瑞星卡卡安全论坛

各位大侠、斑竹救命啊，我的机器感染了“win32.parite.a""win32.parite.dll",杀也杀不掉，瑞星2005清不掉!清除了，只要一执行可执行文件又出来了，请大家救救我吧!

用Autoruns保存一个日志发上来
日志保存方法:选择File->Save菜单项
保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)

工具的下载、使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7318038第14楼

不好意思，你说的“Autoruns"在哪个位置？

http://forum.ikaka.com/topic.asp?board=28&artid=7318038

你中了这个毒杀软都应该是可以杀掉的
而且你其他盘所有.exe文件都被感染了
先用杀毒软件在安全模式下杀一遍
被破坏的.exe文件很难修复过来了
可以试一下
一种方法，手工修复exe关联：找到regedit.exe，将扩展名更名为com，然后运行，定位到HKEY_CLASSES_ROOT\exefile\shell\open\command，将值修改为"%1" %*
修改完毕后，再将com改为exe。
另外一种方法，下载regfix（类似这样的注册表修复工具），将扩展名改为com后，运行。选中修复exe关联的选项吧

我传不上去，总是提示文件类型不对

用最新版Hijackthis1.99.1扫描一个log贴上来。

hijackThis下载地址见置顶贴
[必读]本版说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931

直接把文件内容贴上来就可以了

进入安全模式下杀毒，实在不行的话，就把那些文件直接删除掉就行了

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ NvCplDaemonNVIDIA Display Properties ExtensionNVIDIA Corporationc:\winnt\system32\nvcpl.dll

+ RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmon.exe

+ RavTimerRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtimer.exe

+ SoundManRealtek Sound ManagerRealtek Semiconductor Corp.C:\WINNT\soundman.exe

+ TkBellExeRealNetworks SchedulerRealNetworks, Inc.c:\program files\common files\real\update_ob\realsched.exe

C:\Documents and Settings\All Users\「开始」菜单\程序\启动

+ Adobe Gamma Loader.lnkAdobe Gamma LoaderAdobe Systems, Inc.c:\program files\common files\adobe\calibration\adobe gamma loader.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ MSNShellc:\program files\msnshell\bin\msnshell.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ PowerWord ExplorerBarPowerWord Web Dictionary Engine金山软件股份有限公司e:\program files\kingsoft\powerword 2003\xdictexb.dll

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\winnt\system32\ravext.dll

+ 粉碎文件Wiper 动态链接库c:\program files\yahoo!\assistant\assist\ywiper.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ AntiFish Classyangling.dllYahoo.c:\program files\yahoo!\assistant\assist\yangling.dll

+ DragSearch BHODragSearchc:\program files\yahoo!\assistant\assist\ydragsearch.dll

+ ThunderIEHelper Classxunleibho Modulec:\winnt\system32\xunleibho_v4.dll

+ 雅虎助手ToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ coolbarToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ 雅虎助手ToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGetFlashGetAmaze Softe:\网络工具\网际快车\flashget\flashget.exe

+ &Messenger AddonFile not found: http://messenger.ipfox.com

+ TOL24File not found: http://www.TOL24.com

+ Yahoo 1G电邮File not found: http://cn.mail.yahoo.com/promo/rd1

+ Yahoo! Messengere:\program files\yahoo!\messenger\ypager.exe

+ 寻宝乐趣多File not found: http://hot.3721.com/rd/shop_btn.htm

+ 易趣购物File not found: http://click2.ad4all.net/url2/urlmanage/url.asp?id=5

HKLM\System\CurrentControlSet\Services

+ NVSvcProvides system and desktop level support to the NVIDIA display driverNVIDIA Corporationc:\winnt\system32\nvsvc32.exe

+ OracleOraHome81DataGathererOracle Intelligent Agent ExecutableOracle Corporatione:\oracle\ora81\bin\vppdc.exe

+ OracleOraHome81HTTPServere:\oracle\ora81\apache\apache\apache.exe

+ OracleOraHome81TNSListenerJINANLISTENERe:\oracle\ora81\bin\tnslsnr.exe

+ OracleServiceJINANOracle RDBMS Kernel ExecutableOracle Corporatione:\oracle\ora81\bin\oracle.exe

+ RsCCenterCCenterrisingc:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMonBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe

HKLM\System\CurrentControlSet\Services

+ ALCXSENSSensaura WDM 3D Audio DriverSensaura Ltdc:\winnt\system32\drivers\alcxsens.sys

+ ALCXWDMRealtek AC'97 Audio Driver (WDM)Realtek Semiconductor Corp.c:\winnt\system32\drivers\alcxwdm.sys

+ BaseTDIbasetdiRisingc:\winnt\system32\drivers\basetdi.sys

+ dmioNT Disk Manager I/O DriverVERITAS Software Corp.c:\winnt\system32\drivers\dmio.sys

+ dmloadNT Disk Manager Startup DriverVERITAS Software Corp.c:\winnt\system32\drivers\dmload.sys

+ ePassFeiTian Security Key Driverc:\winnt\system32\drivers\eps1k.sys

+ ExpScanerExpScan.sysc:\program files\rising\rav\expscan.sys

+ HookContTDI HOOK DriverRising tech Co. ltdc:\program files\rising\rav\hookcont.sys

+ HookRegc:\program files\rising\rav\hookreg.sys

+ HookSys瑞星c:\program files\rising\rav\hooksys.sys

+ IdeBusDrIntel Application Accelerator DriverIntel Corporationc:\winnt\system32\drivers\idebusdr.sys

+ IdeChnDrIntel Application Accelerator DriverIntel Corporationc:\winnt\system32\drivers\idechndr.sys

+ Motorola USBLANc:\winnt\system32\drivers\mtblan.sys

+ NETMDUSBNet MD USB DriverSony Corporationc:\winnt\system32\drivers\netmdusb.sys

+ New0File not found: C:\WINNT\system32\new.sys

+ nvNVIDIA Compatible Windows 2000 Miniport Driver, Version 52.16 NVIDIA Corporationc:\winnt\system32\drivers\nv4_mini.sys

+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\winnt\system32\drivers\ptilink.sys

+ rtl8139Realtek RTL8139/810x Family NDIS 5.0 DrvRealtek Semiconductor Corporation      c:\winnt\system32\drivers\r8139n5.sys

+ SnifferSNIFFER Protocol Driverc:\winnt\system32\drivers\sniffer.sys

+ WINIOFile not found: F:\DRIVER\Audio\winio.sys

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ HP Master MonitorWin32 Master MonitorHewlett-Packardc:\winnt\system32\hpbmmon.dll

+ PRTmatec:\winnt\system32\prtmate.dll

日志没看出问题

杀毒软件报毒的路径是什么？

这是杀毒日志里显示的路径
SOUNDMAN.EXE>>C:\DOCUME~1\j\LOCALS~1\Temp\cxu14.tmp
RAVTIMER.EXE>>C:\DOCUME~1\j\LOCALS~1\Temp\cxu14.tmp
ctfmon.exe>>C:\DOCUME~1\j\LOCALS~1\Temp\cxu14.tmp
qcssbl9.exe>>C:\DOCUME~1\j\LOCALS~1\Temp\cxu14.tmp
explorer.exe>>C:\DOCUME~1\j\LOCALS~1\Temp\cxu14.tmp
RAVXP.EXE>>C:\DOCUME~1\j\LOCALS~1\Temp\cxu14.tmp
conime.exe>>C:\DOCUME~1\j\LOCALS~1\Temp\cxu14.tmp
msnmsgr.exe>>C:\DOCUME~1\j\LOCALS~1\Temp\cxu14.tmp
msnmsgr.exe>>C:\DOCUME~1\j\LOCALS~1\Temp\cxu14.tmp
IEXPLORE.EXE>>C:\DOCUME~1\j\LOCALS~1\Temp\cxu14.tmp
Photoshop.exe>>C:\DOCUME~1\j\LOCALS~1\Temp\cxu14.tmp
IEXPLORE.EXE>>C:\DOCUME~1\j\LOCALS~1\Temp\cxu14.tmp
realsched.exe>>C:\DOCUME~1\j\LOCALS~1\Temp\cxu14.tmp
RAVMON.EXE>>C:\DOCUME~1\j\LOCALS~1\Temp\cxu14.tmp
RAV.EXE>>C:\DOCUME~1\j\LOCALS~1\Temp\cxu14.tmp

建议关闭XP系统还原进安全模式全盘杀毒

谢谢斑主!