求救啊…

我计算机一直是用瑞星的杀毒及防火墙软件的…
可是，最近一直被一个甚么杭州蠕虫王甚么的攻击…

本来好好的
可是近几周IE会不时弹出其它不知明的服务器租用网…

近几天，我发现瑞星杀毒软件不能够打开了
连防火墙也出现问题，一开启就自动关闭掉(连后备用的WINDOW FIREWALL也一样)

然后，IE一打开就自动冒三四五个不知名的广告甚至是其它网站
首页被打劫了，而且弹出的网站页甚至包括雅虎中国和百度…

而且，CPU使用度更是常常保持在100%
又，整体反应速度变得超慢，点了半天还是卡住，冒出来的广告页(甚么有问必答网…激情视讯之类)又只能用任务管理器来删掉…

REAL PLAYER也被感染了…

还有就是删掉病毒文件后，系统常发出「某某档案不存在，不能被打开」之类的…

希望有大大能解决我的难题…



以下是用HIJACK THIS扫出来的资料︰


Logfile of HijackThis v1.99.1
Scan saved at 1:35:25, on 2006-11-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\cisrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\pmsgr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\Download\svhost32.exe
C:\WINDOWS\Download\svhost32.exe
C:\winla\winla.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\System\Update.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DeskAdTop\Mrup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\DOCUME~1\dong\LOCALS~1\Temp\bind_40111.exe
C:\DOCUME~1\dong\LOCALS~1\Temp\sna.exe
C:\WINDOWS\system32\4.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\dong\LOCALS~1\Temp\HttpGet16bt8.exe
C:\Program Files\Common Files\{00000EE8-063B-2052-0309-021102010056}\Update.exe
C:\WINDOWS\csrss.exe
C:\WINDOWS\system32\ravsvc.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\hwbfbp.exe
C:\WINDOWS\TEMP\5010ad.exe
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\TEMP\109.exe
C:\WINDOWS\hbDownSetup11.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\dong\桌面\HijackThis.exe
C:\DOCUME~1\dong\LOCALS~1\Temp\xpBB.tmp.exe

R3 - URLSearchHook: Abobe Flash Play9 - {BD328E49-38AB-42CB-8EEA-73AA4CD2A6FD} - C:\Program Files\Abobe Flash Play9\Abobe Flash Player 9.dll
F3 - REG:win.ini: load=C:\WINDOWS\system\tpkIM32.exe
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {003169BC-AB68-482F-AEA6-B51A47BDDB83} - C:\WINDOWS\system32\ATIAngetser.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEMonitor Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\Program Files\DeskAdTop\deskipn.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush.dll
O2 - BHO: Google Bar  - {12365484-96a1-6974-3269-123555124655} - C:\WINDOWS\system32\GoogleBar.dll
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\UserData\IEHelper_5001.dll
O2 - BHO: raObject Class - {46F194EB-B7DB-4B7A-BD42-5FF39FD17664} - C:\PROGRA~1\pcast\hbcast.dll (file missing)
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O2 - BHO: (no name) - {930FD663-1720-4E8A-BC62-681A8BCEA428} - C:\WINDOWS\system32\adsnwer.dll
O2 - BHO: Spoolsv Class - {9C363D55-07D7-433d-A13E-D9C105202F6F} - C:\WINDOWS\system32\drivers\spoolsv.dll (file missing)
O2 - BHO: (no name) - {A878C4B6-640F-4C84-953F-31F38D9D4C80} - C:\WINDOWS\system32\ATSerioserar.dll
O2 - BHO: BrowserProxy4  - {BCF4D74B-E6BD-4C8F-83D7-90D6439705B9} - C:\WINDOWS\system32\AlxTbl.dll
O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30000EE8-063B-2052-0309-021102010056}\888Bar.dll
O2 - BHO: Webacc - {CAC068F3-A608-406B-8581-458788A67694} - C:\WINDOWS\system32\svchost.dll (file missing)
O2 - BHO: (no name) - {D3931E9E-AE61-46B1-99BA-91C438A2C855} - C:\WINDOWS\system32\wp2372116.dll
O2 - BHO: TBSB00889 - {E9582697-E409-4312-B454-4B43F994D9DF} - C:\PROGRA~1\ABOBEF~1\ABOBEF~1.DLL
O3 - Toolbar: Abobe Flash Play9 - {BD328E49-38AB-42CB-8EEA-73AA4CD2A6FD} - C:\Program Files\Abobe Flash Play9\Abobe Flash Player 9.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30000EE8-063B-2052-0309-021102010056}\888Bar.dll
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [wdfmgr32] C:\WINDOWS\system32\wdfmgr32.exe
O4 - HKLM\..\Run: [xy] C:\WINDOWS\Download\svhost32.exe
O4 - HKLM\..\Run: [wl] C:\WINDOWS\Download\svhost32.exe
O4 - HKLM\..\Run: [winla] c:\winla\winla.exe
O4 - HKLM\..\Run: [RichMedia] C:\WINDOWS\system32\Rundll32.exe  "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows
O4 - HKLM\..\Run: [Desktop] C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll
O4 - HKLM\..\Run: [System] C:\Program Files\Common Files\System\Update.exe
O4 - HKLM\..\Run: [svc] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [C:\DOCUME~1\dong\LOCALS~1\Temp\sna.exe] C:\DOCUME~1\dong\LOCALS~1\Temp\sna.exe
O4 - HKLM\..\Run: [R6J3O3] C:\WINDOWS\system32\hwbfbp.exe
O4 - HKLM\..\RunOnce: [alsmt.exe] C:\WINDOWS\system32\alsmt.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [svc] C:\WINDOWS\svchost.exe
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: >>彩信发送<< - res://C:\Program Files\MMSAssist\Mmsass~1.dll/mms.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: 酷标 - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\coolsign\coolsign.dll
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CAFC639-1ED9-4A27-B966-FFFAB478B4D5}: NameServer = 202.96.128.68,202.96.134.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{97DB91BE-FE18-4BAF-8BDB-04226135DD00}: NameServer = 202.96.128.68,202.96.134.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DEA087D-7186-4727-A158-26E805EF3D6D}: NameServer = 202.96.128.68,202.96.134.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC26A5D0-4A18-467A-97D3-B2941743111D}: NameServer = 202.175.36.8 202.175.3.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CAFC639-1ED9-4A27-B966-FFFAB478B4D5}: NameServer = 202.96.128.68,202.96.134.133
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CAFC639-1ED9-4A27-B966-FFFAB478B4D5}: NameServer = 202.96.128.68,202.96.134.133
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: KSD2Service - Unknown owner - C:\WINDOWS\system32\ravsvc.exe
O23 - Service: Network System (NetSystem) - Unknown owner - C:\WINDOWS\system32\NetSystem.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: SmartLinkService (SLService) -  - C:\WINDOWS\SYSTEM32\slserv.exe

中毒好深
运行Hijackthis，把下面的选中打上钩，修复
F3 - REG:win.ini: load=C:\WINDOWS\system\tpkIM32.exe
O4 - HKLM\..\Run: [xy] C:\WINDOWS\Download\svhost32.exe
O4 - HKLM\..\Run: [wl] C:\WINDOWS\Download\svhost32.exe
O4 - HKLM\..\Run: [winla] c:\winla\winla.exe
O4 - HKLM\..\Run: [svc] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [C:\DOCUME~1\dong\LOCALS~1\Temp\sna.exe] C:\DOCUME~1\dong\LOCALS~1\Temp\sna.exe
O4 - HKLM\..\Run: [R6J3O3] C:\WINDOWS\system32\hwbfbp.exe
O4 - HKCU\..\Run: [svc] C:\WINDOWS\svchost.exe

显示隐藏文件
结束进程后删除：       
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE
c:\windows\pmsgr.exe
C:\WINDOWS\Download\svhost32.exe
C:\WINDOWS\Download\svhost32.exe
C:\winla\winla.exe
C:\WINDOWS\system32\4.exe
C:\Program Files\Common Files\{00000EE8-063B-2052-0309-021102010056}\Update.exe
C:\WINDOWS\csrss.exe
C:\WINDOWS\hbDownSetup11.exe
清空下面的文件夹
C:\WINDOWS\TEMP\
C:\DOCUME~1\dong\LOCALS~1\Temp\

请下载SREng2（最新版） ，使用“智能扫描”，按下“扫描”按钮进行扫描，
扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完，分次粘完，请不要修改。

下载地址
http://www.kztechs.com/sreng/sreng2.zip