症状是当我点BT精灵时,会出现一个Temp_OrignalA.exe文件然后不停的刷屏,资源占用极高,BT用不了,还有看图时ACDSEE也遇到同样问题,还望大侠们出手相住!risi搞不定它,arswp 和AVG Anti-Spyware也均杀过,问题均未解决.

扫描个日志传上来啊

Logfile of Kaka v2. 0. 3. 0 Scan Module v1. 0. 6. 1
Scan saved at 11:16:29, on 2007-04-15
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.google.com/ig?hl=zh-CN
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
R3 - URLSearchHook: ContextSearch Class - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - C:\Program Files\yok\toolbar.dll
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1      mmm.caifu18.net
O1 - Hosts: 127.0.0.1      www.18dmm.com
O1 - Hosts: 127.0.0.1      d.qbbd.com
O1 - Hosts: 127.0.0.1      www.5117music.com
O1 - Hosts: 127.0.0.1      www.union123.com
O1 - Hosts: 127.0.0.1      www.wu7x.cn
O1 - Hosts: 127.0.0.1      www.54699.com
O1 - Hosts: 127.0.0.1      60.169.0.66
O1 - Hosts: 127.0.0.1      60.169.1.29
O1 - Hosts: 127.0.0.1      www.97725.com
O1 - Hosts: 127.0.0.1      down.97725.com
O1 - Hosts: 127.0.0.1      ip.315hack.com
O1 - Hosts: 127.0.0.1      ip.54liumang.com
O1 - Hosts: 127.0.0.1      www.41ip.com
O1 - Hosts: 127.0.0.1      xulao.com
O1 - Hosts: 127.0.0.1      www.heixiou.com
O1 - Hosts: 127.0.0.1      www.9cyy.com
O1 - Hosts: 127.0.0.1      www.hunll.com
O1 - Hosts: 127.0.0.1      www.down.hunll.com
O1 - Hosts: 127.0.0.1      do.77276.com
O1 - Hosts: 127.0.0.1      www.baidulink.com
O1 - Hosts: 127.0.0.1      adnx.yygou.cn
O1 - Hosts: 127.0.0.1      222.73.220.45
O1 - Hosts: 127.0.0.1      www.f5game.com
O1 - Hosts: 127.0.0.1      www.guazhan.cn
O1 - Hosts: 127.0.0.1      wm,103715.com
O1 - Hosts: 127.0.0.1      www.my6688.cn
O1 - Hosts: 127.0.0.1      i.96981.com
O1 - Hosts: 127.0.0.1      d.77276.com
O1 - Hosts: 127.0.0.1      www1.cw988.cn
O1 - Hosts: 127.0.0.1      cool.47555.com
O1 - Hosts: 127.0.0.1      www.asdwc.com
O1 - Hosts: 127.0.0.1      55880.cn
O1 - Hosts: 127.0.0.1      61.152.169.234
O1 - Hosts: 127.0.0.1      cc.wzxqy.com
O1 - Hosts: 127.0.0.1      www.54699.com
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO: 珊瑚虫超级搜索 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\Program Files\yok\toolbar.dll
O2 - BHO: YOK广告拦截插件 - {972566B2-93BF-41AA-B06D-5F81DB7E38E1} - C:\PROGRA~1\YOK.com\BlockAdr\yokhad.dll (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O3 - Toolbar: 珊瑚虫超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - C:\Program Files\yok\toolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Teclast WE PC Camera
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - Startup: desktop.ini =
O4 - Startup: QQ游戏启动加速程序.lnk = D:\Program Files\Tencent\QQGame\Accel.exe
O4 - Startup: 珊瑚虫.lnk = D:\Program Files\Tencent\qq\CoralQQ.exe
O4 - Startup: 金山词霸 2006.lnk = C:\Program Files\Kingsoft\PowerWord 2006\XDICT.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: desktop.ini =
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: 服务管理器.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 珊瑚虫超级搜索 - C:\Program Files\yok\yoksch.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\qq\SendMMS.htm
O8 - Extra context menu item: 用比特精灵下载(&B) - D:\Program Files\BitSpirit\bsurl.htm

O9 - Extra Button: 新浪UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8} - C:\Program Files\sina\UC\uc.exe
O9 - Extra Button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra Button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1009/aliedit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA64D476-E26B-4C34-BE87-EF739369A839}: NameServer = 202.96.209.134 202.96.209.6
O18 - Filter : application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll
O18 - Filter : application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll
O18 - Filter : application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~1\KuGoo3\InExtend\KUGOO3~1.OCX
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O21 - SSODL: AdobePDF - {D92D666A-0F7B-5892-A7E8-29340333F07E} - c:\program files\internet explorer\PLUGINS\nppdf.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASP.NET State Service (aspnet_state) -  - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
O23 - Service: AVG Anti-Spyware Guard (AVG Anti-Spyware Guard) - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Crypkey License (Crypkey License) - Kenonic Controls Ltd. - crypserv.exe
O23 - Service: Data Protected (Data Protected) -  - C:\WINDOWS\system32\isass
O23 - Service: Human Interface Device Access (HidServ) -  - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\Rising\Rav\CCenter.exe"
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\Rising\Rav\Ravmond.exe"
O23 - Service: SQLSERVERAGENT (SQLSERVERAGENT) -  - d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe
O23 - Service: Windows System Report Service (winsrs) -  - C:\WINDOWS\system32\winsrs.exe

C:\WINDOWS\system32\winsrs.exe
麻烦发到我邮箱
邮箱在个人签名里有

HJ修复：
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.google.com/ig?hl=zh-CN
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
R3 - URLSearchHook: ContextSearch Class - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - C:\Program Files\yok\toolbar.dll
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mmm.caifu18.net
O1 - Hosts: 127.0.0.1 www.18dmm.com
O1 - Hosts: 127.0.0.1 d.qbbd.com
O1 - Hosts: 127.0.0.1 www.5117music.com
O1 - Hosts: 127.0.0.1 www.union123.com
O1 - Hosts: 127.0.0.1 www.wu7x.cn
O1 - Hosts: 127.0.0.1 www.54699.com
O1 - Hosts: 127.0.0.1 60.169.0.66
O1 - Hosts: 127.0.0.1 60.169.1.29
O1 - Hosts: 127.0.0.1 www.97725.com
O1 - Hosts: 127.0.0.1 down.97725.com
O1 - Hosts: 127.0.0.1 ip.315hack.com
O1 - Hosts: 127.0.0.1 ip.54liumang.com
O1 - Hosts: 127.0.0.1 www.41ip.com
O1 - Hosts: 127.0.0.1 xulao.com
O1 - Hosts: 127.0.0.1 www.heixiou.com
O1 - Hosts: 127.0.0.1 www.9cyy.com
O1 - Hosts: 127.0.0.1 www.hunll.com
O1 - Hosts: 127.0.0.1 www.down.hunll.com
O1 - Hosts: 127.0.0.1 do.77276.com
O1 - Hosts: 127.0.0.1 www.baidulink.com
O1 - Hosts: 127.0.0.1 adnx.yygou.cn
O1 - Hosts: 127.0.0.1 222.73.220.45
O1 - Hosts: 127.0.0.1 www.f5game.com
O1 - Hosts: 127.0.0.1 www.guazhan.cn
O1 - Hosts: 127.0.0.1 wm,103715.com
O1 - Hosts: 127.0.0.1 www.my6688.cn
O1 - Hosts: 127.0.0.1 i.96981.com
O1 - Hosts: 127.0.0.1 d.77276.com
O1 - Hosts: 127.0.0.1 www1.cw988.cn
O1 - Hosts: 127.0.0.1 cool.47555.com
O1 - Hosts: 127.0.0.1 www.asdwc.com
O1 - Hosts: 127.0.0.1 55880.cn
O1 - Hosts: 127.0.0.1 61.152.169.234
O1 - Hosts: 127.0.0.1 cc.wzxqy.com
O1 - Hosts: 127.0.0.1 www.54699.com
O2 - BHO: (file missing)
O2 - BHO: (file missing)
O2 - BHO: (file missing)
O2 - BHO: (file missing)
O4 - Global Startup: desktop.ini =
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
控制面版/管理工具/服务/禁用以下服务（右键/属性/禁用）
O23 - Service: Data Protected (Data Protected) - - C:\WINDOWS\system32\isass
O23 - Service: Windows System Report Service (winsrs) - - C:\WINDOWS\system32\winsrs.exe

删除：
C:\WINDOWS\system32\isass
C:\WINDOWS\system32\winsrs.exe

大侠说的方法我使用后,问题依旧,急啊!
我现在知道这两个文件是艾妮变种 wab32res.exe directdb.exe
利用ani漏洞传播的蠕虫变种,难道现在就没有这个补丁吗?真是可恶啊,从4/13起,感染这个东东人很多啊

如果你现在还没成功解决的话 建议看下我的杀毒报告 本人已经成功为一些公司和个人清除。
需要帮助的朋友可以去在下空间寻找终极解决方案http://user.qzone.qq.com/36372042  保证成功！！