我按照你们的手工杀毒法走,可是我找不到你们说所说的那个文件.现开只要一开机瑞星防火墙就会不停的跳出病毒来.我手工毒根本连文件都找不到.

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\regsvc.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
E:\Recycled\systrey.exe
C:\Program Files\FZZX\systrey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
c:\program files\rising\rfw\RfwMain.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\FZZX\systruy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Administrator\桌面\4842302005817230232\HijackThis1991zww.exe
R3 - URLSearchHook: Tencent Url Search Hook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\WINNT\Downloaded Program Files\TBHMain.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 218.5.76.51 ctt900.com
O1 - Hosts: 218.5.76.51 www.ctt900.com
O1 - Hosts: 218.5.76.51 ctt900.com
O1 - Hosts: 218.5.76.51 www.ctt900.com
O1 - Hosts: 218.5.76.51 zhao123.com
O1 - Hosts: 218.5.76.51 www.zhao123.com
O1 - Hosts: 218.5.76.51 zhao123.com
O1 - Hosts: 218.5.76.51 www.zhao123.com
O1 - Hosts: 218.5.76.51 4399.com
O1 - Hosts: 218.5.76.51 www.4399.com
O1 - Hosts: 218.5.76.51 4399.com
O1 - Hosts: 218.5.76.51 www.4399.com
O1 - Hosts: 218.5.76.51 chinagames.net
O1 - Hosts: 218.5.76.51 www.chinagames.net
O1 - Hosts: 218.5.76.51 chinagames.net
O1 - Hosts: 218.5.76.51 www.chinagames.net
O1 - Hosts: 218.5.76.51 tiexue.net
O1 - Hosts: 218.5.76.51 www.tiexue.net
O1 - Hosts: 218.5.76.51 tiexue.net
O1 - Hosts: 218.5.76.51 www.tiexue.net
O1 - Hosts: 218.5.76.51 qq163.com
O1 - Hosts: 218.5.76.51 www.qq163.com
O1 - Hosts: 218.5.76.51 qq163.com
O1 - Hosts: 218.5.76.51 www.qq163.com
O1 - Hosts: 218.5.76.51 flashmi.net
O1 - Hosts: 218.5.76.51 www.flashmi.net
O1 - Hosts: 218.5.76.51 flashmi.net
O1 - Hosts: 218.5.76.51 www.flashmi.net
O1 - Hosts: 218.5.76.51 chinamp3.com
O1 - Hosts: 218.5.76.51 www.chinamp3.com
O1 - Hosts: 218.5.76.51 chinamp3.com
O1 - Hosts: 218.5.76.51 www.chinamp3.com
O1 - Hosts: 218.5.76.51 pg168.com
O1 - Hosts: 218.5.76.51 www.pg168.com
O1 - Hosts: 218.5.76.51 pg168.com
O1 - Hosts: 218.5.76.51 www.pg168.com
O1 - Hosts: 218.5.76.51 yymp3.com
O1 - Hosts: 218.5.76.51 www.yymp3.com
O1 - Hosts: 218.5.76.51 yymp3.com
O1 - Hosts: 218.5.76.51 www.yymp3.com
O1 - Hosts: 218.5.76.51 yy138.com
O1 - Hosts: 218.5.76.51 www.yy138.com
O1 - Hosts: 218.5.76.51 yy138.com
O1 - Hosts: 218.5.76.51 www.yy138.com
O1 - Hosts: 218.5.76.51 dj99.com
O1 - Hosts: 218.5.76.51 www.dj99.com
O1 - Hosts: 218.5.76.51 dj99.com
O1 - Hosts: 218.5.76.51 www.dj99.com
O1 - Hosts: 218.5.76.51 sogua.com
O1 - Hosts: 218.5.76.51 www.sogua.com
O1 - Hosts: 218.5.76.51 sogua.com
O1 - Hosts: 218.5.76.51 www.sogua.com
O1 - Hosts: 218.5.76.51 snsn.net
O1 - Hosts: 218.5.76.51 www.snsn.net
O1 - Hosts: 218.5.76.51 snsn.net
O1 - Hosts: 218.5.76.51 www.snsn.net
O1 - Hosts: 218.5.76.51 flash8.net
O1 - Hosts: 218.5.76.51 www.flash8.net
O1 - Hosts: 218.5.76.51 flash8.net
O1 - Hosts: 218.5.76.51 www.flash8.net
O1 - Hosts: 218.5.76.51 mop.com
O1 - Hosts: 218.5.76.51 www.mop.com
O1 - Hosts: 218.5.76.51 mop.com
O1 - Hosts: 218.5.76.51 www.mop.com
O1 - Hosts: 218.5.76.51 tianyaclub.com
O1 - Hosts: 218.5.76.51 www.tianyaclub.com
O1 - Hosts: 218.5.76.51 tianyaclub.com
O1 - Hosts: 218.5.76.51 www.tianyaclub.com
O1 - Hosts: 218.5.76.51 xici.net
O1 - Hosts: 218.5.76.51 www.xici.net
O1 - Hosts: 218.5.76.51 xici.net
O1 - Hosts: 218.5.76.51 www.xici.net
O1 - Hosts: 218.5.76.51 ucanlove.com
O1 - Hosts: 218.5.76.51 www.ucanlove.com
O1 - Hosts: 218.5.76.51 ucanlove.com
O1 - Hosts: 218.5.76.51 www.ucanlove.com
O1 - Hosts: 218.5.76.51 cmfu.com
O1 - Hosts: 218.5.76.51 www.cmfu.com
O1 - Hosts: 218.5.76.51 cmfu.com
O1 - Hosts: 218.5.76.51 www.cmfu.com
O1 - Hosts: 218.5.76.51 21red.net
O1 - Hosts: 218.5.76.51 www.21red.net
O1 - Hosts: 218.5.76.51 21red.net
O1 - Hosts: 218.5.76.51 www.21red.net
O1 - Hosts: 218.5.76.51 pconline.com.cn
O1 - Hosts: 218.5.76.51 www.pconline.com.cn
O1 - Hosts: 218.5.76.51 pconline.com.cn
O1 - Hosts: 218.5.76.51 www.pconline.com.cn
O1 - Hosts: 218.5.76.51 donews.com
O1 - Hosts: 218.5.76.51 www.donews.com
O1 - Hosts: 218.5.76.51 donews.com
O1 - Hosts: 218.5.76.51 www.donews.com
O1 - Hosts: 218.5.76.51 pcauto.com.cn
O1 - Hosts: 218.5.76.51 www.pcauto.com.cn
O1 - Hosts: 218.5.76.51 pcauto.com.cn
O1 - Hosts: 218.5.76.51 www.pcauto.com.cn
O1 - Hosts: 218.5.76.51 265.com
O1 - Hosts: 218.5.76.51 www.265.com
O1 - Hosts: 218.5.76.51 265.com
O1 - Hosts: 218.5.76.51 www.265.com
O1 - Hosts: 218.5.76.51 wo99.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\WINNT\Downloaded Program Files\TBHMain.dll
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: Router Layer - {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} - C:\WINNT\System32\aclayer.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\YiSou\yisoub.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - IE工具栏增项: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - IE工具栏增项: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\YiSou\yisou.dll
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - 启动项HKLM\\Run: [Install Alitalk] C:\WINNT\temp\alitalk\alitalk.exe -hideframe
O4 - 启动项HKLM\\Run: [login] C:\Program Files\FZZX\systrey.exe
O4 - 启动项HKLM\\Run: [helper.dll] C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - 启动项HKLM\\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [CnsMin] Rundll32.exe C:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32
O4 - 启动项HKLM\\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\RunServices: [] C:\Program Files\FZZX\systrey.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINNT\system32\DrvMon.exe
O4 - Startup: hosts.exe
O8 - IE右键菜单中的新增项目: !搜一搜(&S) - res://C:\Program Files\YiSou\yisou.dll/232
O8 - IE右键菜单中的新增项目: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - IE右键菜单中的新增项目: 反向链接 - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - IE右键菜单中的新增项目: 类似网页 - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - IE右键菜单中的新增项目: 缓存的网页快照 - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - IE右键菜单中的新增项目: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm

O9 - 浏览器额外的按钮: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_changcheng_66125 (file missing)
O9 - 浏览器额外的按钮: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - 浏览器额外的“工具”菜单项: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - 浏览器额外的按钮: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: (no name) - {745DBD89-EE6C-4787-B874-5400497CBD2D} - (no file)
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\cdnns.dll
O11 - Options group: [CDNCLIENT]  中文上网
O11 - Options group: [TBH] QQ地址栏搜索
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://www2.huvod.net/plugin/PowerPlr.ocx
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/aliedit.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprotect.net/nprotect/wemade/npx.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3BF9C29-5F89-42FD-8F4D-30D62FB8CA0D}: NameServer = 61.130.254.34,61.130.254.35
O18 - 列举现有的协议: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINNT\system32\mbprot.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - NT 服务: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - NT 服务: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: pms (Portable Media Serial) - Unknown owner - C:\WINNT\svchost.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

好像就是svchost.exe
这个东西,

重新启动到安全模式（进入安全模式的方法:重新启动电脑, 开机自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。）

开始→控制面板→性能和维护→管理工具→服务→查找pms (Portable Media Serial)→右击→属性→启动类型→禁止→应用→停止→确定。

请关闭所有IE界面，重新使用HijackThis扫描一次，选中下面建议修复的项目，让HijackThis修复，修复前请允许HijackThis保留备份。（如果楼主知道是安全的可以不必勾选）
F2 - REG:system.ini: UserInit=userinit.exe,

所有01项

O2 - BHO: Router Layer - {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} - C:\WINNT\System32\aclayer.dll (file missing)
O4 - 启动项HKLM\\Run: [Install Alitalk] C:\WINNT\temp\alitalk\alitalk.exe -hideframe
O4 - 启动项HKLM\\Run: [login] C:\Program Files\FZZX\systrey.exe（如果不是您安装的，请修复）
O4 - 启动项HKLM\\RunServices: [] C:\Program Files\FZZX\systrey.exe
O4 - Startup: hosts.exe
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://www2.huvod.net/plugin/PowerPlr.ocx
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprotect.net/nprotect/wemade/npx.cab
O18 - 列举现有的协议: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINNT\system32\mbprot.dll
O23 - NT 服务: pms (Portable Media Serial) - Unknown owner - C:\WINNT\svchost.exe

然后打开我的电脑→再点工具→打开文件夹选项→查看→把隐藏受保护的系统文件（推荐）和隐藏已知文件类型的扩展名的勾去掉→再显示所有文件→找到以下文件并删除：(如果有的话)
C:\WINNT\system32\mbprot.dll
E:\Recycled\systrey.exe
C:\WINNT\svchost.exe
C:\WINNT\svchost.dll
C:\WINNT\svchost_hook.dll
C:\WINNT\svchostkey.dll
删除文件夹C:\WINNT\temp\alitalk
删除文件夹C:\Program Files\FZZX

那瑞星杀毒都打不开了怎么办啊???我重装过好多次了没用,打不开.

杀毒后您可以再次重装看看，如果问题仍在建议您到在线技术支持问问...

有灰鸽子专杀软件 你可以下一个 非常好用的

我已经杀掉了可是又中了别的病毒.每次瑞星都说杀掉了.可是重启又有了

【回复“我是牙牙”的帖子】
建议您扫个日志上来并把病毒名及路径贴上来...