瑞星卡卡安全论坛

瑞星每天在windows文件夹里杀出11个病毒，各位高手帮忙看下日志，想一个根除的方法吧，谢谢了
HijackThis_zww汉化版扫描日志 V1.99.1
保存于      17:07:45, 日期 2007-3-21
操作系统：  Windows XP SP1 (WinNT 5.01.2600)
浏览器：    Unable to get Internet Explorer version!

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UNHSRVNT.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Thunder Network\WebThunder\WebThunder.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Rising\Rav\Rav.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Documents and Settings\Administrator\桌面\hijackthis1991\HijackThis1991zww.exe

O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll
O2 - BHO: ThunderBHO - {0005A87C-D626-4B3A-84F9-1D9571695F55} - C:\Program Files\Sandai Technologies Inc\Thunder\ComDlls\XunLeiBHO_006.dll
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v14.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {190abbda-c22d-4d0a-ae2b-1b294ae19f4f} - C:\WINDOWS\System32\4d0antos.dll
O2 - BHO: (no name) - {196d6bd5-1705-4018-8b0d-4e03f37a8dbf} - (no file)
O2 - BHO: (no name) - {37bcbc9c-8a3f-4e52-8b0d-4e03f37a8dbf} - (no file)
O2 - BHO: (no name) - {4776b243-595e-43c8-8b0d-4e03f37a8dbf} - C:\WINDOWS\System32\43c8cfsb.dll
O2 - BHO: (no name) - {56bcbc17-6b54-4071-8b0d-4e03f37a8dbf} - (no file)
O2 - BHO: (no name) - {58a03844-c88c-498b-8b0d-4e03f37a8dbf} - (no file)
O2 - BHO: (no name) - {60472693-c9c6-47f4-8b0d-4e03f37a8dbf} - (no file)
O2 - BHO: (no name) - {65b61911-3c7b-4db1-8b0d-4e03f37a8dbf} - (no file)
O2 - BHO: NewsWatch Class - {6BD97C5B-7A34-4AE9-8B0D-4E03F37A8DBF} - C:\WINDOWS\System32\43c8cfsb.dll
O2 - BHO: (no name) - {9e00fb17-6323-4564-8b0d-4e03f37a8dbf} - (no file)
O2 - BHO: (no name) - {afe38243-0f38-4acb-8b0d-4e03f37a8dbf} - (no file)
O2 - BHO: (no name) - {c12c69f2-8ecf-4684-8b0d-4e03f37a8dbf} - (no file)
O2 - BHO: (no name) - {e1d8c476-94b7-4879-8b0d-4e03f37a8dbf} - (no file)
O2 - BHO: Flasher - {E29F0B13-0D84-45aa-81EC-CC629BC07566} - C:\WINDOWS\system32\Flasher0.dll
O2 - BHO: (no name) - {e6b48641-216d-404d-8b0d-4e03f37a8dbf} - (no file)
O2 - BHO: (no name) - {fe6b7db9-f0f6-4f23-8b0d-4e03f37a8dbf} - (no file)
O2 - BHO: (no name) - {ff20bc49-57c4-44c6-8b0d-4e03f37a8dbf} - (no file)
O3 - IE工具栏增项: (no name) - {FBFF8F98-AE9D-4599-975E-E9B31E88EF04}? - (no file)
O3 - IE工具栏增项: c22d - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\System32\4d0antos.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [ClientQyule] C:\Program Files\Qyule\Qyule.exe -autostart
O4 - 启动项HKLM\\Run: [WebThunder] C:\Program Files\Thunder Network\WebThunder\WebThunder.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: 青娱乐.lnk = C:\Program Files\Qyule\Qyule.exe
O4 - Global Startup: 青娱乐.lnk = C:\Program Files\Qyule\Qyule.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Sandai Technologies Inc\Thunder\Program\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Sandai Technologies Inc\Thunder\Program\getallurl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用Web迅雷下载 - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 - IE右键菜单中的新增项目: 使用Web迅雷下载全部链接 - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Sandai Technologies Inc\Thunder\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Sandai Technologies Inc\Thunder\Thunder.exe
O9 - 浏览器额外的按钮: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - 浏览器额外的“工具”菜单项: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} (PowerList Control) - http://www.ppstream.com/bin/powerplayer.cab
O16 - DPF: {EC0978ED-24E3-403C-AB7A-060E388553E6} (BoBo P2P多媒体网络点播/广播/直播系统 V3) - http://www.17bobo.com/Software/BoBo_ActiveX_V3.ocx
O18 - 列举现有的协议: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll
O18 - 列举现有的协议: qyl - {C79BF22F-25C4-4D3D-8183-14149EAB9C0C} - C:\WINDOWS\System32\qylprotocol.dll
O21 - SSODL: SysChunk - {6C5DC6D8-C9AF-43E6-A412-6AA7C582E5C5} - C:\WINDOWS\System32\syschunk.dll (file missing)
O23 - NT 服务: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - NT 服务: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: UNHDogService - Rainbow China - C:\WINDOWS\System32\UNHSRVNT.EXE