瑞星杀毒和卡卡助手根本杀不掉恶意程序power和GsServer.
请瑞星快想办法

下载 System Repair Engineer，
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改

[CODE]

2007-04-29,20:06:52

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional  (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
    <kws39migkxkkrq1><C:\DOCUME~1\flfh\LOCALS~1\Temp\iexpl0re.exe>  []
    <1vf0gimde2t><C:\DOCUME~1\flfh\LOCALS~1\Temp\Servera.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <sun><C:\WINDOWS\SysSun2\svchost.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows XP Publisher]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <ArpHelper><C:\Program Files\Edu Supplicant\ArpHelper.exe>  []
    <nwiztlbb><C:\WINDOWS\System32\nwiztlbb.exe>  []
    <nwizAskTao><C:\WINDOWS\System32\nwizAskTao.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows XP Publisher]

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> D:\MICROS~1\Office10\OSA.EXE [N/A]><N>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\System32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Disk Driver Service / Disk Service][Stopped/Auto Start]
  <C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.EXE><N/A>
[局域网通讯协议 / Hello World][Stopped/Auto Start]
  <C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.EXE><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IMAPI CD-Burning COM Service / ImapiService][Stopped/Manual Start]
  <C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><CACE Technologies>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\mspmsnsv.dll><Microsoft Corporation>

==================================

驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[Amtium DBRAS Helper / IAmt][Running/Manual Start]
  <System32\DRIVERS\iamt.sys><amtium>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[NetGroup Packet Filter Driver / NPF][Running/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  <System32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
  <System32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[NVIDIA nForce AGP Bus Filter / nv_agp][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\nv_agp.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>

==================================
浏览器加载项
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>

==================================
正在运行的进程
[PID: 476][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 572][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 664][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4155]
    [C:\WINDOWS\system32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 708][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 720][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 868][C:\WINDOWS\System32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4155]
    [C:\WINDOWS\System32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2510]
    [C:\WINDOWS\System32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2514]
[PID: 896][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 960][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1052][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1112][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4155]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2510]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2514]
    [C:\WINDOWS\system32\ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4155]
[PID: 1144][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1432][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 1916][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\DOCUME~1\flfh\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\DOCUME~1\flfh\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\WINDOWS\System32\nwizAskTao.dll]  [N/A, ]
    [C:\WINDOWS\System32\nwiztlbb.dll]  [N/A, ]
    [D:\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
[PID: 2044][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.29]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 152][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3510]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 228][C:\Program Files\Edu Supplicant\ArpHelper.exe]  [, 1, 0, 0, 1]
    [C:\WINDOWS\System32\packet.dll]  [CACE Technologies, 3, 1, 0, 27]
    [C:\WINDOWS\System32\WanPacket.dll]  [CACE Technologies, 3, 1, 0, 27]
    [C:\WINDOWS\System32\wpcap.dll]  [CACE Technologies, 3, 1, 0, 27]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 272][C:\WINDOWS\SysSun2\svchost.exe]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 284][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 408][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [D:\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
[PID: 568][C:\WINDOWS\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 396][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 316][C:\Program Files\DigitalChina\DigialChinawebaClient\DigitalChinawebaClient.exe]  [, 1, 1, 2005, 301]
    [C:\Program Files\DigitalChina\DigialChinawebaClient\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\DigitalChina\DigialChinawebaClient\amt.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\DOCUME~1\flfh\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\DOCUME~1\flfh\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]
[PID: 920][C:\Documents and Settings\flfh\桌面\杀毒用智能扫描\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\DOCUME~1\flfh\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\DOCUME~1\flfh\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      mmm.caifu18.net
127.0.0.1      www.18dmm.com
127.0.0.1      d.qbbd.com
127.0.0.1      www.5117music.com
127.0.0.1      www.union123.com
127.0.0.1      www.wu7x.cn
127.0.0.1      www.54699.com
127.0.0.1      www1.6tan.com
127.0.0.1      www2.6tan.com
127.0.0.1      www.97725.com
127.0.0.1      down.97725.com
127.0.0.1      ip.315hack.com
127.0.0.1      ip.54liumang.com
127.0.0.1      www.41ip.com
127.0.0.1      xulao.com
127.0.0.1      www.heixiou.com
127.0.0.1      www.9cyy.com
127.0.0.1      www.hunll.com
127.0.0.1      www.down.hunll.com
127.0.0.1      do.77276.com
127.0.0.1      www.baidulink.com
127.0.0.1      adnx.yygou.cn
127.0.0.1      222.73.220.45
127.0.0.1      www.f5game.com
127.0.0.1      www.guazhan.cn
127.0.0.1      wm,103715.com
127.0.0.1      www.my6688.cn
127.0.0.1      i.96981.com
127.0.0.1      d.77276.com
127.0.0.1      www1.cw988.cn
127.0.0.1      cool.47555.com
127.0.0.1      www.asdwc.com
127.0.0.1      55880.cn
127.0.0.1      61.152.169.234
127.0.0.1      cc.wzxqy.com
127.0.0.1      www.54699.com
127.0.0.1      t.gcuj.com
127.0.0.1      www.puma163.com
127.0.0.1      ceoww.com
127.0.0.1      boolom.com
127.0.0.1      adult-novel.cn
127.0.0.1      ll.chinasese.net
127.0.0.1      www.tellumore.com
127.0.0.1      www.o1wg.com
127.0.0.1      www.qq756.com
127.0.0.1      ll.chinasese.net

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

系统系统时还运行c:\windows\sysytem32\ntsd.exe.并且打开一个
dos窗口

加我QQ 463216947

newcenturymoon 老大,我没有qq,有MSN.
怎么办?

临时申请一个啊

到那里申请,谢谢.