1.我中了病毒，会弹出网页，还有有时候会让你IE掉线
2.反复杀过，安全模式下也杀过，瑞星最新版本，但每次重新启动后都会再出现
到底怎么办啊
病毒名字
Backdoor.Eighten.a
Trojan.Clicker.Agent.acw
Trojan.DL.Edodo.a
Backdoor.Agent.dbv
Dropper.Misc.an
Trojan.PSW.QQPass.pqb
Trojan.Clicker.Agent.acw
Trojan.DL.Edodo.a
Backdoor.Agent.dbv
Dropper.Misc.an
Trojan.PSW.QQPass.pqb
Trojan.Clicker.Agent.adi
Backdoor.Eighten.a
Trojan.DL.Agent.amw
Trojan.DL.Agent.kng
Trojan.DL.Agent.htv
Trojan.VB.uzu
Trojan.Clicker.Agent.acw
Trojan.Clicker.Agent.adi
Trojan.Clicker.Agent.acw
Trojan.DL.Edodo.a
Backdoor.Agent.dbv
Trojan.PSW.QQPass.pqb
Dropper.Misc.an
Trojan.DL.Agent.kng
Trojan.Clicker.Agent.aco
Trojan.Clicker.Agent.ado
Trojan.Delf.azf
Dropper.Delf.axs
Trojan.Agent.djp
Trojan.Clicker.vbt
Trojan.DL.Agent.kij
Dropper.Agent.bmg
Dropper.Agent.bmg
Trojan.Clicker.Delf.it
Backdoor.Agent.brr
Backdoor.Eighten.a
Trojan.DL.Agent.jny
Trojan.Clicker.Agent.wt
Trojan.Clicker.Agent.acd
Trojan.Clicker.Agent.acd
Trojan.Delf.azf
Trojan.Spy.Agent.bfl
Trojan.DL.Agent.kij
Trojan.PSW.QQPass.pqb
Trojan.Clicker.Agent.ws
Dropper.Agent.bmg
Trojan.Clicker.Delf.di
Trojan.Clicker.Agent.ads
Trojan.Clicker.Agent.ads
Trojan.DL.Small.mih
Trojan.DL.Small.bgq
Trojan.Clicker.Qhost.i
Trojan.Clicker.Qhost.i
Trojan.Clicker.Qhost.i
Trojan.PSW.QQPass.pqb
Dropper.Misc.at
Trojan.DL.Adload.lv
Trojan.VB.uzu
Trojan.Clicker.Agent.adi
Dropper.FreshBind.20
Trojan.PSW.QQPass.pqb
Trojan.PSW.QQPass.pqb
Dropper.Agent.cwq
Dropper.FreshBind.20
Trojan.PSW.QQPass.pqb
Trojan.VB.uzu
Dropper.Agent.bmg
Dropper.Agent.bmg
Trojan.DL.Agent.kij
Trojan.Clicker.Delf.di
Trojan.DL.Adload.lv
Trojan.VB.uzu
Trojan.Clicker.Agent.adi
Trojan.DL.Agent.kij
Dropper.Agent.bmg
Dropper.Agent.bmg
Trojan.DL.Agent.kij
Trojan.Clicker.Delf.di
Dropper.Misc.at
Trojan.DL.Adload.lv
Trojan.VB.uzu
Trojan.Clicker.Agent.adi
Trojan.DL.Small.mih
Trojan.DL.Small.bgq
Trojan.DL.Delf.ccr
Dropper.Agent.bmg
Dropper.Misc.at
Dropper.Agent.bmg
Trojan.VB.uzu
Trojan.ZSKiller.a
另外，用橙色八月杀毒杀出3个未知病毒，路径为D:\SKE\FSK.DLL
日志在下面！！！！请看一下谢谢

现在连瑞星监控也打不开！

帖上杀软杀出的病毒文件名和路径~~

另,用HJ扫个日志

唉，兄弟你也和我一样啊，受苦中。。。。我刚在安全那边发了个求组帖，我也折腾一晚上了。。！

Logfile of Kaka v2. 0. 0. 9 Scan Module v2. 0. 0. 1
Scan saved at 07:57:02, on 2006-08-20
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))


Running processes:
[csrss.exe]
CommandLine = C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[winlogon.exe]
CommandLine = winlogon.exe

[services.exe]
CommandLine = C:\WINDOWS\system32\services.exe

[lsass.exe]
CommandLine = C:\WINDOWS\system32\lsass.exe

[mscorsvw.exe]
CommandLine = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

[nvsvc32.exe]
CommandLine = C:\WINDOWS\system32\nvsvc32.exe

[alg.exe]
CommandLine = C:\WINDOWS\System32\alg.exe

[SOUNDMAN.EXE]
CommandLine = "C:\WINDOWS\SOUNDMAN.EXE"

[ctfmon.exe]
CommandLine = "C:\WINDOWS\system32\ctfmon.exe"

[msnmsgr.exe]
CommandLine = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[DuDuAcc.exe]
CommandLine = "C:\Program Files\DuDu\DddClient\DuDuAcc.exe"  /m1

[dudupros.exe]
CommandLine = "C:\Program Files\DuDu\DddClient\dudupros.exe"

[RavMon.exe]
CommandLine = "C:\Program Files\rising\Rav\RavMon.exe"

[TrojanAssistant.exe]
CommandLine = "D:\ske\TrojanAssistant.exe"

[Thunder5.exe]
CommandLine = "F:\迅雷\Program\Thunder5.exe" /s /192.168.1.2as-02b549d53c097F2

[Rav.exe]
CommandLine = "C:\Program Files\rising\Rav\Rav.exe"

[RsAgent.exe]
CommandLine = "C:\Program Files\rising\Rav\RsAgent.exe"

[agentsvr.exe]
CommandLine = C:\WINDOWS\msagent\AgentSvr.exe -Embedding

[MagicSet.exe]
CommandLine = "E:\Program Files\Super Rabbit\MagicSet\MagicSet.exe"

[conime.exe]
CommandLine = C:\WINDOWS\system32\conime.exe

[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k BITS32

[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k RpcSs32

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k rpcss

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k LocalService

[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k netsvcs

[explorer.exe]
CommandLine = C:\WINDOWS\explorer.exe

[spoolsv.exe]
CommandLine = C:\WINDOWS\system32\spoolsv.exe

[srsi.exe]
CommandLine = "E:\Program Files\Super Rabbit\MagicSet\srsi.exe" /SHELL

[VirusKiller.com]
CommandLine = "D:\下载文件\VirusKiller.com"

[IEXPLORE.EXE]
CommandLine = "C:\Program Files\Internet Explorer\iexplore.exe"

[RsLogVw.exe]
CommandLine = "C:\Program Files\rising\Rav\RsLogVw.exe"

[EXCEL.EXE]
CommandLine = "C:\Program Files\Microsoft Office\Office\EXCEL.EXE"  /e

[KkScan.exe]
CommandLine = "C:\Program Files\Rising\KakaToolBar\KkScan.exe"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.nb46.com/
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: Shockwave Flash Object - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} - C:\WINDOWS\system32\smflash.ocx
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} -  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO: DDDMon Class - {6BDE1669-B490-48E3-B668-456314F2D6C3} - C:\Program Files\DuDu\DddClient\dddiemon.dll (file missing)
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO:  (file missing)
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Thunder] "F:\迅雷\Thunder.exe" /s
O4 - HKLM\..\RunOnce: [Super Rabbit Winspeed] "E:\Program Files\Super Rabbit\MagicSet\winspeed.exe" /autokill:148,147,142,138,137,131,130
O4 - Startup: desktop.ini =
O4 - Startup: office文件检索.exe =
O4 - Startup: 腾讯QQ.lnk = E:\QQ\QQ.exe
O4 - Global Startup: desktop.ini =
O4 - Global Startup: DuDu下载加速器.lnk = C:\Program Files\DuDu\DddClient\DuDuAcc.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用迅雷下载 - F:\迅雷\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - F:\迅雷\Program\GetAllUrl.htm
O9 - Extra Button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra Button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - Extra Button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra Button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191}? -  (file missing)
O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191}? -  (file missing)
O9 - Extra Button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra Button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra Button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\cdnns.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\wshcon32.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\wshcon32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131027917515
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Filter : application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll
O18 - Filter : application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll
O18 - Filter : application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mbox - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - (no file)
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - C:\WINDOWS\webwork\webwork.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\rising\Rav\CCenter.exe"
O23 - Service: Svchost Service For Windows (svchost) - Microsoft Corporation - C:\WINDOWS\svchost.exe
O23 - Service: User Privilege Service (usprserv) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\rising\Rav\Ravmond.exe"

D:\ske\TrojanAssistant.exe(这是你装的什么软件?,既然已经报毒,就卸了吧~)

修复下面的项
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.nb46.com/
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
以及结尾处有(file missing)的项,一同修复


O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - C:\WINDOWS\webwork\webwork.dll(据说,这个程序可以在控制面板的 添加删除程序 中卸载,如果有最好,如没有卸载程序,则修复,并删除C:\WINDOWS\webwork

下面这个可能是鸽子,(就算不是,也绝对是个后门程序~)
O23 - Service: Svchost Service For Windows (svchost) - Microsoft Corporation - C:\WINDOWS\svchost.exe

开始  》 运行 》输入  Regedit.exe  》确定
打开注册表编辑器，定位到HKEY_LOCAL_MACHINE\ SYSTEM \ CURRENTCONTROLSET \

SERVICES分支，删除左栏中的病毒服务名svchost

重启系统

打开 我的电脑》工具》文件夹选项》查看》显示所有文件，不隐藏受保护的操作系统文件》确定
我的电脑》工具》文件夹选项》查看》去掉“隐藏已知文件类型的扩展名”前的勾
查找并删除以下文件

C:\WINDOWS\svchost.exe
C:\WINDOWS\svchost.dll
等等,在这个文件夹中(其它文件夹中的暂时不要动),所有以svchost为主文件名的文件

完成后,重启系统,再扫个日志

我帮你顶以下

另一个,
我要看的不只是杀软给这些病毒定义的名字(如Dropper.Agent.bmg)
,还有它查出来的,在你电脑里的病毒文件名,和它的路径~~~(如,C:\WINDOWS\svchost.exe)
(因为,它很有可能会隐藏在临时文件夹和还原文件里,而杀软好像对这些地方的处理,经常是忽略的)

大哥快来
我现在来不及了，刚重启病毒和垃圾软件又来了
瑞星开不起来了
我现在把注册表的那个改了，webwork的3了
怎么办啊！！安全模式下启动瑞星也没有用

系统已经崩溃，进不去了，放弃了