总弹出一个窗口，还提示说注册表被修改，而且有一些木马病毒杀完后在开机又出现了，谁能告诉我怎么办啊？

我也是啊`那位帮帮忙```

请把你们的日志全部发上来，hj工具http://forum.ikaka.com/topic.asp?board=28&artid=6979213一楼的附件中就是，如果一次发不完就多发几次~

Logfile of HijackThis v1.99.1
Scan saved at 21:24:14, on 2005-8-31
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\BullsEye Network\bin\bargains.exe
D:\WINDOWS\system32\rundll32.exe
D:\PROGRA~1\3721\assistse.exe
D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Xplus\Xplus.exe
D:\WINDOWS\System32\conime.exe
D:\WINDOWS\system32\ftp.exe
D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
D:\PROGRAM FILES\RISING\RAV\RavStub.exe
d:\program files\rising\rav\RAVMON.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\ZHANGJ~1\LOCALS~1\Temp\Rar$EX00.765\HijackThis.exe

R3 - URLSearchHook: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - D:\PROGRA~1\3721\Assist\asbar.dll
O1 - Hosts: 129.107.56.93 onlineaccounts2.abbeynational.co.uk
O1 - Hosts: 129.107.56.93 www3.aibgbonline.co.uk
O1 - Hosts: 129.107.56.93 www.bank.alliance-leicester.co.uk
O1 - Hosts: 129.107.56.93 login.iblogin.com
O1 - Hosts: 129.107.56.93 ww2.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 129.107.56.93 inet.barclays.co.uk
O1 - Hosts: 129.107.56.93 iibank.barclays.co.uk
O1 - Hosts: 129.107.56.93 iibank.cahoot.com
O1 - Hosts: 129.107.56.93 www3.coventrybuildingsociety.co.uk
O1 - Hosts: 129.107.56.93 ww.hsbc.co.uk
O1 - Hosts: 129.107.56.93 login.ebank.offshore.hsbc.co.je
O1 - Hosts: 129.107.56.93 ww3.online-offshore.lloydstsb.com
O1 - Hosts: 129.107.56.93 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 129.107.56.93 ww3.online.lloydstsb.co.uk
O1 - Hosts: 129.107.56.93 ww3.online.lloydstsb.co.uk
O1 - Hosts: 129.107.56.93 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 129.107.56.93 ob2.nationet.com
O1 - Hosts: 129.107.56.93 ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: 129.107.56.93 ww1.nwolb.com
O1 - Hosts: 129.107.56.93 ww1.onlinebanking.iombank.com
O1 - Hosts: 129.107.56.93 ww1.www.rbsdigital.com
O1 - Hosts: 129.107.56.93 welcome.smile.co.uk
O1 - Hosts: 129.107.56.93 login.365online.com
O1 - Hosts: 129.107.56.93 wvw.citizensbankonline.com
O1 - Hosts: 129.107.56.93 esecure.regionsnet.com
O1 - Hosts: 129.107.56.93 rollb.associatedbank.com
O1 - Hosts: 129.107.56.93 upb.unionplanters.com
O1 - Hosts: 129.107.56.93 www.onlinebanking.huntington.com
O1 - Hosts: 129.107.56.93 inet.southtrustonlinebanking.com
O1 - Hosts: 129.107.56.93 logon.personal.wamu.com
O1 - Hosts: 129.107.56.93 login.compassweb.com
O1 - Hosts: 129.107.56.93 logon.firstmeritib.com
O1 - Hosts: 129.107.56.93 login.ccfcuonline.org
O1 - Hosts: 129.107.56.93 ww3.etimebanker.bankofthewest.com
O1 - Hosts: 129.107.56.93 ww2.onlinebanking.lasallebank.com
O1 - Hosts: 129.107.56.93 wvw.totallyfreebanking.com
O1 - Hosts: 129.107.56.93 www.online.wellsfargo.com
O1 - Hosts: 129.107.56.93 www.onlinebanking.bankofoklahoma.com
O1 - Hosts: 129.107.56.93 accounts4.keybank.com
O1 - Hosts: 129.107.56.93 logon.bankone.com
O1 - Hosts: 129.107.56.93 www.secure.tdbanknorth.com
O1 - Hosts: 129.107.56.93 www.secure.mvnt4.com
O1 - Hosts: 129.107.56.93 ww.mynfbonline.com
O1 - Hosts: 129.107.56.93 login.forumcuonline.com
O1 - Hosts: 129.107.56.93 www.eds.usersonlnet.com
O1 - Hosts: 129.107.56.93 www.onlineid.bankofamerica.com
O1 - Hosts: 129.107.56.93 wvw.e-gold.com
O1 - Hosts: 129.107.56.93 pcbs.peoples.com
O1 - Hosts: 129.107.56.93 www.global1.onlinebank.com
O1 - Hosts: 129.107.56.93 ww2.mybranch.lafcu.com
O1 - Hosts: 129.107.56.93 login.webbanking.comerica.com
O1 - Hosts: 129.107.56.93 web.banking.firsttennessee.com
O1 - Hosts: 129.107.56.93 logon.members1st.org
O1 - Hosts: 129.107.56.93 www.cib.ibanking-services.com
O1 - Hosts: 129.107.56.93 www.miwebbusbank.ebanking-services.com
O1 - Hosts: 129.107.56.93 wvw.paypal.com
O1 - Hosts: 129.107.56.93 www.signin.ebay.com
O1 - Hosts: 129.107.56.93 wvw.etrade.com
O1 - Hosts: 129.107.56.93 ww4.fleethomelink.fleet.com
O1 - Hosts: 129.107.56.93 ww3.connect.skyfi.com
O1 - Hosts: 129.107.56.93 www6.usbank.com
O1 - Hosts: 129.107.56.93 www.bvi.bancodevalencia.es
O1 - Hosts: 129.107.56.93 extrant.banesto.es
O1 - Hosts: 129.107.56.93 banesnt.banesto.es
O1 - Hosts: 129.107.56.93 activia.caixagalicia.es
O1 - Hosts: 129.107.56.93 www.bancae.caixapenedes.com
O1 - Hosts: 129.107.56.93 login.caixasabadell.net
O1 - Hosts: 129.107.56.93 oii.cajamadrid.es
O1 - Hosts: 129.107.56.93 login.cajamar.es
O1 - Hosts: 129.107.56.93 login.ccm.es
O1 - Hosts: 129.107.56.93 ww.unicaja.es
O1 - Hosts: 129.107.56.93 www5.bancopopular.es
O1 - Hosts: 129.107.56.93 ww3.bbvanet.com
O1 - Hosts: 129.107.56.93 ww.bayernlb.de
O1 - Hosts: 129.107.56.93 ww2.berliner-volksbank.de
O1 - Hosts: 129.107.56.93 ww7.homebanking-berlin.de
O1 - Hosts: 129.107.56.93 portal09.commerzbanking.de
O1 - Hosts: 129.107.56.93 www.meine.deutsche-bank.de
O1 - Hosts: 129.107.56.93 ww2.dresdner-privat.de
O1 - Hosts: 129.107.56.93 ww.e-banking.helaba.de
O1 - Hosts: 129.107.56.93 ww.hsh-nordbank.de
O1 - Hosts: 129.107.56.93 www.my.hypovereinsbank.de
O1 - Hosts: 129.107.56.93 ww3.homebanking-berlin.de
O1 - Hosts: 129.107.56.93 ww3.homebanking-berlin.de
O1 - Hosts: 129.107.56.93 www.banking.lbbw.de
O1 - Hosts: 129.107.56.93 lrp.sparkasse-banking.de
O1 - Hosts: 129.107.56.93 ww3.homebanking-niedersachsen.de
O1 - Hosts: 129.107.56.93 www.onlinebanking.norisbank.de
O1 - Hosts: 129.107.56.93 www.banking.postbank.de
O1 - Hosts: 129.107.56.93 wvw.internetbanking.gad.de
O1 - Hosts: 129.107.56.93 ww1.portal.izb.de
O1 - Hosts: 129.107.56.93 wvw.kunden-service.lbs.de
O1 - Hosts: 129.107.56.93 ibanking.seb.de
O1 - Hosts: 129.107.56.93 bw7.sparkasse-banking.de
O1 - Hosts: 129.107.56.93 ww2.homebanking-sparkasse.de
O1 - Hosts: 129.107.56.93 ww2.vr-networld-ebanking.de
O1 - Hosts: 129.107.56.93 ww.bics.fr
O1 - Hosts: 129.107.56.93 www.co.caixabank.fr
O1 - Hosts: 129.107.56.93 ww.creditmutuel.fr
O1 - Hosts: 129.107.56.93 internetbank.intesabci.it
O1 - Hosts: 129.107.56.93 ww.extensive.bancalombarda.it
O2 - BHO: Microsoft Java Class - {6E28339B-7A2A-47B6-AEB2-46BA53782379} - D:\WINDOWS\System32\dllcache\java.dll
O2 - BHO: IEHlprObj Class - {C5E5DB7E-46B1-47E6-8447-2E517F269925} - D:\Program Files\Xplus\GETIE.dll
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Update System Shell] svhostcs32.exe
O4 - HKLM\..\Run: [BullsEye Network] D:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [helper.dll] D:\WINDOWS\system32\rundll32.exe D:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [assistse] "D:\PROGRA~1\3721\assistse.exe"
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe D:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [DAEMON Tools-2052] "D:\Program Files\D-Tools\daemon.exe"  -lang 2052
O4 - HKLM\..\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [MS-DOS Boot Service] boot32.pif
O4 - HKLM\..\RunServices: [Windows Update System Shell] svhostcs32.exe
O4 - HKLM\..\RunServices: [MS-DOS Boot Service] boot32.pif
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Update System Shell] svhostcs32.exe

O4 - HKCU\..\Run: [Xplus] "D:\Program Files\Xplus\Xplus_Wait.exe" /min
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: !搜一搜 - res://D:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\Sandai Technologies Inc\Thunder\getAllurl.htm
O8 - Extra context menu item: 使用Kugoo下载 - C:\Program Files\KuGoo2\KugooDownX.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125045804012
O17 - HKLM\System\CCS\Services\Tcpip\..\{8942D937-79E6-4509-9115-E4F7354856D0}: NameServer = 202.106.46.151 202.106.0.20
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe

【回复“zhangjingyuan”的帖子】D:\WINDOWS\system32\ftp.exe如果这个不是你所知道的程序，请打包上传
O4 - HKLM\..\Run: [Windows Update System Shell] svhostcs32.exe可疑程序
把所有的01项修复！

我把所有的01项都用那个工具修复了。怎么打包上传那个ftp.exe

O4 - HKLM\..\Run: [Windows Update System Shell] svhostcs32.exe这个好象修复完了，会又出现不知道为什么？

【回复“zhangjingyuan”的帖子】你还是把svhostcs32.exe打包上传吧，等baohe版主来分析一下这个病毒！

我在系统里找不到svhostcs32.exe这个文件。
ftp.exe我已打包上传到顶楼。