从昨天开始我进程里多了这些进程，具体请看图，就是那些.tmp的进程，基本上每30分钟-1个小时，又会生成个新的，在占用我的内存，我已经把正版瑞星升级了，依然杀不掉，请高手们帮忙看看，谢谢。

【回复“everwind”的帖子】
图片不全吧？

病毒名称？
病毒文件名称与路径？

我是2000系统，这些.tmp文件在c:\winnt\Temp下，每隔30分钟-1个小时自动生成一个，然后自动运行，进程里结束不了，我用正版瑞星查毒的话，查不出来

【回复“everwind”的帖子】
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
下载HIJACKTHIS
导出全部日志

Logfile of HijackThis v1.99.1
Scan saved at 20:42:23, on 2006-7-21
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Rising\Rav\Ravmon.exe
E:\D-Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\conime.exe
c:\program files\rising\rfw\rfwsrv.exe
E:\QQ\QQ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\TEMP\E3D7.tmp
C:\Program Files\Real\RealPlayer\RealPlay.exe
c:\program files\rising\rfw\RfwMain.exe
C:\WINNT\TEMP\A6A5.tmp
C:\WINNT\explorer.exe
E:\Mabinogi\client.exe
C:\WINNT\TEMP\3F69.tmp
C:\WINNT\TEMP\177.tmp
C:\WINNT\TEMP\555D.tmp
C:\WINNT\TEMP\B490.tmp
C:\WINNT\TEMP\144E.tmp
C:\WINNT\TEMP\F7A3.tmp
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\everwind\桌面\ha_hijackthis_1991(1)\HijackThis.exe

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\FLASHGET\jccatch.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - e:\QQ\QQIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\FLASHGET\fgiebar.dll
O3 - Toolbar: BitComet工具栏 - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\BitComet\BitCometBar\BitCometBar0.6.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [DAEMON Tools-2052] "E:\D-Tools\daemon.exe"  -lang 2052
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SysTray] c:\Program Files\wsybcq.exe
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\RunOnce: [Q828026] "C:\WINNT\INF\unregmp2.exe" /UpdateWMP
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Startup: 腾讯QQ.lnk = E:\QQ\QQ.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - E:\FLASHGET\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\FLASHGET\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\QQ\SendMMS.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - e:\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - e:\QQ\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - e:\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - e:\QQ\QQIEHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153241643906
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatarluoqi.tiancity.com/Modules/mabiweb.cab
O20 - Winlogon Notify: 1_32bean32_1reg - C:\Documents and Settings\All Users.WINNT\Documents\Settings\1_32bean32_1.dll
O20 - Winlogon Notify: SensSrv - C:\WINNT\SYSTEM32\senssrv.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

不言放弃 大大你看这样行了吗？帮忙看看，谢谢。

ALT+CTRL+DELETE调出任务管理器,终止所有
C:\WINNT\TEMP\3F69.tmp
C:\WINNT\TEMP\177.tmp
C:\WINNT\TEMP\555D.tmp
C:\WINNT\TEMP\B490.tmp
C:\WINNT\TEMP\144E.tmp
C:\WINNT\TEMP\F7A3.tmp
C:\WINNT\TEMP\E3D7.tmp
的进程
关闭所有浏览窗口以及一些不必要的程序
运行Hijackthis，扫描结束后在下列选项前打上勾，然后选"修复
O4 - HKLM\..\Run: [SysTray] c:\Program Files\wsybcq.exe
O20 - Winlogon Notify: 1_32bean32_1reg - C:\Documents and Settings\All Users.WINNT\Documents\Settings\1_32bean32_1.dll
O20 - Winlogon Notify: SensSrv - C:\WINNT\SYSTEM32\senssrv.dll
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
删除
C:\WINNT\SYSTEM32\senssrv.dll
C:\Documents and Settings\All Users.WINNT\Documents\Settings\1_32bean32_1.dll
C:\WINNT\TEMP删除这个文件夹里所有能删除的东东
c:\Program Files\wsybcq.exe
修复后重启。
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

楼上的大大，做到运行Hijackthis修复后出问题啦，我打不开system32文件夹了，一打开就蓝屏，内容如下（我用笔抄下来又打上来的，累死。。。）
stop:0x00000044 (0x821d2e68,0x00000d39,0x00000000,0x00000000)
if this is the first time you've seen this stop error screen
restart your computer.if this screen appears again,follow
check to make sure any new hardware or software is properly installed
for any windows 200 updates you might need
if problems continue,disable or remove any newly installed hardware or software,disable BIOS memory options such as caching or shadowing your computer,press F8 to select Advanced Statup options,and the select safe mode
Refer to your getting started manual for more information on troubleshooting stop errors.

说什么问题是否初次
重启后什么安全模式
大意是这样子

先不理
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

蓝屏后任何键无用，包括热启动键，重启后依然存在这问题，而且鼠标指针变成指针旁边带沙漏，沙漏随时在闪动