操作系统：Windows Server 2003 Standard Edition Service Pack 1 (Build 3790)
安装了瑞星最新杀毒、防火墙和卡卡。

1.最近系统在打开、关闭或最小化程序是反应变慢，在一段时间内，鼠标无法移动。用任务管理器查看，在做这些动作时，cpu利用率瞬间偏高，硬盘灯闪烁不停。
2.时不时弹出IE保护程序（见截图，文件都为同一个在dos下查看为da4ds.jpg文件），当第一次出现时先按拒绝执行，但在IE执行黑白名单内2栏都为空白；第2次出现时为了监测，按了执行，但报winrar crc解压出错，但在IE执行黑白名单内2栏也都为空白；最后一次执行，突然系统在后台安装程序，瑞星提示上报日志。

C:\WINDOWS\temp\gjb\tdsetup.exe    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN    Desktop    C:\WINDOWS\system32\rundll32.exe "C:\Program Files    修改    同意修改
D:\Temp\12\setup.exe    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH    SearchAssistant    http://client.jogo.cn/cdn/browser/sidesearch/sides    修改    拒绝修改
D:\Temp\12\setup.exe    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH    CustomizeSearch    http://client.jogo.cn/cdn/browser/customsearch/cus    修改    拒绝修改
D:\Temp\12\setup.exe    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN    CdnCtr    C:\Program Files\CNNIC\Cdn\cdnup.exe    修改    拒绝修改
C:\WINDOWS\system32\rund1l1.exe    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN    SysExplr    C:\Program Files\herosoft\SuperPLAY3500\SysExplr.e    修改    拒绝修改


1的情况前段时间出现过，没办法我重装了系统，当时在安装前我在安全模式下用瑞星和卡卡查杀过，没有任何病毒。在卡卡内删除了流氓软件，删除不用的插件和禁用有用的插件，清理所有痕迹。重启后1的情况还是出现。用windwos优化大师安全监测如下：
扫描木马程序
  分析可疑注册表入口
  分析可疑文件
  发现未知木马
  可疑文件：C:\WINDOWS\system32\GLIEDown2.dll
并且在安全模式下也是如此。没办法重装，在重装完所有的应用软件后，用windows优化大师检查过正常。但没想到没用多久，又出现1的情况，后来又有2的情况出现。想到可能版本升级了能杀掉这些，但情况也是如此，没办法解决。上瑞星在线查杀也是如此，没有发现病毒。

并且我的IE执行黑白名单，选项为灰色，不能添加。
有哪位能帮我解决下，附启动选项：
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <jiajiasr><D:\Program Files\jj4\jiajiasr.exe>  [加加工作组]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <PCTVOICE><pctspk.exe>  []
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><%SystemRoot%\system32\logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

€ `VõÀø‡bbs.ikaka.com<T͊ ÂFt

下面补充全的日志€ `VõÀø‡bbs.ikaka.com<T͊ ÂFt

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Standard Edition Service Pack 1 (Build 3790)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <jiajiasr><D:\Program Files\jj4\jiajiasr.exe>  [加加工作组]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <PCTVOICE><pctspk.exe>  []
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><%SystemRoot%\system32\logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[MicroMsgServices / MicroMsgServices]
  <C:\WINDOWS\system32\Svchost.exe -k MicroMsgServices-->C:\WINDOWS\system32\MicroService\svchost.dll><N/A>
[Rising Proxy  Service / RfwProxySrv]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
  <"D:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[TP-LINK TL-WN310G/350G 11G Wireless Adapter Service / AR5211]
  <system32\DRIVERS\11gAdapter.sys><TP-LINK Technologies Co., Ltd.>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner]
  <\??\D:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont]
  <\??\D:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\D:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\D:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
  <\??\D:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[IP in IP Tunnel Driver / IpInIp]
  <system32\DRIVERS\ipinip.sys><N/A>
[MEMSCAN / MEMSCAN]
  <\??\D:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
  <\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt]
  <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[W2K Pctel Serial Device Driver / Ptserial]
  <system32\DRIVERS\ptserial.sys><PCTEL, INC.>
[RsAntiSpyware / RsAntiSpyware]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv]
  <\??\D:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS]
  <\??\D:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SiS315 / SiS315]
  <system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC]
  <system32\DRIVERS\sisnic.sys><SiS Corporation>
[TCP/IP Protocol Driver / Tcpip]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[W2k Vmodem / Vmodem]
  <\SystemRoot\system32\DRIVERS\vmodem.sys><PCTEL, INC.>
[W2k Vpctcom / Vpctcom]
  <\SystemRoot\system32\DRIVERS\vpctcom.sys><PCtel, Inc.>
[W2k Vvoice / Vvoice]
  <\SystemRoot\system32\DRIVERS\vvoice.sys><PCtel, Inc.>
[Winbond Infrared Device Driver / WBFIRDMA]
  <system32\DRIVERS\wbfirdma.sys><Winbond Electronics Corp.>

==================================
浏览器加载项
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436}? <D:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Office Update Installation Engine]
  {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Office Update Installation Engine]
  {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[卡卡上网安全助手]
  {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Scripting.Dictionary]
  {EE09B103-97E0-11CF-978F-00A02463E06F} <C:\WINDOWS\system32\scrrun.dll, Microsoft Corporation>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[&使用迅雷下载]
  <D:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>€ `VõÀø‡bbs.ikaka.com<T͊ ÂFt

==================================
正在运行的进程
[PID: 384][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 468][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 504][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 548][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 560][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 748][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 828][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 872][D:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 888][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 964][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1008][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1036][D:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 47]
    [D:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [D:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Program Files\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [D:\Program Files\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 18, 1, 0, 12]
    [D:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 33]
    [D:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [D:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [D:\Program Files\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [D:\Program Files\Rising\Rav\HookWeb.dll]  [rising, 18, 0, 0, 2]
    [D:\Program Files\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [D:\Program Files\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Program Files\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [D:\Program Files\Rising\Rav\MailMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Program Files\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [D:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 35]
    [D:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]
    [D:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [D:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [D:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 33]
    [D:\Program Files\Rising\Rav\RSUnpack.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 21]
    [D:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 24]
    [D:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [D:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [D:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [D:\Program Files\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [D:\Program Files\Rising\Rav\ExtMail.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[PID: 1052][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1140][d:\program files\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
    [d:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
    [d:\program files\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
    [d:\program files\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
    [d:\program files\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [d:\program files\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 1340][D:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [D:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1696][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1720][C:\WINDOWS\system32\msdtc.exe]  [Microsoft Corporation, 2001.12.4720.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1860][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1896][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]€ `VõÀø‡bbs.ikaka.com<T͊ ÂFt

[PID: 1968][C:\WINDOWS\system32\Svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [c:\windows\system32\microservice\svchost.dll]  [N/A, N/A]
    [c:\windows\system32\microservice\MsoService.dll]  [N/A, N/A]
[PID: 2000][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1856][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1640][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[PID: 224][d:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
    [d:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
    [d:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [d:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1156][C:\WINDOWS\system32\pctspk.exe]  [, 1, 0, 0, 1]
[PID: 1760][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 56]
[PID: 796][D:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [D:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 1548][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1580][D:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 39]
    [D:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
    [D:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1632][D:\Program Files\jj4\jiajiasr.exe]  [加加工作组, 4, 0, 1, 33]
[PID: 2180][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 3328][E:\Downloads\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================€ `VõÀø‡bbs.ikaka.com<T͊ ÂFt

谁能帮我解决下啊？？？？？？€ `VõÀø‡bbs.ikaka.com<T͊ ÂFt

以下是我使用AutoRuns的日志，进入后除AutoRuns未运行程序。€ `VõÀø‡bbs.ikaka.com<T͊ ÂFt

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ RavTaskRavTimer(Not verified) Beijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravtask.exe

+ RfwMainRising Personal FireWall Main Program(Not verified) Beijing Rising Technology Co., Ltd.d:\program files\rising\rfw\rfwmain.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ jiajiasr加加输入法 4.01 作者:孙百川(Not verified) 加加工作组d:\program files\jj4\jiajiasr.exe

HKLM\SOFTWARE\Classes\Protocols\Filter

+ application/octet-streamMicrosoft .NET Runtime Execution Engine(Not verified) Microsoft Corporationc:\windows\system32\mscoree.dll

+ application/x-complusMicrosoft .NET Runtime Execution Engine(Not verified) Microsoft Corporationc:\windows\system32\mscoree.dll

+ application/x-msdownloadMicrosoft .NET Runtime Execution Engine(Not verified) Microsoft Corporationc:\windows\system32\mscoree.dll

HKLM\SOFTWARE\Classes\Protocols\Handler

+ ms-itssMicrosoft? InfoTech Storage System Library(Not verified) Microsoft Corporationc:\program files\common files\microsoft shared\information retrieval\msitss.dll

HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components

+ 0File not found: About:Home

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ n/aMicrosoft .NET IE SECURITY REGISTRATION(Not verified) Microsoft Corporationc:\windows\system32\mscories.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ Rising Execute File Exts hookRising Shell Ext Module(Not verified) Beijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Fusion CacheMicrosoft .NET Runtime Execution Engine(Not verified) Microsoft Corporationc:\windows\system32\mscoree.dll

+ HyperTerminal Icon ExtFile not found: hticons.dll

+ RISINGRising Shell Ext Module(Not verified) Beijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

+ Shell Icon Handler for Application ReferencesApplication Deployment Support Library(Not verified) Microsoft Corporationc:\windows\system32\dfshim.dll

+ ShellLink for Application ReferencesApplication Deployment Support Library(Not verified) Microsoft Corporationc:\windows\system32\dfshim.dll

+ WinRAR shell extensiond:\program files\winrar\rarext.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ kakatool.dll(Not verified) Beijing Rising Technology Co., Ltd.c:\windows\system32\kakatool.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ 启动迅雷5(Not verified) Thunder Networking Technologies,LTDd:\program files\thunder network\thunder\thunder.exe

HKLM\System\CurrentControlSet\Services

+ RfwServiceRising Personal Firewall Service(Not verified) Beijing Rising Technology Co., Ltd.d:\program files\rising\rfw\rfwsrv.exe

+ RsCCenterCCenter(Not verified) Beijing Rising Technology Co., Ltd.d:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMond(Not verified) Beijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravmond.exe

HKLM\System\CurrentControlSet\Services

+ AR5211Driver for TP-LINK Wireless Network AdapterAdapter(Not verified) TP-LINK Technologies Co., Ltd.c:\windows\system32\drivers\11gadapter.sys

+ BaseTDIbasetdi(Not verified) Beijing Rising Technology Co., Ltd.c:\windows\system32\drivers\basetdi.sys

+ ExpScanerExpScan.sysd:\program files\rising\rav\expscan.sys

+ GWIOPMd:\program files\wom\gwiopm.sys

+ HookContTDI HOOK Driver(Not verified) Rising tech Co. ltdd:\program files\rising\rav\hookcont.sys

+ HookRegd:\program files\rising\rav\hookreg.sys

+ HookSysHooksys(Not verified) Risingd:\program files\rising\rav\hooksys.sys

+ HookUrlHookUrl(Not verified) Beijing Rising Technology Co., Ltd.d:\program files\rising\rfw\hookurl.sys

+ IpInIpIP in IP Tunnel DriverFile not found: system32\DRIVERS\ipinip.sys

+ MEMSCANMemScan Driver(Not verified) 瑞星软件有限公司d:\program files\rising\rav\memscan.sys

+ mProcRsRising Personal FireWall  mprocrs.sys(Not verified) Beijing Rising Technology Co., Ltd.d:\program files\rising\rfw\mprocrs.sys

+ npkcryptnProtect KeyCrypt Driver(Not verified) INCA Internet Co., Ltd.d:\program files\tencent\qq\npkcrypt.sys

+ RsAntiSpywareRsBoot(Not verified) Beijing Risingc:\windows\system32\drivers\rsboot.sys

+ RsFwDrvnt_fwdrv(Not verified) Beijing Rising Technology Co., Ltd.d:\program files\rising\rfw\rsfwdrv.sys

+ RSPPSYSRSPPSYS(Not verified) Risingd:\program files\rising\rav\rsppsys.sys

+ TcpipTCP/IP Protocol Driver(Not verified) Microsoft Corporationc:\windows\system32\drivers\tcpip.sys

€ `VõÀø‡bbs.ikaka.com<T͊ ÂFt

以下是我使用Procexp的日志，进入后除Procexp未运行程序。
€ `VõÀø‡bbs.ikaka.com<T͊ ÂFt

ProcessPIDCPUDescriptionCompany NameVerified Signer
System Idle Process093.27
Interruptsn/a0.96Hardware Interrupts
DPCsn/a0.96Deferred Procedure Calls
System4
  smss.exe384Windows NT Session ManagerMicrosoft Corporation(Verified) Microsoft Windows Publisher
  csrss.exe468Client Server Runtime ProcessMicrosoft Corporation(Verified) Microsoft Windows Publisher
  winlogon.exe504Windows NT Logon ApplicationMicrosoft Corporation(Verified) Microsoft Windows Publisher
    services.exe5481.92Services and Controller appMicrosoft Corporation(Verified) Microsoft Windows Publisher
    svchost.exe764Generic Host Process for Win32 ServicesMicrosoft Corporation(Verified) Microsoft Windows Publisher
      wmiprvse.exe1460WMIMicrosoft Corporation(Verified) Microsoft Windows Publisher
    svchost.exe828Generic Host Process for Win32 ServicesMicrosoft Corporation(Verified) Microsoft Windows Publisher
    CCenter.exe872CCenterBeijing Rising Technology Co., Ltd.(Unable to verify) Beijing Rising Technology Co., Ltd.
    svchost.exe888Generic Host Process for Win32 ServicesMicrosoft Corporation(Verified) Microsoft Windows Publisher
    svchost.exe964Generic Host Process for Win32 ServicesMicrosoft Corporation(Verified) Microsoft Windows Publisher
    svchost.exe1008Generic Host Process for Win32 ServicesMicrosoft Corporation(Verified) Microsoft Windows Publisher
    RavMonD.exe10360.96RavMondBeijing Rising Technology Co., Ltd.(Unable to verify) Beijing Rising Technology Co., Ltd.
      RavStub.exe1400Rising RavStubBeijing Rising Technology Co., Ltd.(Unable to verify) Beijing Rising Technology Co., Ltd.
    svchost.exe1052Generic Host Process for Win32 ServicesMicrosoft Corporation(Verified) Microsoft Windows Publisher
    rfwsrv.exe1132Rising Personal FireWall ServiceBeijing Rising Technology Co., Ltd.(Unable to verify) Beijing Rising Technology Co., Ltd.
      rfwmain.exe360Rising Personal FireWall Main ProgramBeijing Rising Technology Co., Ltd.(Unable to verify) Beijing Rising Technology Co., Ltd.
    spoolsv.exe1716Spooler SubSystem AppMicrosoft Corporation(Verified) Microsoft Windows Publisher
    msdtc.exe1744MS DTCconsole programMicrosoft Corporation(Verified) Microsoft Windows Publisher
    svchost.exe1884Generic Host Process for Win32 ServicesMicrosoft Corporation(Verified) Microsoft Windows Publisher
    MDM.EXE1920Machine Debug ManagerMicrosoft Corporation(Verified) Microsoft Corporation
    svchost.exe1992Generic Host Process for Win32 ServicesMicrosoft Corporation(Verified) Microsoft Windows Publisher
    svchost.exe232Generic Host Process for Win32 ServicesMicrosoft Corporation(Verified) Microsoft Windows Publisher
    svchost.exe2648Generic Host Process for Win32 ServicesMicrosoft Corporation(Verified) Microsoft Windows Publisher
    lsass.exe560LSA ShellMicrosoft Corporation(Verified) Microsoft Windows Publisher
explorer.exe20280.96Windows ExplorerMicrosoft Corporation(Verified) Microsoft Windows Publisher
pctspk.exe2164pctvoice MFC Application(Verified) Microsoft Windows Hardware Compatibility Publisher
soundman.exe2228Realtek Sound ManagerRealtek Semiconductor Corp.(Verified) Microsoft Windows Hardware Compatibility Publisher
RavTask.exe2248RavTimerBeijing Rising Technology Co., Ltd.(Unable to verify) Beijing Rising Technology Co., Ltd.
  RavMon.exe2324RavMonBeijing Rising Technology Co., Ltd.(Unable to verify) Beijing Rising Technology Co., Ltd.
ctfmon.exe2292CTF LoaderMicrosoft Corporation(Verified) Microsoft Windows Publisher
jiajiasr.exe2348加加输入法 4.01 作者:孙百川加加工作组(Unable to verify) 加加工作组
procexp.exe22520.96Sysinternals Process ExplorerSysinternals(Verified) Microsoft Corporation

Process:  Pid: 2348

NameDescriptionCompany NameVersionPathVerified Signer
advapi32.dllAdvanced Windows 32 Base APIMicrosoft Corporation5.02.3790.1830C:\WINDOWS\system32\advapi32.dll(Verified) Microsoft Windows Publisher
apphelp.dllApplication Compatibility Client LibraryMicrosoft Corporation5.02.3790.1830C:\WINDOWS\system32\apphelp.dll(Verified) Microsoft Windows Publisher
comdlg32.dllCommon Dialogs DLLMicrosoft Corporation6.00.3790.1830C:\WINDOWS\system32\comdlg32.dll(Verified) Microsoft Windows Publisher
ctype.nlsC:\WINDOWS\system32\ctype.nls
dnsapi.dllDNS Client API DLLMicrosoft Corporation5.02.3790.2745C:\WINDOWS\system32\dnsapi.dll(Verified) Microsoft Windows Component Publisher
gdi32.dllGDI Client DLLMicrosoft Corporation5.02.3790.2606C:\WINDOWS\system32\gdi32.dll(Verified) Microsoft Windows Component Publisher
hnetcfg.dllHome Networking Configuration ManagerMicrosoft Corporation5.02.3790.1830C:\WINDOWS\system32\hnetcfg.dll(Verified) Microsoft Windows Publisher
imm32.dllWindows IMM32 API Client DLLMicrosoft Corporation5.02.3790.1830C:\WINDOWS\system32\imm32.dll(Verified) Microsoft Windows Publisher
kernel32.dllWindows NT BASE API Client DLLMicrosoft Corporation5.02.3790.2756C:\WINDOWS\system32\kernel32.dll(Verified) Microsoft Windows Component Publisher
locale.nlsC:\WINDOWS\system32\locale.nls
lpk.dllLanguage PackMicrosoft Corporation5.02.3790.1830C:\WINDOWS\system32\lpk.dll(Verified) Microsoft Windows Publisher
MSCTF.dllMSCTF Server DLLMicrosoft Corporation5.02.3790.1830C:\WINDOWS\system32\MSCTF.dll(Verified) Microsoft Windows Publisher
MSCTFIME.IMEMicrosoft Text Frame Work Service IMEMicrosoft Corporation5.02.3790.1830C:\WINDOWS\system32\MSCTFIME.IME(Verified) Microsoft Windows Publisher
msvcrt.dllWindows NT CRT DLLMicrosoft Corporation7.00.3790.1830C:\WINDOWS\system32\msvcrt.dll(Verified) Microsoft Windows Publisher
mswsock.dllMicrosoft Windows Sockets 2.0 Service ProviderMicrosoft Corporation5.02.3790.1830C:\WINDOWS\system32\mswsock.dll(Verified) Microsoft Windows Publisher
ntdll.dllNT Layer DLLMicrosoft Corporation5.02.3790.1830C:\WINDOWS\system32\ntdll.dll(Verified) Microsoft Windows Publisher
ole32.dllMicrosoft OLE for WindowsMicrosoft Corporation5.02.3790.2492C:\WINDOWS\system32\ole32.dll(Verified) Microsoft Windows Publisher
oleaut32.dllMicrosoft Corporation5.02.3790.1830C:\WINDOWS\system32\oleaut32.dll(Verified) Microsoft Windows Publisher
rasadhlp.dllRemote Access AutoDial HelperMicrosoft Corporation5.02.3790.2745C:\WINDOWS\system32\rasadhlp.dll(Verified) Microsoft Windows Component Publisher
rpcrt4.dllRemote Procedure Call RuntimeMicrosoft Corporation5.02.3790.1830C:\WINDOWS\system32\rpcrt4.dll(Verified) Microsoft Windows Publisher
secur32.dllSecurity Support Provider InterfaceMicrosoft Corporation5.02.3790.1830C:\WINDOWS\system32\secur32.dll(Verified) Microsoft Windows Publisher
sensapi.dllSENS Connectivity API DLLMicrosoft Corporation5.02.3790.0000C:\WINDOWS\system32\sensapi.dll(Verified) Microsoft Windows Publisher
shell32.dllWindows Shell Common DllMicrosoft Corporation6.00.3790.2746C:\WINDOWS\system32\shell32.dll(Verified) Microsoft Windows Component Publisher
shlwapi.dllShell Light-weight Utility LibraryMicrosoft Corporation6.00.3790.2795C:\WINDOWS\system32\shlwapi.dll(Verified) Microsoft Windows Component Publisher
sortkey.nlsC:\WINDOWS\system32\sortkey.nls
sorttbls.nlsC:\WINDOWS\system32\sorttbls.nls
unicode.nlsC:\WINDOWS\system32\unicode.nls
user32.dllWindows USER API Client DLLMicrosoft Corporation5.02.3790.1830C:\WINDOWS\system32\user32.dll(Verified) Microsoft Windows Publisher
usp10.dllUniscribe Unicode script processorMicrosoft Corporation1.422.3790.1830C:\WINDOWS\system32\usp10.dll(Verified) Microsoft Windows Publisher
uxtheme.dllMicrosoft UxTheme LibraryMicrosoft Corporation6.00.3790.1830C:\WINDOWS\system32\uxtheme.dll(Unable to verify) Microsoft Corporation
winrnr.dllLDAP RnR Provider DLLMicrosoft Corporation5.02.3790.1830C:\WINDOWS\system32\winrnr.dll(Verified) Microsoft Windows Publisher
wldap32.dllWin32 LDAP API DLLMicrosoft Corporation5.02.3790.1830C:\WINDOWS\system32\wldap32.dll(Verified) Microsoft Windows Publisher
ws2_32.dllWindows Socket 2.0 32-Bit DLLMicrosoft Corporation5.02.3790.1830C:\WINDOWS\system32\ws2_32.dll(Verified) Microsoft Windows Publisher
ws2help.dllWindows Socket 2.0 Helper for Windows NTMicrosoft Corporation5.02.3790.1830C:\WINDOWS\system32\ws2help.dll(Verified) Microsoft Windows Publisher
wshtcpip.dllWindows Sockets Helper DLLMicrosoft Corporation5.02.3790.0000C:\WINDOWS\system32\wshtcpip.dll(Verified) Microsoft Windows Publisher
comctl32.dllCommon Controls LibraryMicrosoft Corporation5.82.3790.2778C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.2778_x-ww_497C098C\comctl32.dll(Verified) Microsoft Windows Component Publisher
comctl32.dllUser Experience Controls LibraryMicrosoft Corporation6.00.3790.2778C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.2778_x-ww_A8F04F11\comctl32.dll(Verified) Microsoft Windows Component Publisher
jiajiasr.exe加加输入法 4.01 作者:孙百川加加工作组4.00.0001.0033D:\Program Files\jj4\jiajiasr.exe(Unable to verify) 加加工作组
€ `VõÀø‡bbs.ikaka.com<T͊ ÂFt