Logfile of HijackThis v1.99.1
Scan saved at 19:59:02, on 2006-2-7
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\rising\Rav\CCenter.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\rising\Rav\Ravmond.exe
d:\program files\rising\rfw\rfwsrv.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\rising\Rav\RavStub.exe
D:\WINDOWS\Explorer.EXE
d:\program files\rising\rfw\RfwMain.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\PROGRA~1\SKYNET\FIREWALL\pfw.exe
D:\PROGRA~1\M&WXMI~1\CertRegX.exe
D:\Program Files\rising\Rav\RavTask.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\rising\Rav\Ravmon.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\jun\桌面\HijackThis.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - D:\WINDOWS\system32\xunleibho_v4.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WebMiscItem Class - {3CD4296F-6CC3-11D9-B888-000C299AA719} - D:\WINDOWS\system32\WebMisc.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: SFP Class - {F236CC5A-F6E4-4011-9EED-C52FDF51CE3D} - D:\WINDOWS\system32\SBHOPlin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RfwMain] "D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [SKYNET Personal FireWall] D:\PROGRA~1\SKYNET\FIREWALL\pfw.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ekeyman_csp_user] D:\PROGRA~1\M&WXMI~1\CertRegX.exe
O4 - HKLM\..\Run: [RavTask] "D:\Program Files\rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用暴风下载器下载 - D:\Program Files\Ringz Studio\Storm Downloader\geturl.htm
O8 - Extra context menu item: Google 搜索(&G) - res://d:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: 使用网际快车下载 - E:\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\FlashGet\jc_all.htm
O8 - Extra context menu item: 反向链接 - res://d:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 用比特精灵下载(&B) - E:\BitSpirit\bsurl.htm
O8 - Extra context menu item: 类似网页 - res://d:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: 缓存的网页快照 - res://d:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: 翻译英文字词(&T) - res://d:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 易趣购物 - {EE60714F-AC19-427e-861A-FD60ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {EE60714F-AC19-427e-861A-FD60ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/aliedit.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} (Stm Class) - https://www.pointbet.com/Secure/Snare/StmOCX.cab
O16 - DPF: {BDE08F1D-8CE4-4CE5-9652-D9D9B348CDF1} - http://download.248vip.com/content/install.cab
O16 - DPF: {C7420698-3CCE-4823-8795-1C098F2D3A4B} (WebFtp Class) - http://10000.gd.cn/AT/WebPerformance.dll
O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown4.cab
O16 - DPF: {DE3496D2-AFB9-47EB-A8C2-C3B330222513} (PhotoUpload Control) - http://www.photo.163.com/PhotoUpload.cab
O16 - DPF: {F2EB8999-766E-4BF6-AAAD-188D398C0D0B} (PBActiveX40 Control) - http://www4.cmbchina.com/download/pb45.cab
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Routing and Remote Manager (RemAccMan) - Unknown owner - D:\Program Files\Outlook Express\sh.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\Program Files\rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Program Files\rising\Rav\Ravmond.exe
O23 - Service: Virtual CD v7 Management Service (VC7SecS) - Unknown owner - (no file)

http://forum.ikaka.com/topic.asp?board=28&artid=7713905

不好意思，不太明白，看了很久，也搞不清楚哪一个有问题

用瑞星杀的话，说中了Backdoor.Gpigeon.vbq，但每次杀完之后重启又出来了，请问中了这个Backdoor.Gpigeon.vbq会有什么影响，会不会泄漏什么信息？

O23 - Service: Virtual CD v7 Management Service (VC7SecS) - Unknown owner - (no file)这项修复


O23 - Service: Routing and Remote Manager (RemAccMan) - Unknown owner - D:\Program Files\Outlook Express\sh.exe
这项可疑,找到D:\Program Files\Outlook Express\sh.exe这个文件,请将此文件压缩打包发送到baohe斑竹的邮箱:baohelin@yahoo.com.cn
请baohe版主帮忙看看

顶。。。。

修复
O2 - BHO: WebMiscItem Class - {3CD4296F-6CC3-11D9-B888-000C299AA719} - D:\WINDOWS\system32\WebMisc.dll
O23 - Service: Routing and Remote Manager (RemAccMan) - Unknown owner - D:\Program Files\Outlook Express\sh.exe
O23 - Service: Virtual CD v7 Management Service (VC7SecS) - Unknown owner - (no file)

删除
D:\WINDOWS\system32\WebMisc.dll
D:\Program Files\Outlook Express\sh.exe

O23 - Service: Routing and Remote Manager (RemAccMan) - Unknown owner - D:\Program Files\Outlook Express\sh.exe
或许是灰鸽子
具体操作请参考http://forum.ikaka.com/topic.asp?board=28&artid=7713905

O2 - BHO: SFP Class - {F236CC5A-F6E4-4011-9EED-C52FDF51CE3D} - D:\WINDOWS\system32\SBHOPlin.dll
这一项也有问题？

引用:

【2116bromgamed2m的贴子】O2 - BHO: SFP Class - {F236CC5A-F6E4-4011-9EED-C52FDF51CE3D} - D:\WINDOWS\system32\SBHOPlin.dll 这一项也有问题？ ...........................

SBHOPlin.dll是天网防火墙的插件