安全模式下很正常。但是正常模式经常无故重起，用杀毒软件查说有木马病毒但是杀不掉，提示病毒在WINDOWS/TEMP中。。。。今天早上重起比较频繁，所以把TEMP改成TEMP77，，暂时稳定。。但是这样的话只要重新开机，TEMP会自动生成，木马病毒还是会被激活，这到底是什么病毒，，该用什么来杀呢。。请高手帮忙。，。谢谢。。

扫个日志上来呀

Suspicious Files:
Scan result:
No suspicious file


Active System Processes
C:\WINDOWS\SYSTEM32\ALG.EXE
C:\WINDOWS\TEMP\GR774E.EXE
C:\WINDOWS\SYSTEM32\WFXSNT40.EXE
C:\PROGRA~1\WINFAX\WFXSWTCH.EXE
C:\PROGRA~1\WINFAX\PSAPI.DLL

C:\OFFICESCAN NT\PCCNTMON.EXE
C:\OFFICESCAN NT\LOADHTTP.DLL
C:\OFFICESCAN NT\PWD.DLL
C:\OFFICESCAN NT\OFCPLUGINAPI.DLL
C:\OFFICESCAN NT\OFCPIPC.DLL
C:\OFFICESCAN NT\TIMESTRING.DLL
C:\OFFICESCAN NT\NTMONRES.DLL
C:\OFFICESCAN NT\OFCPLUGINMAIN.DLL
C:\OFFICESCAN NT\OFCPLUGINTRAY.DLL

C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\IPMSG\IPMSG.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\WINFAX\WFXCTL32.EXE
C:\PROGRAM FILES\WINFAX\DCCDA32I.DLL
C:\PROGRAM FILES\WINFAX\DCCUTILI.DLL
C:\PROGRAM FILES\WINFAX\DCCUTILC.DLL
C:\PROGRAM FILES\WINFAX\WFXIIF32.DLL
C:\PROGRAM FILES\WINFAX\WFXUT32I.DLL
C:\PROGRAM FILES\WINFAX\RTFCTL32.DLL
C:\PROGRAM FILES\WINFAX\WFXUT32C.DLL
C:\PROGRAM FILES\WINFAX\DCCTBP32.DLL
C:\PROGRAM FILES\WINFAX\SCTRL.DLL
C:\PROGRAM FILES\WINFAX\WFXUTILU.DLL
C:\PROGRAM FILES\WINFAX\DCCRES32.DLL
C:\PROGRAM FILES\WINFAX\WFXRES32.DLL
C:\PROGRAM FILES\WINFAX\WFSUBKUP.DLL
C:\PROGRAM FILES\WINFAX\DCCDA32K.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\RMCLIENT\PMCTRAY.EXE
C:\WINDOWS\PMCAPI.DLL
C:\WINDOWS\PMCCOM.DLL
C:\WINDOWS\PMCMISC.DLL
C:\WINDOWS\PMAPIEN.DLL
C:\PROGRAM FILES\RMCLIENT\PMCLEN.DLL

C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE

C:\WINDOWS\TEMP\GR774E.EXE这个每次删除了还会有

C:\WINDOWS\SYSTEM32\CPWMON2K.DLL
C:\WINDOWS\SYSTEM32\DWMONNT.DLL
C:\WINDOWS\SYSTEM32\MDIMON.DLL
C:\WINDOWS\SYSTEM32\PDFPORTS.DLL
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ADISTRES.DLL
C:\WINDOWS\SYSTEM32\RC4MON.DLL
C:\WINDOWS\SYSTEM32\RPNV2MON.DLL
C:\WINDOWS\SYSTEM32\RPNV2JOB.DLL
C:\WINDOWS\SYSTEM32\RPNV2EN.DLL
C:\WINDOWS\SYSTEM32\PMOBSERVINP.DLL
C:\WINDOWS\SYSTEM32\WFXMNT40.DLL
C:\WINDOWS\SYSTEM32\WFXMNTHQ.DLL
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\DWPP.DLL
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\MDIPPR.DLL
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\WFXPNT40.DLL
C:\WINDOWS\PMCOMMON.DLL

C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\WINFAX\WFXSEH32.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\PROGRAM FILES\INTERNET EXPLORER\MUI\0404\BROWSELC.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\MUI\0404\SHDOCLC.DLL
C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL
C:\PROGRAM FILES\WINRAR\RAREXT.DLL

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\MNMSRVC.EXE
C:\PROGRAM FILES\LOTUS\NOTES\NTMULTI.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\OFFICESCAN NT\NTRTSCAN.EXE
C:\OFFICESCAN NT\OFCDOG.DLL
C:\OFFICESCAN NT\OFCPLUGINAPI.DLL
C:\OFFICESCAN NT\TIMESTRING.DLL
C:\OFFICESCAN NT\OFCPIPC.DLL
C:\OFFICESCAN NT\OFCPLUGINMAIN.DLL
C:\OFFICESCAN NT\OFCPLUGINTRAY.DLL

C:\OFFICESCAN NT\TMLISTEN.EXE
C:\OFFICESCAN NT\TMSOCK.DLL
C:\OFFICESCAN NT\LOADHTTP.DLL
C:\OFFICESCAN NT\OFCPLUGINAPI.DLL
C:\OFFICESCAN NT\OFCPIPC.DLL
C:\OFFICESCAN NT\LIBTMCAV.DLL
C:\OFFICESCAN NT\PWD.DLL
C:\OFFICESCAN NT\OFCDOG.DLL
C:\OFFICESCAN NT\TMDBG20.DLL
C:\OFFICESCAN NT\OFCPLUGINMAIN.DLL
C:\OFFICESCAN NT\OFCPLUGINTRAY.DLL
C:\OFFICESCAN NT\TMUPDATE.DLL

C:\WINDOWS\SYSTEM32\WFXSVC.EXE
C:\OFFICESCAN NT\OFCPFWSVC.EXE
C:\OFFICESCAN NT\OFCPFWCOMMON.DLL
C:\OFFICESCAN NT\ZLIB.DLL
C:\OFFICESCAN NT\OFCPIPC.DLL
C:\OFFICESCAN NT\TMDBG20.DLL
C:\OFFICESCAN NT\TMCFWAPI.DLL

C:\PROGRAM FILES\WINFAX\WFXMOD32.EXE
C:\PROGRAM FILES\WINFAX\DCCDA32I.DLL
C:\PROGRAM FILES\WINFAX\DCCUTILI.DLL
C:\PROGRAM FILES\WINFAX\WFXUT32I.DLL
C:\PROGRAM FILES\WINFAX\RTFCTL32.DLL
C:\PROGRAM FILES\WINFAX\WFXIIF32.DLL
C:\PROGRAM FILES\WINFAX\WFXVW32I.DLL
C:\PROGRAM FILES\WINFAX\SENGINE.DLL
C:\PROGRAM FILES\WINFAX\WFXUTILU.DLL
C:\PROGRAM FILES\WINFAX\DCCUTILC.DLL
C:\PROGRAM FILES\WINFAX\WFXUT32C.DLL
C:\PROGRAM FILES\WINFAX\DCCTBP32.DLL
C:\PROGRAM FILES\WINFAX\SCTRL.DLL
C:\PROGRAM FILES\WINFAX\DCCRES32.DLL
C:\PROGRAM FILES\WINFAX\WFXRES32.DLL

C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\WINDOWS\SYSTEM32\USERINIT.EXE
C:\WINDOWS\SYSTEM32\WUAUCLT.EXE
C:\PROGRAM FILES\LOTUS\NOTES\NLNOTES.EXE
C:\PROGRAM FILES\LOTUS\NOTES\NNOTESWS.DLL
C:\PROGRAM FILES\LOTUS\NOTES\NNOTES.DLL
C:\PROGRAM FILES\LOTUS\NOTES\NXMLPAR.DLL
C:\PROGRAM FILES\LOTUS\NOTES\NXMLCOMMON.DLL
C:\PROGRAM FILES\LOTUS\NOTES\JS32.DLL
C:\PROGRAM FILES\LOTUS\NOTES\NLSCCSTR.DLL
C:\PROGRAM FILES\LOTUS\NOTES\NDGTS.DLL
C:\PROGRAM FILES\LOTUS\NOTES\LTOUIN22.DLL
C:\PROGRAM FILES\LOTUS\NOTES\NPLUGINS.DLL
C:\PROGRAM FILES\LOTUS\NOTES\NSTRINGS.DLL
C:\PROGRAM FILES\LOTUS\NOTES\NAMHOOK.DLL
C:\PROGRAM FILES\LOTUS\NOTES\SMLNPWX.DLL
C:\PROGRAM FILES\LOTUS\NOTES\NTCP.DLL
C:\PROGRAM FILES\LOTUS\NOTES\NSTCLIENTU.DLL
C:\PROGRAM FILES\LOTUS\NOTES\NIMUIU.DLL
C:\PROGRAM FILES\LOTUS\NOTES\MUI\ZH-TW\NIMUIRES.DLL.MUI

C:\DOCUMENTS AND SETTINGS\ADMIN.KS\DESKTOP\RSDETECT.EXE

Standard Autorun Registry Items
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
WinFaxAppPortStarter = WFXSNT40.EXE
WFXSwtch = C:\PROGRA~1\WINFAX\WFXSWTCH.EXE
PHIMETIPSYNC = C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSYNC
MplSetUp = C:\PROGRAM FILES\RMCLIENT\MPLSETUP.EXE
JobHisInit = C:\PROGRAM FILES\RMCLIENT\JOBHISINIT.EXE
IMSCMig = C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /PRELOAD
IMJPMIG9.0 = C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /PRELOAD /MIGRATION32
IMJPMIG8.1 = "C:\WINDOWS\IME\IMJP8_1\IMJPMIG.EXE" /SPOIL /REMADVDEF /MIGRATION32
IMEKRMIG6.1 = C:\WINDOWS\IME\IMKR6_1\IMEKRMIG.EXE
CJIMETIPSYNC = C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSYNC
OfficeScanNT Monitor = "C:\OFFICESCAN NT\PCCNTMON.EXE" -HIDEWINDOW

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE

晕~~~~~~~~~
下载HijackThis V1.99.1 导出全部日志

ijackThis_zww?て?磞らв V1.99.1
玂      4:09:09 PM, ら戳 4/21/2006
巨╰?  Windows XP SP2 (WinNT 5.01.2600)
??竟    Internet Explorer v6.00 SP2 (6.00.2900.2180)

?玡?︽?祘         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mnmsrvc.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\system32\rundll32.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\OfficeScan NT\OfcPfwSvc.exe
C:\WINDOWS\TEMP\JQB061.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\OfficeScan NT\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IPMsg\ipmsg.exe
C:\Program Files\WinFax\WFXCTL32.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\RMClient\PMCTray.exe
C:\Program Files\WinFax\WFXMOD32.exe
C:\WINDOWS\system32\WFXSNT40.exe
C:\Program Files\WinFax\WFXSWTCH.exe
C:\WINDOWS\system32\userinit.exe