瑞星卡卡安全论坛

如题,谢谢

Logfile of HijackThis v1.99.1
Scan saved at 19:14:20, on 2006-4-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\rising\rfw\rfwproxy.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
c:\program files\rising\rfw\rfwsrv.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\jmesoft\hotkey.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\PROGRA~1\jmesoft\hkload.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\Chinanet\VnetClient.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Downloads\杀毒工具\HijackThis.exe

R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: SgUrlSearHook Class - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - C:\WINDOWS\system32\socul.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 255.0.0.1 www.wg2046.com
O1 - Hosts: 255.0.0.1 wg2046.com
O2 - BHO: CPub Object - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll
O2 - BHO: (no name) - {35980F6E-A137-4E50-953D-813BB8556899} - (no file)
O2 - BHO: 360搜 - {472101C2-1109-43f4-9112-31F33E3F2127} - (no file)
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: IeControler Class - {9AFD91F9-6B03-4D22-A1E1-67D224CB7AB1} - C:\Downloads\IEMate.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - H:\下载\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [jmekey] C:\Program Files\jmesoft\hotkey.exe
O4 - HKLM\..\Run: [NetSpeeder] "C:\Downloads\NetSpeeder.exe" hide
O4 - HKLM\..\Run: [dmastu] rundll32.exe C:\PROGRA~1\DESKTO~1\Cast\dmipn.dll,Always
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [rfw] C:\Program Files\rising\Rfw\Rfw.exe
O4 - HKLM\..\Run: [NMGameX_AutoRun] C:\WINDOWS\system32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [360Main.exe] C:\PROGRA~1\360so\360Main.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [a6b6edb36a5ac12e3c648924c3c698b4] "C:\Downloads\d120jx210.12012.0.exe" -t 12012.0
O4 - Startup: On-Screen Keyboard.lnk = C:\WINDOWS\system32\osk.exe
O4 - Global Startup: 桌面传媒.lnk = ?
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用搜狗直通车下载 - C:\Program Files\P4P\dl.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 发送图片到手机 - C:\Program Files\P4P\cx.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 添加到“我的订阅” - C:\Program Files\P4P\rss.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_taijilian_48651 (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: 我的订阅 - {8755CE6E-0BF7-4441-8751-FB728941B0B4} - C:\Program Files\P4P\rss.dll
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O11 - Options group: [!ANetSpeeder]  NetSpeeder
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://vod.58028.net/plugin/PowerPlr.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{D20B3DD4-5D91-45B3-AB46-BA513082DFE6}: NameServer = 221.228.255.1 218.2.135.1
O18 - Protocol: mbox - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\system32\mbprot.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\SoDAHK.DLL
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\P4P\p2psvr.exe
O23 - Service: Pigeon_Server (PigeonServer) - Unknown owner - C:\WINDOWS\Server.exe (file missing)
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

是不是太多了???我感觉~

R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: SgUrlSearHook Class - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - C:\WINDOWS\system32\socul.dll
O1 - Hosts: 255.0.0.1 www.wg2046.com
O1 - Hosts: 255.0.0.1 wg2046.com
O2 - BHO: (no name) - {35980F6E-A137-4E50-953D-813BB8556899} - (no file)
O2 - BHO: 360搜 - {472101C2-1109-43f4-9112-31F33E3F2127} - (no file)
O2 - BHO: IeControler Class - {9AFD91F9-6B03-4D22-A1E1-67D224CB7AB1} - C:\Downloads\IEMate.dll (file missing)
O4 - HKLM\..\Run: [dmastu] rundll32.exe C:\PROGRA~1\DESKTO~1\Cast\dmipn.dll,Always
O4 - HKLM\..\Run: [360Main.exe] C:\PROGRA~1\360so\360Main.exe
O4 - HKCU\..\Run: [a6b6edb36a5ac12e3c648924c3c698b4] "C:\Downloads\d120jx210.12012.0.exe" -t 12012.0
O23 - Service: Pigeon_Server (PigeonServer) - Unknown owner - C:\WINDOWS\Server.exe (file missing)

卸载：
C:\PROGRA~1\DESKTO~1\
C:\PROGRA~1\360so\

删除：
C:\PROGRA~1\DESKTO~1\
C:\PROGRA~1\360so\
C:\WINDOWS\system32\socul.dll
C:\Downloads\d120jx210.12012.0.exe

O23 - Service: Pigeon_Server (PigeonServer) - Unknown owner - C:\WINDOWS\Server.exe (file missing)
这项是灰鸽子的残余注册表项。主程序应该是没了，但是其他dll文件可能还在，注册表项也没有清干净。参考http://forum.ikaka.com/topic.asp?board=28&artid=7713905

谢谢,没有要修复的吗?C:\PROGRA~1\DESKTO~1\ 
C:\PROGRA~1\360so  这2个是什么程序的??

晕，最上面列出的项目就是要修复的。
那两个都是流氓软件和广告软件，容易导致弹出不明网页等问题。