瑞星卡卡安全论坛

我用瑞星杀过了 杀不掉 我该怎么办啊 高手门 懂的人教教我怎么弄啊

怎么没人帮帮我的拉　谢谢你们来　我很急啊

用HijackThis扫个日志贴上来
HijackThis请到置顶贴“【公告】反病毒论坛暂行条例（200511.26更新）及本版常用小工具”一楼的附件下

HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 16:04:18, on 2005-12-1
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
D:\超级兔子\MagicSet\memdef.EXE
D:\yy\kav2005\金山毒霸2005绿色版\KPfwSvc.EXE
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\WINNT\system32\ctfmon.exe
D:\qq\QQ.exe
D:\qq\TIMPlatform.exe
D:\qq\QQexternal.exe
C:\WINNT\system32\conime.exe
D:\4\RISING\RAV\CCENTER.EXE
D:\4\RISING\RAV\Ravmond.exe
D:\4\RISING\RAV\RavStub.exe
d:\4\rising\rav\RAVMON.EXE
d:\4\rising\rav\RAVTIMER.EXE
d:\4\rising\rav\RsAgent.exe
D:\1\BitComet\BitComet.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\shadu\hijackthis1.97_qoo\HijackThis.exe

R3 - URLSearchHook:
O2 - BHO: (no name) - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: (no name) - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yAngling.dll
O2 - BHO: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: (no name) - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\qq\QQIEHelper.dll
O2 - BHO: (no name) - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: (no name) - {D4D5C535-BA95-4327-870D-A33826FDD17A} - C:\WINNT\system32\obwbkya.dll
O2 - BHO: (no name) - {FEDF637B-F631-4583-A210-33CC828D42DB} - D:\
O3 - Toolbar: ????? - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O3 - Toolbar: ????? - {FEDF637B-F631-4583-A210-33CC828D42DB} - D:\
O4 - HKLM\..\Run: [Super Rabbit Memory] D:\
O4 - HKLM\..\Run: [RavTimer] D:\4\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] D:\4\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Super Rabbit IEPro] ; D:\
O4 - HKCU\..\Run: [Super Rabbit CDNotify] ; D:\
O4 - HKCU\..\Run: [KavPFW] ; "D:\yy\kav2005\
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: ChatLog.log
O4 - Global Startup: ntuser.pol
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O8 - Extra context menu item: !搜一搜 - res://C:\WINNT\downlo~1\CnsMinEx.dll/1003
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\qq\SendMMS.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O11 - Options group: [!CNS] 
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} - http://219.133.60.95:1080/qqtv/QQLive1.0Beta02.exe
O16 - DPF: {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} (photo_uploader Control) - http://upload.photo.163.com/photoup.cab
O16 - DPF: {C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} (Kingsoft DUBA OnlineScan) - http://zs.kingsoft.com/duba/OCX/KAVClean.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{068C9A62-37D7-46DB-ACBC-CF54B4AF45AC}: NameServer = 202.96.209.6 202.96.209.133

我中毒的都在D盘和E盘 我不大懂电脑的 谢谢楼上教我啊

日志工具版本太旧

用Autoruns保存一个日志发上来
日志保存方法:选择File->Save菜单项
保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)

工具的下载、使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7318038第14楼

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.d:\4\rising\rav\ravmon.exe

+ RavTimerRavTimerBeijing Rising Technology Co., Ltd.d:\4\rising\rav\ravtimer.exe

+ Super Rabbit MemoryRegister USD$Super Rabbit Softwared:\超级兔子\magicset\memdef.exe

+ yassistseAssistSettingYahoo!c:\program files\yahoo!\assistant\yassistse.exe

+ YLive.exeYLive c:\program files\yahoo!\assistant\ylive.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ KavPFWFile not found: ;

+ MSMSGSFile not found: ;

+ Super Rabbit CDNotifyFile not found: ;

+ Super Rabbit IEProFile not found: ;

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ cnshook.dll3721 CNS Module北京三七二一科技有限公司c:\winnt\downloaded program files\cnshook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\winnt\system32\ravext.dll

+ Yahoo!PhotoyPhtbYahoo! Chinac:\program files\yahoo!\assistant\assist\yphtb.dll

+ 粉碎文件Wiper 动态链接库c:\program files\yahoo!\assistant\assist\ywiper.dll

+ 好看123上网精灵超级兔子上网精灵超级兔子d:\超级兔子\magicset\haokanbar.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ Fax Tiff Data Column ProviderFile not found: C:\WINNT\system32\faxshell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ AntiFish Classyangling.dllYahoo.c:\program files\yahoo!\assistant\assist\yangling.dll

+ DragSearch BHODragSearchc:\program files\yahoo!\assistant\assist\ydragsearch.dll

+ QQBrowserHelperObject ClassQQIEHelper Module深圳市腾讯计算机系统有限公司d:\qq\qqiehelper.dll

+ SDObmObj Classobwbkya Module北京兴华基业软件技术有限公司c:\winnt\system32\obwbkya.dll

+ Yahoo!PhotoyPhtbYahoo! Chinac:\program files\yahoo!\assistant\assist\yphtb.dll

+ 超级兔子上网精灵超级兔子上网精灵超级兔子d:\超级兔子\magicset\haokanbar.dll

+ 雅虎助手ToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ coolbarToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ 超级兔子上网精灵超级兔子上网精灵超级兔子d:\超级兔子\magicset\haokanbar.dll

+ 雅虎助手ToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ Yahoo 1G电邮File not found: http://cn.mail.yahoo.com/promo/rd1

+ 清理上网记录File not found: http://assistant.3721.com/clean1.htm?fb=Cns

+ 情景聊天File not found: http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/

+ 上网助手File not found: http://assistant.3721.com/index.htm?fb=Cns

+ 手机短信File not found: http://sms.3721.com/ie/index.htm?pid=U_3721_assist

+ 修复浏览器File not found: http://assistant.3721.com/security1.htm?fb=Cns

+ 寻宝乐趣多File not found: http://hot.3721.com/rd/shop_btn.htm

HKLM\System\CurrentControlSet\Services

+ RsCCenterCCenterrisingd:\4\rising\rav\ccenter.exe

+ RsRavMonRavMonBeijing Rising Technology Co., Ltd.d:\4\rising\rav\ravmond.exe

+ SDAgentServicesde北京兴华基业软件技术有限公司c:\program files\common files\smartde\sde.exe

HKLM\System\CurrentControlSet\Services

+ BaseTDIbasetdiRisingc:\winnt\system32\drivers\basetdi.sys

+ cmpciC-Media Audio WDM DriverC-Media Incc:\winnt\system32\drivers\cmaudio.sys

+ ExpScanerExpScan.sysd:\4\rising\rav\expscan.sys

+ GMSIPCIFile not found: G:\INSTALL\GMSIPCI.SYS

+ HookContTDI HOOK DriverRising tech Co. ltdd:\4\rising\rav\hookcont.sys

+ HookRegd:\4\rising\rav\hookreg.sys

+ HookSys瑞星d:\4\rising\rav\hooksys.sys

+ NTACCESSFile not found: G:\NTACCESS.sys

+ nvNVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 NVIDIA Corporationc:\winnt\system32\drivers\nv4_mini.sys

+ nv4NVIDIA Compatible Windows 2000 Miniport Driver, Version 3.27 NVIDIA Corporationc:\winnt\system32\drivers\nv4.sys

+ pfcPadus(R) ASPI ShellPadus, Inc.c:\winnt\system32\drivers\pfc.sys

+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\winnt\system32\drivers\ptilink.sys

+ PxHelp20Px Engine Device Driver for Windows 2000/XPSonic Solutionsc:\winnt\system32\drivers\pxhelp20.sys

+ rtl8139Realtek RTL8139 NDIS 5.0 DriverRealtek Semiconductor Corporationc:\winnt\system32\drivers\rtl8139.sys

+ SecdrvSafeDisc driverc:\winnt\system32\drivers\secdrv.sys

+ SetupNTGLM7XFile not found: G:\NTGLM7X.sys

接下来 怎么办 请教!!谢谢了

杀毒软件报病毒路径是什么？

D:\System Volume Information\_restore{55ED4F2B-F4C3-496C-9857-OF4C1AC1D941}\RP114  这个是T开头的
E:\System Volume Information\_restore{55ED4F2B-F4C3-496C-9857-OF4C1AC1D941}\RP114  这个是B开头的
谢谢你了 真是太麻烦你了!!

关闭XP系统还原就可以了

附件: 5887812005121165132.JPG

啊 这么简单啊
关闭XP系统还原 那我硬盘里的东西会全部没有吗?
比较菜不大懂 ,再请教.你能说的具体点 我怕我弄不好电脑翘掉了

系统还原 要不要再杀一下毒呢 再问一下

问题是你的病毒在系统还原的文件夹中，杀毒软件无法删除掉，要想删除病毒，只能关闭系统还原。

关闭系统还原后，应该杀不到病毒了。

哦 我有点懂了 谢谢 我只是不懂系统还原了 那所有的东西是不是全部都没拉????? 请你告诉我

删除了病毒后，你还可以把系统还原打开的，只是你以后要进行系统还原时它只能还原到现在，不能还原到以前了。

救求 再请问高手们 我这个还是杀不掉啊!
请指教一下

怎么没人来教教我的拉　求救啊
谢谢拉
Logfile of HijackThis v1.99.1
Scan saved at 14:23:34, on 2005-12-3
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
D:\4\RISING\RAV\Ravmond.exe
D:\4\RISING\RAV\RavStub.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
D:\超级兔子\MagicSet\memdef.EXE
D:\4\RISING\RAV\RAVTIMER.EXE
D:\yy\kav2005\金山毒霸2005绿色版\KPfwSvc.EXE
D:\4\RISING\RAV\RAVMON.EXE
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
D:\4\RISING\RAV\CCENTER.EXE
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\svchost.exe
D:\TT\TTraveler.exe
D:\wen\155847200541134207\HijackThis.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: AntiFish Class - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yAngling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\qq\QQIEHelper.dll
O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: SDObmObj Class - {D4D5C535-BA95-4327-870D-A33826FDD17A} - C:\WINNT\system32\obwbkya.dll
O2 - BHO: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - D:\超级兔子\MagicSet\HaokanBar.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O3 - Toolbar: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - D:\超级兔子\MagicSet\HaokanBar.dll
O4 - HKLM\..\Run: [Super Rabbit Memory] D:\超级兔子\MagicSet\memdef.EXE /LOAD
O4 - HKLM\..\Run: [RavTimer] D:\4\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] D:\4\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Super Rabbit IEPro] ; D:\超级兔子\MagicSet\SRIECLI.EXE /LOAD
O4 - HKCU\..\Run: [Super Rabbit CDNotify] ; D:\超级兔子\MagicSet\srcdnoti.exe /LOAD
O4 - HKCU\..\Run: [KavPFW] ; "D:\yy\kav2005\金山毒霸2005绿色版\KAVPFW.EXE"
O8 - Extra context menu item: !搜一搜 - res://C:\WINNT\downlo~1\CnsMinEx.dll/1003
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\qq\SendMMS.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_3721_assist (file missing)
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} - http://219.133.60.95:1080/qqtv/QQLive1.0Beta02.exe
O16 - DPF: {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} (photo_uploader Control) - http://upload.photo.163.com/photoup.cab
O16 - DPF: {C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} (Kingsoft DUBA OnlineScan) - http://zs.kingsoft.com/duba/OCX/KAVClean.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{068C9A62-37D7-46DB-ACBC-CF54B4AF45AC}: NameServer = 202.96.209.6 202.96.209.133
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Unknown owner - D:\yy\kav2005\金山毒霸2005绿色版\KPfwSvc.EXE (file missing)
O23 - Service: MPSVC Service (MPSVCService) - Micropoint Corporation - D:\东方微点\Micropoint\MPSVC.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - D:\4\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\4\RISING\RAV\Ravmond.exe
O23 - Service: SDAgent Service (SDAgentService) - 北京兴华基业软件技术有限公司 - C:\Program Files\Common Files\smartde\sde.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe