大家好,今天上网时误入一个不良网站,就突然弹出了N多的广告程序,瑞星的实时临控反复弹出警告,最后只好重新启动.重启电脑后用瑞星防火墙查看系统登录项,就发现多了这么一个文件,而且怎么也无所取消,用优化大师同样也是如此,而且还提示说是病毒,建议用专业软件删除.
  可是我已经把瑞星升级到最新版了,仍然无法删吊这个病毒,反复查杀也没有用.在注册表中找到这个文件所在的键值,删除后再打开,仍然还在.现在我的电脑一开机就反复会跳出各种各样的窗口,实在是烦不胜烦.请各位大侠帮看一看有没有彻底的解决方法,小弟多谢了!

Logfile of HijackThis v1.99.1
Scan saved at 16:27:47, on 2006-8-26
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\ha_hijackthis_1991\HijackThis.exe

R3 - URLSearchHook: Micrsoft SearchBar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Micrsoft SearchBar\SearchBar.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\updown.exe
O2 - BHO: (no name) - RsAutorunsDisabled - (no file)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\kakatool.dll
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spi32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://C:\Herosoft\HeroV8\DVDSkin\defskin\HTML\swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{064A1462-3BE1-4919-A1D8-FB1F65E600F9}: NameServer = 218.85.157.99 202.101.98.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{064A1462-3BE1-4919-A1D8-FB1F65E600F9}: NameServer = 218.85.157.99 202.101.98.55
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

这就是我用HIJACKTHIS扫描后的日志,请帮我看看.

谢谢楼上两位大侠的解答,可是我已经都按照你们说的做了,可是UPDOWN.EXE这个文件仍然是无法删除啊.
下面是我按上述步骤执行后用的扫描日志:

Logfile of HijackThis v1.99.1
Scan saved at 17:10:32, on 2006-8-26
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\MDM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Rising\Rav\Rav.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\ha_hijackthis_1991\HijackThis.exe

F3 - REG:win.ini: load=XB?
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\updown.exe
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\kakatool.dll
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://C:\Herosoft\HeroV8\DVDSkin\defskin\HTML\swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{064A1462-3BE1-4919-A1D8-FB1F65E600F9}: NameServer = 218.85.157.99 202.101.98.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{064A1462-3BE1-4919-A1D8-FB1F65E600F9}: NameServer = 218.85.157.99 202.101.98.55
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe