这只鸽子好顽固啊......在我电脑上活了N久了，隐藏在IEXPLORE.EXE文件里，安全模式下杀不到它，正常模式下可以清除，但隔天开机又有了.....

用BAIDU搜索了下，居然没这个病毒的任何信息，也没有具体杀法，求高手帮忙

http://forum.ikaka.com/topic.asp?board=28&artid=8105899
下载HijackThis...把日志帖上来..

今天我刚杀了次，大概今天是不会有这个病毒的异常日志出现了？

扫次看看先

是这样吗

HijackThis_815汉化版扫描日志 V1.99.1
保存于      13:37:16, 日期 2006-9-1
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\progrom\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
D:\progrom\Rising\Rav\Ravmond.exe
d:\progrom\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\progrom\Rising\Rav\RavStub.exe
D:\progrom\Rising\Rav\RavTask.exe
D:\progrom\Rising\Rfw\rfwmain.exe
D:\progrom\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Hijackthis1991zww\HijackThis1991zww.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O4 - 启动项HKLM\\Run: [nwiz] ; nwiz.exe /install
O4 - 启动项HKLM\\Run: [RavTask] "D:\progrom\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [RfwMain] "D:\progrom\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [SoundMan] ; SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [MsWinb] ; D:\progrom\白猫清理工\MsWinb.exe
O4 - 启动项HKLM\\Run: [DAEMON Tools-1033] ; "D:\progrom\虚拟光驱\daemon.exe"  -lang 1033
O4 - 启动项HKLM\\Run: [StormCodec_Helper] ; "D:\progrom\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\RunOnce: [RavStub] "D:\progrom\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsWinb] ; D:\progrom\白猫清理工\MsWinb.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\progrom\迅雷\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\progrom\迅雷\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 用比特精灵下载(&B) - D:\progrom\BitSpirit\bsurl.htm
O9 - 浏览器额外的按钮: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\progrom\迅雷\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\progrom\迅雷\Thunder.exe
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\progrom\浩方对战平台\GameClient.exe
O9 - 浏览器额外的按钮: 微软 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing)
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\system32\shdocvw.dll
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\system32\shdocvw.dll
O9 - 浏览器额外的按钮: 易趣购物 - {DE607145-AC19-425e-865A-5D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {DE607145-AC19-425e-865A-5D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\QQ\QQIEHelper.dll (file missing)
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\QQ\QQIEHelper.dll (file missing)
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE1C4A0B-1B44-467E-BB13-433ECBC09138}: NameServer = 61.139.2.69 202.98.96.68
O18 - Filter: text/html - {E7009873-0D40-45B1-8D59-5B9AE98C7D38} - C:\Program Files\Internet Explorer\Connection Wizard\icwuti1.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O21 - SSODL: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - (no file)
O23 - NT 服务: DCOM Server Process Launcd. (DCOM Server Process Launcd) - Unknown owner - C:\Program.exe (file missing)
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\progrom\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\progrom\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\progrom\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\progrom\Rising\Rav\Ravmond.exe
O23 - NT 服务: SYSTHUNK (system32) - Unknown owner - C:\WINDOWS\system32\acwiz.exe (file missing)

修复
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

修复
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O21 - SSODL: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - (no file)
O23 - NT 服务: DCOM Server Process Launcd. (DCOM Server Process Launcd) - Unknown owner - C:\Program.exe (file missing)
O23 - NT 服务: SYSTHUNK (system32) - Unknown owner - C:\WINDOWS\system32\acwiz.exe (file missing)
打开注册表编辑器，展开：HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
搜索DCOM Server Process Launcd和system32 删除..