求救，有类病毒一直杀不掉，各位帮忙 bbs.ikaka.com

8102581 - 2006-11-15 15:05:00

瑞星都能查到并删除，但每天都会从新出现，怎么办？？
我都把病毒扫描的日志贴上来了，大家帮忙啊

进程名称路径数值名称数值数据操作日期操作方式操作结果
C:\Program Files\Common Files\Microsoft Shared\MSINFO\Sysreme.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN r C:\WINDOWS\down\rundll32.exe 2006-11-10 16:25 修改同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD default 2006-11-13 09:42 添加同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDIT default 2006-11-13 09:42 添加同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL default 2006-11-13 09:42 添加同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDIT default 2006-11-13 09:42 添加同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDIT 打开(&O) 2006-11-13 09:42 修改同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDIT\COMMAND default 2006-11-13 09:42 添加同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDIT\COMMAND "C:\Program Files\Microsoft Office\OFFICE11\WINWOR 2006-11-13 09:42 修改同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDIT\COMMAND command 2006-11-13 09:42 修改同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDIT\DDEEXEC default 2006-11-13 09:42 添加同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDIT\DDEEXEC [REM _DDE_Direct][FileOpen("%1")] 2006-11-13 09:42 修改同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDIT\DDEEXEC\APPLICATION default 2006-11-13 09:42 添加同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDIT\DDEEXEC\APPLICATION WinWord 2006-11-13 09:42 修改同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDIT\DDEEXEC\TOPIC default 2006-11-13 09:42 添加同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDIT\DDEEXEC\TOPIC System 2006-11-13 09:42 修改同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE EXCEL default 2006-11-13 09:42 添加同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE EXCEL\SHELL\EDIT default 2006-11-13 09:42 添加同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE EXCEL\SHELL default 2006-11-13 09:42 添加同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE EXCEL\SHELL\EDIT default 2006-11-13 09:42 添加同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE EXCEL\SHELL\EDIT 打开(&O) 2006-11-13 09:42 修改同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE EXCEL\SHELL\EDIT\COMMAND default 2006-11-13 09:42 添加同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE EXCEL\SHELL\EDIT\COMMAND "C:\Program Files\Microsoft Office\OFFICE11\EXCEL. 2006-11-13 09:42 修改同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE EXCEL\SHELL\EDIT\COMMAND command 2006-11-13 09:42 修改同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE EXCEL\SHELL\EDIT\DDEEXEC default 2006-11-13 09:42 添加同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE EXCEL\SHELL\EDIT\DDEEXEC [open("%1")] 2006-11-13 09:42 修改同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE EXCEL\SHELL\EDIT\DDEEXEC\APPLICATION default 2006-11-13 09:42 添加同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE EXCEL\SHELL\EDIT\DDEEXEC\APPLICATION Excel 2006-11-13 09:42 修改同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE EXCEL\SHELL\EDIT\DDEEXEC\TOPIC default 2006-11-13 09:42 添加同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE EXCEL\SHELL\EDIT\DDEEXEC\TOPIC system 2006-11-13 09:42 修改同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE PUBLISHER default 2006-11-13 09:42 添加同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE PUBLISHER\SHELL\EDIT default 2006-11-13 09:42 添加同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE PUBLISHER\SHELL default 2006-11-13 09:42 添加同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE PUBLISHER\SHELL\EDIT default 2006-11-13 09:42 添加同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE PUBLISHER\SHELL\EDIT 打开(&O) 2006-11-13 09:42 修改同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE PUBLISHER\SHELL\EDIT\COMMAND default 2006-11-13 09:42 添加同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE PUBLISHER\SHELL\EDIT\COMMAND "C:\Program Files\Microsoft Office\OFFICE11\MSPUB. 2006-11-13 09:42 修改同意修改
HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE PUBLISHER\SHELL\EDIT\COMMAND command 2006-11-13 09:42 修改同意修改
C:\Program Files\Internet Explorer\IEXPLORE.EXE HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE EXCEL\SHELL\EDIT\DDEEXEC\TOPIC default 2006-11-13 09:48 删除同意修改
C:\Program Files\Internet Explorer\IEXPLORE.EXE HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE EXCEL\SHELL\EDIT\DDEEXEC\APPLICATION default 2006-11-13 09:48 删除同意修改
C:\Program Files\Internet Explorer\IEXPLORE.EXE HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE EXCEL\SHELL\EDIT\DDEEXEC default 2006-11-13 09:48 删除同意修改
C:\Program Files\Internet Explorer\IEXPLORE.EXE HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE EXCEL\SHELL\EDIT\COMMAND default 2006-11-13 09:48 删除同意修改
C:\Program Files\Internet Explorer\IEXPLORE.EXE HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE EXCEL\SHELL\EDIT default 2006-11-13 09:48 删除同意修改
C:\Program Files\Internet Explorer\IEXPLORE.EXE HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE EXCEL\SHELL default 2006-11-13 09:48 删除同意修改
C:\Program Files\Internet Explorer\IEXPLORE.EXE HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE EXCEL default 2006-11-13 09:48 删除同意修改
C:\Program Files\Internet Explorer\IEXPLORE.EXE HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE PUBLISHER\SHELL\EDIT\COMMAND default 2006-11-13 09:48 删除同意修改
C:\Program Files\Internet Explorer\IEXPLORE.EXE HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE PUBLISHER\SHELL\EDIT default 2006-11-13 09:48 删除同意修改
C:\Program Files\Internet Explorer\IEXPLORE.EXE HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE PUBLISHER\SHELL default 2006-11-13 09:48 删除同意修改
C:\Program Files\Internet Explorer\IEXPLORE.EXE HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE PUBLISHER default 2006-11-13 09:48 删除同意修改
C:\Program Files\Internet Explorer\IEXPLORE.EXE HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDIT\DDEEXEC\TOPIC default 2006-11-13 09:48 删除同意修改
C:\Program Files\Internet Explorer\IEXPLORE.EXE HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDIT\DDEEXEC\APPLICATION default 2006-11-13 09:48 删除同意修改
C:\Program Files\Internet Explorer\IEXPLORE.EXE HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDIT\DDEEXEC default 2006-11-13 09:48 删除同意修改
C:\Program Files\Internet Explorer\IEXPLORE.EXE HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDIT\COMMAND default 2006-11-13 09:48 删除同意修改
C:\Program Files\Internet Explorer\IEXPLORE.EXE HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDIT default 2006-11-13 09:48 删除同意修改
C:\Program Files\Internet Explorer\IEXPLORE.EXE HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL default 2006-11-13 09:48 删除同意修改
C:\Program Files\Internet Explorer\IEXPLORE.EXE HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD default 2006-11-13 09:48 删除同意修改
C:\DOCUME~1\new\LOCALS~1\Temp\is-4D1VO.tmp\jbwb_cns_yassist.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN helper.dll C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\ 2006-11-13 11:41 修改同意修改
C:\DOCUME~1\new\LOCALS~1\Temp\is-4D1VO.tmp\jbwb_cns_yassist.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN YLive.exe C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe 2006-11-13 11:41 修改同意修改
C:\DOCUME~1\new\LOCALS~1\Temp\is-4D1VO.tmp\jbwb_cns_yassist.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN CnsMin Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll 2006-11-13 11:42 修改同意修改
C:\DOCUME~1\new\LOCALS~1\Temp\is-1PI9D.tmp\is-SU0FF.tmp HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Thunder "C:\Program Files\Thunder Network\Thunder\Thunder. 2006-11-14 08:59 修改同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN CTFMON.EXE C:\WINDOWS\system32\CTFMON.EXE 2006-11-14 13:20 修改同意修改
C:\WINDOWS\system32\CTFMON.EXE HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN ctfmon.exe C:\WINDOWS\system32\ctfmon.exe 2006-11-14 13:26 修改同意修改

8102581 - 2006-11-15 15:06:00

病毒名称处理结果发现日期扫描方式路径文件病毒来源
Trojan.PSW.Lmir.lnr删除成功2006-11-08 15:55手动扫描C:\WINDOWS\system3211.LOG本机
Trojan.PSW.ZhengTu.qf删除成功2006-11-08 15:58手动扫描C:\WINDOWS\system32Systemf.exe本机
Trojan.DL.Direct.ds删除成功2006-11-08 15:58手动扫描C:\WINDOWS\system32SysDema.exe本机
Trojan.Agent.xpg删除成功2006-11-08 15:58手动扫描C:\WINDOWS\system32SysDemb.exe本机
Trojan.DL.Direct.ds删除成功2006-11-08 16:02手动扫描C:\Program Files\Common Files\Microsoft Shared\MSInforehtemp.exe本机
Trojan.DL.Direct.dn删除成功2006-11-08 16:02手动扫描C:\Program Files\Common Files\Microsoft Shared\MSInfosvchost.exe>>Mew1.1本机
Trojan.DL.Agent.yoq删除成功2006-11-08 16:05手动扫描C:\Program Files\Internet Explorer\PLUGINSnppdf.dll本机
Trojan.DL.Agent.yoq重新启动计算机后删除文件2006-11-08 16:05手动扫描C:\Program Files\Internet Explorer\PLUGINSnppdfx.dll本机
Trojan.PSW.Delf.egt删除成功2006-11-08 16:08手动扫描C:\Program Files\Microsoftsvhost32.exe本机
Trojan.PSW.ZhengTu.qk删除成功2006-11-08 16:11手动扫描C:\FOUND.001FILE0001.CHK本机
RootKit.Vanti.mn删除成功2006-11-08 16:11手动扫描C:\FOUND.001FILE0002.CHK>>Mian007本机
Trojan.PSW.WoWar.qa删除成功2006-11-08 16:11手动扫描C:\FOUND.001FILE0003.CHK本机
RootKit.Vanti.mn删除成功2006-11-08 16:11手动扫描C:\FOUND.001FILE0004.CHK>>Mian007本机
Rootkit.Vanti.nb删除成功2006-11-08 16:11手动扫描C:\FOUND.001FILE0005.CHK本机
Trojan.PSW.QQRobber.ajh删除成功2006-11-08 16:12手动扫描D:\Program Files\QQ20052A1D0905.EXE>>Unpack本机
Trojan.DL.Direct.eg清除成功2006-11-13 16:07手动扫描smss.exe>>C:\Program Files\Common Files\Microsoft Shared\MSINFO\smss.exe本机
Trojan.PSW.XYOnline.fk删除成功2006-11-13 16:12手动扫描C:\WINDOWS\system32xydll.dll>>Mian007a本机
Trojan.PSW.ZhengTu.tq重新启动计算机后删除文件2006-11-13 16:12手动扫描C:\WINDOWS\system32ztdll.dll本机
Trojan.DL.Direct.eg删除成功2006-11-13 16:26手动扫描C:\Program Files\Common Files\Microsoft Shared\MSInfosmss.exe本机
Trojan.PSW.QQPass.qrg删除成功2006-11-13 16:26手动扫描C:\Program Files\Common Files\Microsoft Shared\MSInfoSysremc.exe>>Mian007a本机
Trojan.PSW.WoWar.rq删除成功2006-11-13 16:26手动扫描C:\Program Files\Common Files\Microsoft Shared\MSInfomymsok.dll>>Mian007a本机
Trojan.PSW.QQPass.qrg删除成功2006-11-13 16:30手动扫描C:\Program Files\Internet Explorer\PLUGINSsystem.jmp>>Mian007a本机
Trojan.PSW.XYOnline.fk删除成功2006-11-14 09:31手动扫描C:\WINDOWS\system32xydll.dll>>Mian007a本机
Trojan.PSW.JHOnline.ewj清除成功2006-11-15 09:06手动扫描rundll32.exe>>C:\WINDOWS\down\rundll32.exe本机
Trojan.PSW.XYOnline.fk删除成功2006-11-15 09:09手动扫描C:\WINDOWS\system32xydll.dll>>Mian007a本机
Trojan.PSW.JHOnline.ewj删除成功2006-11-15 09:18手动扫描C:\WINDOWS\downrundll32.exe>>Mian007a本机
Trojan.PSW.JHOnline.ewj删除成功2006-11-15 09:19手动扫描C:\Program Files\Common Files\Microsoft Shared\MSInfoSysreme.exe>>Mian007a本机
Trojan.PSW.XYOnline.fk删除成功2006-11-15 12:12屏保扫描C:\WINDOWS\system32xydll.dll>>Mian007a本机

瑞星卡卡安全论坛