L感染文件名是V22006710.EPE路径是C:\Documents and Settings\Administrator\Local Settings\Temp
此毒杀到了不下与10次每次结果都是重新启动删除，可是无论是安全模式还是正常模式
都不行每次开机自动还能杀到
请问高手怎么办？
以下是日志
Logfile of Kaka v2. 0. 0. 9 Scan Module v2. 0. 0. 1
Scan saved at 16:51:02, on 2006-10-25
Platform: Microsoft Windows 2000 Server Service Pack 4 (Build 2195)
MSIE: Internet Explorer v6.00 SP1;Q823353;Q833989; (6.00.2800.1106)


Running processes:
[smss.exe]
CommandLine =

[csrss.exe]
CommandLine = C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[WINLOGON.EXE]
CommandLine = winlogon.exe

[SERVICES.EXE]
CommandLine = C:\WINNT\system32\services.exe

[LSASS.EXE]
CommandLine = C:\WINNT\system32\lsass.exe

[rfwProxy.exe]
CommandLine = "c:\program files\rising\rfw\rfwproxy.exe"

[rfwsrv.exe]
CommandLine = "c:\program files\rising\rfw\rfwsrv.exe"

[svchost.exe]
CommandLine = C:\WINNT\system32\svchost -k rpcss

[CCenter.exe]
CommandLine = "C:\Program Files\Rising\Rav\CCenter.exe"

[RavMonD.exe]
CommandLine = "C:\Program Files\Rising\Rav\Ravmond.exe"

[spoolsv.exe]
CommandLine = C:\WINNT\system32\spoolsv.exe

[svchost.exe]
CommandLine = C:\WINNT\system32\svchost.exe -k netsvcs

[GemServ.exe]
CommandLine = "C:\Program Files\AMD\PowerNow!\GemServ.exe"

[LLSSRV.EXE]
CommandLine = C:\WINNT\System32\llssrv.exe

[mstask.exe]
CommandLine = C:\WINNT\system32\MSTask.exe

[winmgmt.exe]
CommandLine = C:\WINNT\System32\WBEM\WinMgmt.exe

[svchost.exe]
CommandLine = C:\WINNT\system32\svchost.exe -k wugroup

[RavStub.exe]
CommandLine = "C:\Program Files\Rising\Rav\RavStub.exe" /RAVMOND

[dfssvc.exe]
CommandLine = C:\WINNT\system32\Dfssvc.exe

[inetinfo.exe]
CommandLine = C:\WINNT\system32\inetsrv\inetinfo.exe

[msdtc.exe]
CommandLine = C:\WINNT\system32\msdtc.exe

[explorer.exe]
CommandLine = C:\WINNT\Explorer.EXE

[SOUNDMAN.EXE]
CommandLine = "C:\WINNT\SOUNDMAN.EXE"

[rfwmain.exe]
CommandLine = "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup

[RavTask.exe]
CommandLine = "C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM

[RavMon.exe]
CommandLine = "C:\Program Files\Rising\Rav\Ravmon.exe" -SYSTEM

[internat.exe]
CommandLine = "C:\WINNT\system32\internat.exe"

[conime.exe]
CommandLine =

[svchost.exe]
CommandLine = C:\WINNT\System32\svchost.exe -k tapisrv

[QQ.exe]
CommandLine = F:\聊天工具\QQ\QQ.exe

[TIMPlatform.exe]
CommandLine = F:\聊天工具\QQ\TIMPlatform.exe -Embedding

[QQ.exe]
CommandLine = F:\聊天工具\QQ\QQ.exe

[QQPet.exe]
CommandLine = "F:\聊天工具\QQ\qqpet\qqpet.exe" 514401010600041200BDA8B9B2BD8C9F8C80B2899AA58C838981880400000080040D00040F00A0B5A4AFA09182919DAF9487A5999E040000004D28F103061100BEABBAB1BE8F9C8F83B19D9A9CA0878D850C000000D3D3D3D3D3D3D3D3D3D3D3D3061000BFAABBB0BF8E9D8E82B09C9B9DA48A9640000000F9FC8E878FFC8F8F8A8D88878B88FEFE8B89FD8F8A87868F86FC8BFB8888FB8C8F8AFD8CFB8887FAFCFD87F9FE89F9FE89FB88FDF98C868AFCF9FBFB8FF98BF9040100AE04000000281B3F45021400BBAEBFB4BB8A998A86B488BB99849392BF929B8E0100000000

[QQPetNurse.exe]
CommandLine = "F:\聊天工具\QQpet\QQPetNurse.exe"

[QQPet.exe]
CommandLine = "F:\聊天工具\QQ\qqpet\qqpet.exe" 514401010600041200BDA8B9B2BD8C9F8C80B2899AA58C83898188040000001E040500040F00A0B5A4AFA09182919DAF9487A5999E0400000082808916061100BEABBAB1BE8F9C8F83B19D9A9CA0878D850C000000354F385D542B54033C134419061000BFAABBB0BF8E9D8E82B09C9B9DA48A96400000008A868F89FCFD868F8688898EF9FB86FD8F8C86FC88FC8B8F8A8C8BFD8C86F9FEFA8E88FB88FB8F8CFD86FE8C89868EF98D898A8B8E8B8F8A8C8688F986868D88040100AE04000000361B3F45021400BBAEBFB4BB8A998A86B488BB99849392BF929B8E0100000000

[TTraveler.exe]
CommandLine = "F:\聊天工具\TT\TTraveler.exe" "F:\小说\001\index.html"

[Rav.exe]
CommandLine = "C:\Program Files\Rising\Rav\Rav.exe"

[KkScan.exe]
CommandLine = "C:\Program Files\Rising\KakaToolBar\KkScan.exe"

O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\kakatool.dll
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - Startup: 快捷方式 del.bat.lnk = C:\del.bat
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161402850296
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6162C99C-0AA2-41A3-A54B-13FD7FA29C0A}: NameServer = 220.248.192.10,220.248.192.11
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINNT\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx
O20 - Winlogon Notify: wzcnotif
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\system32\dmadmin.exe /com
O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\PowerNow!\GemServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\Rising\Rav\CCenter.exe"
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\Rising\Rav\Ravmond.exe"
O23 - Service: Windows XP Vista        (Windows XP Vista        ) -  - C:\WINNT\Hacker.com.cn.ini
O23 - Service: Windows_ookvip (Windows_ookvip) -  - C:\Program Files\Common Files\Microsoft Shared\MSINFO\ookvip.exe

在线等了

文件已经删除了 可是 重新启动还是杀到了这个毒

为了避免沉帖子，只有自己努力顶了，管理员莫怪啊，我也是等的心急啊 呵呵  SORRY

为了避免沉帖子，只有自己努力顶了，管理员莫怪啊，我也是等的心急啊 呵呵  SORRY

为了避免沉帖子，只有自己努力顶了，管理员莫怪啊，我也是等的心急啊 呵呵  SORRY

为了避免沉帖子，只有自己努力顶了，管理员莫怪啊，我也是等的心急啊 呵呵  SORRY

为了避免沉帖子，只有自己努力顶了，管理员莫怪啊，我也是等的心急啊 呵呵  SORRY

为了避免沉帖子，只有自己努力顶了，管理员莫怪啊，我也是等的心急啊 呵呵  SORRY

为了避免沉帖子，只有自己努力顶了，管理员莫怪啊，我也是等的心急啊 呵呵  SORRY