说重起自动删除~~~重起一查还是有!!!!!!!!!!!怎么回事~~在线等!!![img][/img]
ksld.sys
还有c[1].gif
这是什么病毒怎么杀不了！！！！！！！！！！！！！！
我买的你们产品不会一点用没有吧？？？
我的版本18.40.42

自己顶!!快回复!!!!

lz语气不要那么冲嘛,
我遇到同样的问题,
大家一起想办法解决好了.

http://forum.ikaka.com/topic.asp?board=28&artid=8149710

[天问何来]大人说的那个是什么软件啊?

不是冲~~~以前碰到过~~还不是这种病毒~~说重起删除~还是没用~~结果重装的系统~~这次还一样!我真不想说CAO*****!!!叫他们自己想去!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

嗯,我也是想问题能够快点得到解决,
搜了一下,这里有那个软件的介绍,
http://it.rising.com.cn/newSite/Channels/Safety/SafetyResourse/Safe_Foundation/200408/03-160816226.htm

顺便把我的用这软件扫描的结果发上来,
请高手们帮帮忙吧,谢谢


Logfile of HijackThis v1.99.1
Scan saved at 20:21:04, on 2006-8-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\Program Files\MSNShell\BIN\MSNShell.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
E:\Program Files\BitComet\BitComet.exe
C:\Program Files\Rising\Rav\Rav.exe
E:\Program Files\Maxthon\maxthon.exe
C:\WINDOWS\system32\PYINTAU.EXE
C:\Documents and Settings\Administrator\桌面\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4827.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\PROGRA~1\Maxthon\FlashGet\jccatch.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: Letscool System Helper - {F0C15012-7DBD-4068-95A2-0A82DB03AC35} - C:\WINDOWS\system32\CoolBho.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\Maxthon\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [StormCodec_Helper] "e:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [rundll32] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP002.TMP\LOOKHO~1.EXE
O4 - HKLM\..\Run: [LetsCool] C:\Program Files\LetsCool\LetsCool.exe
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSNShell] C:\Program Files\MSNShell\BIN\MSNShell.exe autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: foobar2000.lnk = E:\Program Files\foobar2000\foobar2000.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 使用BitComet下载全部链接 - res://C:\Documents and Settings\Administrator\桌面\BitComet\BitCometBeta.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下载链接(&B) - res://C:\Documents and Settings\Administrator\桌面\BitComet\BitCometBeta.exe/AddLink.htm
O8 - Extra context menu item: 使用网际快车下载 - E:\Program Files\Maxthon\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\Program Files\Maxthon\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 设为 Messenger Live 头像 - C:\Program Files\MSNShell\BIN\SetMSNDP.htm
O8 - Extra context menu item: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - Extra button: 免费精彩视频超流畅在线观看 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 播霸电视 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Program Files\MSNShell\Bin\MSNShell.exe
O9 - Extra 'Tools' menuitem: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Program Files\MSNShell\Bin\MSNShell.exe
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\Maxthon\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\Maxthon\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [CDNCLIENT]  中文上网
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {7260569F-1D40-4E7F-B95B-2E68D35668B9} (MofileUploadX Control) - http://www.mofile.com/activex/UploadFX.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: kevsve - Unknown owner - C:\Program Files\Jave\Server.exe
O23 - Service: Network Logon (NetWorkLogon) - Unknown owner - rundll32.exe (file missing)
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Windows Login (Windows Login Service) - Unknown owner - C:\WINDOWS\winlogin.exe

O9 - Extra button: 免费精彩视频超流畅在线观看 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 播霸电视 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Program Files\MSNShell\Bin\MSNShell.exe
O9 - Extra 'Tools' menuitem: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Program Files\MSNShell\Bin\MSNShell.exe
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\Maxthon\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\Maxthon\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [CDNCLIENT] 中文上网
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {7260569F-1D40-4E7F-B95B-2E68D35668B9} (MofileUploadX Control) - http://www.mofile.com/activex/UploadFX.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: kevsve - Unknown owner - C:\Program Files\Jave\Server.exe
O23 - Service: Network Logon (NetWorkLogon) - Unknown owner - rundll32.exe (file missing)
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Windows Login (Windows Login Service) - Unknown owner - C:\WINDOWS\winlogin.exe
这都什么乱七八糟的????????????????????????\
你用超级兔子或者360安全卫士先查一下!!!!

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

回复 ICEBO

重启到安全模式下~
清空临时文件夹~
IE》属性》删除文件（包括脱机文件）》确定

修复下面的项
O4 - HKLM\..\Run: [rundll32] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP002.TMP\LOOKHO~1.EXE
O4 - HKLM\..\Run: [LetsCool] C:\Program Files\LetsCool\LetsCool.exe
O20 - Winlogon Notify: WBSrv - E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

O23 - Service: Network Logon (NetWorkLogon) - Unknown owner - rundll32.exe (file missing)

打开 我的电脑》工具》文件夹选项》查看》显示所有文件，不隐藏受保护的操作系统文件》确定
我的电脑》工具》文件夹选项》查看》去掉“隐藏已知文件类型的扩展名”前的勾

查找并删除以下文件
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP002.TMP\LOOKHO~1.EXE
C:\Program Files\LetsCool\LetsCool.exe
C:\Program Files\LetsCool
E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

下面再对付这两个
O23 - Service: kevsve - Unknown owner - C:\Program Files\Jave\Server.exe
O23 - Service: Windows Login (Windows Login Service) - Unknown owner - C:\WINDOWS\winlogin.exe

开始  》 运行 》输入  Regedit.exe  》确定
打开注册表编辑器，定位到HKEY_LOCAL_MACHINE\ SYSTEM \ CURRENTCONTROLSET \ SERVICES分支，删除左栏中的病毒服务名 kevsve 和Windows Login Service

重启系统

显示所有文件(前面你已经操作过了,所以这一步可以过~)

查找并删除以下文件
C:\Program Files\Jave\Server.exe(如果在同一文件夹下有同名的DLL文件,如Server.dll 也一并删除)
C:\WINDOWS\winlogin.exe(以及该文件夹下(不包括子文件夹)以winlogin为主文件名的文件,如winloginkey.dll  winlogin.dll等文件,也一并删~)

360安全卫士~~~
唉~~