看上去很象那个飘雪的病毒，不过是变种啊，瑞星弄不掉．注册表找到了也弄不掉，我快疯了．．．．．．．．．．．．，yfxbyg34.sys，这个就是病毒文件，怎么也弄不掉，安全模式也不行，谁帮帮我吧，求求各位了

C:\WINDOWS\system32\drivers
就在这里

启动项目


注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(IMJPMIG8.1)("C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32) [(Verified)Microsoft Corporation]
(RavTask)("C:\Program Files\Rising\Rav\RavTask.exe" -system) [Beijing Rising Technology Co., Ltd.]
(RfwMain)("C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup) [Beijing Rising Technology Co., Ltd.]
(NvCplDaemon)(RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup) [(Verified)NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
(RavStub)("C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE) [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Corporation]
(Userinit)(UserInit.exe,) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(UIHost)(logonui.exe) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({D157330A-9EF3-49F8-9A67-4141AC41ADD4})() [N/A]
({32CD708B-60A7-4C00-9377-D73EAA495F0F})(C:\WINDOWS\system32\RavExt.dll) [Beijing Rising Technology Co., Ltd.]
({08315C1A-9BA9-4B7C-A432-26885F78DF28})(C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp) [N/A]
({DD7D4640-4464-48C0-82FD-21338366D2D2})(C:\Program Files\Internet Explorer\InfoMs.tdm) [N/A]
({9915CFD1-6B7D-4AC5-ABAC-136924579E91})(C:\Program Files\Internet Explorer\PLUGINS\system.sys) [N/A]
({1A404685-7563-4d02-B0F6-58B308A406A9})(c:\program files\rising\rfw\jcjhpwfd.dll) [N/A]




--------------------------------------------------------------------------------

启动文件夹

N/A



--------------------------------------------------------------------------------



服务

[Human Interface Device Access / HidServ]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A)
[JMediaService / JMediaService]
(C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\MMSASS~1\MMSSVER.DLL,Service)(Microsoft Corporation)
[NVIDIA Display Driver Service / NVSvc]
(C:\WINDOWS\system32\nvsvc32.exe)(NVIDIA Corporation)
[Rising Proxy Service / RfwProxySrv]
(c:\program files\rising\rfw\rfwproxy.exe)(Beijing Rising Technology Co., Ltd.)
[Rising Personal Firewall Service / RfwService]
(c:\program files\rising\rfw\rfwsrv.exe)(Beijing Rising Technology Co., Ltd.)
[Rising Process Communication Center / RsCCenter]
("C:\Program Files\Rising\Rav\CCenter.exe")(Beijing Rising Technology Co., Ltd.)
[RsRavMon Service / RsRavMon]
("C:\Program Files\Rising\Rav\Ravmond.exe")(Beijing Rising Technology Co., Ltd.)



--------------------------------------------------------------------------------



驱动程序

[Albus / Albus]
(\SystemRoot\system32\drivers\Albus.SYS)(N/A)
[Rising TDI Base Driver / BaseTDI]
(System32\DRIVERS\BaseTDI.SYS)(Beijing Rising Technology Co., Ltd.)
[c173455640 / c173455640]
(\SystemRoot\System32\drivers\c173455640.sys)(N/A)
[cdnprot / cdnprot]
(\SystemRoot\system32\drivers\cdnprot.sys)(N/A)
[ExpScaner / ExpScaner]
(\??\C:\Program Files\Rising\Rav\ExpScan.sys)()
[FXDRV / FXDRV]
(\??\G:\Fxdrv.sys)(N/A)
[HookCont / HookCont]
(\??\C:\Program Files\Rising\Rav\HOOKCONT.sys)(Rising tech Co. ltd)
[HookReg / HookReg]
(\??\C:\Program Files\Rising\Rav\HookReg.sys)()
[HookSys / HookSys]
(\??\C:\Program Files\Rising\Rav\HookSys.sys)(Rising)
[HookUrl / HookUrl]
(\??\C:\Program Files\Rising\Rfw\HookUrl.sys)(Beijing Rising Technology Co., Ltd.)
[MEMSCAN / MEMSCAN]
(\??\C:\Program Files\Rising\Rav\MEMSCAN.sys)(瑞星软件有限公司)
[mProcRs / mProcRs]
(\??\c:\program files\rising\rfw\mProcRs.sys)(Beijing Rising Technology Co., Ltd.)
[Netgroup Packet Filter / NPF]
(system32\drivers\npf.sys)(N/A)
[npkcrypt / npkcrypt]
(\??\D:\QQ\npkcrypt.sys)(N/A)
[nv / nv]
(system32\DRIVERS\nv4_mini.sys)(NVIDIA Corporation)
[nvatabus / nvatabus]
(\SystemRoot\system32\DRIVERS\nvatabus.sys)(NVIDIA Corporation)
[Service for NVIDIA(R) nForce(TM) Audio Enumerator / nvax]
(system32\drivers\nvax.sys)(NVIDIA Corporation)
[NVIDIA nForce Networking Controller Driver / NVENETFD]
(system32\DRIVERS\NVENETFD.sys)(NVIDIA Corporation)
[NVIDIA Network Bus Enumerator / nvnetbus]
(system32\DRIVERS\nvnetbus.sys)(NVIDIA Corporation)
[Service for NVIDIA(R) nForce(TM) Audio / nvnforce]
(system32\drivers\nvapu.sys)(NVIDIA Corporation)
[oreans32 / oreans32]
(\??\C:\WINDOWS\system32\drivers\oreans32.sys)(N/A)
[Direct Parallel Link Driver / Ptilink]
(system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)
[RsFwDrv / RsFwDrv]
(\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys)(Beijing Rising Technology Co., Ltd.)
[Secdrv / Secdrv]
(system32\DRIVERS\secdrv.sys)(N/A)
[TSP / TSP]
(\??\C:\WINDOWS\system32\drivers\klif.sys)(N/A)

浏览器加载项

[Vision]
{6671A431-5C3D-463d-A7CF-5587F9B7E191} (C:\PROGRA~1\MMSASS~1\mmsass~1.dll, )
[stdup]
{6A512BF7-EC78-4e8d-9841-6C02E8FA9838} (C:\WINDOWS\SYSTEM32\stdup.dll, N/A)
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} (C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A)
[MMSAssistMenu]
{6671A433-5C3D-463d-A7CF-5587F9B7E191} (C:\PROGRA~1\MMSASS~1\mmsass~1.dll, )
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} (C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.)
[internet explorer helper]
{02C9B9AB-6372-46C5-B356-773FAF3B6B1E} (C:\WINDOWS\fonts\msshapi.dll, N/A)
[MonitorURL Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} (C:\PROGRA~1\DESKAD~1\deskipn.dll, N/A)
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} (C:\WINDOWS\system32\msjava.dll, Microsoft Corporation)
[CMoveCatchPic Object]
{0CF098A0-CBAC-4EFB-8451-3AFC201C7222} (C:\Program Files\xBar\xBarHelper.dll, N/A)
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} (C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation)
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} (C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation)
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} (%SystemRoot%\system32\mshtml.dll, N/A)
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} (C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation)
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83} (C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation)
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll, yahoo! china)
[WEBChatRoomOCX Control]
{448A5F6B-8C03-4B54-A338-F00237C508AD} (C:\PROGRA~1\Sina\UCWEBC~1\UCWEBC~1.OCX, 北京新浪信息技术有限公司)
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} (%SystemRoot%\system32\msxml3.dll, N/A)
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} (C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com)
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} (C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation)
[Yahoo!Live]
{57421194-58FB-49AE-9B4F-FD48869B9AD4} (C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll, yahoo! china)
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} (C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A)
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} (C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation)
[Vision]
{6671A431-5C3D-463D-A7CF-5587F9B7E191} (C:\PROGRA~1\MMSASS~1\mmsass~1.dll, )
[stdup]
{6A512BF7-EC78-4E8D-9841-6C02E8FA9838} (C:\WINDOWS\SYSTEM32\stdup.dll, N/A)
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} (%SystemRoot%\system32\SHELL32.dll, N/A)
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, )
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} (C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation)
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, )
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} (C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A)
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} (C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation)
[卡卡上网安全助手]
{AFF6E516-CBE5-4F8A-9C2F-38A68013E766} (C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.)
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} (%SystemRoot%\system32\shdocvw.dll, N/A)
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} (C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation)
[shdocvwhlp Class]
{BE442802-3911-46E0-B227-076B15A4EAD3} (C:\WINDOWS\system32\mssnmp16.dll, N/A)
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[QuickBtn]
{D1BB7CF4-4463-4E91-88D7-ECC3CE0A13B7} (C:\Program Files\kuzhan\kuzhan.dll, Fengcent)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.)
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} (C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.)
[]
{E730189A-9973-4121-B046-AD1C161EC3AF} (C:\WINDOWS\system32\37211.dll, N/A)
[Letscool System Helper]
{F0C15012-7DBD-4068-95A2-0A82DB03AC35} (C:\WINDOWS\system32\CoolBho.dll, LETSCOOL Network Technology)
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo! China)
[iChatX Object]
{FEEC6798-0E56-4037-829E-FD18E5BADE8C} (C:\Program Files\iChat语音控件\ichatx.dll, 深圳市东方博雅科技有限公司)
[&使用迅雷下载]
(C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A)
[&使用迅雷下载全部链接]
(C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A)
[))彩信发送((]
(res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm, N/A)
[上传到QQ网络硬盘]
(D:\QQ\AddToNetDisk.htm, N/A)
[使用KuGoo3下载(&K)]
(C:\Program Files\KuGoo3\KuGoo3DownX.htm, N/A)
[添加到QQ自定义面板]
(D:\QQ\AddPanel.htm, N/A)
[添加到QQ表情]
(D:\QQ\AddEmotion.htm, N/A)
[用QQ彩信发送该图片]
(D:\QQ\SendMMS.htm, N/A)

????没明白啊

MS已经被我删掉了，但我也不知道是怎么删的,在用瑞星杀已经查不到毒了，但也没用兔子什么的 ,

不过注册表已经被我弄的乱七八糟了，怎么恢复啊,郁闷

你们先表争论拉，先帮我想想是不是我已经把那个毒杀掉了啊

我刚用超级兔子清理过了，我好象有20几个说是已安装的流氓软件,已经清理掉了，那些说没找到的就是我电脑上没有的吧,现在还是最关心那个病毒，我就奇怪了我怎么删的它呢