怎么杀也杀不掉,一开机就双有了Trojan.RootKit.d。我是XP系统，瑞星2006新版。哪位高手告诉我呀。在这谢谢了。

http://forum.ikaka.com/topic.asp?board=28&artid=7308585

看一下这个帖子对你可能有帮助

这是扫描的日志 ，大家给分析一下。现在我的瑞星连监控都被禁用了。我找不到病毒源文件呀。
【HijackThis_zww汉化版扫描日志 V1.99.1
保存于      22:34:06, 日期 2006-2-9
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rfw\RfwMain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\autoclk.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\PPPoEWin.exe
F:\Program Files\魅力群英0123\SolMei.exe
F:\Program Files\SGOL20\Online.dat
C:\Program Files\BitSpirit\BitSpirit.exe
C:\Program Files\rising\Rav\RavMon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis1991汉化版\HijackThis1991zww.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
O2 - BHO: NXIECatcher Class - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O3 - IE工具栏增项: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - IE工具栏增项: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no file)
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - 启动项HKLM\\Run: [SigmatelSysTrayApp] rem stsystra.exe
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [zcom] rem C:\Program Files\zcom\zPlatform.exe MIN
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [YLive.exe] rem C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - 启动项HKLM\\Run: [Net] rem C:\WINDOWS\slserve.exe
O4 - 启动项HKLM\\RunServices: [Net] C:\WINDOWS\slserve.exe
O4 - HKCU\..\Run: [aa91d9697cf51cd8d08519882a84b687] rem "C:\Documents and Settings\zh\Local Settings\Temporary Internet Files\Content.IE5\KXAIK86W\jx2dl.8664.00012410[1].exe" -t 8664.00012410[1]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - IE右键菜单中的新增项目: 使用网络传送带下载 - C:\Program Files\Xi\NetXfer\NXAddLink.html
O8 - IE右键菜单中的新增项目: 使用网络传送带下载全部链接 - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - IE右键菜单中的新增项目: 收藏此页到新浪ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - IE右键菜单中的新增项目: 新浪搜索 - http://cha.sina.com.cn/ddt.html
O8 - IE右键菜单中的新增项目: 用比特精灵下载(&B) - C:\Program Files\BitSpirit\bsurl.htm
O8 - IE右键菜单中的新增项目: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/246
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A9312CA-3693-403A-B5BA-87C25B87928D}: NameServer = 211.98.4.1 211.98.2.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD3301E0-5EA6-4128-9350-73BE30EEDF9F}: NameServer = 202.96.64.68,211.98.2.4,61.235.48.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = 210.52.149.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A9312CA-3693-403A-B5BA-87C25B87928D}: NameServer = 211.98.4.1 211.98.2.4
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = 210.52.149.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = 210.52.149.2
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - C:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe

O4 - 启动项HKLM\\Run: [SigmatelSysTrayApp] rem stsystra.exe (这个我不是很清楚)
O4 - 启动项HKLM\\Run: [Net] rem C:\WINDOWS\slserve.exe
O4 - 启动项HKLM\\RunServices: [Net] C:\WINDOWS\slserve.exe
O4 - HKCU\..\Run: [aa91d9697cf51cd8d08519882a84b687] rem "C:\Documents and Settings\zh\Local Settings\Temporary Internet Files\Content.IE5\KXAIK86W\jx2dl.8664.00012410[1].exe" -t 8664.00012410[1]
建议用HijackThis修复以上

C:\WINDOWS\slserve.exe
stsystra.exe
C:\Documents and Settings\zh\Local Settings\Temporary Internet Files\Content.IE5\KXAIK86W\jx2dl.8664.00012410[1].exe
建议找到这些文件,并发到斑竹的邮箱baohelin@yahoo.com.cn  注明你在论坛的信息,方便回复
可以尝试删除这些文件,在用杀软查杀下，看能不能解决