老大帮帮忙看看...中毒了...
帮我看看,那些要删掉....怎么删掉...??

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:54:53, on 2008-6-1
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\ravmond.exe
C:\Program Files\Rising\Rfw\rfwsrv.exe
C:\Program Files\Rising\Rfw\rfwProxy.exe
C:\Program Files\Rising\Rfw\rfwstub.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Rising\Rfw\RfwMain.exe
C:\WINDOWS\system32\boboturbo\boboturbo.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\BHDCRegC.exe
C:\Program Files\Rising\AntiSpyware\runiep.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\hhukcert.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Rising\Rav\Rav.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Thunder\Program\Thunder5.exe
C:\Documents and Settings\Administrator\桌面\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: Parameter Class - {FFFFEECE-FD18-8222-2FB0-2935B9EA0515} - C:\WINDOWS\system32\PARAME~1.DLL
O3 - Toolbar: 百度工具栏 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [BHDCRegC] C:\WINDOWS\system32\BHDCRegC.exe
O4 - HKLM\..\Run: [WebThunder] ; C:\Program Files\Thunder Network\WebThunder\WebThunder.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [runeip] "C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [hhukcert] C:\WINDOWS\system32\hhukcert.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: 使用Web迅雷下载 - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 - Extra context menu item: 使用Web迅雷下载全部链接 - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder\Program\getallurl.htm
O9 - Extra button: 启动WEB迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: 启动WEB迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O15 - Trusted Zone: http://www.icbc.com.cn
O16 - DPF: {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} (PhotoDraw Class) - http://imgcache.qq.com/qzone/client/photo/pages/QQPhotoDrawSetup.exe
O16 - DPF: {5AB9367B-DD7F-411D-A030-DF7DE5E17AAE} (ICBC Security Ctrl) - http://securitycheck.icbc.com.cn/download/NetBankSecurity_cn.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {EC0978ED-24E3-403C-AB7A-060E388553E6} (BoBoControl Class) - http://www.hhzone.cn/DVD/download/ActiveX_V3.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{09DCC366-C04D-46D7-BD99-8F014FD3DD0F}: NameServer = 202.103.44.5,202.103.0.117
O17 - HKLM\System\CS1\Services\Tcpip\..\{09DCC366-C04D-46D7-BD99-8F014FD3DD0F}: NameServer = 202.103.44.5,202.103.0.117
O23 - Service: BoBoTurbo - 广州易播信息科技有限公司 - C:\WINDOWS\system32\boboturbo\boboturbo.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rfw\rfwProxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe

--
End of file - 5846 bytes

下载 System Repair Engineer （点击下载）
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改

用老大告诉的软件进行了扫描,在没有任何其他操作的情况下,保存了日志.........
请老大帮忙看看.....是怎么回事?????
还请老大不吝赐教...........................................

用sreng
删除启动项目=>注册表
    <{8C41B7F7-3168-400D-A702-0E7EFE0BA304}><C:\WINDOWS\system32\sgrefg.dll>  [N/A]
    <{CAED0F3B-DF8B-4DBF-BB20-8DFBC3199068}><C:\WINDOWS\system32\jhrcar.dll>  [N/A]

删除启动项目=>服务
[Server / lanmanserver][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\srvsvc.dll><Microsoft Corporation>
[Workstation / lanmanworkstation][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\wkssvc.dll><Microsoft Corporation>
[COM+ Event System / EventSystem][Running/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\es.dll><Microsoft Corporation>
[Fast User Switching Compatibility / FastUserSwitchingCompatibility][Running/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\shsvcs.dll><Microsoft Corporation>
[DCOM Server Process Launcher / DcomLaunch][Running/Auto Start]
  <C:\WINDOWS\system32\svchost -k DcomLaunch-->%SystemRoot%\system32\rpcss.dll><Microsoft Corporation>
[DHCP Client / Dhcp][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\dhcpcsvc.dll><Microsoft Corporation>
[Remote Access Connection Manager / RasMan][Running/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\rasmans.dll><Microsoft Corporation>
[Remote Procedure Call (RPC) / RpcSs][Running/Auto Start]
  <C:\WINDOWS\system32\svchost -k rpcss-->%SystemRoot%\system32\rpcss.dll><Microsoft Corporation>
[Windows Image Acquisition (WIA) / stisvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k imgsvc-->%SystemRoot%\system32\wiaservc.dll><Microsoft Corporation>
[Telephony / TapiSrv][Running/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\tapisrv.dll><Microsoft Corporation>
[Themes / Themes][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\shsvcs.dll><Microsoft Corporation>
[Universal Plug and Play Device Host / upnphost][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k LocalService-->%SystemRoot%\System32\upnphost.dll><Microsoft Corporation>
[WebClient / WebClient][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k LocalService-->%SystemRoot%\System32\webclnt.dll><Microsoft Corporation>
[Autoupdate For Windows / Wuauclt][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\system32\Wuauclt.dll><N/A>

重启,删除
C:\WINDOWS\System32\srvsvc.dll
C:\WINDOWS\System32\wkssvc.dll
C:\WINDOWS\system32\es.dll
C:\WINDOWS\System32\shsvcs.dll
C:\WINDOWS\System32\dhcpcsvc.dll
C:\WINDOWS\System32\rasmans.dll
C:\WINDOWS\system32\rpcss.dll
C:\WINDOWS\system32\wiaservc.dll
C:\WINDOWS\System32\tapisrv.dll
C:\WINDOWS\System32\shsvcs.dll
C:\WINDOWS\System32\upnphost.dll
C:\WINDOWS\System32\webclnt.dll
C:\WINDOWS\system32\Wuauclt.dll
C:\WINDOWS\system32\sgrefg.dll
C:\WINDOWS\system32\jhrcar.dll

按照老大的方法启动了sreng,但是没有找到你罗列的项目...请看附件图片.........但在运行了注册表后,搜索到了{8C41B7F7-3168-400D-A702-0E7EFE0BA304},点击了删除....希望没有删错.....
又用sreng进行了扫描,保存了日志......请老大过目............

图片

日志: