请问为什么总会出现这2个病毒?我设置了开机启动杀毒,瑞星每次开机的时候都会检测出这个病毒.请问这是什么病毒.该怎么彻底清除它们呢??为什么我连接上网络后瑞星防火墙总会提示有人入侵我呢?我该怎么办?谢谢.在线等.请各位帮帮忙.

防火墙那个你不用管他

至于瑞星扫出来那2个，你重启后又有吗/

是的,还有

【回复“血染＊白袍”的帖子】
木马
已经插入了winlogon.exe（WINDOWS登录程序）和explorer.exe（资源管理器）进程。
这样的木马，在WINDOWS模式及安全模式都杀不净。

建议：用SRENG扫日志贴上来看看。
如果能找到其加载项，且该木马无注册表监控能力，可以删除其加载项。
然后，重启系统。最后删除木马文件。
基本思路就是这样。

哪有下SRENG?

http://www.kztechs.com/sreng/sreng2.zip

引用:

【血染＊白袍的贴子】哪有下SRENG? ………………

http://www.kztechs.com/sreng/download.html

2006-11-08,20:29:08

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional  (Build 2600)
- Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><Internat.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  []
    <RavTask><"E:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"E:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{9A36CEDC-2619-43F0-8108-50A321AD3057}><E:\WINDOWS\System32\hggfdaa.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hggfdaa]
    <WinlogonNotify: hggfdaa><hggfdaa.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtutu]
    <WinlogonNotify: vtutu><E:\WINDOWS\System32\vtutu.dll>  []

==================================

Startup Folders
Services
[C-DillaCdaC11BA / C-DillaCdaC11BA]
  <E:\WINDOWS\System32\drivers\CDAC11BA.EXE><Macrovision>
[Rising Proxy  Service / RfwProxySrv]
  <e:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <e:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"E:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"E:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
Browser Add-ons
[]
  {401E19CA-B535-49D6-87C7-FA59F9CE6D45} <E:\WINDOWS\System32\vtutu.dll, N/A>
[]
  {9A36CEDC-2619-43F0-8108-50A321AD3057} <E:\WINDOWS\System32\hggfdaa.dll, N/A>
[相?站?]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <e:\Program Files\Tencent\qq\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <e:\Program Files\Tencent\qq\QQIEHelper.dll, N/A>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <E:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[?台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <E:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[縐縐奻厙假翑忒]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <E:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[&VSAdd-in]
  {74DD705D-6834-439C-A735-A6DBE2677452} <E:\Program Files\VSAdd-in\VSAdd-in.dll, N/A>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <E:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[AddSHCARoot Control]
  {098A3F72-3110-4004-B954-2F9DC44934B4} <E:\WINDOWS\DOWNLO~1\ADDCAR~1.OCX, SHECA>
[PGEdit Class]
  {2BFAA61B-5C83-4865-8281-D8BDBF863061} <E:\WINDOWS\Downloaded Program Files\PG_ATL_Edit.dll, 中????州分公司>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <E:\WINDOWS\System32\aliedit\AliEdit.dll, www.alipay.com>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <E:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <E:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <E:\WINDOWS\System32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[上傳到QQ網路硬碟]
  <E:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[匯出至 Microsoft Excel(&X)]
  <res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
[新增到QQ自定義面板]
  <E:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[新增到QQ表情]
  <E:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[添加到QQ自定義面板]
  <e:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <e:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ MMS傳送該圖片]
  <E:\Program Files\Tencent\qq\SendMMS.htm, N/A>
[用QQ彩信發送該圖片]
  <e:\Program Files\Tencent\qq\SendMMS.htm, N/A>

==================================

Running Processes
[PID: 428][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 488][\??\E:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 512][\??\E:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [E:\WINDOWS\System32\vtutu.dll]  <N/A><N/A>
[PID: 556][E:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 568][E:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 740][E:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 764][E:\Program Files\Rising\Rav\CCenter.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 780][E:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 856][E:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 880][E:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 892][E:\Program Files\Rising\Rav\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 47>
    [E:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
    [E:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [E:\Program Files\Rising\Rav\RsPPsys.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [E:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [E:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [E:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [E:\Program Files\Rising\Rav\RsLog.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
    [E:\Program Files\Rising\Rav\HOOKSYS.dll]  <Beijing Rising Technology Co., Ltd.><18, 1, 0, 12>
    [E:\Program Files\Rising\Rav\Scanner.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 33>
    [E:\Program Files\Rising\Rav\libload.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [E:\Program Files\Rising\Rav\VirusLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [E:\Program Files\Rising\Rav\regmon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [E:\Program Files\Rising\Rav\HookWeb.dll]  <rising><18, 0, 0, 2>
    [E:\Program Files\Rising\Rav\MemMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [E:\Program Files\Rising\Rav\expscan.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [E:\Program Files\Rising\Rav\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
    [E:\Program Files\Rising\Rav\MailMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [E:\Program Files\Rising\Rav\SpamEng.dll]  <N/A><18, 0, 0, 6>
    [E:\Program Files\Rising\Rav\engine.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 35>
    [E:\Program Files\Rising\Rav\PostTrt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
    [E:\Program Files\Rising\Rav\UnExe.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [E:\Program Files\Rising\Rav\ScanExec.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 15>
    [E:\Program Files\Rising\Rav\ScanEx.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
    [E:\Program Files\Rising\Rav\RSUnpack.dll]  <Beijing Rising Technology Co., Ltd.><1, 0, 0, 19>
    [E:\Program Files\Rising\Rav\ExtFile.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
    [E:\Program Files\Rising\Rav\NvFile.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [E:\Program Files\Rising\Rav\ScanMac.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [E:\Program Files\Rising\Rav\ScanSct.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
    [E:\Program Files\Rising\Rav\Unpacker.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 956][e:\program files\rising\rfw\rfwsrv.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 33>
    [e:\program files\rising\rfw\RfwRule.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13>
    [e:\program files\rising\rfw\rfwlog.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
    [e:\program files\rising\rfw\Rfwdrv.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
    [e:\program files\rising\rfw\MonDrv.dll]  <rs><1, 0, 0, 4>
    [e:\program files\rising\rfw\ProcLib.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
    [e:\program files\rising\rfw\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[PID: 1172][E:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
    [E:\WINDOWS\system32\hpdcmon.dll]  <Hewlett-Packard><04.10.00>
    [E:\WINDOWS\system32\hppamon0.dll]  <HP><1, 0, 48, 1>
    [E:\WINDOWS\system32\hppadt40.dll]  <HP><1, 0, 43, 0>
[PID: 1304][E:\Program Files\Rising\Rav\RavStub.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [E:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [E:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1540][E:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1556][E:\WINDOWS\System32\drivers\CDAC11BA.EXE]  <Macrovision><4.20.020>
[PID: 1600][e:\program files\rising\rfw\RfwMain.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 52>
    [e:\program files\rising\rfw\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [e:\program files\rising\rfw\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [e:\program files\rising\rfw\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1616][E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe]  <Microsoft Corporation><7.00.9064.9150>
[PID: 156][E:\WINDOWS\SOUNDMAN.EXE]  <Realtek Semiconductor Corp.><5.1.00>
[PID: 168][E:\Program Files\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [E:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [E:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [E:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [E:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 172][E:\WINDOWS\System32\Internat.exe]  <Microsoft Corporation><5.00.2920.0000>
[PID: 152][E:\Program Files\Rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 39>
    [E:\Program Files\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>
    [E:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
    [E:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [E:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [E:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [E:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [E:\Program Files\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 480][F:\01\EPSnap.exe]  <EPSoft><1.2.1.1264>
    [E:\WINDOWS\System32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
[PID: 208][E:\WINDOWS\explorer.exe]  <Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)>
    [E:\WINDOWS\System32\vtutu.dll]  <N/A><N/A>
    [E:\WINDOWS\System32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [E:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  <Autodesk><16.0.0.86>
    [E:\WINDOWS\System32\hggfdaa.dll]  <N/A><N/A>
    [E:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [E:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
    [E:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1728][E:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)>
    [E:\WINDOWS\System32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [E:\WINDOWS\System32\vtutu.dll]  <N/A><N/A>
    [E:\WINDOWS\System32\hggfdaa.dll]  <N/A><N/A>
[PID: 1560][E:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 536][F:\01\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>

==================================