该虫虫本人杀不掉,麻烦贵站了!
还请专家指点!
附上日志,如下
Logfile of HijackThis v1.99.1
Scan saved at 13:43:55, on 2006-5-9
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
G:\EDS\bin\lmgrd.exe
C:\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe
G:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe
G:\EDS\bin\iwlmd.exe
G:\Program Files\UGS\License Servers\UGNXFLEXlm\uglmd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\zstatus.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Rising\Rav\Rav.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
G:\Program Files\proeWildfire 2.0\i486_nt\obj\xtop.exe
G:\Program Files\proeWildfire 2.0\i486_nt\nms\nmsd.exe
G:\Program Files\proeWildfire 2.0\i486_nt\obj\pro_comm_msg.exe
H:\Tencent\QQ\QQ.exe
H:\Tencent\QQ\TIMPlatform.exe
C:\Program Files\Internet Explorer\iexplore.exe
H:\Tencent\QQ\QQexternal.exe
C:\WINDOWS\system32\svchost.exe
H:\Program Files\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v4.dll
O2 - BHO: QuickBtn - {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} - C:\Program Files\CoolWebsite\QuickLink.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing)
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - H:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: BrowserHAP Class - {AEF6F648-78D8-4456-BEE7-5ADE23D209FD} - C:\PROGRA~1\HBClient\hapast.dll
O2 - BHO: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Program Files\Baidu\bar\BaiduBar.DLL
O2 - BHO: bho Class - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - H:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Program Files\Baidu\bar\BaiduBar.DLL
O3 - Toolbar: CyberArticle Express - {769A6A36-ED24-4376-BC7C-80225BF35698} - H:\Program Files\CyberArticle\CAExp.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StormCodec_Helper] "h:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [hbpassport] C:\PROGRA~1\HBCLIENT\hbast.exe
O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\UPDAT\Update.exe
O4 - HKLM\..\Run: [ExFilter] Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll,ExecFilter solo"
O4 - HKLM\..\Run: [res] C:\WINDOWS\system32\res.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\microOffice\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe Reader7.0\Reader\reader_sl.exe
O8 - Extra context menu item:  >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL/mms.htm
O8 - Extra context menu item: &Download by NetAnts - H:\PROGRA~1\NETANTS\NAGet.htm
O8 - Extra context menu item: Download &All by NetAnts - H:\PROGRA~1\NETANTS\NAGetAll.htm
O8 - Extra context menu item: Open PDF in Word (PDF Converter 2.0) - res://H:\Program Files\PDF2Word\IEShellExt.dll /100
O8 - Extra context menu item: 使用网际快车下载 - H:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 保存: 完整网页... - H:\Program Files\CyberArticle\script\Save.htm
O8 - Extra context menu item: 保存: 更多保存内容... - H:\Program Files\CyberArticle\script\SaveAuto.htm
O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://D:\MICROO~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 导出当前页到超星阅览器(&A) - h:\Program Files\SSREADER36\ss_all.htm
O8 - Extra context menu item: 导出选中部分到超星阅览器(&S) - h:\Program Files\SSREADER36\ss_select.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - H:\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - H:\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - H:\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 百度-搜索MP3 - res://C:\Program Files\Baidu\bar\BaiduBar.DLL/BAIDUMP3.HTM
O8 - Extra context menu item: 百度-搜索图片 - res://C:\Program Files\Baidu\bar\BaiduBar.DLL/BAIDUIMG.HTM
O8 - Extra context menu item: 百度-搜索新闻 - res://C:\Program Files\Baidu\bar\BaiduBar.DLL/BAIDUNEWS.HTM
O8 - Extra context menu item: 百度-搜索歌词 - res://C:\Program Files\Baidu\bar\BaiduBar.DLL/BAIDULYRIC.HTM
O8 - Extra context menu item: 百度-搜索网页 - res://C:\Program Files\Baidu\bar\BaiduBar.DLL/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度-搜索贴吧 - res://C:\Program Files\Baidu\bar\BaiduBar.DLL/BAIDUPOST.HTM
O8 - Extra context menu item: 百度-词典搜索 - res://C:\Program Files\Baidu\bar\BaiduBar.DLL/BAIDU_DIC.HTM
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - H:\PROGRA~1\NETANTS\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - H:\PROGRA~1\NETANTS\NetAnts.exe
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O9 - Extra 'Tools' menuitem: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file://D:\Wildfire2.0\i486_nt\obj\pvx_install.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127778296480
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.80_20060123.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA067D12-656B-467E-B7E9-50CF69128F25}: NameServer = 60.191.134.197 60.191.134.204
O20 - Winlogon Notify: System Safety Monitor - C:\WINDOWS\SYSTEM32\SSMWinlogonEx.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imageware 12 License Manager - GLOBEtrotter Software Inc. - G:\EDS\bin\lmgrd.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision Corporation - C:\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe
O23 - Service: Unigraphics 许可证服务器（uglmd） (Unigraphics License Server (uglmd)) - Macrovision Corporation - G:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe

C:\WINDOWS\system32\res.exe 有问题

安装了流氓软件。qq病毒

进入控制面版的添加删除程序中卸载,酷站导航,MMSASS~1彩信，，这2个流氓软件
如果无法卸载，建议你下载超级兔子。
http://dl.pconline.com.cn/html_2/1/75/id=273&pn=0.html
安装好后，打开“超级兔子优化王”“专业卸载
关闭所有浏览窗口以及一些不必要的程序
运行Hijackthis，扫描结束后在下列选项前打上勾，然后选"修复""（如果有的话）
O2 - BHO: QuickBtn - {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} - C:\Program Files\CoolWebsite\QuickLink.dll
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
C:\Program Files\Common Files\UPDAT\Update.exe
C:\WINDOWS\system32\res.exe
O8 - Extra context menu item: >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL/mms.htm
O9 - Extra 'Tools' menuitem: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
双击我的电脑--工具---文件夹选项--查看--单击选取"显示隐藏文件或文件夹"清除"隐

藏受保护的操作系统文件（推荐）"复选框。在提示您确定更改时，单击“是”
C:\PROGRA~1\MMSASS~
C:\WINDOWS\system32\res.exe
C:\Program Files\CoolWebsit
C:\Program Files\Common Files\UPDAT

如何咔嚓呢?

瑞星只是杀掉文件，服务没有删除。
重启后，这个木马又会换一个服务重新再来。
请下载使用 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描

，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日

志文件内容复制-粘贴上来
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
www.27814939.ys168.com

【回复“ceshi123”的帖子】
O2 - BHO: QuickBtn - {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} - C:\Program Files\CoolWebsite\QuickLink.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing)
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O2 - BHO: BrowserHAP Class - {AEF6F648-78D8-4456-BEE7-5ADE23D209FD} - C:\PROGRA~1\HBClient\hapast.dll
O2 - BHO: bho Class - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll
O4 - HKLM\..\Run: [hbpassport] C:\PROGRA~1\HBCLIENT\hbast.exe
O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\UPDAT\Update.exe
O4 - HKLM\..\Run: [res] C:\WINDOWS\system32\res.exe
O8 - Extra context menu item: >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL/mms.htm
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O9 - Extra 'Tools' menuitem: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL

卸载
C:\Program Files\CoolWebsite\
C:\Program Files\MMSAssist\
C:\Program Files\HBClient\

删除
C:\Program Files\CoolWebsite\
C:\Program Files\MMSAssist\
C:\Program Files\HBClient\
C:\Program Files\Common Files\UPDAT\
C:\WINDOWS\system32\res.exe

其中
C:\Program Files\HBClient\是很棒小秘书流氓软件
具体操作参考
http://forum.ikaka.com/topic.asp?board=28&artid=7795226

c:\windows\system32\wbem\irjit.dll会导致www.9991.com劫持
具体操作参考
http://forum.ikaka.com/topic.asp?board=28&artid=7946351