我开机一段时间后会自动启动WINDOWS帮助文件，不断重复这个动作一直消耗到系统无法动弹，瑞星也查不出来


以下就是我用Autoruns扫的日志信息

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ DAEMON Tools-1033Virtual DAEMON ManagerDAEMON'S HOMEd:\program files\d-tools\daemon.exe

+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravtask.exe

+ WinampAgentFile not found: D:\Program Files\Winamp3\winampa.exe

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ Windows 安装 - 链接栏c:\windows\command\sulfnbk.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ Rising Execute File Exts hookRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system\ravext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Nero Shell Extension Property SheetNero MultiMounterahead software gmbh

im stoeckmaedle 6

76307 karlsbad, germany

Fax: ++49-7248-911-888

e-mail: info@ahead.ded:\program files\ahead\nero\neroshx.dll

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system\ravext.dll

+ Web 文件夹c:\program files\common files\microsoft shared\web 文件夹\msonsext.dll

+ WinRAR shell extensiond:\program files\winrar\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ IeCatch2 Classjccatch ModuleAmaze Softd:\program files\flashget\jccatch.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet BarFlashGet IE BarAmaze Softd:\program files\flashget\fgiebar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGetFlashGetAmaze Softd:\program files\flashget\flashget.exe

+ @shdoclc.dll,-864c:\windows\web\related.htm

论坛上有没提供HijackThis的下载？

扫完，帮忙看看

下面已经没有，这就是日志的全部

没有017

昨晚突然又闹得很凶，每次开机不到1分钟就发作，重启后机子不正常得发出咯咯咯咯的响声，一直到进入系统后响声才停止。今早开机才稍微平静，不知道什么时候又发作，瑞星的监控一点都反应都没有

以下就是我用Autoruns扫的日志信息

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ DAEMON Tools-1033Virtual DAEMON ManagerDAEMON'S HOMEd:\program files\d-tools\daemon.exe

+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravtask.exe

+ WinampAgentFile not found: D:\Program Files\Winamp3\winampa.exe

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ Windows 安装 - 链接栏c:\windows\command\sulfnbk.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ Rising Execute File Exts hookRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system\ravext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Nero Shell Extension Property SheetNero MultiMounterahead software gmbh

im stoeckmaedle 6

76307 karlsbad, germany

Fax: ++49-7248-911-888

e-mail: info@ahead.ded:\program files\ahead\nero\neroshx.dll

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system\ravext.dll

+ Web 文件夹c:\program files\common files\microsoft shared\web 文件夹\msonsext.dll

+ WinRAR shell extensiond:\program files\winrar\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ IeCatch2 Classjccatch ModuleAmaze Softd:\program files\flashget\jccatch.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet BarFlashGet IE BarAmaze Softd:\program files\flashget\fgiebar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGetFlashGetAmaze Softd:\program files\flashget\flashget.exe

+ @shdoclc.dll,-864c:\windows\web\related.htm

是98SE

我用procexp扫了一下，但并未发现可疑的进程启动WINDOWS帮助文件，也许还未发作。对了，它发作的时候还有个特征，如果我正打开IE，它就不断启动IE的帮助文件，如果我在调试音量，它就不断启动音量控制的帮助文件，如果我什么都不干，它就不断启动WINDOWS帮助文件。下面是我用procexp扫的日志，麻烦看一看


PID    CPU    Description    Company Name
0x0    29.52    System Idle Process   
0xFFFEBB77        CCenter    Beijing Rising Technology Co., Ltd.
0xFFFE8ED7    0.69    RavMon    Beijing Rising Technology Co., Ltd.
0xFFFEB677    7.31    RavMond    Beijing Rising Technology Co., Ltd.
0xFFFB5D23        RavTimer    Beijing Rising Technology Co., Ltd.
0xFFFB6ED7        Virtual DAEMON Manager    DAEMON'S HOME
0xFFEFB633        Microsoft DirectX Helper    Microsoft Corporation
0xFFFD0507    0.30    Windows Explorer    Microsoft Corporation
0xFFFD254B        HID Audio Service    Microsoft Corporation
0xFFF90C1F    51.43    Internet Explorer    Microsoft Corporation
0xFFFB1AA7    0.10    Internat    Microsoft Corporation
0xFFEFBBE3    0.20    Win32 Kernel core component    Microsoft Corporation
0xFFFEC803        Multimedia background task support module    Microsoft Corporation
0xFFFFEBF7        WIN32 Network Interface Service Process    Microsoft Corporation
0xFFFFFA23        Windows 32-bit VxD Message Server    Microsoft Corporation
0xFFFE4F67        Task Scheduler Engine    Microsoft Corporation
0xFFFDD2B7        Distributed COM Services    Microsoft Corporation
0xFFFB25CF        System Tray Applet    Microsoft Corporation
0xFFFB2D23        Task Monitor    Microsoft Corporation
0xFFFA2903        WMI service exe housing    Microsoft Corporation
0xFFFA607F    0.69       
0xFFF83D77    9.77    Sysinternals Process Explorer    Sysinternals

截个图更直观一下吧，
进程中的UltraSnapPRO是个截图软件