刚忽然瑞星弹出这个病毒了。。

  反复的弹。。  有哥哥懂怎么杀么。。
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\瑞星\RISING\RAV\Ravmond.exe
C:\WINDOWS\Explorer.EXE
D:\瑞星\RISING\RAV\RAVTIMER.EXE
D:\瑞星\RISING\RAV\RAVMON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
d:\瑞星\rfw\rfwsrv.exe
D:\瑞星\Rfw\rfwmain.exe
C:\WINDOWS\System32\ctfmon.exe
D:\瑞星\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\瑞星\RISING\RAV\CCENTER.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\conime.exe
G:\HijackThis.exe

O1 - Hosts: com
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v8.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RavTimer] D:\瑞星\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] D:\瑞星\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RfwMain] "D:\瑞星\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下载 - E:\迅雷\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\迅雷\getallurl.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - G:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - G:\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - G:\qq\SendMMS.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {48038521-20FB-11D8-BC64-00B0D07A8A19} (PortalCom Control 2.0) - http://221.208.250.138/PortalAX02.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F1B38BC-2795-48B4-A8EB-AC25B995550D}: NameServer = 202.97.224.68 211.98.2.4
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - d:\瑞星\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - D:\瑞星\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\瑞星\RISING\RAV\Ravmond.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


上面是扫描的日志。。。  谢谢了哦

@_@ 拜托了哦

没看出来

用Autoruns保存一个日志发上来
日志保存方法:选择File->Save菜单项
保存日志时注意选择Options->Hide Microsoft Entries菜单项

工具使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7318038

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ CnsMinFile not found: C:\WINDOWS\DOWNLO~1\CnsMin.dll

+ NvCplDaemonNVIDIA Display Properties ExtensionNVIDIA Corporationc:\windows\system32\nvcpl.dll

+ nwizNVIDIA nView Wizard, Version 53.03 NVIDIA Corporationc:\windows\system32\nwiz.exe

+ RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.d:\瑞星\rising\rav\ravmon.exe

+ RavTimerRavTimerBeijing Rising Technology Co., Ltd.d:\瑞星\rising\rav\ravtimer.exe

+ RfwMainRising Personal FireWall Main ProgramBeijing Rising Technology Corporation Limitedd:\瑞星\rfw\rfwmain.exe

+ TkBellExeRealNetworks SchedulerRealNetworks, Inc.c:\program files\common files\real\update_ob\realsched.exe

HKLM\System\CurrentControlSet\Services

+ NVSvcProvides system and desktop level support to the NVIDIA display driverNVIDIA Corporationc:\windows\system32\nvsvc32.exe

+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Corporation Limitedd:\瑞星\rfw\rfwsrv.exe

+ RsCCenterCCenterrisingd:\瑞星\rising\rav\ccenter.exe

+ RsRavMonRavMonBeijing Rising Technology Co., Ltd.d:\瑞星\rising\rav\ravmond.exe

+ SoundMAX Agent Service (default)SoundMAX service agent componentAnalog Devices, Inc.c:\program files\analog devices\soundmax\smagent.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Desktop ExplorerNVIDIA Desktop Explorer, Version 53.03 NVIDIA Corporationc:\windows\system32\nvshell.dll

+ Desktop Explorer MenuNVIDIA Desktop Explorer, Version 53.03 NVIDIA Corporationc:\windows\system32\nvshell.dll

+ Display Panning CPL ExtensionFile not found: deskpan.dll

+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll

+ nView Desktop Context MenuNVIDIA Desktop Explorer, Version 53.03 NVIDIA Corporationc:\windows\system32\nvshell.dll

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

+ Shell Extensions for RealOne PlayerRealPlayer Shell ExtensionsRealNetworks, Inc.e:\w2kxpcjk2\rpshell.dll

+ WinRAR shell extensionf:\winrar\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ ThunderIEHelper Classxunleibho BHOc:\windows\system32\xunleibho_v8.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ @shdoclc.dll,-864c:\windows\web\related.htm

没看出有啥异常
是不是被杀毒软件杀了
重启用杀毒软件扫描一下内存看有没有病毒

..啊哦 。

计算机监控一直弹这个呢。。。
Backdoor.PCClient.bs
杀毒失败。。。被的就没