杀毒：iexplore.exe>>c:\programe files\internet explorer\iexplore.exe
扫描日志：
Logfile of HijackThis v1.99.1
Scan saved at 冰冰15:33:48, on 2006-7-1
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\CSMContext.exe
C:\WINDOWS\system32\ctfmon.exe
D:\下载程序\HijackThis.exe

R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: SgUrlSearHook Class - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - C:\WINDOWS\system32\socul.dll
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55}? - (no file)
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03}? - (no file)
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B}? - (no file)
O2 - BHO: (no name) - {77FEF28E-EB96-44FF-B511-3185DEA48697}? - (no file)
O3 - Toolbar: (no name) - {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C}? - (no file)
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O3 - Toolbar: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86}? - (no file)
O3 - Toolbar: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [CSPContext] C:\WINDOWS\system32\CSMContext.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pbmini] C:\Program Files\pcast\PodcastbarMini\PodcastBarMiniStater.exe
O4 - HKCU\..\Run: [Xplus_spy] "D:\应用程序\xvcclip.exe" /min
O4 - HKCU\..\Run: [Steam] D:\Program Files\Steam\Steam.exe -silent
O4 - Startup: 腾讯QQ.LNK = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\应用程序\QQ2005\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\应用程序\QQ2005\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\应用程序\QQ2005\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\应用程序\QQ2005\SendMMS.htm
O8 - Extra context menu item: 用比特精灵下载(&B) - D:\BitSpirit\bsurl.htm
O8 - Extra context menu item: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - Extra button: 红心游戏 - {00000000-DAEB-480d-867B-D746D955765B} - C:\PROGRA~1\bdgame\RedHeart\GameHall.exe
O9 - Extra 'Tools' menuitem: 红心游戏世界 - {00000000-DAEB-480d-867B-D746D955765B} - C:\PROGRA~1\bdgame\RedHeart\GameHall.exe
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: 我的订阅 - {8755CE6E-0BF7-4441-8751-FB728941B0B4}? - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: 易趣购物 - {DE607145-AC19-425e-863A-3D70ABDF119A}? - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {DE607145-AC19-425e-863A-3D70ABDF119A}? - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\msplus.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msplus.dll
O11 - Options group: [CDNCLIENT]  中文上网
O14 - IERESET.INF: START_PAGE_URL=about:blank
O15 - Trusted Zone: http://www.icbc.com.cn
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {18F57D30-EF36-4C0E-9343-7BFA6DF79B4A} (XLink Class) - http://active.micr0media.com/swflash.CAB
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://www.ppstream.com/bin/powerplayer.cab
O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420} (CNNIC_IDN) - http://jump.cnnic.cn/stat/stat?sid=0008&debug=false&pid=c_yqifa_06480&url=http://client.jogo.cn/download/cnnic/cdn_nt.cab
O23 - Service: Event Application (Even) - Unknown owner - C:\WINDOWS\server1.23.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

O23 - Service: Event Application (Even) - Unknown owner - C:\WINDOWS\server1.23.dll
开始→运行→输入services.msc，打开“服务”→查找 SDAgent Service→双击→启动类型→禁止→停止→应用→确定。禁止SDAgent Event Application这个服务 重启删除
C:\WINDOWS\server1.23.exe
C:\WINDOWS\server1.23.dll
C:\WINDOWS\server1.23key.dll
C:\WINDOWS\server1.23_hook.dll  能找到的都删除了.

O10 - Unknown file in Winsock LSP: c:\windows\system32\msplus.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msplus.dll
这两个比较麻烦.

请到http://forum.ikaka.com/topic.asp?board=67&artid=5188931，下载，LSPFix.exe，WinsockXPFix这两个软件
运行LSPFix.exe
删除
msplus.dll
附说明一份
LSPFix.exe这个软件主要用来辅助修复HijackThis扫描发现的O10项。
使用时，请关闭所有IE界面和文件夹界面后运行LSPFix，运行后，把要修复的那一个O10项从左边转到右边，点“Finish”即可。（不过这之前，需要在“I know what I`m doing”前面打勾。）修复后重启，如果无法上网，请运行WinsockXPFix，让它修复一下。

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
这个用HJ修复,然后删创造对应文件.

整理完毕.

谢谢豪侠，在线等待

多谢多谢，我试一下，

怎么找不到SDAgent Service？？
lerter
Application Layer Gateway Service
Application Management
Automatic Updates
Background Intelligent Transfer Service
ClipBook
COM+ Event System
COM+ System Application
Computer Browser
Cryptographic Services
DCOM Server Process Launcher
DHCP Client
Distributed Transaction Coordinator
DNS Client
Error Reporting Service
Event Application
Event Log
Fast User Switching Compatibility
Help and Support
HTTP SSL
Human Interface Device Access
IMAPI CD-Burning COM Service
Indexing Service
IPSEC Services
Logical Disk Manager
Logical Disk Manager Administrative Service
Messenger
MS Software Shadow Copy Provider
Net Logon
NetMeeting Remote Desktop Sharing
Network Connections
Network DDE
Network DDE DSDM
Network Location Awareness (NLA)
Network Provisioning Service
NT LM Security Support Provider
NVIDIA Display Driver Service
P4P Service
Performance Logs and Alerts
Plug and Play
Portable Media Serial Number Service
Print Spooler
Protected Storage
QoS RSVP
Remote Access Auto Connection Manager
Remote Access Connection Manager
Remote Desktop Help Session Manager
Remote Procedure Call (RPC)
Remote Procedure Call (RPC) Locator
Remote Registry
Removable Storage
Rising Personal Firewall Service
Rising Process Communication Center
Rising Proxy  Service
Routing and Remote Access
RsRavMon Service
Secondary Logon
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
Smart Card
SSDP Discovery Service
System Event Notification
System Restore Service
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Telnet
Terminal Services
Themes
Uninterruptible Power Supply
Universal Plug and Play Device Host
Volume Shadow Copy
WebClient
Windows Audio
Windows Firewall/Internet Connection Sharing (ICS)
Windows Image Acquisition (WIA)
Windows Installer
Windows Management Instrumentation
Windows Management Instrumentation Driver Extensions
Windows Time
Windows User Mode Driver Framework
Wireless Zero Configuration
WMI Performance Adapter
Workstation

Even 那就看有没这个

在EVENT那，并且有server1.23.dll
我照做了，
谢谢