每次开机都显示有trojan.psw.onlinegames.ayq，用最新版本瑞星删除病毒后，再次开机仍显示还有该病毒，应该如何处理？
自从中了该木马后，QQ不断要求激活，因为显示在异地登陆，地点为湖南湖北

释放此病毒的exe文件并没有被杀，楼主可以下载sreng，扫描系统，把日志贴到这里以便分析

我是菜鸟，请问sreng是什么？用卡卡扫描出的日志行吗？

下载瑞星听诊器，扫描，日志贴上来

http://it.rising.com.cn/Channels/Service/2006-07/1153115164d21020.shtml

这是用卡卡扫描出的日志，不知道行不行，各位大虾帮诊断诊断
Logfile of Kaka v2. 0. 3. 0 Scan Module v1. 0. 6. 1
Scan saved at 15:22:18, on 2007-05-20
Platform: Microsoft Windows XP Professional  (Build 2600)
MSIE: Internet Explorer v6.00 SP1; (6.00.2600.0000 (xpclient.010817-1148))


R3 - URLSearchHook: BDSrchHook Class - {2C5AA40E-8814-4EB6-876E-7EFB8B3F9662} - C:\WINDOWS\DOWNLO~1\BDSrHook.dll
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Reader\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeHelper Class - {0D42E1BD-09DD-4873-A826-9C7E793EB7B6} - D:\Program Files\迅雷\Components\ResWorker\DSIeHelper.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar:  (file missing)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] ; C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] ; "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKLM\..\Run: [IMJPMIG8.1] ; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] ; C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] ; C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] ; C:\WINDOWS\System32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - Startup: desktop.ini =
O4 - Startup: 腾讯QQ.lnk = D:\Program Files\Tencent\QQ2007\QQ.exe
O4 - Global Startup: AutoCAD 启动加速器.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: desktop.ini =
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ2007\AddToNetDisk.htm
O8 - Extra context menu item: 使用迅雷下载 - D:\Program Files\迅雷\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - D:\Program Files\迅雷\Program\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ2007\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ2007\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ2007\SendMMS.htm
O9 - Extra Button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\Program Files\迅雷\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\Program Files\迅雷\Thunder.exe
O9 - Extra Button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ2007\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ2007\QQ.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {3359C0B1-2363-40B3-AFCA-1ABC799AC486} (SSReaderPlug Control) - http://202.204.72.3:88/ssreaderplug.cab
O16 - DPF: {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} (Tencent Safety Online Base Module) - http://safe.qq.com/cgi-bin/tso/TSOBase.ocx
O16 - DPF: {CC39A130-02BC-4BFA-B06A-E46EFA9165F9} (TestActiveX Control) - http://202.206.223.102/webmedia/oemui/tool/down.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (PasswordEditCtrl Class) - https://password.qq.com/download/qqedit2.cab

C:\WINDOWS\mppds.exe

病毒，楼主可以将此文件上报给瑞星，并且删除

听诊器结果
未知家族病毒分析
扫描结果:
无可疑文件


系统活动进程
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRAM FILES\COMMON FILES\LOGITECH\LVMVFM\LVPRCINJ.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL

C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE
C:\PROGRAM FILES\RISING\RFW\RSGUILIB.DLL
C:\PROGRAM FILES\RISING\RFW\RSCOMMON.DLL
C:\PROGRAM FILES\RISING\RFW\RFWCTRL.DLL
C:\PROGRAM FILES\RISING\RFW\RSXML.DLL
C:\PROGRAM FILES\RISING\RFW\PNGDLL.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL

C:\WINDOWS\SYSTEM32\HKCMD.EXE
C:\WINDOWS\SYSTEM32\HCCUTILS.DLL
C:\WINDOWS\SYSTEM32\IGFXDEV.DLL
C:\WINDOWS\SYSTEM32\IGFXSRVC.DLL
C:\WINDOWS\SYSTEM32\IGFXHK.DLL
C:\WINDOWS\SYSTEM32\IGFXRES.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL

C:\WINDOWS\SYSTEM32\LVCOMSX.EXE
C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL

C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE
C:\PROGRAM FILES\RISING\ANTISPYWARE\IEP_CTRL.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL

C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL

C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM32\ACSIGNICON.DLL
D:\PROGRAM FILES\READER\READER\ACTIVEX\ACROIEHELPER.DLL
D:\PROGRAM FILES\迅雷\COMPONENTS\RESWORKER\DSIEHELPER.DLL
D:\PROGRAM FILES\迅雷\COMPONENTS\RESWORKER\DATAPROCESSOR.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\PDM.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\2052\MDMUI.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MSDBG2.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL
C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH9C.OCX
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\MSCOREE.DLL
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\MSCORIE.DLL
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\MSVCR71.DLL
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\MSCORLD.DLL
C:\WINDOWS\SYSTEM32\IMSC40A.IME
C:\PROGRA~1\COMMON~1\MICROS~1\IME\SHARED2.0\MSCAND20.DLL
C:\WINDOWS\SYSTEM32\WINWB86.IME
C:\WINDOWS\SYSTEM32\UNISPIM.IME
C:\WINDOWS\SYSTEM32\UPENGINE.DLL
C:\PROGRAM FILES\COMMON FILES\AUTODESK SHARED\ACSIGNCORE16.DLL

C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\WINHTTP.DLL
C:\WINDOWS\SYSTEM32\WUPS.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE

谢谢^_^

这是用卡卡扫描出的日志，不知道行不行，各位大虾帮诊断诊断
第一部分
[CODE]

2007-05-20,15:42:30

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [Microsoft Corporation]
    <QQDownload><"C:\Program Files\Tencent\QQDownload\QQDownload.exe" autostart>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <LHotkey><LHotkey.exe>  [Chicony]
    <EagleEye><C:\Program Files\Lenovo\网络爸爸\EagleSvr.exe>  [tuEagles]
    <runeip><C:\Documents and Settings\Owner\My Documents\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>  [Tencent]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><C:\WINDOWS\system32\Manager.dll>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [(Verified)]
    <Study><; C:\Program Files\Lenovo\联想100分学校\study.exe>  [Lenovo]

==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\Owner\「开始」菜单\程序\启动\腾讯QQ.lnk --> C:\PROGRA~1\TENCENT\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ClipManage / BRGNS][Stopped/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLL2KXP.EXE C:\WINDOWS\SYSTEM32\WBEM\VVALM.DLL,Export 1087><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[ijjvja / ijjvja][Running/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\vjjvpa\vjjvpa.dll,Service -s><Microsoft Corporation>
[Fax Client / ms_fax][Stopped/Auto Start]
  <C:\WINDOWS\system32\54ce.exe><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\RavMonD.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[aceejgii / aceejgii][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\aceejgii.sys><N/A>
[ADProt / ADProt][Stopped/System Start]
  <\SystemRoot\system32\drivers\ADProt.sys><N/A>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[cqtudq0 / cqtudq02][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cqtudq02.sys><Microsoft Corporation>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[fetiyhbb / fetiyhbb][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\fetiyhbb.sys><Yahoo! China Corporation>
[VIA Rhine-Family Fast Ethernet Adapter Driver Service / FETND5BV][Running/Manual Start]
  <system32\DRIVERS\fetnd5bv.sys><VIA Technologies, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[gwosrl6 / gwosrl61][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\gwosrl61.sys><N/A>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[ivolkt7 / ivolkt79][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ivolkt79.sys><N/A>
[kwijle20 / kwijle20][Stopped/Boot Start]
  <\SystemRoot\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[msuti / msuti][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\msuti.sys><N/A>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\D:\上网\qq\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\D:\上网\qq\npkycryp.sys><N/A>
[NTSIM / NTSIM][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\ntsim.sys><VIA Networking Technologies, Inc.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[uqqzll9 / uqqzll92][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\uqqzll92.sys><N/A>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[xmlkrtqd / xmlkrtqd][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\xmlkrtqd.sys><N/A>