屡次发现backdoor.darkhole.c病毒，文件名分别为c:\windows\system2\cpoiuyk.dll和c:\system volume information\restore(......)\a008779.dl，瑞星能杀，但不久就有，怎样有效杀之，

hijackthis 如下：
Logfile of HijackThis v1.99.1
Scan saved at 22:37:15, on 2005-10-14
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\RISING\RAV\Ravmond.exe
C:\Program Files\Rising\Rfw\rfwsrv.exe
D:\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
D:\RISING\RAV\CCENTER.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rfw\RfwMain.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\RISING\RAV\RAVTIMER.EXE
D:\RISING\RAV\RAVMON.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\RISING\RAV\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\yi\LOCALS~1\Temp\Rar$EX00.837\HijackThis.exe

R3 - URLSearchHook: BDSrchHook Class - {2C5AA40E-8814-4EB6-876E-7EFB8B3F9662} - C:\WINDOWS\DOWNLO~1\BDSrHook.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: BDHlprObj Class - {CA92B524-BC8A-4610-BD2C-6BD3E28155D0} - C:\WINDOWS\DOWNLO~1\BDHelper.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [BIE] Rundll32 C:\WINDOWS\DOWNLO~1\BDPlugin.dll,Rundll32
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RavTimer] D:\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] D:\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{DEA47EBB-6BCD-4983-906C-34CF38DF9F2B}: NameServer = 210.22.70.227 210.22.70.98
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - C:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - D:\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\RISING\RAV\Ravmond.exe

急死吾了，大虾救命

没人帮我啊  ：（（

病毒文件在系统还原的文件中，这就需要把系统还原关闭然后再杀毒。方法如下：
  鼠标右键单击“我的电脑”，打开“属性”对话框，选“系统还原”，选中“在所有驱动器上关闭系统还原”，然后点击“确定”。

R3 - URLSearchHook: BDSrchHook Class - {2C5AA40E-8814-4EB6-876E-7EFB8B3F9662} - C:\WINDOWS\DOWNLO~1\BDSrHook.dll
F2 - REG:system.ini: UserInit=userinit.exe,
这两个修复

按照大虾所说做了，希望管用
好人一生平安