啊啊，今天中毒了，毒不给我开瑞星，不给开监控，给别的病毒敞开了大门，去网上杀毒过，杀了毒，也没用。。。。。。
有人懂怎么回事吗~~

安全模式下断网查杀

或
http://forum.ikaka.com/topic.asp?board=28&artid=6979213
下载HIJACKTHIS导出日志

曾经遇到过,,可是太久远,,,已经忘记怎么处理的,,了
还是扫个HJ日志来让大家帮忙分析一下吧

日记怎么导出？？还有瑞星杀毒开不了啊，安全模式有用吗？

日记是这个东西吗
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run           

+ EM_EXEC    Control Center    Logitech Inc.                        c:\program files\logitech\mouseware\system\em_exec.exe

+ RavTask    RavTimer    Beijing Rising Technology Co., Ltd.    c:\program files\rising\rav\ravtask.exe

+ StormCodec_Helper            c:\program files\ringz studio\storm codec\stormset.exe

+ Super Rabbit SRRestore            File not found: H:\Super Rabbit\MagicSet\srrestore.exe

+ yassistse    AssistSetting    Yahoo!    c:\program files\yahoo!\assistant\yassistse.exe

+ YLive.exe    YLive         c:\program files\yahoo!\assistant\ylive.exe

C:\Documents and Settings\Administrator\「开始」菜单\程序\启动           

+ 连接设备 Realtek RTL8139(A) PCI Fast Ethernet Adapter #2.lnk            c:\documents and settings\administrator\「开始」菜单\程序\启动\连接设备 realtek rtl8139(a) pci fast ethernet adapter #2.lnk

HKCU\Software\Microsoft\Windows\CurrentVersion\Run           

+ BitComet    BitComet - a BitTorrent Client    www.BitComet.com    h:\bt\bitcomet\bitcomet.exe

+ KavPFW    Kingsoft Personal Firewall Main Program    Kingsoft Corporation    c:\kav2005\kavpfw.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks           

+ Rising Execute File Exts hook    Rising Shell Ext Module    Beijing Rising Technology Co., Ltd.    c:\winnt\system32\ravext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved           

+ GMail Drive    GMail File System Shell Namespace Extension    Bjarke Viksoe    c:\winnt\system32\shellext\gmailfs.dll

+ GMailFS Context Menu    GMail File System Shell Namespace Extension    Bjarke Viksoe    c:\winnt\system32\shellext\gmailfs.dll

+ GMailFS Drop Handler    GMail File System Shell Namespace Extension    Bjarke Viksoe    c:\winnt\system32\shellext\gmailfs.dll

+ GMailFS Property Sheet    GMail File System Shell Namespace Extension    Bjarke Viksoe    c:\winnt\system32\shellext\gmailfs.dll

+ RISING    Rising Shell Ext Module    Beijing Rising Technology Co., Ltd.    c:\winnt\system32\ravext.dll

+ Yahoo!Photo    yPhtb    Yahoo! China    c:\program files\yahoo!\assistant\assist\yphtb.dll

+ 粉碎文件    Wiper 动态链接库        c:\program files\yahoo!\assistant\assist\ywiper.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved           

+ Web 文件夹            c:\program files\common files\microsoft shared\web folders\msonsext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects           

+ AntiFish Class    yangling.dll    Yahoo.    c:\program files\yahoo!\assistant\assist\yangling.dll

+ DragSearch BHO    DragSearch        c:\program files\yahoo!\assistant\assist\ydragsearch.dll

+ HBObject Class    HBHelper Module    Shanghai Henbang Technology Co., Ltd    c:\program files\hbclient\tbhelper.dll

+ MMSAssist BHO    MMSAssist        c:\program files\mmsassist\mmsass~1.dll

+ Yahoo!Photo    yPhtb    Yahoo! China    c:\program files\yahoo!\assistant\assist\yphtb.dll

+ 雅虎助手    ToolBar    Yahoo!    c:\program files\yahoo!\assistant\assist\yasbar.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks           

+ DiyBar    51NET DiyBar    北京金络神电子商务有限责任公司    c:\winnt\system32\diybar2\diybar2.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar           

+ toolbar.dll    捜狗直通车    Sohu.com Inc.    c:\p4p\toolbar.dll

+ 雅虎助手    ToolBar    Yahoo!    c:\program files\yahoo!\assistant\assist\yasbar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions           

+ @shdoclc.dll,-864            c:\winnt\web\related.htm

+ SoQ            File not found: http://www.soq.com

+ 播霸电视            File not found: http://itv.mop.com

+ 访问卡卡社区            File not found: http://www.ikaka.com

+ 访问瑞星网站            File not found: http://www.rising.com.cn

+ 浩方对战平台    浩方对战平台    上海浩方在线信息技术有限公司    c:\program files\浩方对战平台\gameclient.exe

+ 浩方对战平台    浩方对战平台    上海浩方在线信息技术有限公司    c:\program files\浩方对战平台\gameclient.exe

+ 易趣购物            File not found: http://click2.ad4all.net/url2/urlmanage/url.asp?id=5

Task Scheduler           

+ 1-Click Maintenance.job            File not found: C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe

HKLM\System\CurrentControlSet\Services           

+ NVSvc    Provides system and desktop level support to the NVIDIA display driver    NVIDIA Corporation    c:\winnt\system32\nvsvc32.exe

+ RsRavMon    RavMond    Beijing Rising Technology Co., Ltd.    c:\program files\rising\rav\ravmond.exe

+ Switch Off            File not found: `?\swoff.exe

+ UserAccess7            c:\winnt\system32\uaservice7.exe

HKLM\System\CurrentControlSet\Services           

+ ALCXWDM    Avance AC'97 Audio Driver (WDM)    Avance Logic, Inc.    c:\winnt\system32\drivers\alcxwdm.sys

+ BaseTDI    basetdi    Beijing Rising Technology Co., Ltd.    c:\winnt\system32\drivers\basetdi.sys

+ cdawdm            File not found: system32\DRIVERS\cdawdm.sys

+ d347bus    PnP BIOS Extension         c:\winnt\system32\drivers\d347bus.sys

+ d347prt    SCSI miniport         c:\winnt\system32\drivers\d347prt.sys

+ dmio    NT Disk Manager I/O Driver    VERITAS Software Corp.    c:\winnt\system32\drivers\dmio.sys

+ dmload    NT Disk Manager Startup Driver    VERITAS Software Corp.    c:\winnt\system32\drivers\dmload.sys

+ ExpScaner    ExpScan.sys        c:\program files\rising\rav\expscan.sys

+ HookCont    TDI HOOK Driver    Rising tech Co. ltd    c:\program files\rising\rav\hookcont.sys

+ HookReg            c:\program files\rising\rav\hookreg.sys

+ HookSys    Hooksys    Rising    c:\program files\rising\rav\hooksys.sys

+ KNetWch    KNetWatch    金山电脑公司    c:\kav2005\knetwch.sys

+ KWatch3    Kingsoft Antivirus KWatch Driver    Kingsoft Corporation    c:\winnt\system32\drivers\kwatch3.sys

+ lhidflt2    Logitech HID Filter Driver    Logitech    c:\winnt\system32\drivers\lhidflt2.sys

+ LHidUsb    Logitech USB Receiver    Logitech    c:\winnt\system32\drivers\lhidusb.sys

+ lkbdflt2    Logitech Keyboard Filter Driver    Logitech    c:\winnt\system32\drivers\lkbdflt2.sys

+ lmouflt2    Logitech Mouse Filter Driver    Logitech    c:\winnt\system32\drivers\lmouflt2.sys

+ MEMSCAN    MemScan Driver    瑞星软件有限公司    c:\program files\rising\rav\memscan.sys

+ New0            c:\winnt\system32\new.sys

+ npkcrypt            File not found: C:\Program Files\Tencent\qq\npkcrypt.sys

+ nv    NVIDIA Compatible Windows 2000 Miniport Driver, Version 52.16     NVIDIA Corporation    c:\winnt\system32\drivers\nv4_mini.sys

+ prodrv05            File not found: C:\WINNT\System32\drivers\prodrv05.sys

+ prohlp01            File not found: System32\drivers\prohlp01.sys

+ Ptilink    Direct Parallel Link Driver    Parallel Technologies, Inc.    c:\winnt\system32\drivers\ptilink.sys

+ QuakeDRV            c:\winnt\system32\drivers\quakedrv.sys

+ RMSPPPOE    PPP over Ethernet Protocol NDIS Intermediate Driver    Robert Schlabbach    c:\winnt\system32\drivers\rmspppoe.sys

+ rtl8139    NDIS 5.0 driver                                                                      Realtek Semiconductor Corporation                                                    c:\winnt\system32\drivers\rtl8139.sys

+ SVKP    SVKP driver for NT    AntiCracking    c:\winnt\system32\svkp.sys

+ TVICHW32    TVicHW32 5.0 Generic Device Driver    EnTech Taiwan    c:\winnt\system32\drivers\tvichw32.sys

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls           

+ C:\WINNT\system32\SoDAHK.DLL    SODA Library        c:\winnt\system32\sodahk.dll

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9           

+ HB_IP    hbmter DLL        c:\winnt\system32\hbmter.dll

+ UDP_CHAIN    hbmter DLL        c:\winnt\system32\hbmter.dll

http://forum.ikaka.com/topic.asp?board=28&artid=6979213
这个页面一楼的那个小软件,,,
用它扫描日志

打开运行输入services.msc点确定

先把Rising Process Communication Center启动
再把RsRavMon Service的手动改为自动,并启动它

来了日记
HijackThis_zww汉化版扫描日志 V1.99.1
保存于      12:20:16, 日期 2001-1-1
操作系统：  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\UAService7.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\Program Files\Rising\Rav\RavMon.exe
C:\Program Files\Rising\Rav\Rav.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Thunder Network\Thunder\Thunder.exe
C:\WINNT\system32\conime.exe
C:\Documents and Settings\Administrator\桌面\Autoruns\autoruns.exe
C:\WINNT\system32\NOTEPAD.EXE
D:\HijackThis1991zww.exe

R3 - URLSearchHook: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINNT\system32\diybar2\diybar2.dll
O2 - BHO: (no name) - {0005A87D-D626-4B3A-84F9-1D9571695F55}? - (no file)
O2 - BHO: (no name) - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03}? - (no file)
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll
O2 - BHO: Link Filter - {4022F902-ABC7-4C79-924F-BB26F1D355A2}? - (no file)
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191}? - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B}? - (no file)
O2 - BHO: HBObject Class - {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} - C:\PROGRA~1\HBClient\tbhelper.dll
O2 - BHO: DownloadBHO T2BHO - {B1D147E7-873E-4909-8127-695D9BB78728}? - (no file)
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932}? - (no file)
O2 - BHO: (no name) - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D}? - (no file)
O3 - IE工具栏增项: 卡卡安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\Program Files\Rising\KaKaToolBar\kakatool.dll
O3 - IE工具栏增项: (no name) - {56A7DC70-E102-4408-A34A-AE06FEF01586}? - (no file)
O3 - IE工具栏增项: (no name) - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4}? - (no file)
O3 - IE工具栏增项: (no name) - {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C}? - (no file)
O3 - IE工具栏增项: (no name) - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D}? - (no file)
O3 - IE工具栏增项: 捜狗直通车 - {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} - C:\P4P\Toolbar.dll
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - 启动项HKLM\\Run: [NMGameX_AutoRun] C:\WINNT\system32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [RichMedia] C:\WINNT\system32\Rundll32.exe  "C:\PROGRA~1\HBClient\tbhelper.dll",WaitWindows
O4 - 启动项HKLM\\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - 启动项HKLM\\Run: [Super Rabbit SRRestore] H:\Super Rabbit\MagicSet\srrestore.exe /autosave
O4 - HKCU\..\Run: [BitComet] "H:\BT\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [KavPFW] "C:\KAV2005\KAVPFW.EXE"
O4 - Startup: 连接设备 Realtek RTL8139(A) PCI Fast Ethernet Adapter #2.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目:  >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - IE右键菜单中的新增项目: 使用影音传送带下载 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - IE右键菜单中的新增项目: 使用影音传送带下载全部链接 - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - IE右键菜单中的新增项目: 使用搜狗直通车下载 - C:\P4P\dl.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - H:\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - H:\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 发送图片到手机 - C:\P4P\cx.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - E:\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - E:\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - E:\qq\SendMMS.htm
O8 - IE右键菜单中的新增项目: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/246
O9 - 浏览器额外的按钮: 免费精彩视频超流畅在线观看 - {022C4009-5283-4365-97BF-144054B40E2E}? - http://itv.mop.com (file missing)
O9 - 浏览器额外的“工具”菜单项: 播霸电视 - {022C4009-5283-4365-97BF-144054B40E2E}? - http://itv.mop.com (file missing)
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\浩方对战平台\GameClient.exe
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A}? - C:\Program Files\浩方对战平台\GameClient.exe
O9 - 浏览器额外的按钮: (no name) - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C}? - C:\WINNT\system32\shdocvw.dll
O9 - 浏览器额外的“工具”菜单项: Link Filter - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C}? - C:\WINNT\system32\shdocvw.dll
O9 - 浏览器额外的按钮: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - 浏览器额外的“工具”菜单项: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - 浏览器额外的按钮: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191}? - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - 浏览器额外的“工具”菜单项: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191}? - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - 浏览器额外的按钮: 珊瑚虫 工具栏 - {8507326C-B5C1-4559-BB91-0919E753836F}? - C:\Program Files\Infofo Bar\infofobar.dll
O9 - 浏览器额外的“工具”菜单项: 珊瑚虫 工具栏 - {8507326C-B5C1-4559-BB91-0919E753836F}? - C:\Program Files\Infofo Bar\infofobar.dll
O9 - 浏览器额外的按钮: SoQ - {8F67DCF3-B1DF-4A39-A787-3775784BF737}? - http://www.soq.com (file missing)
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的按钮: 易趣购物 - {DE607143-AC19-423e-869A-9D70ABDF119A}? - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {DE607143-AC19-423e-869A-9D70ABDF119A}? - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - 浏览器额外的按钮: 访问瑞星网站 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444}? - http://www.rising.com.cn (file missing)
O9 - 浏览器额外的按钮: 访问卡卡社区 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445}? - http://www.ikaka.com (file missing)
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\hbmter.dll
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\hbmter.dll