瑞星（杀毒和个人防火墙），卡卡上网安全助手都已升级到最新版，仍然无法删除病毒，提示＂重启后删除＂，但重启仍无法删除病毒．现在开机有一个Novell的进程几乎占了全部ＣＰＵ资源，每次开机奇慢无比，只有杀掉它．请高人大虾指点迷津！！

用流氓工具试试，找到它的病根，先把根干掉

【回复“痴情游子”的帖子】
用什么工具？如何找到它的病根？

2006-11-23,22:56:06

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <CTFMON.EXE><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <NBJ><"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe">  [Ahead Software AG]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NWTRAY><NWTRAY.EXE>  [Novell, Inc.]
    <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <SoundMAXPnP><C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe>  [Analog Devices, Inc.]
    <SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray>  [Analog Devices, Inc.]
    <AGRSMMSG><AGRSMMSG.exe>  [(Verified)Agere Systems]
    <dla><C:\WINDOWS\system32\dla\tfswctrl.exe>  [Sonic Solutions]
    <imekrmig7.0><"C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE">  [(Verified)Microsoft Corporation]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <CertStoreInit><C:\WINDOWS\system32\CertStoreInit>  [N/A]
    <ThunderMini><C:\Program Files\Thunder Network\ThunderMini\ThunderMiniShell.exe>  [N/A]
    <BigDog303><C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)>  [N/A]
    <VMSnap3><C:\WINDOWS\VMSnap3.EXE>  [Vimicro]
    <Domino><C:\WINDOWS\Domino.EXE>  [Vimicro]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <UserFaultCheck><%systemroot%\system32\dumprep 0 -u>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><d:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <Userinit><C:\WINDOWS\SYSTEM32\Userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><C:\WINDOWS\system32\svch52l.dll>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <GinaDLL><NWGina.DLL>  [Novell, Inc.]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AD81EA4A-A6FF-11E0-9A84-00C04FD8DBD8}><C:\WINDOWS\system32\hd81ea4a.log>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ckpNotify]
    <WinlogonNotify: ckpNotify><ckpNotify.dll>  [Check Point Software Technologies]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc]
    <WinlogonNotify: rpcc><C:\WINDOWS\system32\rpcc.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wsacclcm]
    <WinlogonNotify: wsacclcm><SWEvent.dll>  [N/A]

==================================
Startup Folders
[Acrobat Assistant]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk --> C:\PROGRA~1\Adobe\ACROBA~2.0\Distillr\acrotray.exe [Adobe Systems Inc.]><H>
[Push Client]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Push Client.LNK --> C:\INTERW~1\Student\INTERW~1\PARTIC~1\pull.exe [Interwise Ltd]><H>

==================================
Services
[ASP.NET State Service / aspnet_state]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Bluetooth Service / btwdins]
  <C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe><WIDCOMM, Inc.>
[Client Update Service for Novell / cusrvc]
  <C:\WINDOWS\system32\cusrvc.exe><Novell, Inc.>
[Serverboot / ervernihaaak]
  <C:\Program Files\cikeki\cikera.scr><N/A>
[eToken Notification Service / ETOKSRV]
  <C:\WINDOWS\system32\eTSrv.exe><Aladdin Ltd.>
[FGR Service / FGR Service]
  <"C:\Program Files\1666_Fiberlink\Fgrd.exe"><Fiberlink Communications Corporation>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[hp OpenView service desk 4.5 agent / hp OpenView service desk 4.5 agent]
  <C:\Program Files\Hewlett-Packard\OpenView\service desk 4.5\agent\bin\sd_agentservice.exe><N/A>
[InPlan Service / InPlan Service]
  <C:\FLEXlm\Lmgrd.exe><GLOBEtrotter Software Inc.>
[Novell Application Launcher / NALNTSERVICE]
  <C:\Program Files\Novell\ZENworks\nalntsrv.exe><Novell, Inc.>
[Network Logons / NetWorkLogons]
  <rundll32.exe KB27861012.log,start><Microsoft Corporation>
[Novell Secure Workstation Service / Novell Secure Workstation]
  <C:\WINDOWS\system32\wsaccsvc.exe><N/A>
[NuTCRACKER Kernel / NuTCRACKER Kernel]
  <C:\WINDOWS\system32\nutkserv.exe><N/A>
[Oracle6iFormServerClientCache80 / Oracle6iFormServerClientCache80]
  <d:\oracle\6iFormServer\BIN\ONRSD80.EXE><N/A>
[Oracle Forms Server [Forms60Server-6iFormServer] / OracleFormsServer-Forms60Server-6iFormServer]
  <d:\oracle\6iFormServer\bin\ifsrv60.exe -start_service><Oracle Corporation>
[OracleOraHome92Agent / OracleOraHome92Agent]
  <d:\oracle\ora92\bin\agntsrvc.exe><Oracle Corporation>
[OracleOraHome92ClientCache / OracleOraHome92ClientCache]
  <d:\oracle\ora92\BIN\ONRSD.EXE><N/A>
[OracleOraHome92HTTPServer / OracleOraHome92HTTPServer]
  <"d:\oracle\ora92\Apache\Apache\apache.exe" --ntservice><N/A>
[OracleOraHome92TNSListener / OracleOraHome92TNSListener]
  <d:\oracle\ora92\BIN\TNSLSNR ><N/A>
[OracleServiceINMIND / OracleServiceINMIND]
  <d:\oracle\ora92\bin\ORACLE.EXE INMIND><Oracle Corporation>
[PatchLink Update / PatchLink Update]
  <C:\Program Files\PatchLink\Update Agent\GRAVITIXSERVICE.exe><Patchlink Corporation>
[Polar SI8000 / Polar SI8000]
  <C:\FLEXlm\Lmgrd.exe><GLOBEtrotter Software Inc.>
[Novell ZfD Wake on LAN Status Agent / Prometheus Wake-On-LAN Status Agent]
  <C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe><Novell Inc.>
[Novell ZfD Remote Management / Remote Management Agent]
  <C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe><Novell Inc.>
[Rising Proxy  Service / RfwProxySrv]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[Check Point SecuRemote Service / SR_Service]
  <"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe"><Check Point Software Technologies>
[Check Point SecuRemote WatchDog / SR_WatchDog]
  <"C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe"><Check Point Software Technologies>
[User Profile Hive Cleanup / UPHClean]
  <C:\Program Files\UPHClean\uphclean.exe><Microsoft Corporation>
[UStorage Server Service / UStorage Server Service]
  <C:\WINDOWS\system32\UStorSrv.exe /Service><OTi>
[Frontline gnd Server / Valor gnd Server]
  <d:\genesis\e91\gnd\gnd.exe><N/A>
[Windowns Audio Help / WinAudioHelp]
  <C:\WINDOWS\system32\runmlrab.exe><N/A>
[WindowService / WindowService]
  <C:\WINDOWS\system32\Svchost.exe -k WindowService-->C:\WINDOWS\system32\drivers\Register_nos.dll><N/A>
[Windows Media Connect (WMC) / WmcCds]
  <c:\program files\windows media connect\mswmccds.exe><Microsoft Corporation>
[Windows Media Connect (WMC) Helper / WmcCdsLs]
  <C:\Program Files\Windows Media Connect\mswmcls.exe><Microsoft Corporation>