老是重复感染！
HijackThis日志
日志文件 Trend Micro HijackThis v 2.0.2
日志保存时间: 11:41:25,2009-3-27
操作系统: Windows XP SP2 (WinNT 5.01.2600)
IE版本: Internet Explorer v7.00 (7.00.6000.20583)
启动模式: 正常
正在运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Rising\Rav\CCENTER.EXE
D:\Rising\Rfw\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
D:\Rising\Rfw\rfwsrv.exe
D:\Rising\Rav\RavMonD.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Rising\Rav\rsnetsvr.exe
D:\Rising\Rfw\RsTray.exe
D:\Rising\Rav\RsTray.exe
C:\WINDOWS\system32\ctfmon.exe
D:\StormII\stormliv.exe
D:\Rising\Rav\RavTask.exe
D:\Rising\Rfw\RavTask.exe
D:\Rising\Rav\ScanFrm.exe
C:\WINDOWS\system32\svchost.exe
G:\dzh\internet\hypwise.exe
D:\Rising\kaka\knownsvr.exe
D:\Maxthon\Maxthon.exe
D:\Rising\Rav\RsMain.exe
D:\Rising\Rav\RsLogVw.exe
D:\hijackthis_v2.02h\HijackThis.exe
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: 卡卡上网安全助手 - {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} - C:\WINDOWS\system32\UrlFilter.dll
O2 - BHO: PPVADownloader - {A986E409-30CC-4185-89BB-AB212C104524} - C:\Program Files\PPLiveVA\DownloaderManager.dll
O4 - HKLM\..\RunOnce: [KKDelay] D:\Rising\kaka\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - 扩展右键菜单项: 使用迅雷下载 - D:\Thunder\Program\GetUrl.htm
O8 - 扩展右键菜单项: 使用迅雷下载全部链接 - D:\Thunder\Program\GetAllUrl.htm
O8 - 扩展右键菜单项: 添加到QQ表情 - e:\Tencent\QQ\AddEmotion.htm
O8 - 扩展右键菜单项: 用比特精灵下载(&B) - D:\BitSpirit\bsurl.htm
O9 - 额外的按钮: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\Thunder\Thunder.exe
O9 - 额外的“工具”菜单项目: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\Thunder\Thunder.exe
O9 - 额外的按钮: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - 额外的“工具”菜单项目: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) - https://img.alipay.com/download/2121/aliedit.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (PasswordEditCtrl Class) - https://www.tenpay.com/download/qqedit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{23E27A67-ADBA-440B-8D76-74D961253662}: NameServer = 222.41.52.3 61.232.202.158
O20 - AppInit_DLLs: kmon.dll
O23 - NT 服务:  9IG7EUIO - 唏诙蟓趵凉职沽储姚噢圄厨列惋迹 - C:\WINDOWS\TX61ZV1DEJ.exe
O23 - NT 服务:  Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - D:\StormII\stormliv.exe
O23 - NT 服务:  Rav Process Communication Center (RavCCenter) - Beijing Rising Information Technology Co., Ltd. - D:\Rising\Rav\CCENTER.EXE
O23 - NT 服务:  Rising RavTask Manager (RavTask) - Beijing Rising Information Technology Co., Ltd. - D:\Rising\Rav\RavTask.exe
O23 - NT 服务:  Rfw Process Communication Center (RfwCCenter) - Beijing Rising Information Technology Co., Ltd. - D:\Rising\Rfw\CCENTER.EXE
O23 - NT 服务:  Rising Personal Firewall Service (RfwService) - Beijing Rising Information Technology Co., Ltd. - D:\Rising\Rfw\rfwsrv.exe
O23 - NT 服务:  Rising RfwTask Manager (RfwTask) - Beijing Rising Information Technology Co., Ltd. - D:\Rising\Rfw\RavTask.exe
O23 - NT 服务:  Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - D:\Rising\Rav\RavMonD.exe
O23 - NT 服务:  Rising Scan Service (RsScanSrv) - Beijing Rising Information Technology Co., Ltd. - D:\Rising\Rav\ScanFrm.exe


O23 - NT 服务:  9IG7EUIO - 唏诙蟓趵凉职沽储姚噢圄厨列惋迹 - C:\WINDOWS\TX61ZV1DEJ.exe无法修复

用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; Maxthon; CIBA)

手动把 ：C:\windows\system32\A.exe 这个文件删除了，还会再出现么？