我的瑞星杀毒软件就这周一开始就老不正常，经常启动时出现一个红色收起的伞，显示全部禁用，打也打不开．有时被我不知道怎么瞎弄，偶而就可以打开，但下次又不行了．另瑞星个人防火墙在电脑刚启动时，电脑右下角出现两个同样的图标，启动好后就一个．
瑞星杀毒软件在电脑刚启动时，还是一个绿色的小伞，启动好后就禁用．

请高手们帮我看看啊，谢谢！
附日志





Logfile of HijackThis v1.99.1
Scan saved at 16:56:55, on 2006-8-9
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
e:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msime.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\Herosoft\HeroV8\SysExplr.EXE
E:\Program Files\Maxthon\Thundermini\ThunderMini.exe
e:\program files\rising\rfw\RfwMain.exe
C:\Program Files\95599 Certificate Tools\CIDC\RegCertTool.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Thunder Network\ThunderMini\program\ThunderMini.exe
E:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Common Files\COMM\Network.exe
e:\Program Files\Rising\Rav\CCenter.exe
E:\Program Files\Rising\Rav\Ravmond.exe
E:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
e:\program files\rising\rfw\RfwCfg.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX02.542\HijackThis.exe

O2 - BHO: (no name) - {0005A87D-D626-4B3A-84F9-1D9571695F55}? - (no file)
O2 - BHO: (no name) - {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E}? - (no file)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162}? - (no file)
O2 - BHO: (no name) - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}? - (no file)
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: (no name) - {77FEF28E-EB96-44FF-B511-3185DEA48697}? - (no file)
O2 - BHO: ThunderMiniBHO - {8E6C1C49-F9CE-4311-9FB4-D70E8B0AEAEB}? - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B}? - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7}? - (no file)
O2 - BHO: (no name) - {BA5E4BA2-953C-0438-3E1C-429D6378E105}? - (no file)
O2 - BHO: (no name) - {F5824EFB-728A-4726-A5A5-85A68B20EDC3}? - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3}? - (no file)
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [IdnMail] C:\WINDOWS\system32\IdnMail.exe
O4 - HKLM\..\Run: [CApp] C:\WINDOWS\system32\capp.exe
O4 - HKLM\..\Run: [RfwMain] "e:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "e:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [SysExplr] C:\Herosoft\HeroV8\SysExplr.EXE
O4 - HKLM\..\Run: [popo2004] C:\WINDOWS\cqsj\mhxy\新建文件夹\start.exe
O4 - HKLM\..\Run: [thunder_mini] E:\Program Files\Maxthon\Thundermini\ThunderMini.exe
O4 - HKLM\..\Run: [HDCSP RegCertTool] C:\Program Files\95599 Certificate Tools\CIDC\RegCertTool.exe
O4 - HKLM\..\Run: [renewup] C:\Program Files\CNNIC\Cdn\cdnrenew.exe
O4 - HKLM\..\Run: [ThunderMini] C:\Program Files\Thunder Network\ThunderMini\ThunderMiniShell.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pbmini] C:\Program Files\pcast\PodcastbarMini\PodcastBarMiniStater.exe
O8 - Extra context menu item: &使用迷你迅雷下载 - E:\Program Files\Maxthon\Thundermini\geturl.htm
O8 - Extra context menu item: 添加到QQ表情 - F:\新建文件夹\新建文件夹\新建文件夹\q a z\AddEmotion.htm
O9 - Extra button: 实用网址导航 - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5}? - C:\Program Files\CoolWebsite\QuickLink.dll
O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118}? - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118}? - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}? - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}? - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b}? - F:\新建文件夹\新建文件夹\新建文件夹\q a z\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b}? - F:\新建文件夹\新建文件夹\新建文件夹\q a z\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3}? - C:\WINDOWS\cqsj\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3}? - C:\WINDOWS\cqsj\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - F:\新建文件夹\新建文件夹\新建文件夹\q a z\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - F:\新建文件夹\新建文件夹\新建文件夹\q a z\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}? - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}? - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: 访问瑞星网站 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} - http://www.rising.com.cn/?u=RSTB (file missing)
O9 - Extra button: 访问卡卡社区 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://www.ikaka.com/?u=RSTB (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [CDNCLIENT]  中文上网
O15 - Trusted Zone: easyabc.95599.cn
O15 - Trusted Zone: www.95599.cn
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://vod.wx.js.cn/plugin/PowerPlr.ocx
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/normalbank/AxSafeControls.cab
O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://valeweb.cvrd.com.br/nortel_cacheable/iewiper.cab
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) - http://dl_dir.qq.com/3dshow/3DShowVM.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.80_20060123.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31AD908E-6B72-43A7-860F-8BE2671BEB42}: NameServer = 221.228.255.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{31AD908E-6B72-43A7-860F-8BE2671BEB42}: NameServer = 221.228.255.1
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - e:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - e:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - e:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Network System (Universal Disk Manager) - COMENET TECHNOLOGY - C:\Program Files\Common Files\COMM\Network.exe

修复一下瑞星杀毒看看

把你那个“中文上网”删除了吧

另外，下面这几个东西应该是病毒

C:\WINDOWS\system32\msime.exe
C:\Program Files\Common Files\COMM\Network.exe
O4 - HKLM\..\Run: [IdnMail] C:\WINDOWS\system32\IdnMail.exe
O4 - HKLM\..\Run: [CApp] C:\WINDOWS\system32\capp.exe

先把IE插件东西去了
用超级魔法兔子


O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll

这个应该是毒,最新瑞星,应该可以查杀

注册表内搜一下ravMon.exe ravTask.exe ctfmon.exe
看一下 关联的注册表有没有可疑文件.

还有看一下 注册表启动项里有没有可疑 启动程序.
删掉,然后把原文件删掉即可