用瑞星和费尔都无法彻底杀掉病毒。。。感染了C盘外的所有EXE文件。。每次一重启后就出现

[CODE]

2007-05-05,19:27:17

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SoundMan><SOUNDMAN.EXE>  [Avance Logic, Inc.]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <twister><"C:\Program Files\Filseclab\Twister\twister.exe" -a>  [Filseclab Corporation]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"C:\PROGRAM FILES\RISING\RAV\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\Userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
[费尔消息服务]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\费尔消息服务.lnk --> C:\PROGRA~1\COMMON~1\FILSEC~1\FilMsg.exe [费尔安全实验室]><H>
[珊瑚虫]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\珊瑚虫.lnk --> D:\Tencent\QQ\CoralQQ.exe [珊瑚虫工作室]><N>

==================================
服务
[局域网通讯协议 / Hello World][Stopped/Auto Start]
  <C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.EXE><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[AliIde / AliIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[BaseTDI / BaseTDI][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[Filseclab Dynamic Defense System Driver / filar][Running/System Start]
  <\??\C:\PROGRA~1\COMMON~1\FILSEC~1\filar.sys><Filseclab Corporation>
[Filseclab Process Protection Driver / filpp][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\FILSEC~1\filpp.sys><Filseclab Corporation>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Filseclab Twister Kernel Module / IMMDRV][Running/Manual Start]
  <\??\C:\PROGRA~1\FILSEC~1\Twister\immdrv.sys><Filseclab Corp.>
[MegaIDE / MegaIDE][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\d:\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>

==================================
浏览器加载项
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Thunder\Thunder.exe, N/A>
[JUJU猫]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.jujumao.net, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <d:\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[IeHelper Class]
  {0D42E1BD-09DD-4873-A826-9C7E793EB7B6} <d:\Thunder\Components\ResWorker\DSIeHelper.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[上传到QQ网络硬盘]
  <F1910-F110-11D2-BB9E-00C04F795683}, N/A>
[使用网际快车下载]
  <C:\Program Files\绿色软件\网际快车(FlashGet) v1.65 美化特别版\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\绿色软件\网际快车(FlashGet) v1.65 美化特别版\jc_all.htm, N/A>
[使用迅雷下载]
  <d:\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <d:\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]

=================================
正在运行的进程
[PID: 436][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 492][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1208][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [d:\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 17]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.3847]
  [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3847]
    [C:\WINDOWS\system32\shualai.dll]  [N/A, ]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Filseclab\Twister\Twshlext.dll]  [Filseclab Corp., 2, 0, 1, 988]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\WINDOWS\system32\nwizAsktao.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3847]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.3847]
[PID: 396][C:\WINDOWS\SOUNDMAN.EXE]  [Avance Logic, Inc., 5.0.02]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1000][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.3847]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3847]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3847]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3847]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3.0.0.3847]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3847]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1120][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 880][C:\WINDOWS\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 672][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1224][C:\WINDOWS\shualai.exe]  [N/A, ]
    [C:\WINDOWS\system32\shualai.dll]  [N/A, ]
[PID: 3008][C:\Program Files\Filseclab\Twister\twister.exe]  [Filseclab Corporation, 7, 0, 5, 21981]

[C:\Program Files\Filseclab\Twister\Twshlext.DLL]  [Filseclab Corp., 2, 0, 1, 988]
    [C:\Program Files\Filseclab\Twister\Quarantine.dll]  [Filseclab Corp., 2, 0, 0, 581]
    [C:\Program Files\Filseclab\Twister\W32Tools.dll]  [Filseclab Corp., 1, 0, 2, 1772]
    [C:\Program Files\Filseclab\Twister\virsubm.dll]  [Filseclab Corp., 2, 0, 2, 496]
    [C:\Program Files\Filseclab\Twister\psmgr.dll]  [Filseclab Corp., 1, 0, 1, 1071]
    [C:\Program Files\Filseclab\Twister\zipexp.dll]  [Filseclab Corp., 1, 0, 1, 164]
    [C:\Program Files\Filseclab\Twister\emlib.dll]  [Filseclab Corp., 1, 0, 2, 1250]
    [C:\Program Files\Filseclab\Twister\ctools.dll]  [Filseclab Corp., 1, 0, 0, 19]
    [C:\Program Files\Filseclab\Twister\Regpro.dll]  [Filseclab Corp., 2, 0, 1, 1236]
    [C:\Program Files\Filseclab\Twister\twsupdate.dll]  [Filseclab Corp., 1, 0, 1, 499]
    [C:\Program Files\Filseclab\Twister\FAPIConv.dll]  [Filseclab Corp., 1, 0, 0, 45]
    [C:\Program Files\Filseclab\Twister\mdcoder.dll]  [Filseclab Corp., 1, 0, 0, 21]
    [C:\Program Files\Filseclab\Twister\Schedule.dll]  [Filseclab Corp., 1, 0, 1, 32]
    [C:\Program Files\Filseclab\Twister\lsf.dll]  [Filseclab Corp., 1, 0, 1, 286]
    [C:\Program Files\Filseclab\Twister\falgorit.dll]  [Filseclab Corp., 1, 0, 0, 446]
    [C:\Program Files\Filseclab\Twister\message.dll]  [Filseclab Corp., 1, 0, 1, 1598]
    [C:\Program Files\Filseclab\Twister\fgui.dll]  [Filseclab Corp., 1, 0, 1, 128]
    [C:\Program Files\Filseclab\Twister\kdf.dll]  [Filseclab Corp., 1, 0, 3, 1019]
    [C:\Program Files\Filseclab\Twister\Decexp.dll]  [Filseclab Corp., 2, 0, 2, 1940]
    [C:\Program Files\Filseclab\Twister\Unchm.dll]  [Filseclab Corp., 1, 0, 2, 114]
    [C:\Program Files\Filseclab\Twister\unrar.dll]  [N/A, ]
    [C:\Program Files\Filseclab\Twister\unemb.dll]  [Filseclab Corp., 2, 0, 2, 528]
    [C:\Program Files\Filseclab\Twister\unsevzip.dll]  [Filseclab Corp., 1, 0, 1, 95]
    [C:\Program Files\Filseclab\Twister\unmisc.dll]  [Filseclab Corp., 1, 0, 1, 211]
    [C:\Program Files\Filseclab\Twister\AntiRK.dll]  [Filseclab Corporation, 2, 0, 0, 2239]
    [C:\Program Files\Filseclab\Twister\filvss.dll]  [Filseclab Corporation, 2, 0, 0, 823]
    [C:\Program Files\Filseclab\Twister\tsc.dll]  [Filseclab Corp., 1, 0, 1, 71]
    [C:\Program Files\Filseclab\Twister\filau.dll]  [Filseclab, 1, 0, 0, 10]
    [C:\Program Files\Filseclab\Twister\unzip32.dll]  [Info-ZIP, 5.52]
    [C:\Program Files\Filseclab\Twister\unacev2.dll]  [N/A, ]
    [C:\Program Files\Filseclab\Twister\filvss.cn]  [Filseclab Corporation, 2, 0, 0, 824]
    [C:\Program Files\Filseclab\Twister\AntiRK.cn]  [Filseclab Corporation, 2, 0, 0, 2240]
    [C:\Program Files\Filseclab\Twister\plus.dll]  [Filseclab Corporation, 2.0.502.1050]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\shualai.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
[PID: 3332][D:\Maxthon\Maxthon.exe]  [Maxthon International Ltd., 1, 5, 9, 80]
    [D:\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\shualai.dll]  [N/A, ]
    [C:\WINDOWS\system32\macromed\flash\Flash.ocx]  [Macromedia, Inc., 7,0,19,0]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [C:\WINDOWS\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
[PID: 3916][d:\Tencent\QQ\QQ.exe]  [TENCENT, 0, 0, 0, 0]
    [d:\Tencent\QQ\CoralAssist.dll]  [Coral Team, 5.0.0 build 20060829]
    [d:\Tencent\QQ\CoralQQ.dll]  [Coral Team, 5.0 Build 20070309]
    [d:\Tencent\QQ\KQL.dll]  [Coral Team, 5.0.0 build 20070301]
    [d:\Tencent\QQ\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [d:\Tencent\QQ\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [d:\Tencent\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [d:\Tencent\QQ\IPSearcher.dll]  [, 1.0.0.4]
    [d:\Tencent\QQ\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [d:\Tencent\QQ\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [d:\Tencent\QQ\BasicCtrlDll.dll]  [Tencent, 7, 0, 101, 80]
    [d:\Tencent\QQ\NoDisturbFilter.cqx]  [Coral Team, 1.0]
    [d:\Tencent\QQ\ConfigHotkey.cqx]  [Coral Team, 1.0]
    [d:\Tencent\QQ\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [d:\Tencent\QQ\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [d:\Tencent\QQ\QQAPI.dll]  [, 1, 0, 0, 1]
    [d:\Tencent\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [d:\Tencent\QQ\AutoReconnect.cqx]  [Coral Team, 1.0.0]
    [d:\Tencent\QQ\LoginCtrl.dll]  [N/A, ]
    [d:\Tencent\QQ\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
    [d:\Tencent\QQ\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
    [d:\Tencent\QQ\LoginCtrlRes.dll]  [, 1, 0, 0, 1]
    [d:\Tencent\QQ\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [d:\Tencent\QQ\WizardCtrl.dll]  [, 1, 0, 0, 1]
    [d:\Tencent\QQ\QQMainFrame.dll]  [N/A, ]
    [C:\WINDOWS\system32\macromed\flash\Flash.ocx]  [Macromedia, Inc., 7,0,19,0]
    [d:\Tencent\QQ\CQQApplication.dll]  [N/A, ]
    [d:\Tencent\QQ\NewSkin.dll]  [, 1, 0, 0, 1]
    [d:\Tencent\QQ\HostingMgr.dll]  [, 1, 0, 0, 1]
    [d:\Tencent\QQ\CameraDll.dll]  [, 1, 0, 0, 1]
    [d:\Tencent\QQ\MailSummary.dll]  [, 1, 0, 0, 1]
    [d:\Tencent\QQ\CoralHotkey.cqx]  [Coral Team, 1.0]
    [d:\Tencent\QQ\QQKnowledgeSearch.dll]  [, 1, 0, 0, 1]
    [d:\Tencent\QQ\QQAllInOne.dll]  [N/A, ]
    [d:\Tencent\QQ\GroupLive.dll]  [N/A, ]
    [d:\Tencent\QQ\SCCore.dll]  [TENCENT, 2, 0, 0, 1]
    [d:\Tencent\QQ\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Tencent\QQ\QQSpace.dll]  [, 1, 0, 0, 1]
    [d:\Tencent\QQ\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [d:\Tencent\QQ\QQSettingCtrl.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [d:\Tencent\QQ\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [d:\Tencent\QQ\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [d:\Tencent\QQ\QQPlugin.dll]  [N/A, ]
    [d:\Tencent\QQ\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [d:\Tencent\QQ\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [d:\Tencent\QQ\QQCustomFace.dll]  [N/A, ]
    [d:\Tencent\QQ\QRingMng.dll]  [N/A, ]
    [d:\Tencent\QQ\QQPet.dll]  [, 1, 0, 0, 1]
    [d:\Tencent\QQ\QQAvatar.dll]  [N/A, ]
    [d:\Tencent\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [d:\Tencent\QQ\ImageOle.dll]  [TODO: <Company name>, 1.0.0.1]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [d:\Tencent\QQ\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [d:\Tencent\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [d:\Tencent\QQ\QQSysMsgMng.dll]  [N/A, ]
    [d:\Tencent\QQ\GroupConnection.dll]  [Tencent, 0, 3, 3, 5]
    [d:\Tencent\QQ\BQQApplication.dll]  [N/A, ]
    [d:\Tencent\QQ\QQFileTransfer.dll]  [Tencent, 0, 3, 3, 5]
    [d:\Tencent\QQ\CommercesMng.dll]  [, 1, 0, 0, 1]
    [d:\Tencent\QQ\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]

[d:\Tencent\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 280]
    [d:\Tencent\QQ\QQPhoneHelper.dll]  [腾讯科技（深圳）有限公司, 2, 1, 8, 81]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [d:\Tencent\QQ\QQSceneMng.dll]  [N/A, ]
    [d:\Tencent\QQ\QQZip.dll]  [tencent, 0, 3, 2, 4]
    [d:\Tencent\QQ\OEMApplication.dll]  [, 1, 0, 0, 1]
    [d:\Tencent\QQ\QQMagicFace.dll]  [, 1, 0, 0, 1]
[PID: 3952][d:\Tencent\QQ\TIMPlatform.exe]  [tencent, 0, 3, 1, 8]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [d:\Tencent\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 1292][C:\WINDOWS\system32\mspaint.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 932][F:\常用软件\反病毒工具\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      mmm.caifu18.net
127.0.0.1      www.18dmm.com
127.0.0.1      d.qbbd.com
127.0.0.1      www.5117music.com
127.0.0.1      www.union123.com
127.0.0.1      www.wu7x.cn
127.0.0.1      www.54699.com
127.0.0.1      www1.6tan.com
127.0.0.1      www2.6tan.com
127.0.0.1      www.97725.com
127.0.0.1      down.97725.com
127.0.0.1      ip.315hack.com
127.0.0.1      ip.54liumang.com
127.0.0.1      www.41ip.com
127.0.0.1      xulao.com
127.0.0.1      www.heixiou.com
127.0.0.1      www.9cyy.com
127.0.0.1      www.hunll.com
127.0.0.1      www.down.hunll.com
127.0.0.1      do.77276.com
127.0.0.1      www.baidulink.com
127.0.0.1      adnx.yygou.cn
127.0.0.1      222.73.220.45
127.0.0.1      www.f5game.com
127.0.0.1      www.guazhan.cn
127.0.0.1      wm,103715.com
127.0.0.1      www.my6688.cn
127.0.0.1      i.96981.com
127.0.0.1      d.77276.com
127.0.0.1      www1.cw988.cn
127.0.0.1      cool.47555.com
127.0.0.1      www.asdwc.com
127.0.0.1      55880.cn
127.0.0.1      61.152.169.234
127.0.0.1      cc.wzxqy.com
127.0.0.1      www.54699.com
127.0.0.1      t.gcuj.com
127.0.0.1      www.puma163.com
127.0.0.1      ceoww.com
127.0.0.1      boolom.com
127.0.0.1      adult-novel.cn
127.0.0.1      ll.chinasese.net
127.0.0.1      www.tellumore.com
127.0.0.1      www.o1wg.com
127.0.0.1      www.qq756.com
127.0.0.1      ll.chinasese.net

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\shualai.dll] [N/A, ]
在论坛贴子有这两种病毒的杀毒方法.

我看了，，但是不太懂操作啊！！请猫猫斑竹们教一下啊

这个是艾尼变种
http://forum.ikaka.com/topic.asp?board=28&artid=8304639

引用:

【newcenturymoon的贴子】这个是艾尼变种 http://forum.ikaka.com/topic.asp?board=28&artid=8304639 ………………

请问按照这个方法操作是可以清除吧？？其他盘还会不会感染啊？？
exe文件还可以修复吗？

进安全模式直接删除

引用:

【lau1182的贴子】 请问按照这个方法操作是可以清除吧？？其他盘还会不会感染啊？？ exe文件还可以修复吗？ ………………

修复EXE用专杀。。