操作系统：Windows Server 2003 Standard Edition Service Pack 1 (Build 3790)
安装了瑞星最新杀毒、防火墙和卡卡。

1.最近系统在打开、关闭或最小化程序是反应变慢，在一段时间内，鼠标无法移动。用任务管理器查看，在做这些动作时，cpu利用率瞬间偏高，硬盘灯闪烁不停。
2.时不时弹出IE保护程序（见截图，文件都为同一个在dos下查看为da4ds.jpg文件），当第一次出现时先按拒绝执行，但在IE执行黑白名单内2栏都为空白；第2次出现时为了监测，按了执行，但报winrar crc解压出错，但在IE执行黑白名单内2栏也都为空白；最后一次执行，突然系统在后台安装程序，瑞星提示上报日志。

C:\WINDOWS\temp\gjb\tdsetup.exe    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN    Desktop    C:\WINDOWS\system32\rundll32.exe "C:\Program Files    修改    同意修改
D:\Temp\12\setup.exe    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH    SearchAssistant    http://client.jogo.cn/cdn/browser/sidesearch/sides    修改    拒绝修改
D:\Temp\12\setup.exe    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH    CustomizeSearch    http://client.jogo.cn/cdn/browser/customsearch/cus    修改    拒绝修改
D:\Temp\12\setup.exe    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN    CdnCtr    C:\Program Files\CNNIC\Cdn\cdnup.exe    修改    拒绝修改
C:\WINDOWS\system32\rund1l1.exe    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN    SysExplr    C:\Program Files\herosoft\SuperPLAY3500\SysExplr.e    修改    拒绝修改


1的情况前段时间出现过，没办法我重装了系统，当时在安装前我在安全模式下用瑞星和卡卡查杀过，没有任何病毒。在卡卡内删除了流氓软件，删除不用的插件和禁用有用的插件，清理所有痕迹。重启后1的情况还是出现。用windwos优化大师安全监测如下：
扫描木马程序
  分析可疑注册表入口
  分析可疑文件
  发现未知木马
  可疑文件：C:\WINDOWS\system32\GLIEDown2.dll
并且在安全模式下也是如此。没办法重装，在重装完所有的应用软件后，用windows优化大师检查过正常。但没想到没用多久，又出现1的情况，后来又有2的情况出现。想到可能版本升级了能杀掉这些，但情况也是如此，没办法解决。上瑞星在线查杀也是如此，没有发现病毒。

并且我的IE执行黑白名单，选项为灰色，不能添加。
有哪位能帮我解决下，附启动选项：
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <jiajiasr><D:\Program Files\jj4\jiajiasr.exe>  [加加工作组]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <PCTVOICE><pctspk.exe>  []
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><%SystemRoot%\system32\logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Standard Edition Service Pack 1 (Build 3790)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <jiajiasr><D:\Program Files\jj4\jiajiasr.exe>  [加加工作组]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <PCTVOICE><pctspk.exe>  []
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><%SystemRoot%\system32\logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[MicroMsgServices / MicroMsgServices]
  <C:\WINDOWS\system32\Svchost.exe -k MicroMsgServices-->C:\WINDOWS\system32\MicroService\svchost.dll><N/A>
[Rising Proxy  Service / RfwProxySrv]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
  <"D:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[TP-LINK TL-WN310G/350G 11G Wireless Adapter Service / AR5211]
  <system32\DRIVERS\11gAdapter.sys><TP-LINK Technologies Co., Ltd.>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner]
  <\??\D:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont]
  <\??\D:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\D:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\D:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
  <\??\D:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[IP in IP Tunnel Driver / IpInIp]
  <system32\DRIVERS\ipinip.sys><N/A>
[MEMSCAN / MEMSCAN]
  <\??\D:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
  <\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt]
  <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[W2K Pctel Serial Device Driver / Ptserial]
  <system32\DRIVERS\ptserial.sys><PCTEL, INC.>
[RsAntiSpyware / RsAntiSpyware]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv]
  <\??\D:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS]
  <\??\D:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SiS315 / SiS315]
  <system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC]
  <system32\DRIVERS\sisnic.sys><SiS Corporation>
[TCP/IP Protocol Driver / Tcpip]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[W2k Vmodem / Vmodem]
  <\SystemRoot\system32\DRIVERS\vmodem.sys><PCTEL, INC.>
[W2k Vpctcom / Vpctcom]
  <\SystemRoot\system32\DRIVERS\vpctcom.sys><PCtel, Inc.>
[W2k Vvoice / Vvoice]
  <\SystemRoot\system32\DRIVERS\vvoice.sys><PCtel, Inc.>
[Winbond Infrared Device Driver / WBFIRDMA]
  <system32\DRIVERS\wbfirdma.sys><Winbond Electronics Corp.>

==================================
浏览器加载项
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436}? <D:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Office Update Installation Engine]
  {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Office Update Installation Engine]
  {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[卡卡上网安全助手]
  {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Scripting.Dictionary]
  {EE09B103-97E0-11CF-978F-00A02463E06F} <C:\WINDOWS\system32\scrrun.dll, Microsoft Corporation>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[&使用迅雷下载]
  <D:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>

==================================
正在运行的进程
[PID: 384][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 468][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 504][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 548][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 560][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 748][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 828][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 872][D:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 888][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 964][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1008][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1036][D:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 47]
    [D:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [D:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Program Files\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [D:\Program Files\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 18, 1, 0, 12]
    [D:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 33]
    [D:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [D:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [D:\Program Files\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [D:\Program Files\Rising\Rav\HookWeb.dll]  [rising, 18, 0, 0, 2]
    [D:\Program Files\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [D:\Program Files\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Program Files\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [D:\Program Files\Rising\Rav\MailMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Program Files\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [D:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 35]
    [D:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]
    [D:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [D:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [D:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 33]
    [D:\Program Files\Rising\Rav\RSUnpack.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 21]
    [D:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 24]
    [D:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [D:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [D:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [D:\Program Files\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [D:\Program Files\Rising\Rav\ExtMail.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[PID: 1052][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1140][d:\program files\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]

[d:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
    [d:\program files\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
    [d:\program files\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
    [d:\program files\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [d:\program files\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 1340][D:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [D:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1696][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1720][C:\WINDOWS\system32\msdtc.exe]  [Microsoft Corporation, 2001.12.4720.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1860][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1896][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]
[PID: 1968][C:\WINDOWS\system32\Svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [c:\windows\system32\microservice\svchost.dll]  [N/A, N/A]
    [c:\windows\system32\microservice\MsoService.dll]  [N/A, N/A]
[PID: 2000][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1856][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1640][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[PID: 224][d:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
    [d:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
    [d:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [d:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1156][C:\WINDOWS\system32\pctspk.exe]  [, 1, 0, 0, 1]
[PID: 1760][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 56]
[PID: 796][D:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [D:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 1548][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1580][D:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 39]
    [D:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
    [D:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1632][D:\Program Files\jj4\jiajiasr.exe]  [加加工作组, 4, 0, 1, 33]
[PID: 2180][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 3328][E:\Downloads\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================

谁能帮我解决下啊？？？？？？

以下是我使用AutoRuns的日志，进入后除AutoRuns未运行程序。

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ RavTaskRavTimer(Not verified) Beijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravtask.exe

+ RfwMainRising Personal FireWall Main Program(Not verified) Beijing Rising Technology Co., Ltd.d:\program files\rising\rfw\rfwmain.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ jiajiasr加加输入法 4.01 作者:孙百川(Not verified) 加加工作组d:\program files\jj4\jiajiasr.exe

HKLM\SOFTWARE\Classes\Protocols\Filter

+ application/octet-streamMicrosoft .NET Runtime Execution Engine(Not verified) Microsoft Corporationc:\windows\system32\mscoree.dll

+ application/x-complusMicrosoft .NET Runtime Execution Engine(Not verified) Microsoft Corporationc:\windows\system32\mscoree.dll

+ application/x-msdownloadMicrosoft .NET Runtime Execution Engine(Not verified) Microsoft Corporationc:\windows\system32\mscoree.dll

HKLM\SOFTWARE\Classes\Protocols\Handler

+ ms-itssMicrosoft? InfoTech Storage System Library(Not verified) Microsoft Corporationc:\program files\common files\microsoft shared\information retrieval\msitss.dll

HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components

+ 0File not found: About:Home

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ n/aMicrosoft .NET IE SECURITY REGISTRATION(Not verified) Microsoft Corporationc:\windows\system32\mscories.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ Rising Execute File Exts hookRising Shell Ext Module(Not verified) Beijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Fusion CacheMicrosoft .NET Runtime Execution Engine(Not verified) Microsoft Corporationc:\windows\system32\mscoree.dll

+ HyperTerminal Icon ExtFile not found: hticons.dll

+ RISINGRising Shell Ext Module(Not verified) Beijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

+ Shell Icon Handler for Application ReferencesApplication Deployment Support Library(Not verified) Microsoft Corporationc:\windows\system32\dfshim.dll

+ ShellLink for Application ReferencesApplication Deployment Support Library(Not verified) Microsoft Corporationc:\windows\system32\dfshim.dll

+ WinRAR shell extensiond:\program files\winrar\rarext.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ kakatool.dll(Not verified) Beijing Rising Technology Co., Ltd.c:\windows\system32\kakatool.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ 启动迅雷5(Not verified) Thunder Networking Technologies,LTDd:\program files\thunder network\thunder\thunder.exe

HKLM\System\CurrentControlSet\Services

+ RfwServiceRising Personal Firewall Service(Not verified) Beijing Rising Technology Co., Ltd.d:\program files\rising\rfw\rfwsrv.exe

+ RsCCenterCCenter(Not verified) Beijing Rising Technology Co., Ltd.d:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMond(Not verified) Beijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravmond.exe

HKLM\System\CurrentControlSet\Services

+ AR5211Driver for TP-LINK Wireless Network AdapterAdapter(Not verified) TP-LINK Technologies Co., Ltd.c:\windows\system32\drivers\11gadapter.sys

+ BaseTDIbasetdi(Not verified) Beijing Rising Technology Co., Ltd.c:\windows\system32\drivers\basetdi.sys

+ ExpScanerExpScan.sysd:\program files\rising\rav\expscan.sys

+ GWIOPMd:\program files\wom\gwiopm.sys

+ HookContTDI HOOK Driver(Not verified) Rising tech Co. ltdd:\program files\rising\rav\hookcont.sys

+ HookRegd:\program files\rising\rav\hookreg.sys

+ HookSysHooksys(Not verified) Risingd:\program files\rising\rav\hooksys.sys

+ HookUrlHookUrl(Not verified) Beijing Rising Technology Co., Ltd.d:\program files\rising\rfw\hookurl.sys

+ IpInIpIP in IP Tunnel DriverFile not found: system32\DRIVERS\ipinip.sys

+ MEMSCANMemScan Driver(Not verified) 瑞星软件有限公司d:\program files\rising\rav\memscan.sys

+ mProcRsRising Personal FireWall  mprocrs.sys(Not verified) Beijing Rising Technology Co., Ltd.d:\program files\rising\rfw\mprocrs.sys

+ npkcryptnProtect KeyCrypt Driver(Not verified) INCA Internet Co., Ltd.d:\program files\tencent\qq\npkcrypt.sys

+ RsAntiSpywareRsBoot(Not verified) Beijing Risingc:\windows\system32\drivers\rsboot.sys

+ RsFwDrvnt_fwdrv(Not verified) Beijing Rising Technology Co., Ltd.d:\program files\rising\rfw\rsfwdrv.sys

+ RSPPSYSRSPPSYS(Not verified) Risingd:\program files\rising\rav\rsppsys.sys

+ TcpipTCP/IP Protocol Driver(Not verified) Microsoft Corporationc:\windows\system32\drivers\tcpip.sys

以下是我使用Procexp的日志，进入后除Procexp未运行程序。

Process    PID    CPU    Description    Company Name    Verified Signer
System Idle Process    0    93.27           
Interrupts    n/a    0.96    Hardware Interrupts       
DPCs    n/a    0.96    Deferred Procedure Calls       
System    4               
  smss.exe    384        Windows NT Session Manager    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  csrss.exe    468        Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  winlogon.exe    504        Windows NT Logon Application    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    services.exe    548    1.92    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    svchost.exe    764        Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
      wmiprvse.exe    1460        WMI    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    svchost.exe    828        Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    CCenter.exe    872        CCenter    Beijing Rising Technology Co., Ltd.    (Unable to verify) Beijing Rising Technology Co., Ltd.
    svchost.exe    888        Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    svchost.exe    964        Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    svchost.exe    1008        Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    RavMonD.exe    1036    0.96    RavMond    Beijing Rising Technology Co., Ltd.    (Unable to verify) Beijing Rising Technology Co., Ltd.
      RavStub.exe    1400        Rising RavStub    Beijing Rising Technology Co., Ltd.    (Unable to verify) Beijing Rising Technology Co., Ltd.
    svchost.exe    1052        Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    rfwsrv.exe    1132        Rising Personal FireWall Service    Beijing Rising Technology Co., Ltd.    (Unable to verify) Beijing Rising Technology Co., Ltd.
      rfwmain.exe    360        Rising Personal FireWall Main Program    Beijing Rising Technology Co., Ltd.    (Unable to verify) Beijing Rising Technology Co., Ltd.
    spoolsv.exe    1716        Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    msdtc.exe    1744        MS DTCconsole program    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    svchost.exe    1884        Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    MDM.EXE    1920        Machine Debug Manager    Microsoft Corporation    (Verified) Microsoft Corporation
    svchost.exe    1992        Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    svchost.exe    232        Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    svchost.exe    2648        Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    lsass.exe    560        LSA Shell    Microsoft Corporation    (Verified) Microsoft Windows Publisher
explorer.exe    2028    0.96    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows Publisher
pctspk.exe    2164        pctvoice MFC Application        (Verified) Microsoft Windows Hardware Compatibility Publisher
soundman.exe    2228        Realtek Sound Manager    Realtek Semiconductor Corp.    (Verified) Microsoft Windows Hardware Compatibility Publisher
RavTask.exe    2248        RavTimer    Beijing Rising Technology Co., Ltd.    (Unable to verify) Beijing Rising Technology Co., Ltd.
  RavMon.exe    2324        RavMon    Beijing Rising Technology Co., Ltd.    (Unable to verify) Beijing Rising Technology Co., Ltd.
ctfmon.exe    2292        CTF Loader    Microsoft Corporation    (Verified) Microsoft Windows Publisher
jiajiasr.exe    2348        加加输入法 4.01 作者:孙百川    加加工作组    (Unable to verify) 加加工作组
procexp.exe    2252    0.96    Sysinternals Process Explorer    Sysinternals    (Verified) Microsoft Corporation

Process:  Pid: 2348

Name    Description    Company Name    Version    Path    Verified Signer
advapi32.dll    Advanced Windows 32 Base API    Microsoft Corporation    5.02.3790.1830    C:\WINDOWS\system32\advapi32.dll    (Verified) Microsoft Windows Publisher
apphelp.dll    Application Compatibility Client Library    Microsoft Corporation    5.02.3790.1830    C:\WINDOWS\system32\apphelp.dll    (Verified) Microsoft Windows Publisher
comdlg32.dll    Common Dialogs DLL    Microsoft Corporation    6.00.3790.1830    C:\WINDOWS\system32\comdlg32.dll    (Verified) Microsoft Windows Publisher
ctype.nls                C:\WINDOWS\system32\ctype.nls   
dnsapi.dll    DNS Client API DLL    Microsoft Corporation    5.02.3790.2745    C:\WINDOWS\system32\dnsapi.dll    (Verified) Microsoft Windows Component Publisher
gdi32.dll    GDI Client DLL    Microsoft Corporation    5.02.3790.2606    C:\WINDOWS\system32\gdi32.dll    (Verified) Microsoft Windows Component Publisher
hnetcfg.dll    Home Networking Configuration Manager    Microsoft Corporation    5.02.3790.1830    C:\WINDOWS\system32\hnetcfg.dll    (Verified) Microsoft Windows Publisher
imm32.dll    Windows IMM32 API Client DLL    Microsoft Corporation    5.02.3790.1830    C:\WINDOWS\system32\imm32.dll    (Verified) Microsoft Windows Publisher
kernel32.dll    Windows NT BASE API Client DLL    Microsoft Corporation    5.02.3790.2756    C:\WINDOWS\system32\kernel32.dll    (Verified) Microsoft Windows Component Publisher
locale.nls                C:\WINDOWS\system32\locale.nls   
lpk.dll    Language Pack    Microsoft Corporation    5.02.3790.1830    C:\WINDOWS\system32\lpk.dll    (Verified) Microsoft Windows Publisher
MSCTF.dll    MSCTF Server DLL    Microsoft Corporation    5.02.3790.1830    C:\WINDOWS\system32\MSCTF.dll    (Verified) Microsoft Windows Publisher
MSCTFIME.IME    Microsoft Text Frame Work Service IME    Microsoft Corporation    5.02.3790.1830    C:\WINDOWS\system32\MSCTFIME.IME    (Verified) Microsoft Windows Publisher
msvcrt.dll    Windows NT CRT DLL    Microsoft Corporation    7.00.3790.1830    C:\WINDOWS\system32\msvcrt.dll    (Verified) Microsoft Windows Publisher
mswsock.dll    Microsoft Windows Sockets 2.0 Service Provider    Microsoft Corporation    5.02.3790.1830    C:\WINDOWS\system32\mswsock.dll    (Verified) Microsoft Windows Publisher
ntdll.dll    NT Layer DLL    Microsoft Corporation    5.02.3790.1830    C:\WINDOWS\system32\ntdll.dll    (Verified) Microsoft Windows Publisher
ole32.dll    Microsoft OLE for Windows    Microsoft Corporation    5.02.3790.2492    C:\WINDOWS\system32\ole32.dll    (Verified) Microsoft Windows Publisher
oleaut32.dll        Microsoft Corporation    5.02.3790.1830    C:\WINDOWS\system32\oleaut32.dll    (Verified) Microsoft Windows Publisher
rasadhlp.dll    Remote Access AutoDial Helper    Microsoft Corporation    5.02.3790.2745    C:\WINDOWS\system32\rasadhlp.dll    (Verified) Microsoft Windows Component Publisher
rpcrt4.dll    Remote Procedure Call Runtime    Microsoft Corporation    5.02.3790.1830    C:\WINDOWS\system32\rpcrt4.dll    (Verified) Microsoft Windows Publisher
secur32.dll    Security Support Provider Interface    Microsoft Corporation    5.02.3790.1830    C:\WINDOWS\system32\secur32.dll    (Verified) Microsoft Windows Publisher
sensapi.dll    SENS Connectivity API DLL    Microsoft Corporation    5.02.3790.0000    C:\WINDOWS\system32\sensapi.dll    (Verified) Microsoft Windows Publisher
shell32.dll    Windows Shell Common Dll    Microsoft Corporation    6.00.3790.2746    C:\WINDOWS\system32\shell32.dll    (Verified) Microsoft Windows Component Publisher
shlwapi.dll    Shell Light-weight Utility Library    Microsoft Corporation    6.00.3790.2795    C:\WINDOWS\system32\shlwapi.dll    (Verified) Microsoft Windows Component Publisher
sortkey.nls                C:\WINDOWS\system32\sortkey.nls   
sorttbls.nls                C:\WINDOWS\system32\sorttbls.nls   
unicode.nls                C:\WINDOWS\system32\unicode.nls   
user32.dll    Windows USER API Client DLL    Microsoft Corporation    5.02.3790.1830    C:\WINDOWS\system32\user32.dll    (Verified) Microsoft Windows Publisher
usp10.dll    Uniscribe Unicode script processor    Microsoft Corporation    1.422.3790.1830    C:\WINDOWS\system32\usp10.dll    (Verified) Microsoft Windows Publisher
uxtheme.dll    Microsoft UxTheme Library    Microsoft Corporation    6.00.3790.1830    C:\WINDOWS\system32\uxtheme.dll    (Unable to verify) Microsoft Corporation
winrnr.dll    LDAP RnR Provider DLL    Microsoft Corporation    5.02.3790.1830    C:\WINDOWS\system32\winrnr.dll    (Verified) Microsoft Windows Publisher
wldap32.dll    Win32 LDAP API DLL    Microsoft Corporation    5.02.3790.1830    C:\WINDOWS\system32\wldap32.dll    (Verified) Microsoft Windows Publisher
ws2_32.dll    Windows Socket 2.0 32-Bit DLL    Microsoft Corporation    5.02.3790.1830    C:\WINDOWS\system32\ws2_32.dll    (Verified) Microsoft Windows Publisher
ws2help.dll    Windows Socket 2.0 Helper for Windows NT    Microsoft Corporation    5.02.3790.1830    C:\WINDOWS\system32\ws2help.dll    (Verified) Microsoft Windows Publisher
wshtcpip.dll    Windows Sockets Helper DLL    Microsoft Corporation    5.02.3790.0000    C:\WINDOWS\system32\wshtcpip.dll    (Verified) Microsoft Windows Publisher
comctl32.dll    Common Controls Library    Microsoft Corporation    5.82.3790.2778    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.2778_x-ww_497C098C\comctl32.dll    (Verified) Microsoft Windows Component Publisher
comctl32.dll    User Experience Controls Library    Microsoft Corporation    6.00.3790.2778    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.2778_x-ww_A8F04F11\comctl32.dll    (Verified) Microsoft Windows Component Publisher
jiajiasr.exe    加加输入法 4.01 作者:孙百川    加加工作组    4.00.0001.0033    D:\Program Files\jj4\jiajiasr.exe    (Unable to verify) 加加工作组

【回复“轻轻地来”的帖子】
什么意思？