请帮我看看是要删除哪些文件?要在安全模式下删除么?
Logfile of HijackThis v1.99.1
Scan saved at 21:12:54, on 2006-1-25
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\EXPLORER.EXE
d:\Program Files\rising\Rav\RavStub.exe
C:\WINDOWS\VM_STI.EXE
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\rising\Rfw\rfwmain.exe
C:\WINDOWS\System32\BCUP.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\3721\assistse.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
D:\Program Files\rising\Rav\RavTask.exe
C:\WINDOWS\System32\svchsot.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\rising\Rav\Ravmon.exe
d:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Tencent\TT\TTraveler.exe
D:\Program Files\Tencent\qq\QQ.exe
D:\Program Files\Tencent\qq\TIMPlatform.exe
D:\248783200522382732Hijack\HijackThis.exe

R3 - URLSearchHook: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\Assist\asbar.dll
F2 - REG:system.ini: Shell=EXPLORER.EXE
O1 - Hosts: 219.159.198.76 wwww.vv66.net
O1 - Hosts: 219.159.198.76 www.mtv888.com
O1 - Hosts: 219.159.198.76 wwww.mtvccc.com
O1 - Hosts: 219.159.198.76 www.yy530.com
O1 - Hosts: 219.159.198.76 www.7sou.com
O1 - Hosts: 219.159.198.76 www.qq730.com
O1 - Hosts: 219.159.198.76 www.mmqm.com
O1 - Hosts: 219.159.198.76 www.fun520.com
O1 - Hosts: 219.159.198.76 www.ktv530.com
O1 - Hosts: 219.159.198.76 www.qq230.com
O1 - Hosts: 219.159.198.76 www.qq168.net
O1 - Hosts: 219.159.198.76 www.qq240.com
O1 - Hosts: 219.159.198.76 www.qq250.com
O1 - Hosts: 219.159.198.76 www.qq886.com
O1 - Hosts: 219.159.198.76 www.552211.net
O1 - Hosts: 219.159.198.76 www.dj530.com
O1 - Hosts: 219.159.198.76 www.qq998.com
O1 - Hosts: 219.159.198.76 www.oo163.com
O1 - Hosts: 219.159.198.76 www.dj520.com
O1 - Hosts: 219.159.198.76 pic.coke163.com
O1 - Hosts: 219.159.198.76 www.v111.com
O1 - Hosts: 219.159.198.76 music.coke163.com
O1 - Hosts: 219.159.198.76 web.coke163.com
O1 - Hosts: 219.159.198.76 vod.coke163.com
O1 - Hosts: 219.159.198.76 flash.coke163.com
O1 - Hosts: 219.159.198.76 www.coke163.com
O1 - Hosts: 219.159.198.76 www.xicu.com
O1 - Hosts: 219.159.198.76 www.haodx.com
O1 - Hosts: 219.159.198.76 www.haohz.com
O1 - Hosts: 219.159.198.76 www.265.com
O1 - Hosts: 219.159.198.76 www.skyhits.com
O1 - Hosts: 219.159.198.76 www.rd18.com
O1 - Hosts: 219.159.198.76 www.vlike.com
O1 - Hosts: 219.159.198.76 www.web888.org
O1 - Hosts: 219.159.198.76 www.432.cn
O1 - Hosts: 219.159.198.76 www.kan123.com
O1 - Hosts: 219.159.198.76 www.sotop.com
O1 - Hosts: 219.159.198.76 www.yun8.com
O1 - Hosts: 219.159.198.76 film.yun8.com
O1 - Hosts: 219.159.198.76 www.wo123.com
O1 - Hosts: 219.159.198.76 www.huole.com
O1 - Hosts: 219.159.198.76 www.1ya.cn
O1 - Hosts: 219.159.198.76 sms1.ctn.com.cn
O1 - Hosts: 219.159.198.76 sms2.ctn.com.cn
O1 - Hosts: 219.159.198.76 sms3.ctn.com.cn
O1 - Hosts: 219.159.198.76 myadv2.163.com
O1 - Hosts: 219.159.198.76 sms.163.com
O1 - Hosts: 219.159.198.76 sms.sina.com.cn
O1 - Hosts: 219.159.198.76 sms.xilu.com
O1 - Hosts: 219.159.198.76 sms.tom.com
O1 - Hosts: 219.159.198.76 www.happy8.cn
O1 - Hosts: 219.159.198.76 www.s6.cn
O1 - Hosts: 219.159.198.76 www.66vv.com
O1 - Hosts: 219.159.198.76 www.qqee.com
O1 - Hosts: 219.159.198.76 www.sohu123.com
O1 - Hosts: 219.159.198.76 www.xgmm.com
O1 - Hosts: 219.159.198.76 www.cnimg.com
O1 - Hosts: 219.159.198.76 www.vcdvcd.com
O1 - Hosts: 219.159.198.76 www.dj3344.com
O1 - Hosts: 219.159.198.76 www.qq3344.com
O1 - Hosts: 219.159.198.76 www.love34.com
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Messenger\ycomp.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - D:\PROGRA~1\KuGoo\KUGOO3~1.OCX
O2 - BHO: (no name) - {B3ECCAC9-C7FA-462C-894B-8E9930A70E14} - D:\PROGRA~1\KuGoo\IEHELP~1.DLL
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\Assist\asbar.dll
O2 - BHO: (no name) - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O3 - Toolbar: 博采 - {4DA2EE61-6399-4C39-AEB9-0D990E610D29} - C:\WINDOWS\System32\BOCAIT~1.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Messenger\ycomp.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\Assist\asbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Yht USB PC Camera
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RfwMain] D:\Program Files\rising\Rfw\rfwmain.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BCUpdate] C:\WINDOWS\System32\BCUP.exe
O4 - HKLM\..\Run: [MoveSearch] C:\Program Files\wsearch\Search.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [assistse] "C:\PROGRA~1\3721\assistse.exe"
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [RavTask] "d:\Program Files\rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [kav] C:\WINDOWS\System32\svchsot.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
O8 - Extra context menu item: 使用KuGoo3下载(&K) - D:\Program Files\KuGoo\KuGoo3DownX.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加QQ网络收藏夹 - D:\Program Files\Tencent\TT\NAF.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\qq\SendMMS.htm
O8 - Extra context menu item: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=200 (file missing)
O9 - Extra button: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O11 - Options group: [CDNCLIENT]  中文上网
O11 - Options group: [TBH] QQ地址栏搜索
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {3E127217-9825-4D6E-A00A-7B7CD088FCD0} (LiveRecord_WebOCX.LiveRecordCtl) - http://e-learning.liveabc.com/download/LiveRecord.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/076792a176f44a111302/netzip/RdxIE601_cn.cab
O16 - DPF: {65A2AF26-BF84-49FA-B0AA-BC57B7B656A5} (XINTVClientAuthX Control) - http://www.xintv.com/shcentell/xinhua/download/XINTVClientAuthX.cab
O16 - DPF: {733652F9-53EF-4BF1-B391-375980675D6F} (V3PROXL Control) - http://download.3721.com/download/myv3/plugin/myv3light.cab
O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420} (CNNIC_IDN) - http://jump.cnnic.cn/stat/stat?sid=0008&debug=false&pid=c_95p&url=http://client.jogo.cn/download/cnnic/cdn.cab
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab
O16 - DPF: {CF85459D-DFA7-4028-A065-3C6D1356DCC8} (CertInstall Control) - http://gd.chinavnet.com/CertInstall.cab
O16 - DPF: {E3DA60E2-2DCC-42EC-BA77-D8DCE12DDA63} (LiveNet_WebOCX.LiveNetCtl) - http://e-learning.liveabc.com/download/LiveNet.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECC76502-7256-418A-9AD2-0058981A107C}: NameServer = 202.96.128.86 202.96.128.166
O23 - Service: iPod 服务 (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Program Files\rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - d:\Program Files\rising\Rav\Ravmond.exe
O23 - Service: Windows Management Drivers - Unknown owner - C:\WINDOWS\win32help.exe

修复:
C:\WINDOWS\System32\BCUP.exe
O4 - HKLM\..\Run: [BCUpdate] C:\WINDOWS\System32\BCUP.exe
O1 - Hosts: 219.159.198.76 wwww.vv66.net
O1 - Hosts: 219.159.198.76 www.mtv888.com
O1 - Hosts: 219.159.198.76 wwww.mtvccc.com
O1 - Hosts: 219.159.198.76 www.yy530.com
O1 - Hosts: 219.159.198.76 www.7sou.com
O1 - Hosts: 219.159.198.76 www.qq730.com
O1 - Hosts: 219.159.198.76 www.mmqm.com
O1 - Hosts: 219.159.198.76 www.fun520.com
O1 - Hosts: 219.159.198.76 www.ktv530.com
O1 - Hosts: 219.159.198.76 www.qq230.com
O1 - Hosts: 219.159.198.76 www.qq168.net
O1 - Hosts: 219.159.198.76 www.qq240.com
O1 - Hosts: 219.159.198.76 www.qq250.com
O1 - Hosts: 219.159.198.76 www.qq886.com
O1 - Hosts: 219.159.198.76 www.552211.net
O1 - Hosts: 219.159.198.76 www.dj530.com
O1 - Hosts: 219.159.198.76 www.qq998.com
O1 - Hosts: 219.159.198.76 www.oo163.com
O1 - Hosts: 219.159.198.76 www.dj520.com
O1 - Hosts: 219.159.198.76 pic.coke163.com
O1 - Hosts: 219.159.198.76 www.v111.com
O1 - Hosts: 219.159.198.76 music.coke163.com
O1 - Hosts: 219.159.198.76 web.coke163.com
O1 - Hosts: 219.159.198.76 vod.coke163.com
O1 - Hosts: 219.159.198.76 flash.coke163.com
O1 - Hosts: 219.159.198.76 www.coke163.com
O1 - Hosts: 219.159.198.76 www.xicu.com
O1 - Hosts: 219.159.198.76 www.haodx.com
O1 - Hosts: 219.159.198.76 www.haohz.com
O1 - Hosts: 219.159.198.76 www.265.com
O1 - Hosts: 219.159.198.76 www.skyhits.com
O1 - Hosts: 219.159.198.76 www.rd18.com
O1 - Hosts: 219.159.198.76 www.vlike.com
O1 - Hosts: 219.159.198.76 www.web888.org
O1 - Hosts: 219.159.198.76 www.432.cn
O1 - Hosts: 219.159.198.76 www.kan123.com
O1 - Hosts: 219.159.198.76 www.sotop.com
O1 - Hosts: 219.159.198.76 www.yun8.com
O1 - Hosts: 219.159.198.76 film.yun8.com
O1 - Hosts: 219.159.198.76 www.wo123.com
O1 - Hosts: 219.159.198.76 www.huole.com
O1 - Hosts: 219.159.198.76 www.1ya.cn
O1 - Hosts: 219.159.198.76 sms1.ctn.com.cn
O1 - Hosts: 219.159.198.76 sms2.ctn.com.cn
O1 - Hosts: 219.159.198.76 sms3.ctn.com.cn
O1 - Hosts: 219.159.198.76 myadv2.163.com
O1 - Hosts: 219.159.198.76 sms.163.com
O1 - Hosts: 219.159.198.76 sms.sina.com.cn
O1 - Hosts: 219.159.198.76 sms.xilu.com
O1 - Hosts: 219.159.198.76 sms.tom.com
O1 - Hosts: 219.159.198.76 www.happy8.cn
O1 - Hosts: 219.159.198.76 www.s6.cn
O1 - Hosts: 219.159.198.76 www.66vv.com
O1 - Hosts: 219.159.198.76 www.qqee.com
O1 - Hosts: 219.159.198.76 www.sohu123.com
O1 - Hosts: 219.159.198.76 www.xgmm.com
O1 - Hosts: 219.159.198.76 www.cnimg.com
O1 - Hosts: 219.159.198.76 www.vcdvcd.com
O1 - Hosts: 219.159.198.76 www.dj3344.com
O1 - Hosts: 219.159.198.76 www.qq3344.com
O1 - Hosts: 219.159.198.76 www.love34.com
关闭所有IE。

使用任务管理器删除BCUP.exe进程。

打开运行，执行regsvr32 -u c:\系统目录\BoCaiToolBar.dll

进入系统目录。
winxp:\\WINDOWS\system32
删除BCUP.exe，删除BoCaiToolBall.DLL

打开注册表编辑器
删除HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BCUpdate
删除HKEY_LOCAL_MACHINE\SOFTWARE\BlogChina\BC]

O23 - Service: Windows Management Drivers - Unknown owner - C:\WINDOWS\win32help.exe
是灰鸽子
参考Baohe斑竹
http://forum.ikaka.com/topic.asp?board=28&artid=6202404
不过你机子上LJ很多.

所有01项修复~

O23 - Service: Windows Management Drivers - Unknown owner - C:\WINDOWS\win32help.exe鸽子

还是借用下工具吧:
下个超级兔子卸载:中文上网,博采,网络猪,上网助手.

或在:论坛首页 > 技术交流区 > 反浏览器劫持论坛 > [必读]本版说明及常用小软件下载（2006.1.10软件更新）11楼下个"恶意软件清理助手 1.53 Build 025 "用用

你的机器很吓人啊!

【回复“crystal123”的帖子】
除了楼上几位说的，还有一个：
O4 - HKLM\..\Run: [kav] C:\WINDOWS\System32\svchsot.exe
如果自己不能搞掂，请将C:\WINDOWS\System32\svchsot.exe打包，发到：baohelin@yahoo.com.cn。
注意正常系统文件是C:\WINDOWS\System32\svchost.exe；你这个木马是C:\WINDOWS\System32\svchsot.exe。看清楚。如果找不到，请显示隐藏文件，在安全模式下找。

谢谢各位!!
有一位建议我用超级兔子删除那些什么上网助手的文件,我自己在删除程序那里卸载不就行了么?
所有的操作应该在安全模式下进行吧?
不好意思啊,令各位见笑了,我什么也不懂啊.自己很少动手清理这些病毒的,什么都交给"瑞星"处理了.呵呵.还请大家多多指教!让我学多些东西.我会用各位的方法再试试的.