今天刚升级了瑞星防火墙，结果发现防火墙老是自己开始不停地重复启动，在状态栏上最多时居然出现近20个防火墙的标，虽然一会儿会消失，但很快又开始了，周而复始一点也不间短，一气之下把防火墙关了，可又怕中招，很是恼火！（我老婆的电脑也出现了同样情况）望各路高手给予指教。谢谢！

我杀了一遍毒，共有14个，但杀完后还是那样。
病毒名称    处理结果    发现日期    扫描方式    路径    文件    病毒来源
Trojan.Clicker.PeaNut.b    清除成功    05-11-21 14:43    手动扫描        IEXPLORE.EXE>>C:\WINDOWS\System32\kernel.dll    本机
Backdoor.Gpigeon.sgr    删除成功    05-11-21 14:46    手动扫描    C:\WINDOWS\SYSTEM    i.com    本机
Trojan.Clicker.PeaNut.b    删除成功    05-11-21 15:11    手动扫描    C:\WINDOWS\SYSTEM32    Kernel.dll    本机
Trojan.Clicker.PeaNut.a    删除成功    05-11-21 15:11    手动扫描    C:\WINDOWS\SYSTEM32    systemlr.dll    本机
Trojan.Clicker.PeaNut.a    删除成功    05-11-21 15:11    手动扫描    C:\WINDOWS\SYSTEM32    IEXPLORER.EXE    本机
Trojan.Clicker.PeaNut.a    删除成功    05-11-21 15:11    手动扫描    C:\WINDOWS\SYSTEM32    sendmsg.dll    本机
Trojan.Clicker.PeaNut.a    删除成功    05-11-21 15:11    手动扫描    C:\WINDOWS\SYSTEM32    IEXPLORER.EXE    本机
Trojan.Clicker.PeaNut.a    删除成功    05-11-21 15:12    手动扫描    C:\WINDOWS\Downloaded Program Files    Setup.exe    本机
Trojan.Clicker.PeaNut.a    删除成功    05-11-21 15:12    手动扫描    C:\WINDOWS\Downloaded Program Files\CONFLICT.1    Setup.exe    本机
Trojan.Clicker.PeaNut.a    删除成功    05-11-21 15:12    手动扫描    C:\WINDOWS\Downloaded Program Files\CONFLICT.2    Setup.exe    本机
Backdoor.GPigeon.sgr    删除成功    05-11-21 15:13    手动扫描    C:\WINDOWS    zz.DLL    本机
Backdoor.GPigeon.sgr    删除成功    05-11-21 15:13    手动扫描    C:\WINDOWS    zzKey.DLL    本机
Backdoor.Gpigeon.stv    删除成功    05-11-21 15:13    手动扫描    C:\WINDOWS    zz_Hook.DLL    本机
Backdoor.Gpigeon.sgr    删除成功    05-11-21 15:14    手动扫描    C:\WINDOWS    zz.exe    本机

有鸽子

请使用hijackthis1.99.1扫描一份log贴上来
方便朋友们帮助您分析问题

方法:
置顶贴:【公告】反病毒论坛暂行条例（2005.9.12更新）及本版常用小工具
(http://forum.ikaka.com/topic.asp?board=28&artid=6979213)
中一楼的附件就是hijackthis1.99.1

扫描后将记事本中的内容粘贴到此即可.

以下是用hijackthis扫描后的结果，望能指点

StartupList report, 2005-11-21, 19:20:21
StartupList version: 1.52
Started from : C:\DOCUME~1\默认\LOCALS~1\Temp\Rar$EX02.655\HijackThis.EXE
Detected: Windows XP  (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\atievxx.exe
C:\WINDOWS\twain_32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Rising\Rav\RavMon.exe
c:\program files\MSN Apps\Updater\01.03.0000.1005\zh-cn\msnappau.exe
C:\Program Files\Rising\Rav\RavTimer.exe
C:\PROGRAM FILES\WINRAR\WinRAR.exe
C:\DOCUME~1\默认\LOCALS~1\Temp\Rar$EX02.655\HijackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IMJPMIG8.1 = C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
PHIME2002ASync = C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
internat.exe = internat.exe
SystemTray = SysTray.Exe
IMSCMig = C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
RavTimer = C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
RavMon = C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
IEXPLORER.EXE = C:\WINDOWS\System32\IEXPLORER.EXE
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
eMuleAutoStart = C:\Program Files\eMule\eMule.exe -AutoStart

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL - {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
(no name) - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL - {A5366673-E8CA-11D3-9CD9-0090271D075B}
(no name) - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\ZH-CN\MSNTB.DLL - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

--------------------------------------------------

Enumerating Task Scheduler jobs:

启用 Application Start.job

--------------------------------------------------

Enumerating Download Program Files:

[Win32 Classes]

[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MINESWEEPER.DLL
CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MESSENGERSTATSCLIENT.DLL
CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38644.3238194444

[photo_uploader Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\PHOTO_~1.OCX
CODEBASE = http://upload.photo.163.com/photoup.cab

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
AFD 网络支持环境: \SystemRoot\System32\drivers\afd.sys (autostart)
Ati HotKey Poller: %SystemRoot%\System32\atievxx.exe (autostart)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Basetdi: \??\C:\WINDOWS\System32\drivers\basetdi.sys (autostart)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HookCont: \??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys (autostart)
HookReg: \??\C:\PROGRAM FILES\RISING\RAV\HOOKREG.sys (autostart)
HookSys: \??\C:\PROGRAM FILES\RISING\RAV\hooksys.sys (autostart)
IrDA Protocol: System32\DRIVERS\irda.sys (autostart)
Infrared Monitor: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Location Awareness Management Instrumentation: C:\WINDOWS\twain_32\svchost.exe -r (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
RsFwDrv: \??\C:\Program Files\Rising\Rfw\RsFwDrv.sys (autostart)
RsRavMon Service: C:\PROGRAM FILES\RISING\RAV\Ravmond.exe (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 10,837 bytes
Report generated in 0.881 seconds

Command line options:
  /verbose  - to add additional info on each section
  /complete - to include empty sections and unsuspicious data
  /full    - to include several rarely-important sections
  /force9x  - to include Win9x-only startups even if running on WinNT
  /forcent  - to include WinNT-only startups even if running on Win9x
  /forceall - to include all Win9x and WinNT startups, regardless of platform
  /history  - to list version history only

用灰鸽子专杀工具查了一遍，但没有发现病毒
郁闷中！！！！

看看别人扫的跟你不一样啊
hijackthis1.99.1汉化版得