一开机瑞星所有监控禁用，但可用瑞星查到，杀毒提示重起删除文件，试了好几次不管用！在安全模式下找到带有病毒的文件删除后，重起后又出现拉！向大虾请教，有谁知道请告诉我，等着救命呢，谢谢！

楼主请到http://forum.ikaka.com/topic.asp?board=28&artid=8105899
下载HijackThis
下载后运行HijackThis.rar,再运行HijackThis.exe
单机＂扫描日志并保存日志＂
把保存的日志复制粘贴上来．

楼主请到http://forum.ikaka.com/topic.asp?board=28&artid=8105899
下载HijackThis
下载后运行HijackThis.rar,再运行HijackThis.exe
单机＂扫描日志并保存日志＂
把保存的日志复制粘贴上来．

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
d:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\msime.exe
D:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\Rundll32.exe
C:\WINNT\system32\internat.exe
d:\program files\rising\rfw\RfwMain.exe
D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
D:\Program Files\HelloNet\HNMainUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\lw\LOCALS~1\Temp\5.exe
C:\WINNT\system32\conime.exe
C:\Program Files\stell\svchost.exe
C:\WINNT\system32\conime.exe
D:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
D:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\lw\LOCALS~1\Temp\Rar$EX00.953\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - F:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: BitComet工具栏 - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - d:\Program Files\BitComet\BitCometBar\BitCometBar0.6.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VirtualDrive] D:\Program Files\FarStone\VirtualDrive\vdtask.exe /AutoRestore /Silence
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Rundll32] C:\WINNT\Rundll32.exe
O4 - HKLM\..\Run: [_rx] C:\WINNT\command\rundll32.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - F:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - F:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - F:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - d:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\Program Files\Tencent\QQ\QQIEHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A23C8867-5344-40BE-87C9-51F6FB31766C}: NameServer = 202.99.160.68 202.99.166.4
O20 - AppInit_DLLs: KB391231M.LOG
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\Ravmond.exe

是这个日志吧，请帮忙解决，谢谢！

【回复“aqlw168168”的帖子】
C:\WINNT\system32\msime.exe
C:\WINNT\Rundll32.exe
C:\WINNT\command\rundll32.exe
C:\DOCUME~1\lw\LOCALS~1\Temp\5.exe
C:\Program Files\stell\svchost.exe
C:\WINNT\system32\conime.exe
结束以上进程。
关闭HijackThis以外的所有应用程序。

————————————

修复下列各项：
O4 - HKLM\..\Run: [Rundll32] C:\WINNT\Rundll32.exe
O4 - HKLM\..\Run: [_rx] C:\WINNT\command\rundll32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O20 - AppInit_DLLs: KB391231M.LOG
————————

重启系统。

————————
显示隐藏文件。
找到并删除下列文件：
C:\WINNT\system32\msime.exe
C:\WINNT\Rundll32.exe
C:\WINNT\command\rundll32.exe
C:\DOCUME~1\lw\LOCALS~1\Temp\5.exe
C:\Program Files\stell\svchost.exe
C:\WINNT\KB391231M.LOG

请先把如下文件发送到newcenturysun@eyou.com谢谢
C:\Program Files\stell\svchost.exe
C:\WINNT\Rundll32.exe

结束以下进程
C:\WINNT\Rundll32.exe
C:\DOCUME~1\lw\LOCALS~1\Temp\5.exe
C:\Program Files\stell\svchost.exe
修复O4 - HKLM\..\Run: [Rundll32] C:\WINNT\Rundll32.exe
O4 - HKLM\..\Run: [_rx] C:\WINNT\command\rundll32.exe
O20 - AppInit_DLLs: KB391231M.LOG
重启 计算机  删除
C:\WINNT\Rundll32.exe
C:\WINNT\Rundll32.exe
C:\Program Files\stell\svchost.exe
C:\WINNT\command\rundll32.exe
C:\WINNT\KB391231M.LOG
清空C:\DOCUME~1\lw\LOCALS~1\Temp下面所有文件

这么复杂啊！我去试试！不行再请教吧！

JV跟KN是一样的杀法吗...