毒和防火墙还是升不了级.....请问怎么解决?

删掉所有除了系统盘的exe文件，然后再用杀毒软件，这样就不会再感染了

引用:

【mothaiba123的贴子】看了newcenturymoon的贴子,感觉我的电脑就是中了你说的这个玩艺.按照 你的清除方法,做了如下操作: 1/安全模式下打开sreng2 启动项目 注册表 找到并删除如下项目 <sun><C:\WINDOWS\SysSun2\svchost.exe> [] 2/“启动项目”-“服务”-“Win32服务应用程序”中点“隐藏经认证的微软项目”， 选中以下项目，点“删除服务”，再点“设置”，在弹出的框中点“否”： 局域网通讯协议 / Hello World 3/双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹" 并清除"隐藏受保护的操作系统文件（推荐）"前面的钩。在提示确定更改时，单击“是” 然后确定 找到并删除了 C:\WINDOWS\SysSun2文件夹 C:\WINDOWS\system32\nwizAskTao.dll C:\WINDOWS\system32\nwizAskTao.exe C:\WINDOWS\system32\nwiztlbb.dll C:\WINDOWS\system32\nwiztlbb.exe 4/清空 C:\DOCUME~1\用户名\LOCALS~1\Temp 但是我重启电脑之后,系统里面的那些多的IEXPLORE.EXE没有了,但是问题仍然存在,瑞星杀毒和防火墙还是不能升级,一点超级兔子什么的软件,还是出现Run_TempA,我晕了.. ………………

没看我说那个病毒感染除系统分区外的exe么 在杀毒软件没有修复那些exe文件之前不要点击

杀毒软件怎么才能修复那些exe文件?
我安全模式下操作完那些步骤后,用瑞星19.40.42扫了一轮,没有发现任何病毒,也没有修复什么文件啊?
而且我现在的瑞星杀毒一打开就弹出一个对话框,"16位MS-DOS子系统"......提示D:\PROGRA~\RISING\RAV\RSAGENT.EXE NTVDM CPU遇到无效的指令?

现在不能修复，你将你的那些宝贝文件都压缩在一起，等以后再说吧。

然后重装系统，在光盘启动后，进DOS下手工删除所有盘里的文件，除了那个压缩备份的。



包括你安装系统所需要的驱动都得重找。原机上备份的都不能用了。

去耐心做吧，这样你才能有个顺心的系统。

不过以你现在的来看，你就来个新的，乱上网，还会这样死翘翘的。

不是吧,这么严重??????重装系统还可以接受,要手工删除所有盘的文件,这个夸张了点吧,那和我格掉所有的盘有什么区别啊?

格盘？？？？？？

那你那压缩备份的文件不要啦？？？？？？？

笨死！！！

你可以在现在这个系统中，将非系统盘的文件都删除嘛。

只保留那压缩备份的文件。

不过连隐藏文件都得删除哦。

还有那该死的系统还原的备份文件夹。

然后在重装系统时，就格系统盘就行了。

汗...............

去做吧。