这是扫描的日志!请帮看看!谢谢!

Logfile of HijackThis v1.99.1
Scan saved at 9:25:35, on 2006-9-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\VM_STI.EXE
C:\Q2\Fahid.exe
C:\Q2\Pad32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\Help\IEXPL0RE.exe
C:\WINDOWS\Help\IEXPL0RE.exe
C:\WINDOWS\Help\IEXPL0RE.exe
C:\WINDOWS\Help\IEXPL0RE.exe
C:\WINDOWS\Help\IEXPL0RE.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Help\IEXPL0RE.exe
D:\Program Files 勿删\程序\shadu\HijackThis.exe

R3 - URLSearchHook: Micrsoft SearchBar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\PROGRA~1\MICRSO~1\tbu25\SearchBar.dll
R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
F3 - REG:win.ini: load=愢? P趺 p?
O2 - BHO: Internet Explorer helper Objects - {C277FAA4-F103-42AE-82FD-F4A1AB015F2A} - C:\WINDOWS\system32\MSIEHelp.dll
O2 - BHO: AL2Spy Class - {DC200356-0864-4F66-8964-5D43A19300F5} - C:\WINDOWS\system32\al2dll.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE FAMETECH USB PC CAMERA
O4 - HKLM\..\Run: [FAhid] C:\Q2\Fahid.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [stup.exe] C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - HKLM\..\Run: [C:\DOCUME~1\user\LOCALS~1\Temp\SetupCmd27.exe] C:\DOCUME~1\user\LOCALS~1\Temp\SetupCmd27.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\ctfmon.exe
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SoundMan] C:\WINDOWS\S0UNDMAN.exe
O4 - Startup: 腾讯QQ珊瑚虫版.lnk = C:\Program Files\Tencent\QQ\CoralQQ.exe
O4 - Startup: 快手.lnk = C:\Q2\quick2.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: IE-Bar.lnk = C:\Program Files\Common Files\IE-Bar\iebar.exe
O8 - Extra context menu item:  >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://c:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 百度Flash搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/FLASHSEARCH.HTM
O8 - Extra context menu item: 百度mp3搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度信息快递搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIE.HTM
O8 - Extra context menu item: 百度图片搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度新闻搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O8 - Extra context menu item: 豪杰超级解霸V8实时播放 - C:\Herosoft\HeroV8\MPURLGET.HTM
O9 - Extra button: AutoLogin - {D04AA3F7-DEE7-479B-A153-24E6C36300C0} - C:\WINDOWS\system32\al2dll.dll
O11 - Options group: [TBH] 搜搜地址栏搜索
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7E9AAF0-F514-4868-BE8A-AD80A4764FC8}: NameServer = 202.100.192.68 202.100.199.8
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINDOWS\system\1e5d6b50.dll (file missing)
O23 - Service: java - Unknown owner - C:\WINDOWS\java.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Update Service For Windows (SoftUpdate) - Unknown owner - C:\WINDOWS\SoftUpdate.exe (file missing)
O23 - Service: Windows Createddos (Windows Processdos) - Unknown owner - C:\WINDOWS\system32\smrss.exe
O23 - Service: winupdate (winUpdate) - Unknown owner - C:\WINDOWS\winUpdate.exe (file missing)

兄弟你是怎么贴上来的 厉害啊

O23 - Service: java - Unknown owner - C:\WINDOWS\java.exe
你怎么会有我的鸽子?

O23 - Service: Update Service For Windows (SoftUpdate) - Unknown owner - C:\WINDOWS\SoftUpdate.exe (file missing)
参考顶置...

O23 - Service: Windows Createddos (Windows Processdos) - Unknown owner - C:\WINDOWS\system32\smrss.exe
O23 - Service: winupdate (winUpdate) - Unknown owner - C:\WINDOWS\winUpdate.exe (file missing)
灰鸽子..安全模式...打开注册表编辑器，展开：HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
搜索Windows Processdos和winUpdate 删除...
删除
C:\WINDOWS\system32\smrss.exe

修复
F3 - REG:win.ini: load=愢? P趺 p?
O2 - BHO: Internet Explorer helper Objects - {C277FAA4-F103-42AE-82FD-F4A1AB015F2A} - C:\WINDOWS\system32\MSIEHelp.dll
O2 - BHO: AL2Spy Class - {DC200356-0864-4F66-8964-5D43A19300F5} - C:\WINDOWS\system32\al2dll.dll
O4 - HKLM\..\Run: [C:\DOCUME~1\user\LOCALS~1\Temp\SetupCmd27.exe] C:\DOCUME~1\user\LOCALS~1\Temp\SetupCmd27.exe
O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\ctfmon.exe
O4 - HKCU\..\Run: [SoundMan] C:\WINDOWS\S0UNDMAN.exe
O4 - Global Startup: IE-Bar.lnk = C:\Program Files\Common Files\IE-Bar\iebar.exe
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINDOWS\system\1e5d6b50.dll (file missing)
删除
C:\WINDOWS\system32\MSIEHelp.dll
C:\WINDOWS\system32\al2dll.dll
C:\WINDOWS\ctfmon.exe
C:\WINDOWS\S0UNDMAN.exe

安全模式清空
C:\DOCUME~1\user\LOCALS~1\Temp

删除
C:\WINDOWS\Help\IEXPL0RE.exe

http://www.pctutu.com/srmsdown.asp (安装版)
http://download5.pctutu.com/soft/magicset78.zip (免安装版)
下载超级兔子..用超级兔子清理王在安全模式下卸载流氓软件...

C:\Q2\Fahid.exe
C:\Q2\Pad32.exe
????
O23 - Service: Update Service For Windows (SoftUpdate) - Unknown owner - C:\WINDOWS\SoftUpdate.exe (file missing)
O23 - Service: Windows Createddos (Windows Processdos) - Unknown owner - C:\WINDOWS\system32\smrss.exe
O23 - Service: winupdate (winUpdate) - Unknown owner - C:\WINDOWS\winUpdate.exe (file missing)
后面带(file missing)的修复

O23 - Service: Windows Createddos (Windows Processdos) - Unknown owner - C:\WINDOWS\system32\smrss.exe
这个参照http://forum.ikaka.com/topic.asp?board=28&artid=7713905

C:\WINDOWS\Help\IEXPL0RE.exe
C:\WINDOWS\Help\IEXPL0RE.exe
C:\WINDOWS\Help\IEXPL0RE.exe
C:\WINDOWS\Help\IEXPL0RE.exe
C:\WINDOWS\Help\IEXPL0RE.exe
C:\WINDOWS\Help\IEXPL0RE.exe 

F3 - REG:win.ini: load=愢? P趺 p?
O23 - Service: java - Unknown owner - C:\WINDOWS\java.exe
O23 - Service: Update Service For Windows (SoftUpdate) - Unknown owner - C:\WINDOWS\SoftUpdate.exe (file missing)
O23 - Service: winupdate (winUpdate) - Unknown owner - C:\WINDOWS\winUpdate.exe (file missing)

打开注册表编辑器，展开：HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services找到java和Update Service For Windows  winupdate  删除这三个.
重启电脑.删除对应文件.

O23 - Service: Windows Createddos (Windows Processdos) - Unknown owner - C:\WINDOWS\system32\smrss.exe 这个有点怀疑.

O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINDOWS\system\1e5d6b50.dll (file missing)
这个也修复

http://virus.chinavnet.com/newSite/Channels/Anti_Virus/Upgrade_Report/Upgrade_Report/200311/24-164512882.htm

14.TrojanDownloader.Win32.VB.v
破坏方法：vb写的木马，每隔几秒钟，试图下载下列文件到本地运行。

http://67.121.215.93/gcv.asp?a=14129
http://67.121.215.93/014129/smss.exe
http://67.121.215.93/greeting.asp?i=2&id=14129A862221298

修改注册表，随系统自启动。
  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run
smrss32 : %SYSTEM%\smrss.exe %0%

是不是这个?

学习学习

感谢大家!!